Win XP - zamrzani exploreru

Zpráva

shugo · #1 Příspěvek od **shugo** » 14 úno 2010 19:51

Ahoj,
chvilku po startu mi zamrzne explorer. Kdyz si vcas otevru task manager, tak si dokazu otevrit novy, ale ten bohuzel taky cca po 2min zamrzne. Muzete se prosim podivat v cem by mohl byt problem.
Diky.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-02-14 19:46:51
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (5%) free of 61 GB
Total RAM: 2046 MB (83% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:46:55, on 14.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {006F1898-5A38-4CB7-A0D1-870469DB85E6} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: (no name) - {6DB5E739-AD9C-4698-8E5F-06F782690D48} - (no file)
O2 - BHO: (no name) - {980AF933-2FF0-45E1-BAD9-AFD3F049278E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\AirLive\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\AirLive\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\AirLive\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\prime95.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9218 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{006F1898-5A38-4CB7-A0D1-870469DB85E6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-12-21 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\WINDOWS\WebIE.dll [2007-11-25 491520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6DB5E739-AD9C-4698-8E5F-06F782690D48}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{980AF933-2FF0-45E1-BAD9-AFD3F049278E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-31 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-01-31 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-14 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-14 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2007-11-25 491520]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-31 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2004-12-10 49152]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-10 689488]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-17 1848648]
""= []
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-07-08 1657376]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-07-14 13877248]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-07-14 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\CTFMON.EXE [2008-04-14 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NeroHomeFirstStart"=C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-11 68856]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\ssqRLeCU

