Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

XP Antispam

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: XP Antispam

#16 Příspěvek od Caroprd111 »

Obrázek Stáhněte RootRepeal http://rootrepeal.googlepages.com/RootRepeal.zip
  • Rozbalte a spusťte, klikněte na záložku Processes, poté klikněte na Scan.
  • Po dokončení skenu klikněte na Save Report, tím uložíte log, zkopírujte ho sem.
Obrázek
Nahoru
Koďous
Návštěvník
Návštěvník
Příspěvky: 23
Registrován: 18 bře 2010 12:13

Re: XP Antispam

#17 Příspěvek od Koďous »

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/03/18 20:12
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Processes
-------------------
Path: System
PID: 4 Status: -

Path: C:\WINDOWS\explorer.exe
PID: 280 Status: -

Path: C:\Program Files\Outlook Express\msimn.exe
PID: 384 Status: -

Path: C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
PID: 508 Status: -

Path: C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
PID: 524 Status: -

Path: C:\WINDOWS\system32\scardsvr.exe
PID: 552 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 616 Status: -

Path: C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
PID: 788 Status: -

Path: C:\WINDOWS\system32\wbem\wmiprvse.exe
PID: 860 Status: -

Path: C:\WINDOWS\system32\smss.exe
PID: 892 Status: -

Path: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 944 Status: -

Path: C:\WINDOWS\system32\csrss.exe
PID: 956 Status: -

Path: C:\WINDOWS\system32\winlogon.exe
PID: 980 Status: -

Path: C:\WINDOWS\system32\services.exe
PID: 1028 Status: -

Path: C:\WINDOWS\system32\lsass.exe
PID: 1040 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1204 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1272 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1312 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1428 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1464 Status: -

Path: C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PID: 1476 Status: -

Path: C:\Program Files\Intel\ASF Agent\ASFAgent.exe
PID: 1584 Status: -

Path: C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PID: 1608 Status: -

Path: C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
PID: 1636 Status: -

Path: C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
PID: 1680 Status: -

Path: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PID: 1704 Status: -

Path: C:\WINDOWS\system32\WLTRYSVC.EXE
PID: 1744 Status: -

Path: C:\WINDOWS\system32\BCMWLTRY.EXE
PID: 1796 Status: -

Path: C:\WINDOWS\system32\spoolsv.exe
PID: 1832 Status: -

Path: C:\drivers\audio\R205445\stacsv.exe
PID: 1868 Status: -

Path: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PID: 1896 Status: -

Path: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 1956 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 2096 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 2348 Status: -

Path: C:\WINDOWS\system32\wscntfy.exe
PID: 2572 Status: -

Path: C:\Program Files\QIP\qip.exe
PID: 2996 Status: -

Path: C:\WINDOWS\system32\alg.exe
PID: 3124 Status: -

Path: C:\WINDOWS\system32\wbem\wmiapsrv.exe
PID: 3400 Status: -

Path: C:\Program Files\WinRAR\WinRAR.exe
PID: 3604 Status: -

Path: C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PID: 3936 Status: -

Path: C:\DOCUME~1\Mike\LOCALS~1\temp\Rar$EX01.531\RootRepeal.exe
PID: 3952 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 3984 Status: -

Path: C:\Program Files\Messenger\msmsgs.exe
PID: 4004 Status: -
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: XP Antispam

#18 Příspěvek od Caroprd111 »

Jak to vypadá s PC :???:
Obrázek
Nahoru
Koďous
Návštěvník
Návštěvník
Příspěvky: 23
Registrován: 18 bře 2010 12:13

Re: XP Antispam

#19 Příspěvek od Koďous »

no řekl bych, že bohužel pořád stejně, když je zaplý NOD32 tak cca každých 15minut zachytí infikovaný soubor z c:windows/temp nakažený kryptik DBC trojan, když NOD vypnu tak vyskočí to okno XP Defender, navíc při scanu označí za infikovaný i ten soubot cdrom.sys
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: XP Antispam

#20 Příspěvek od Caroprd111 »

Obrázek Pokračujte podle návodu AVPTool http://www.viry.cz/forum/viewtopic.php?f=29&t=58179
Obrázek
Nahoru
Koďous
Návštěvník
Návštěvník
Příspěvky: 23
Registrován: 18 bře 2010 12:13

Re: XP Antispam

#21 Příspěvek od Koďous »

tak hotovo:

Autoscan: completed <1 minute ago (events: 4, objects: 294171, time: 01:20:34)
18.3.2010 20:38:15 Task started
18.3.2010 21:41:30 Detected: MultiPacked.Multi.Generic C:\Program Files\Dell\Security Device Driver Pack\Broadcom Unified Security Hub\Broadcom USH Host Components.msi/Data1.cab/readme/Edit
18.3.2010 21:48:50 Detected: MultiPacked.Multi.Generic C:\System Volume Information\_restore{E3A0F64B-C3B6-4905-9238-925FACB1ABCA}\RP296\A0075776.msi/Data1.cab/readme/Edit
18.3.2010 21:58:49 Task completed
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: XP Antispam

#22 Příspěvek od Caroprd111 »

Obrázek Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
  • Spusťte program, poté klikněte na Run Scan
  • Po dokončení, sem vložte logy OTL.Txt a Extras.txt
Obrázek
Nahoru
Koďous
Návštěvník
Návštěvník
Příspěvky: 23
Registrován: 18 bře 2010 12:13

