Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Kontrola po číštění

Patříte mezi Vzorné návštěvníky? Pak je tato sekce pro vás.

Moderátor: Moderátoři

Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Odpovědět
Zpráva
Autor
Aldaris
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 27
Registrován: 09 lis 2004 23:02
Bydliště: Ostrava
Kontaktovat uživatele:
Kontaktovat uživatele Aldaris

Kontrola po číštění

#1 Příspěvek od Aldaris »

Dobrý večer, můžete mi prosím mrknout na log z RSIT po úspěšné aplikaci exeHelperu? Nerad bych, aby se to vrátilo.

Předem děkuji

Logfile of random's system information tool 1.09 (written by random/random)
Run by Owner at 2011-09-30 13:40:57
Microsoft Windows XP Professional Service Pack 3
System drive C: has 210 GB (90%) free of 234 GB
Total RAM: 1014 MB (58% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{3BD198E2-BABF-41EC-9EFD-4462A31AA080}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{D55DC1B0-A625-4A6C-A8F1-399B494CD217}.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eq1rpa1v.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "www.google.com"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18, jqs@sun.com:1.0, {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3, support@predictad.com:1.11, toolbar@ask.com:3.11.3.15590, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313, {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://websearch.ask.com/redirect?clien ... YYYYYUS&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"=C:\Program Files\McAfee\SiteAdvisor


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/SAFFPlugin]
"Description"=
"Path"=C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nexon.net/NxGame]
"Description"=Nexon Game Controller
"Path"=C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nphssb.xpt
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
nphssb.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
answers.xml
bing.xml
creativecommons.xml
eBay.xml
google.xml
McSiteAdvisor.xml
wikipedia.xml
yahoo.xml

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eq1rpa1v.default\extensions\
support@predictad.com
toolbar@ask.com
{20a82645-c095-46ed-80e3-08825760534b}
{635abd67-4fe9-1b23-4f01-e679fa7484c1}
{6e764c17-863a-450f-bdd0-6772bd5aaa18}

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eq1rpa1v.default\searchplugins\
askcom.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]
AC-Pro - C:\Program Files\AutocompletePro\AutocompletePro.dll [2010-07-14 97760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2010-01-22 720896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD6ADA7-6BC1-31DD-9ABF-3BE5C5296ADF}]
D

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2011-08-11 258120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
VDownloader Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-02-01 1487240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-09 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2010-01-22 720896]
{D4027C7F-154A-4066-A1AD-4243D8127440} - VDownloader Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-02-01 1487240]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2011-08-11 258120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SunKistEM"=C:\Program Files\Digital Media Reader\shwiconem.exe [2004-11-15 135168]
""= []
"CHotkey"=C:\WINDOWS\zHotkey.exe [2005-05-03 543232]
"SigmatelSysTrayApp"=sttray.exe []
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-04-25 94208]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-04-25 77824]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2005-04-25 114688]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-02-20 1443072]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-11-29 421888]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-04-27 421160]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2010-09-17 63048]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Install Pending Files.LNK - C:\Program Files\SIFXINST\SIFXINST.EXE
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-04-25 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2011-07-19 87424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr"=0
"DisableCMD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe"="C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe:LocalSubNet:Enabled:Intuit Entitlement Service v6.0"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"
"C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\EftSvr.exe"="C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\EftSvr.exe:LocalSubNet:Enabled:EFT server for QBPOS 9.0"
"C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBPOSDBService.exe"="C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBPOSDBService.exe:LocalSubNet:Enabled:Image Server for QBPOS 9.0"
"C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBDBMgrN10.exe"="C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBDBMgrN10.exe:LocalSubNet:Enabled:Database manager for QBPOS 9.0"
"C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBDBMgr10.exe"="C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBDBMgr10.exe:LocalSubNet:Enabled:Database manager for QBPOS 9.0"
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-09-30 13:40:57 ----D---- C:\rsit
2011-09-30 13:40:57 ----D---- C:\Program Files\trend micro
2011-09-30 13:39:50 ----A---- C:\WINDOWS\system32\hidserv.dll
2011-09-30 12:58:21 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys

======List of files/folders modified in the last 1 month======

2011-09-30 13:40:57 ----RD---- C:\Program Files
2011-09-30 13:39:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-09-30 13:39:54 ----D---- C:\WINDOWS\Prefetch
2011-09-30 13:39:50 ----D---- C:\WINDOWS\system32
2011-09-30 13:38:54 ----A---- C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem with SmartCP.txt
2011-09-30 13:01:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-09-30 12:59:40 ----D---- C:\WINDOWS\Temp
2011-09-30 12:58:22 ----D---- C:\WINDOWS\system32\drivers
2011-09-30 12:33:02 ----D---- C:\WINDOWS\system32\CatRoot2
2011-09-30 12:33:01 ----D---- C:\WINDOWS\Registration
2011-09-30 12:32:54 ----D---- C:\Documents and Settings\All Users\Application Data\LogMeIn
2011-09-30 12:32:52 ----D---- C:\WINDOWS
2011-09-29 07:55:01 ----D---- C:\Program Files\Mozilla Firefox
2011-09-19 11:28:39 ----D---- C:\Program Files\McAfee
2011-09-13 23:30:13 ----SHD---- C:\WINDOWS\Installer
2011-09-13 08:27:43 ----HD---- C:\WINDOWS\inf