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Documents and Settings\já\Local Settings\Temp\Nero Web\SetupXu.exe"="C:\Documents and Settings\já\Local Settings\Temp\Nero Web\SetupXu.exe:*:Enabled:Nero ProductSetup"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Nero\Nero 7\ODD Toolkit\ODDUpdate.exe"="C:\Program Files\Nero\Nero 7\ODD Toolkit\ODDUpdate.exe:*:Enabled:AsusUpdate"
"C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter"
"J:\NeverwinterNights\NWN\nwmain.exe"="J:\NeverwinterNights\NWN\nwmain.exe:*:Enabled:Neverwinter Nights"
"C:\Program Files\Opera\Opera.exe"="C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Java\jre1.6.0_03\bin\java.exe"="C:\Program Files\Java\jre1.6.0_03\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jdk1.6.0_03\bin\java.exe"="C:\Program Files\Java\jdk1.6.0_03\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jdk1.6.0_03\jre\bin\java.exe"="C:\Program Files\Java\jdk1.6.0_03\jre\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\Program Files\CrossLoop\CrossLoopConnect.exe"="C:\Program Files\CrossLoop\CrossLoopConnect.exe:*:Enabled:CrossLoop - Simple Secure Screen Sharing"
"J:\NeverwinterNights\NWN\nwserver.exe"="J:\NeverwinterNights\NWN\nwserver.exe:*:Enabled:Neverwinter Nights Server"
"C:\Program Files\Total Commander\TOTALCMD.EXE"="C:\Program Files\Total Commander\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Disabled:µTorrent"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Disabled:Apache HTTP Server"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Disabled:BlueSoleil"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Disabled:Flashget"
"D:\skola\3.sem\site\UDP\uloha 2\reciever.exe"="D:\skola\3.sem\site\UDP\uloha 2\reciever.exe:*:Disabled:reciever"
"C:\Program Files\BitSpirit\BitSpirit.exe"="C:\Program Files\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\FPSCORE Metro\fpscore.exe"="C:\Program Files\FPSCORE Metro\fpscore.exe:*:Disabled:fpscore"
"C:\Program Files\QIP Infium\infium.exe"="C:\Program Files\QIP Infium\infium.exe:*:Enabled:QIP Infium Beta"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSI\ArcSoft\TotalMedia\TotalMedia.exe"="C:\Program Files\MSI\ArcSoft\TotalMedia\TotalMedia.exe:LocalSubNet:Enabled:ArcSoft TotalMedia 3"
"C:\Program Files\DVBDream\winlirc\winlirc.exe"="C:\Program Files\DVBDream\winlirc\winlirc.exe:*:Enabled:winlirc"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Age Of Empires\empires2.exe"="C:\Program Files\Age Of Empires\empires2.exe:*:Enabled:empires2.exe"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Microsoft Games\Age Of Empires II\empires2.exe"="C:\Program Files\Microsoft Games\Age Of Empires II\empires2.exe:*:Enabled:Age of Empires II"
"C:\Program Files\Microsoft Games\Age Of Empires II\age2_x1.exe"="C:\Program Files\Microsoft Games\Age Of Empires II\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Recosoft PDF2ID\PDF2ID v2.0\PDF2IDDesktopServer.exe"="C:\Program Files\Recosoft PDF2ID\PDF2ID v2.0\PDF2IDDesktopServer.exe:*:Enabled:PDF2ID v2.0 Desktop Server"
"D:\NeverwinterNights\NWN\nwmain.exe"="D:\NeverwinterNights\NWN\nwmain.exe:*:Enabled:Neverwinter Nights"
"D:\World of Warcraft\Launcher.exe"="D:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Documents and Settings\já\Local Settings\Temp\Dočasný adresář 1 pro nic_22012009.zip\nic.exe"="C:\Documents and Settings\já\Local Settings\Temp\Dočasný adresář 1 pro nic_22012009.zip\nic.exe:*:Enabled:nic"
"C:\Documents and Settings\já\Local Settings\Temp\Dočasný adresář 1 pro nic_20112009.zip\nic.exe"="C:\Documents and Settings\já\Local Settings\Temp\Dočasný adresář 1 pro nic_20112009.zip\nic.exe:*:Enabled:nic"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - open - %SystemRoot%\System32\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-02-14 19:41:55 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Adobe
2010-02-14 19:41:42 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Opera
2010-02-14 19:38:32 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2010-02-14 19:38:32 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Macromedia
2010-02-14 19:38:32 ----ASH---- C:\Documents and Settings\Administrator\Data aplikací\desktop.ini
2010-02-14 19:38:27 ----D---- C:\WINDOWS\CSC
2010-02-14 19:38:21 ----A---- C:\WINDOWS\ntbtlog.txt
2010-02-14 18:39:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2010-02-14 18:38:10 ----A---- C:\WINDOWS\system32\javaws.exe
2010-02-14 18:38:10 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-02-14 18:38:09 ----A---- C:\WINDOWS\system32\javaw.exe
2010-02-14 18:38:09 ----A---- C:\WINDOWS\system32\java.exe
2010-02-14 18:18:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-14 18:18:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-02-14 18:16:39 ----D---- C:\rsit
2010-02-14 16:41:41 ----D---- C:\Program Files\iPod
2010-02-14 16:41:38 ----D---- C:\Program Files\iTunes
2010-02-14 16:41:22 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2010-02-14 16:31:46 ----D---- C:\Program Files\QuickTime
2010-02-14 16:31:28 ----D---- C:\Program Files\Apple Software Update
2010-02-10 19:36:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 19:36:08 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 19:34:13 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 19:34:04 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 19:33:57 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 19:33:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 19:33:42 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 19:33:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 19:33:26 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-07 11:07:43 ----D---- C:\Program Files\Dofus 2
2010-02-07 11:07:41 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-01-30 19:15:02 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2010-01-30 13:05:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-30 13:03:46 ----D---- C:\Program Files\Common Files\Apple
2010-01-30 13:03:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple
2010-01-23 09:58:33 ----A---- C:\WINDOWS\system32\gdiplus.dll
2010-01-22 03:38:54 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-01-17 19:01:36 ----D---- C:\Downloads
2010-01-17 18:49:25 ----A---- C:\WINDOWS\aimpr.ini
2010-01-17 17:34:56 ----D---- C:\NeverwinterNights
2010-01-17 13:24:44 ----D---- C:\Program Files\Kopie - QIP Infium
2010-01-15 01:01:37 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$