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
R0 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
R0 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
R0 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2004-08-10 13952]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2004-08-10 19840]
R0 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
R0 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-02-20 29704]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-02-20 39944]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-03-05 157696]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-06-17 220032]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-04-25 889628]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2010-09-17 10144]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-12-02 41728]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-09-07 1178088]
R3 SunkFilt;Alcor Micro Corp Reader; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2009-08-26 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2009-08-26 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2009-08-26 21568]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-02-18 37664]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-04-06 349472]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2004-08-10 194560]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2004-08-10 102912]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
R2 Intuit Entitlement Service v6.0;Intuit Entitlement Service v6.0; C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe [2009-06-02 20480]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-05-22 13088]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-02 153376]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe [2011-07-19 374152]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2011-07-19 136584]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2010-11-08 390528]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [2011-08-10 94880]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2010-01-22 172032]
R2 QBCFMonitorService;QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2008-02-27 20480]
R2 QBPOSDBServiceV9;QBPOS Database Manager v9; C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBPOSDBService.exe [2009-09-01 2735480]
R2 QuickBooksDB18;QuickBooksDB18; C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe [2006-09-13 128536]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-14 136176]
S2 NOD32FiXTemDono;Eset Nod32 Boot; C:\WINDOWS\system32\regedt32.exe [2004-08-10 3584]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-02-20 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-14 136176]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-04-27 820520]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2007-05-24 61440]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Naposledy upravil(a) Aldaris dne 30 zář 2011 18:50, celkem upraveno 1 x.
Nahoru
Aldaris
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 27
Registrován: 09 lis 2004 23:02
Bydliště: Ostrava
Kontaktovat uživatele:
Kontaktovat uživatele Aldaris

Re: Kontrola po číštění

#2 Příspěvek od Aldaris »

info.txt logfile of random's system information tool 1.09 2011-09-30 13:41:00

======Uninstall list======

-->MsiExec.exe /I{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10u_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Adobe Reader 6.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Apple Application Support-->MsiExec.exe /I{853A4763-6643-4604-8D64-28BDD8925F4C}
Apple Mobile Device Support-->MsiExec.exe /I{CACAEB5F-174D-4C7C-AC56-A33289A807CA}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
Ask Toolbar-->MsiExec.exe /X{86D4B82A-ABED-442A-BE86-96357B70F4FE}
AutocompletePro-->"C:\Program Files\AutocompletePro\unins000.exe"
BigFix-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Bonjour-->MsiExec.exe /X{C2E4B5BD-32DB-4817-A060-341AB17C3F90}
Combat Arms-->"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" -mode:uninstall -game:33563143 -locale:US
CT-S310 x32 v1581-->MsiExec.exe /X{6015BBBE-1CF7-414B-B910-379A1DE4B475}
Digital Media Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
ESET NOD32 Antivirus-->MsiExec.exe /I{7D974ACA-4EE5-412C-8E6A-A5B57B305727}
Getting Started with QuickBooks Point of Sale 8.0-->"C:\Documents and Settings\All Users\Application Data\{5966E9FE-5D1D-44B3-83BE-389D832A4A8D}\Setup.exe" REMOVE=TRUE MODIFY=FALSE
Getting Started with QuickBooks Point of Sale 8.0-->C:\Documents and Settings\All Users\Application Data\{5966E9FE-5D1D-44B3-83BE-389D832A4A8D}\Setup.exe
Google Chrome-->"C:\Program Files\Google\Chrome\Application\14.0.835.186\Installer\setup.exe" --uninstall --system-level
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Homestead SiteBuilder-->C:\Program Files\Homestead\SiteBuilder\hkuninst.exe -path C:\Program Files\Homestead\SiteBuilder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
Intel(R) PRO Network Connections Software v10.0.26.0-->C:\Program Files\Intel\DMIX\uninst\DxSetup.exe /x /qf /le C:\DOCUME~1\Owner\LOCALS~1\Temp\PROSetDX\DMIX\\DxUninst.log
Intel(R) PROSafe for Wired Connections-->MsiExec.exe /I{36BD0774-6CD6-4FF9-A148-83CA09AC123E}
Intel(R) PROSafe for Wired Connections-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
IP Setup Program-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SONY\IP Setup Program\Uninst.isu"
iTunes-->MsiExec.exe /I{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Java(TM) 6 Update 24-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
LogMeIn-->MsiExec.exe /I{65179FD8-04C0-40A7-87FC-007F2CD5BF1E}
McAfee Security Scan Plus-->"C:\Program Files\McAfee Security Scan\uninstall.exe"
McAfee SiteAdvisor-->C:\Program Files\McAfee\SiteAdvisor\Uninstall.exe
Microsoft .NET Framework 1.1 Security Update (KB2416447)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Premium 10-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox 6.0.2 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
Multimedia Keyboard Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}\Setup.exe" -l0x9
Nero BurnRights-->C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nexon Game Manager-->"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:0 -locale:US -load_from_local
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up -->"C:\Program Files\ESET\ESET NOD32 Antivirus\unins000.exe"
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
QuickBooks Point of Sale 9.0-->MsiExec.exe /I{853D931D-43CF-4E4B-B018-E003A7F6EDE1}
QuickBooks Pro 2008-->msiexec.exe /I {8ED4E82B-8CEA-40DE-826C-37AC7B941F81} UNIQUE_NAME="pro" QBFULLNAME="QuickBooks Pro 2008" ADDREMOVE=1
QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2360131)-->"C:\WINDOWS\ie8updates\KB2360131-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2416400)-->"C:\WINDOWS\ie8updates\KB2416400-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2482017)-->"C:\WINDOWS\ie8updates\KB2482017-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2497640)-->"C:\WINDOWS\ie8updates\KB2497640-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2412687)-->"C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2476687)-->"C:\WINDOWS\$NtUninstallKB2476687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2479628)-->"C:\WINDOWS\$NtUninstallKB2479628$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2485376)-->"C:\WINDOWS\$NtUninstallKB2485376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2503658)-->"C:\WINDOWS\$NtUninstallKB2503658$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2506223)-->"C:\WINDOWS\$NtUninstallKB2506223$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2507618)-->"C:\WINDOWS\$NtUninstallKB2507618$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2508272)-->"C:\WINDOWS\$NtUninstallKB2508272$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2511455)-->"C:\WINDOWS\$NtUninstallKB2511455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2524375)-->"C:\WINDOWS\$NtUninstallKB2524375$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
SupportSoft Assisted Service-->MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB978506)-->"C:\WINDOWS\ie8updates\KB978506-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"
VDownloader 2.9.462-->"C:\Program Files\VDownloader\unins000.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
YouTube Downloader 2.6.2-->"C:\Program Files\YouTube Downloader\uninstall.exe"