======List of files/folders modified in the last 1 months======

2010-02-14 19:38:32 ----D---- C:\Documents and Settings
2010-02-14 19:38:27 ----D---- C:\WINDOWS
2010-02-14 19:35:39 ----A---- C:\WINDOWS\MAILTRAN.INI
2010-02-14 19:35:29 ----D---- C:\WINDOWS\Temp
2010-02-14 19:31:33 ----D---- C:\WINDOWS\Prefetch
2010-02-14 19:26:41 ----SD---- C:\WINDOWS\Tasks
2010-02-14 19:20:31 ----SHD---- C:\WINDOWS\Installer
2010-02-14 19:20:31 ----D---- C:\Config.Msi
2010-02-14 19:20:30 ----D---- C:\Program Files
2010-02-14 19:20:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2010-02-14 19:20:26 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-14 19:20:26 ----D---- C:\WINDOWS\system32\drivers
2010-02-14 19:20:25 ----D---- C:\WINDOWS\system32
2010-02-14 18:52:26 ----SHD---- C:\System Volume Information
2010-02-14 18:52:26 ----D---- C:\WINDOWS\system32\Restore
2010-02-14 18:49:32 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-02-14 18:49:31 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-14 18:48:58 ----HD---- C:\WINDOWS\inf
2010-02-14 18:48:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-02-14 18:47:27 ----D---- C:\Program Files\Common Files\Adobe
2010-02-14 18:46:41 ----D---- C:\Program Files\Adobe
2010-02-14 18:39:40 ----D---- C:\Program Files\Common Files\Java
2010-02-14 18:37:37 ----D---- C:\Program Files\Java
2010-02-14 18:30:50 ----D---- C:\Program Files\Mozilla Firefox
2010-02-14 17:51:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-14 17:43:29 ----D---- C:\WINDOWS\WinSxS
2010-02-14 17:25:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-02-14 16:34:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2010-02-14 16:27:24 ----D---- C:\WINDOWS\Debug
2010-02-14 16:23:47 ----D---- C:\WINDOWS\SxsCaPendDel
2010-02-13 21:12:54 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-13 19:37:50 ----D---- C:\Program Files\JDownloader 0.6.193
2010-02-10 19:36:12 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-07 11:07:41 ----D---- C:\Program Files\Common Files
2010-02-02 19:11:41 ----A---- C:\WINDOWS\wincmd.ini
2010-02-02 19:11:38 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-02-01 20:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-31 22:17:41 ----D---- C:\Program Files\Google
2010-01-30 13:04:52 ----D---- C:\Program Files\Bonjour
2010-01-23 10:35:19 ----D---- C:\Program Files\ElcomSoft
2010-01-23 10:02:10 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-01-17 13:21:51 ----SHD---- C:\RECYCLER
2010-01-17 13:15:18 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-17 13:06:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\VMware
2010-01-17 13:02:08 ----RSD---- C:\WINDOWS\assembly
2010-01-17 13:02:07 ----D---- C:\Program Files\Microsoft Office
2010-01-17 13:02:07 ----D---- C:\Program Files\AutoCAD 2006
2010-01-17 13:02:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Autodesk
2010-01-17 13:01:57 ----RSD---- C:\WINDOWS\Fonts
2010-01-17 13:01:56 ----D---- C:\Program Files\Common Files\DESIGNER
2010-01-17 13:01:47 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2004-07-21 26240]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-01-01 25280]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2004-12-10 24704]
R3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2004-12-10 36480]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2004-12-10 68992]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-02-17 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-02-17 13056]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 YiRuanUSB;YiRuan device driver for 4d; C:\WINDOWS\system32\DRIVERS\yrtumdriver.sys [2005-05-20 5760]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
S1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S2 ACEDRV07;ACEDRV07; \??\C:\WINDOWS\system32\drivers\ACEDRV07.sys []
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
S2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-01-21 279712]
S2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
S2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2004-07-21 9856]
S2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-01-21 25888]
S3 AF15BDA;AF9015 BDA Filter; C:\WINDOWS\system32\DRIVERS\AF15BDA.sys [2008-11-26 306816]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
S3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-12-02 854826]
S3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
S3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-07-14 7741664]
S3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-01-17 47360]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-02 5888]
S3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe []
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S2 btwdins;Bluetooth Service; C:\Program Files\AirLive\Bluetooth Software\bin\btwdins.exe [2005-12-02 266295]
S2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-02-17 20543]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-14 153376]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-28 79136]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-02-17 61503]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-07-14 168004]
S2 Prime95 Service;Prime95 Service; C:\Program Files\Prime95\prime95.exe []
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-01-31 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-23 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 545576]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-04-07 65795]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Caroprd111** » 14 úno 2010 19:58

Zdravím

Na logu se pracuje, prosím o strpení.