Hosts File Missing
======Security center information======

AV: ESET NOD32 Antivirus 3.0

======System event log======

Computer Name: YOUR-CC7E566B58
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the Eset Nod32 Boot service to connect.

Record Number: 3090
Source Name: Service Control Manager
Time Written: 20110604071346.000000-240
Event Type: error
User:

Computer Name: YOUR-CC7E566B58
Event Code: 59
Message: Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80.DLL.
Reference error message: The operation completed successfully.
.

Record Number: 3088
Source Name: SideBySide
Time Written: 20110604071326.000000-240
Event Type: error
User:

Computer Name: YOUR-CC7E566B58
Event Code: 59
Message: Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.

Record Number: 3087
Source Name: SideBySide
Time Written: 20110604071326.000000-240
Event Type: error
User:

Computer Name: YOUR-CC7E566B58
Event Code: 32
Message: Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.


Record Number: 3086
Source Name: SideBySide
Time Written: 20110604071326.000000-240
Event Type: error
User:

Computer Name: YOUR-CC7E566B58
Event Code: 59
Message: Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80.DLL.
Reference error message: The operation completed successfully.
.

Record Number: 3085
Source Name: SideBySide
Time Written: 20110604071326.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: YOUR-CC7E566B58
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/m ... ootseq.txt> with error: This network connection does not exist.


Record Number: 3119
Source Name: crypt32
Time Written: 20110528161201.000000-240
Event Type: error
User:

Computer Name: YOUR-CC7E566B58
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/m ... ootseq.txt> with error: This network connection does not exist.


Record Number: 3118
Source Name: crypt32
Time Written: 20110528161159.000000-240
Event Type: error
User:

Computer Name: YOUR-CC7E566B58
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/m ... ootseq.txt> with error: This network connection does not exist.


Record Number: 3117
Source Name: crypt32
Time Written: 20110528161159.000000-240
Event Type: error
User:

Computer Name: YOUR-CC7E566B58
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/m ... ootseq.txt> with error: This network connection does not exist.


Record Number: 3116
Source Name: crypt32
Time Written: 20110528161158.000000-240
Event Type: error
User:

Computer Name: YOUR-CC7E566B58
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/m ... ootseq.txt> with error: The connection with the server was terminated abnormally


Record Number: 3115
Source Name: crypt32
Time Written: 20110528161157.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Intuit\QBPOSSDKRuntime;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0404
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"asl.log"=Destination=file;OnFirstLog=command,environment,parent
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119320
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Kontrola po číštění

#3 Příspěvek od Rudy »

Poprosím o log z ComboFix. Mám pocit, že tam něco zbylo.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Aldaris
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 27
Registrován: 09 lis 2004 23:02
Bydliště: Ostrava
Kontaktovat uživatele:
Kontaktovat uživatele Aldaris

Re: Kontrola po číštění

#4 Příspěvek od Aldaris »

ComboFix 11-09-30.04 - Owner 09/30/2011 14:09:22.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.584 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Admin\WINDOWS
C:\Documents and Settings\Administrator\WINDOWS
C:\Documents and Settings\Default User\WINDOWS
C:\Documents and Settings\Guest\WINDOWS
C:\Documents and Settings\Owner\Application Data\1&1
C:\Documents and Settings\Owner\Application Data\1&1\1&1 EasyLogin\customer.xml
C:\Documents and Settings\Owner\Application Data\1&1\1&1 EasyLogin\EasyLogin.log
C:\Documents and Settings\Owner\Application Data\srsf.bat
C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory
C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory\ehshell.exe.a87fcbb.ini
C:\Documents and Settings\Owner\Recent\City of Key West Document Center.url
C:\Documents and Settings\Owner\WINDOWS
C:\Documents and Settings\QBDataServiceUser18\WINDOWS
C:\Documents and Settings\QBPOSDBSrvUser\WINDOWS
C:\Program Files\AutocompletePro
C:\Program Files\AutocompletePro\AutocompletePro.dll
C:\Program Files\AutocompletePro\chrome\autocompleteprochrome.crx
C:\Program Files\AutocompletePro\FireFoxExtension.exe
C:\Program Files\AutocompletePro\InstTracker.exe
C:\Program Files\AutocompletePro\support@predictad.com\chrome.manifest
C:\Program Files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
C:\Program Files\AutocompletePro\support@predictad.com\chrome\content\options.js
C:\Program Files\AutocompletePro\support@predictad.com\chrome\content\options.xul
C:\Program Files\AutocompletePro\support@predictad.com\chrome\content\utils.js
C:\Program Files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
C:\Program Files\AutocompletePro\support@predictad.com\install.rdf
C:\Program Files\AutocompletePro\unins000.dat
C:\Program Files\AutocompletePro\unins000.exe
C:\WINDOWS\system32\config\systemprofile\WINDOWS
C:\WINDOWS\system32\d3d9caps.dat
D:\Autorun.inf


((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-30 )))))))))))))))))))))))))))))))


2011-09-30 17:40:57 . 2011-09-30 17:40:57 -------- d-----w- C:\Program Files\trend micro
2011-09-30 17:39:50 . 2008-04-14 00:11:54 21504 -c--a-w- C:\WINDOWS\system32\dllcache\hidserv.dll
2011-09-30 17:39:50 . 2008-04-14 00:11:54 21504 ----a-w- C:\WINDOWS\system32\hidserv.dll
2011-09-30 16:58:21 . 2008-04-13 18:39:48 14592 -c--a-w- C:\WINDOWS\system32\dllcache\kbdhid.sys
2011-09-30 16:58:21 . 2008-04-13 18:39:48 14592 ----a-w- C:\WINDOWS\system32\drivers\kbdhid.sys
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-07-19 15:28:27 . 2011-06-01 11:55:42 83360 ----a-w- C:\WINDOWS\system32\LMIRfsClientNP.dll
2011-07-19 15:28:27 . 2011-06-01 11:55:42 53632 ----a-w- C:\WINDOWS\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-07-19 15:28:26 . 2011-06-01 11:55:42 29568 ----a-w- C:\WINDOWS\system32\LMIport.dll
2011-07-19 15:28:26 . 2011-06-01 11:55:38 87424 ----a-w- C:\WINDOWS\system32\LMIinit.dll
2011-07-14 20:20:11 . 2011-07-14 20:20:11 404640 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2010-07-23 03:40:00 . 2010-07-28 16:44:27 2944904 ----a-w- C:\Program Files\Common Files\AskToolbarInstaller.exe
2003-06-19 16:05:04 . 2010-03-13 14:55:00 286773 ----a-w- C:\Program Files\msvcrt.dll
2003-06-19 16:05:04 . 2010-03-13 14:54:59 1015859 ----a-w- C:\Program Files\mfc42.dll
2011-09-29 11:54:45 . 2011-05-24 20:23:43 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "C:\Program Files\Ask.com\GenericAskToolbar.dll" [2011-05-17 17:29:36 1490312]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 17:29:36 1490312 ----a-w- C:\Program Files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files\Ask.com\GenericAskToolbar.dll" [2011-05-17 17:29:36 1490312]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files\Ask.com\GenericAskToolbar.dll" [2011-05-17 17:29:36 1490312]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 18:04:42 59392]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 19:50:42 155648]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 23:04:32 135168]
"CHotkey"="zHotkey.exe" [2005-05-03 22:02:00 543232]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-25 15:32:12 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-25 15:29:00 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-25 15:32:52 114688]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 16:06:58 1443072]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2010-11-29 22:38:18 421888]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 19:49:28 249064]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-04-27 05:22:56 421160]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 19:40:06 63048]
"ApnUpdater"="C:\Program Files\Ask.com\Updater\Updater.exe" [2011-05-17 17:29:46 395144]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Install Pending Files.LNK - C:\Program Files\SIFXINST\SIFXINST.EXE [2010-1-22 729088]
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-2-27 972064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-07-19 15:28:26 87424 ----a-w- C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"C:\Nexon\Combat Arms\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58397:TCP"= 58397:TCP:Pando Media Booster
"58397:UDP"= 58397:UDP:Pando Media Booster