#3 Příspěvek od **Caroprd111** » 14 úno 2010 19:59

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary

Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrází stránka s licenčnímy podmínkami, pokračujte stisknutím tlačítka "Ano"

Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna

Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.

Během skenování může být počítač restartován.

shugo · #4 Příspěvek od **shugo** » 14 úno 2010 20:27

ComboFix 10-02-12.01 - Administrator 14.02.2010 20:07:00.1.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1763 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100214-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\BefOqBeg.ini
c:\windows\system32\ieuinit.inf
c:\windows\system32\mxpvct22.dat
c:\windows\system32\mxpvct25.dat
c:\windows\system32\pWvuwyxx.ini
c:\windows\system32\qpVEOqru.ini
c:\windows\system32\reboot.txt
c:\windows\system32\sqlvovmn.ini
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-14 do 2010-02-14 )))))))))))))))))))))))))))))))
.

2010-02-14 18:55 . 2010-02-14 18:55 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-14 17:38 . 2010-02-14 17:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-14 17:18 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-14 17:18 . 2010-02-14 17:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-14 17:18 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-14 17:16 . 2010-02-14 17:16 -------- d-----w- C:\rsit
2010-02-14 16:54 . 2010-02-14 16:54 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-02-14 16:22 . 2008-04-13 19:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-02-14 16:22 . 2008-04-13 19:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-02-14 16:19 . 2008-04-13 19:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-02-14 16:19 . 2008-04-13 19:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-02-14 16:14 . 2008-04-13 19:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-02-14 16:14 . 2008-04-13 19:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-02-14 15:41 . 2010-02-14 15:41 -------- d-----w- c:\program files\iPod
2010-02-14 15:41 . 2010-02-14 15:42 -------- d-----w- c:\program files\iTunes
2010-02-14 15:41 . 2009-08-28 18:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-02-14 15:41 . 2009-08-28 18:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-02-14 15:31 . 2010-02-14 15:32 -------- d-----w- c:\program files\QuickTime
2010-02-14 15:31 . 2010-02-14 15:31 -------- d-----w- c:\program files\Apple Software Update
2010-02-07 10:07 . 2010-02-07 10:07 -------- d-----w- c:\program files\Dofus 2
2010-02-07 10:07 . 2010-02-07 10:07 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-30 19:28 . 2010-01-30 19:28 68100 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-30 18:15 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-30 18:15 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-01-30 12:03 . 2010-02-14 15:41 -------- d-----w- c:\program files\Common Files\Apple
2010-01-23 08:58 . 2001-08-23 13:00 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-01-17 18:01 . 2010-01-17 18:01 -------- d-----w- C:\Downloads
2010-01-17 16:34 . 2010-01-17 16:34 -------- d-----w- C:\NeverwinterNights
2010-01-17 12:24 . 2010-01-17 12:24 -------- d-----w- c:\program files\Kopie - QIP Infium