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\drivers\epfwtdir.sys [2/20/2008 12:11:16 PM 33800]
R2 ekrn;Eset Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/20/2008 12:08:46 PM 472320]
R2 Intuit Entitlement Service v6.0;Intuit Entitlement Service v6.0;C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe [6/2/2009 1:49:56 PM 20480]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe [3/1/2011 12:11:56 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\rainfo.sys [9/17/2010 3:40:06 PM 12856]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [12/20/2010 7:57:23 AM 94880]
R2 QBPOSDBServiceV9;QBPOS Database Manager v9;C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBPOSDBService.exe [9/1/2009 10:33:22 AM 2735480]
S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [7/14/2011 4:20:41 PM 136176]
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [1/22/2010 3:46:37 PM 3584]
S2 QuickBooksDB18;QuickBooksDB18;C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 --> C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 [?]
S3 EagleXNt;EagleXNt;\??\C:\WINDOWS\system32\drivers\EagleXNt.sys --> C:\WINDOWS\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [7/14/2011 4:20:41 PM 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49:20 AM 227232]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - HIDSERV

Contents of the 'Scheduled Tasks' folder

2011-09-27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50:20 . 2009-10-22 15:50:20]

2011-09-30 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-14 20:20:41 . 2011-07-14 20:20:31]

2011-09-30 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-14 20:20:41 . 2011-07-14 20:20:31]

2011-09-30 C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
- C:\Program Files\Ask.com\UpdateTask.exe [2011-05-17 17:29:40 . 2011-05-17 17:29:40]

2011-09-30 C:\WINDOWS\Tasks\User_Feed_Synchronization-{3BD198E2-BABF-41EC-9EFD-4462A31AA080}.job
- C:\WINDOWS\system32\msfeedssync.exe [2009-03-08 09:31:54 . 2009-03-08 09:31:54]

2011-09-30 C:\WINDOWS\Tasks\User_Feed_Synchronization-{D55DC1B0-A625-4A6C-A8F1-399B494CD217}.job
- C:\WINDOWS\system32\msfeedssync.exe [2009-03-08 09:31:54 . 2009-03-08 09:31:54]


------- Supplementary Scan -------

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.gatewaybiz.com/
uInternet Settings,ProxyServer = http=127.0.0.1:43902
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {DB9DE2A8-D1BA-472A-B1F8-39697899DEF7} - hxxp://lontano.ath.cx/HiDvrOcx.cab
FF - ProfilePath - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eq1rpa1v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=VD&o=14774&locale=en_US&apn_uid=C769892A-1757-4001-8DCC-77FA98DDED19&apn_ptnrs=VQ&apn_sauid=0A1DAC7D-110C-43C1-A9AC-88FB85042C80&apn_dtid=YYYYYYYYUS&q=
FF - user.js: yahoo.homepage.dontask - true

- - - - ORPHANS REMOVED - - - -

BHO-{AFD6ADA7-6BC1-31DD-9ABF-3BE5C5296ADF} - (no file)
HKLM-Run-SigmatelSysTrayApp - sttray.exe
AddRemove-AutocompletePro3_is1 - C:\Program Files\AutocompletePro\unins000.exe
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119320
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Kontrola po číštění

#5 Příspěvek od Rudy »

No, tam toho bylo.

1. Odinstalujte cracklý NOD a použijte některé free řešení: http://www.viry.cz/forum/viewforum.php?f=29 .
2. Otevřte poznámkový blok a zkopírujte do něj:
KillAll::

Collect::
C:\Program Files\Common Files\AskToolbarInstaller.exe

Folder::
C:\Program Files\Ask.com

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-

Firefox::
FF - ProfilePath - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eq1rpa1v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?clien ... YYYYYUS&q=
FF - user.js: yahoo.homepage.dontask - true
Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Aldaris
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 27
Registrován: 09 lis 2004 23:02
Bydliště: Ostrava
Kontaktovat uživatele:
Kontaktovat uživatele Aldaris

Re: Kontrola po číštění

#6 Příspěvek od Aldaris »

Děkuji, hodím mu tam avast.

ComboFix 11-09-30.04 - Owner 09/30/2011 15:09:52.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.624 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
file zipped: c:\program files\Common Files\AskToolbarInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_144.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Updater\config.xml
c:\program files\Ask.com\Updater\Updater.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\Common Files\AskToolbarInstaller.exe
.
---- Previous Run -------
.
c:\documents and settings\Admin\WINDOWS
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Guest\WINDOWS
c:\documents and settings\Owner\Application Data\1&1
c:\documents and settings\Owner\Application Data\1&1\1&1 EasyLogin\customer.xml
c:\documents and settings\Owner\Application Data\1&1\1&1 EasyLogin\EasyLogin.log
c:\documents and settings\Owner\Application Data\srsf.bat
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\ehshell.exe.a87fcbb.ini
c:\documents and settings\Owner\Recent\City of Key West Document Center.url
c:\documents and settings\Owner\WINDOWS
c:\documents and settings\QBDataServiceUser18\WINDOWS
c:\documents and settings\QBPOSDBSrvUser\WINDOWS
c:\program files\AutocompletePro
c:\program files\AutocompletePro\AutocompletePro.dll
c:\program files\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files\AutocompletePro\FireFoxExtension.exe
c:\program files\AutocompletePro\InstTracker.exe
c:\program files\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files\AutocompletePro\support@predictad.com\install.rdf
c:\program files\AutocompletePro\unins000.dat
c:\program files\AutocompletePro\unins000.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\d3d9caps.dat
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-30 )))))))))))))))))))))))))))))))
.
.
2011-09-30 17:40 . 2011-09-30 17:40 -------- d-----w- c:\program files\trend micro
2011-09-30 17:39 . 2008-04-14 00:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-09-30 17:39 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-09-30 16:58 . 2008-04-13 18:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-09-30 16:58 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-19 15:28 . 2011-06-01 11:55 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-07-19 15:28 . 2011-06-01 11:55 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-07-19 15:28 . 2011-06-01 11:55 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-07-19 15:28 . 2011-06-01 11:55 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-07-14 20:20 . 2011-07-14 20:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2003-06-19 16:05 . 2010-03-13 14:55 286773 ----a-w- c:\program files\msvcrt.dll
2003-06-19 16:05 . 2010-03-13 14:54 1015859 ----a-w- c:\program files\mfc42.dll
2011-09-29 11:54 . 2011-05-24 20:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-30_18.19.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-30 19:21 . 2011-09-30 19:21 16384 c:\windows\temp\Perflib_Perfdata_760.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"CHotkey"="zHotkey.exe" [2005-05-03 543232]
"SigmatelSysTrayApp"="sttray.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-25 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-25 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-25 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Install Pending Files.LNK - c:\program files\SIFXINST\SIFXINST.EXE [2010-1-22 729088]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-2-27 972064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-07-19 15:28 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58397:TCP"= 58397:TCP:Pando Media Booster
"58397:UDP"= 58397:UDP:Pando Media Booster
.
R2 Intuit Entitlement Service v6.0;Intuit Entitlement Service v6.0;c:\program files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe [6/2/2009 1:49 PM 20480]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [3/1/2011 12:11 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/17/2010 3:40 PM 12856]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [12/20/2010 7:57 AM 94880]
R2 QBPOSDBServiceV9;QBPOS Database Manager v9;c:\program files\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBPOSDBService.exe [9/1/2009 10:33 AM 2735480]
R2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/14/2011 4:20 PM 136176]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [1/22/2010 3:46 PM 3584]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/14/2011 4:20 PM 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2011-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-14 20:20]
.
2011-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-14 20:20]
.
2011-09-30 c:\windows\Tasks\User_Feed_Synchronization-{3BD198E2-BABF-41EC-9EFD-4462A31AA080}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
2011-09-30 c:\windows\Tasks\User_Feed_Synchronization-{D55DC1B0-A625-4A6C-A8F1-399B494CD217}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.gatewaybiz.com/
uInternet Settings,ProxyServer = http=127.0.0.1:43902
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {DB9DE2A8-D1BA-472A-B1F8-39697899DEF7} - hxxp://lontano.ath.cx/HiDvrOcx.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\eq1rpa1v.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{AFD6ADA7-6BC1-31DD-9ABF-3BE5C5296ADF} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-30 15:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3250823AS rev.3.03 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x86D4A31B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\WININET.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(3020)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe
c:\program files\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBDBMgrN10.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\rundll32.exe
c:\windows\zHotkey.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2011-09-30 15:27:51 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-30 19:27
.
Pre-Run: 222,082,797,568 bytes free
Post-Run: 222,061,178,880 bytes free
.
- - End Of File - - 32601CC818E7C89EC429629D84ED7452
Nahoru
Aldaris
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 27
Registrován: 09 lis 2004 23:02
Bydliště: Ostrava
Kontaktovat uživatele:
Kontaktovat uživatele Aldaris

Re: Kontrola po číštění

#7 Příspěvek od Aldaris »

Ještě tam něco zůstalo. Po nainstalování avastu začal hned řvát, že svchost chce na stránku hxxp://95.143.193.138/xxxx_dlouhý_náhodný_řetězec

Našel jsem o tom nějaké informace na avast fóru (http://forum.avast.com/index.php?topic=77336.0) ale počkám raději na Vaše vyjádření, abychom nemixovali postupy. Teď mi ještě vyskočila hláška, že nalezl rootkit v MBR: \\.\PHYSICALDRIVE0 (rootkit: hidden boot sector). Opět nevím, jestli zkusit smazat nebo raději počkat.
Nahoru
Uživatelský avatar
Pavuk29
VIP in memoriam
VIP in memoriam
Příspěvky: 6953
Registrován: 31 říj 2003 08:26
Bydliště: Banská Bystrica
Kontaktovat uživatele:
Kontaktovat uživatele Pavuk29

Re: Kontrola po číštění

#8 Příspěvek od Pavuk29 »