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-14 18:54 . 2007-12-04 12:04 -------- d-----w- c:\program files\Google
2010-02-14 17:47 . 2007-11-25 17:41 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-14 17:39 . 2007-12-12 22:58 -------- d-----w- c:\program files\Common Files\Java
2010-02-14 17:37 . 2007-12-12 22:58 -------- d-----w- c:\program files\Java
2010-02-13 18:37 . 2009-06-28 21:35 -------- d-----w- c:\program files\JDownloader 0.6.193
2010-01-30 12:04 . 2008-01-31 18:06 -------- d-----w- c:\program files\Bonjour
2010-01-23 09:35 . 2008-06-26 19:32 -------- d-----w- c:\program files\ElcomSoft
2010-01-17 12:15 . 2007-11-24 14:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-17 12:06 . 2006-03-02 12:00 83652 ----a-w- c:\windows\system32\perfc005.dat
2010-01-17 12:06 . 2006-03-02 12:00 440316 ----a-w- c:\windows\system32\perfh005.dat
2010-01-17 12:02 . 2008-05-31 17:12 -------- d-----w- c:\program files\AutoCAD 2006
2010-01-14 19:22 . 2010-01-14 19:22 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-01-12 21:47 . 2010-01-12 21:46 -------- d-----w- c:\program files\ImgBurn
2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:09 . 2006-03-02 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:09 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-17 07:42 . 2007-11-24 14:32 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2006-03-02 12:00 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2006-03-02 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2006-03-02 12:00 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2006-03-02 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2006-03-02 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2006-03-02 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-24 23:54 . 2009-01-03 16:33 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-01-03 16:33 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-01-03 16:33 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-01-03 16:33 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-01-03 16:33 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-01-03 16:33 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 49152]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-11-24 434176]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Nero\\Nero 7\\ODD Toolkit\\ODDUpdate.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_03\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_03\\jre\\bin\\java.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"=
"c:\\Program Files\\Total Commander\\TOTALCMD.EXE"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DVBDream\\winlirc\\winlirc.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Games\\Age Of Empires II\\empires2.exe"=
"c:\\Program Files\\Microsoft Games\\Age Of Empires II\\age2_x1.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [24.11.2007 21:53 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [24.11.2007 21:53 5248]
R3 YiRuanUSB;YiRuan device driver for 4d;c:\windows\system32\drivers\yrtumdriver.sys [24.11.2007 20:01 5760]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3.1.2009 17:33 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.1.2009 17:33 20560]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31.1.2010 22:17 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-02-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{006F1898-5A38-4CB7-A0D1-870469DB85E6} - (no file)
BHO-{6DB5E739-AD9C-4698-8E5F-06F782690D48} - (no file)
BHO-{980AF933-2FF0-45E1-BAD9-AFD3F049278E} - (no file)
HKCU-RunOnce-NeroHomeFirstStart - c:\program files\Common Files\Nero\Lib\NMFirstStart.exe
HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
SafeBoot-Wdf01000.sys
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-NWNCZ - j:\neverwinternights\NWN\cestina\data\Setup.exe
AddRemove-PDFTools_is1 - r:\programy\PDFTools\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-14 20:12
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A1A8A00]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf766bf28
\Driver\ACPI -> ACPI.sys @ 0xf7588cb8
\Driver\atapi -> 0x8a1a8a00
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{94C9D52C-9CEC-8FD1-774B-0B250648A774}\InProcServer32*]
"japmdmhhodbjpeofhdlm"=hex:6a,61,6f,6e,62,6d,63,6d,66,65,6e,70,6d,6e,67,6b,6a,
68,69,69,00,f9
"iapmnlblpkfmpchpkb"=hex:6a,61,6f,6e,62,6d,63,6d,66,65,6e,70,6d,6e,67,6b,6a,68,
69,69,00,f9
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(984)
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
Celkový čas: 2010-02-14 20:18:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-14 19:18

Před spuštěním: 2 864 398 336
Po spuštění: 2 792 034 304

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 2FBE3D67D6FE56DDFD60CD6BB87C6061

#5 Příspěvek od **Caroprd111** » 14 úno 2010 20:33

Doporučuji odinstalovat:
c:\\Program Files\\BitSpirit\\BitSpirit.exe

P2P sítě a jejich klienti jsou potenciálním bezpečnostním rizikem, prakticky neustále jsou zdrojem virů, zbytečně se vystavujete riziku.

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- Rozbalte a spusťte.
- Proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log, který sem vložíte.

- Podle návodu v odkazu provedete druhý sken a log sem také vložíte.

shugo · #6 Příspěvek od **shugo** » 14 úno 2010 21:01

Odinstalovano.