Aldaris, Vzorny navstevnik.... cital pravidla fora? Riadi sa nimi? :x
------------------------------------------------------------------------------------------------------------------------------
:!: PLS NEPISTE MI SZ, NA ICQ A MAILY S OTAZKAMI, PISTE DO FORA :!: :spam:
------------------------------------------------------------------------------------------------------------------------------
V pripadne akutnych problemov s chodom fora, :207: pripadne s inymi uzivatelmi, :whip: kontaktujte ma na ICQ alebo mailom :31: na pavuk29 zavinac forum.viry.cz. Byvam pri pocitaci casto aj ked nie som online na fore.
http://www.icq.com/people/267560078/
:183: hotline: http://forum.viry.cz/viewtopic.php?f=12&t=116821
:!: pravidla fora: http://forum.viry.cz/viewtopic.php?f=12&t=5601
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119320
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Kontrola po číštění

#9 Příspěvek od Rudy »

Ještě to není v pořádku.

1. Spusťte znovu CF tímto skriptem:
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001
2. Stáhněte MBR: http://www2.gmer.net/mbr/mbr.exe a uložte na plochu. Pak Start>spustit>(napsat) %userprofile%\plocha\mbr.exe>OK. Bude vytvořen krátký log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Aldaris
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 27
Registrován: 09 lis 2004 23:02
Bydliště: Ostrava
Kontaktovat uživatele:
Kontaktovat uživatele Aldaris

Re: Kontrola po číštění

#10 Příspěvek od Aldaris »

Pavuk29 píše:Aldaris, Vzorny navstevnik.... cital pravidla fora? Riadi sa nimi? :x
Pokud narážíte na červeně zvýrazněný bod o nelegálním software, omlouvám se, ale pc je od známého, takže za obsah nemohu odpovídat. Noda jsem odstranil a místo něj dal avast. Pokud se jedná o jiný bod, budu rád, když mě poučíte.
Nahoru
Uživatelský avatar
Pavuk29
VIP in memoriam
VIP in memoriam
Příspěvky: 6953
Registrován: 31 říj 2003 08:26
Bydliště: Banská Bystrica
Kontaktovat uživatele:
Kontaktovat uživatele Pavuk29

Re: Kontrola po číštění

#11 Příspěvek od Pavuk29 »

Aldaris píše:
Pavuk29 píše:Aldaris, Vzorny navstevnik.... cital pravidla fora? Riadi sa nimi? :x
Pokud narážíte na červeně zvýrazněný bod o nelegálním software, omlouvám se, ale pc je od známého, takže za obsah nemohu odpovídat. Noda jsem odstranil a místo něj dal avast. Pokud se jedná o jiný bod, budu rád, když mě poučíte.
Ano, presne na ten. A pokial je to tak, ako pises, je z mojej strany vsetko OK :thumbsup:
Dakujem za info :worship:
------------------------------------------------------------------------------------------------------------------------------
:!: PLS NEPISTE MI SZ, NA ICQ A MAILY S OTAZKAMI, PISTE DO FORA :!: :spam:
------------------------------------------------------------------------------------------------------------------------------
V pripadne akutnych problemov s chodom fora, :207: pripadne s inymi uzivatelmi, :whip: kontaktujte ma na ICQ alebo mailom :31: na pavuk29 zavinac forum.viry.cz. Byvam pri pocitaci casto aj ked nie som online na fore.
http://www.icq.com/people/267560078/
:183: hotline: http://forum.viry.cz/viewtopic.php?f=12&t=116821
:!: pravidla fora: http://forum.viry.cz/viewtopic.php?f=12&t=5601
Nahoru
Aldaris
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 27
Registrován: 09 lis 2004 23:02
Bydliště: Ostrava
Kontaktovat uživatele:
Kontaktovat uživatele Aldaris

Re: Kontrola po číštění

#12 Příspěvek od Aldaris »

ComboFix 11-09-30.04 - Owner 09/30/2011 16:00:46.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.583 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-30 )))))))))))))))))))))))))))))))
.
.
2011-09-30 17:40 . 2011-09-30 17:40 -------- d-----w- c:\program files\trend micro
2011-09-30 17:39 . 2008-04-14 00:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-09-30 17:39 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-09-30 16:58 . 2008-04-13 18:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-09-30 16:58 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-19 15:28 . 2011-06-01 11:55 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-07-19 15:28 . 2011-06-01 11:55 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-07-19 15:28 . 2011-06-01 11:55 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-07-19 15:28 . 2011-06-01 11:55 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-07-14 20:20 . 2011-07-14 20:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2003-06-19 16:05 . 2010-03-13 14:55 286773 ----a-w- c:\program files\msvcrt.dll
2003-06-19 16:05 . 2010-03-13 14:54 1015859 ----a-w- c:\program files\mfc42.dll
2011-09-29 11:54 . 2011-05-24 20:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-30_18.19.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 04:02 . 2009-07-12 04:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2011-09-30 19:21 . 2011-09-30 19:21 16384 c:\windows\temp\Perflib_Perfdata_760.dat
+ 2011-09-30 19:31 . 2011-09-06 20:36 52568 c:\windows\system32\drivers\aswTdi.sys
+ 2011-09-30 19:31 . 2011-09-06 20:36 34392 c:\windows\system32\drivers\aswRdr.sys
+ 2011-09-30 19:31 . 2011-09-06 20:36 20568 c:\windows\system32\drivers\aswFsBlk.sys
+ 2011-09-30 19:31 . 2011-09-06 20:33 30808 c:\windows\system32\drivers\aavmker4.sys
+ 2011-09-30 19:31 . 2011-09-06 20:45 41184 c:\windows\avastSS.scr
+ 2009-07-12 04:02 . 2009-07-12 04:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2011-09-30 19:31 . 2011-09-06 20:37 320856 c:\windows\system32\drivers\aswSP.sys
+ 2011-09-30 19:31 . 2011-09-06 20:38 442200 c:\windows\system32\drivers\aswSnx.sys
+ 2011-09-30 19:31 . 2011-09-06 20:36 110552 c:\windows\system32\drivers\aswmon2.sys
+ 2011-09-30 19:31 . 2011-09-06 20:36 104536 c:\windows\system32\drivers\aswmon.sys
+ 2011-09-30 19:31 . 2011-09-06 20:45 199304 c:\windows\system32\aswBoot.exe
+ 2011-09-30 19:31 . 2011-09-30 19:31 219648 c:\windows\Installer\a693d.msi
+ 2009-07-12 04:02 . 2009-07-12 04:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"CHotkey"="zHotkey.exe" [2005-05-03 543232]
"SigmatelSysTrayApp"="sttray.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-25 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-25 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-25 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Install Pending Files.LNK - c:\program files\SIFXINST\SIFXINST.EXE [2010-1-22 729088]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-2-27 972064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-07-19 15:28 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58397:TCP"= 58397:TCP:Pando Media Booster
"58397:UDP"= 58397:UDP:Pando Media Booster
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/30/2011 3:31 PM 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/30/2011 3:31 PM 20568]
R2 Intuit Entitlement Service v6.0;Intuit Entitlement Service v6.0;c:\program files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe [6/2/2009 1:49 PM 20480]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [3/1/2011 12:11 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/17/2010 3:40 PM 12856]
R2 QBPOSDBServiceV9;QBPOS Database Manager v9;c:\program files\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBPOSDBService.exe [9/1/2009 10:33 AM 2735480]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9/30/2011 3:31 PM 442200]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/14/2011 4:20 PM 136176]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [12/20/2010 7:57 AM 94880]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [1/22/2010 3:46 PM 3584]
S2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/14/2011 4:20 PM 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AAVMKER4
*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMON2
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI
*NewlyCreated* - AVAST!_ANTIVIRUS
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2011-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-14 20:20]
.
2011-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-14 20:20]
.
2011-09-30 c:\windows\Tasks\User_Feed_Synchronization-{3BD198E2-BABF-41EC-9EFD-4462A31AA080}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
2011-09-30 c:\windows\Tasks\User_Feed_Synchronization-{D55DC1B0-A625-4A6C-A8F1-399B494CD217}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.gatewaybiz.com/
uInternet Settings,ProxyServer = http=127.0.0.1:43902
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {DB9DE2A8-D1BA-472A-B1F8-39697899DEF7} - hxxp://lontano.ath.cx/HiDvrOcx.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\eq1rpa1v.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-30 16:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3250823AS rev.3.03 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x86D4A31B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\WININET.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(3424)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2011-09-30 16:18:43
ComboFix-quarantined-files.txt 2011-09-30 20:18
ComboFix2.txt 2011-09-30 19:27
.
Pre-Run: 221,491,675,136 bytes free
Post-Run: 221,476,511,744 bytes free
.
- - End Of File - - D0CB4310C30D4BB2F776835B255F37AE

=======================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3250823AS rev.3.03 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17

device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x86D4A31B
user & kernel MBR OK
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119320
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Kontrola po číštění

#13 Příspěvek od Rudy »

Log již vypadá OK. Máte v PC virtuální mechaniku?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Aldaris
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 27
Registrován: 09 lis 2004 23:02
Bydliště: Ostrava
Kontaktovat uživatele:
Kontaktovat uživatele Aldaris

Re: Kontrola po číštění

#14 Příspěvek od Aldaris »

Nejspíš ne. Jsou tu dvě fyzické mechaniky, a žádnou virtuální tu nevidím.

Pokud je to tedy vše a ten rootkit byl odstraněn, děkuji za pomoc a za odměnu pošlu opět nějakou tu korunku :)
Nahoru
Aldaris
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 27
Registrován: 09 lis 2004 23:02
Bydliště: Ostrava
Kontaktovat uživatele:
Kontaktovat uživatele Aldaris

Re: Kontrola po číštění

#15 Příspěvek od Aldaris »

Tak po restartu se svchost chce opět připojit na tu IP zmíněnou výše.
Nahoru
Odpovědět

Zpět na „Sekce pouze pro Vzorné návštěvníky“