Gmer cca po 10 sekundach spadne

viz. obrazek v priloze

#7 Příspěvek od **Caroprd111** » 14 úno 2010 21:16

Stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
- Spusťte.
- Vytvoří se log s názvem mbr.log, vložte ho sem.

shugo · #8 Příspěvek od **shugo** » 14 úno 2010 21:17

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

#9 Příspěvek od **Caroprd111** » 14 úno 2010 21:20

start-spustit
- do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

ok

- Vytvoří se log s názvem mbr.log, vložte ho sem.

shugo · #10 Příspěvek od **shugo** » 14 úno 2010 21:22

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A0C3BB0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x8a0c3bb0
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

#11 Příspěvek od **Caroprd111** » 14 úno 2010 21:30

Nabootujte z instalačního CD a vstupte do konzoly pro zotavení. Pro tuto operaci musíte znát heslo k účtu Administrator. Do příkazového řádku napište:

Kód: Vybrat vše

fixmbr

Stskněte >Enter< a potvrďte. Pak napište

Kód: Vybrat vše

exit

opět stiskněte >Enter< . PC se restartuje.

Po provedení předchozího úkonu dejte nový log z MBR.

Stáhněte MBR na plochu
http://www2.gmer.net/mbr/mbr.exe

start - spustit
- do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

ok

- Vytvoří se log s názvem mbr.log, vložte ho sem.

shugo · #12 Příspěvek od **shugo** » 14 úno 2010 21:36

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A21C008]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x8a21c008
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

#13 Příspěvek od **Caroprd111** » 14 úno 2010 21:42

Pro jistotu, pokud nemáte, si udělejte zálohu důležitých dat

Pořádně si přečtěte návod, pokud něčemu nerozumíte, tak se ptejte.

stell píše:
1:Vypni Firewall>spust program HXD http://mh-nexus.de/en/downloads.php?product=HxD <klikni hore na ikonku pevneho disku>na karte ktora sa objavi>pod Fyzicke disky>Klik >oznac PEVNY DISK>vyber fajku >otvor len na citanie>klik>ok a este raz OK>

2:V pravo hore >je napisane >sector>a okienko + sipky>budes nastavovat a hladat sectory so sipkamy>sector 0>je MBR>a sector -63 je BOOT>Nebabrat>sector 1-62 maju byt Nulove>000000000000.

3:Program HXD otvor na plnu obrazovku>nastav so sipkou sector napriklad-1>ak cely sector 1-je nulova stlac lavu mysku oznac ho> pravy klik kopirovat presne cely nulovy sector>ale presne od ciary po ciaru

4:Skontroluj zo sipkamy sectory 1-62 a kde nie je cely sector nulovy stlac lavu mysku oznac presne cely sector>pravy klik>PREPISAT.

5:prepisu sa ti na cerveno>na 0000000-ly>ak toto budes mat klik v pravom hornom rohu na krizik a zatvor program HXD,objavi sa ti okno ci chces zmenu ulozit suhlasis.Zatvoris program HXD>restartnes >PC
Nepomyl sa nie ze zacnes prepisovat logicke disky

Sectory 1 az 62 maju vyzerat takto:
Kód:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Po provedení předchozího úkonu dejte nový log z MBR.

Stáhněte MBR na plochu
http://www2.gmer.net/mbr/mbr.exe

start - spustit
- do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

ok

- Vytvoří se log s názvem mbr.log, vložte ho sem.

shugo · #14 Příspěvek od **shugo** » 14 úno 2010 21:52

Jenom pro jistotu.

Nulove mam jenom sektory 7-15 ostatni (1-6 a 16-62) obsahuji data. Takze ty mam prepsat, ano?

#15 Příspěvek od **Caroprd111** » 14 úno 2010 21:54

Ano, sektory 1 až 62 mají být nulové.

VIRY.CZ

Win XP - zamrzani exploreru

Win XP - zamrzani exploreru

Re: Win XP - zamrzani exploreru

Re: Win XP - zamrzani exploreru

Re: Win XP - zamrzani exploreru

Re: Win XP - zamrzani exploreru

Re: Win XP - zamrzani exploreru

Re: Win XP - zamrzani exploreru

Re: Win XP - zamrzani exploreru

Re: Win XP - zamrzani exploreru

Re: Win XP - zamrzani exploreru

Re: Win XP - zamrzani exploreru

Re: Win XP - zamrzani exploreru

Re: Win XP - zamrzani exploreru

Re: Win XP - zamrzani exploreru

Re: Win XP - zamrzani exploreru