Re: XP Antispam

#23 Příspěvek od Koďous »

otl:

OTL logfile created on: 18.3.2010 22:07:59 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Mike\Dokumenty\Downloaded and received files\Firefox_download
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 81,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,76 Gb Total Space | 35,36 Gb Free Space | 15,19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 125,21 Mb Total Space | 116,92 Mb Free Space | 93,38% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D7MR974J
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.03.18 22:07:15 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Dokumenty\Downloaded and received files\Firefox_download\OTL.exe
PRC - [2010.03.16 23:48:05 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.09.29 13:03:46 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009.09.29 13:02:52 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009.07.22 17:13:46 | 000,076,288 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
PRC - [2009.07.16 11:04:56 | 000,376,096 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
PRC - [2009.04.27 12:40:26 | 000,293,968 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
PRC - [2008.12.09 16:00:52 | 003,259,392 | ---- | M] (The Author of QIP) -- C:\Program Files\QIP\qip.exe
PRC - [2008.12.04 14:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.12.01 22:24:28 | 000,241,746 | ---- | M] (IDT, Inc.) -- c:\drivers\audio\R205445\stacsv.exe
PRC - [2008.11.11 17:35:22 | 000,020,840 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
PRC - [2008.11.11 17:35:20 | 000,808,296 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
PRC - [2008.08.15 09:51:34 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.04.14 13:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2007.04.19 04:56:36 | 000,133,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe


========== Modules (SafeList) ==========

MOD - [2010.03.18 22:07:15 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Dokumenty\Downloaded and received files\Firefox_download\OTL.exe
MOD - [2008.08.15 09:46:02 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (avast! Web Scanner)
SRV - File not found [Disabled | Stopped] -- -- (avast! Mail Scanner)
SRV - File not found [Disabled | Stopped] -- -- (avast! Antivirus)
SRV - [2009.09.29 13:11:10 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.09.29 13:03:46 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009.07.22 17:13:46 | 000,076,288 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager)
SRV - [2009.07.16 11:04:56 | 000,376,096 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2009.04.29 10:49:26 | 000,077,944 | ---- | M] (Autodesk) [Disabled | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009.04.27 12:40:26 | 000,293,968 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2008.12.04 14:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.12.01 22:24:28 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\drivers\audio\R205445\stacsv.exe -- (STacSV)
SRV - [2008.11.11 17:35:22 | 000,020,840 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2008.11.11 17:35:20 | 000,808,296 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2008.07.29 18:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2007.04.19 04:56:36 | 000,133,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2004.12.24 10:11:46 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010.03.18 21:33:56 | 000,098,240 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2009.10.22 12:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\46500292.sys -- (46500292)
DRV - [2009.10.09 22:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\4650029.sys -- (setup_9.0.0.722_18.03.2010_16-45drv)
DRV - [2009.09.29 13:05:54 | 000,096,408 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009.09.29 13:02:58 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.09.29 12:56:32 | 000,116,008 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009.09.25 16:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\46500291.sys -- (46500291)
DRV - [2009.07.22 17:03:10 | 000,027,072 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009.04.30 13:51:26 | 001,952,512 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009.04.07 16:23:52 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.03.29 16:22:15 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2009.02.26 10:37:04 | 006,278,560 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2009.01.07 23:19:30 | 000,328,728 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2008.12.01 22:24:32 | 001,392,819 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008.12.01 22:24:20 | 000,112,128 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008.11.11 17:32:10 | 000,032,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2008.11.11 17:32:08 | 000,035,880 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008.11.11 17:32:08 | 000,012,840 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ccidflt.sys -- (CCIDFILTER)
DRV - [2008.10.28 01:37:14 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.10.26 23:25:30 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008.10.26 23:25:28 | 000,277,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008.10.26 23:25:26 | 000,148,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OA001Afx.sys -- (OA001Afx)
DRV - [2008.09.25 16:35:24 | 000,181,120 | ---- | M] (Stephan Schreiber) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ext2fs.sys -- (Ext2fs)
DRV - [2008.09.17 05:03:02 | 000,110,080 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008.08.28 23:05:36 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2008.08.28 23:05:32 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008.08.28 23:05:28 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008.08.28 23:05:26 | 000,991,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008.08.28 23:05:24 | 000,534,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008.08.28 22:58:00 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008.08.28 21:45:58 | 000,051,072 | ---- | M] (Stephan Schreiber) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ifsmount.sys -- (IfsMount)
DRV - [2008.07.08 23:04:46 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008.06.04 14:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2008.04.14 13:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008.04.14 13:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008.04.14 13:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.04.13 23:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008.04.04 11:40:50 | 000,244,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel(R)
DRV - [2008.03.06 09:42:14 | 000,530,944 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2008.02.20 22:19:56 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2007.04.25 19:42:16 | 000,045,696 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007.02.28 22:44:12 | 000,088,960 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2006.09.24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006.06.16 10:53:16 | 000,025,088 | ---- | M] (Ark Pioneer MicroElectronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IrUSB.sys -- (IrUSB)
DRV - [2005.02.03 00:29:28 | 000,009,344 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpplsbulk.sys -- (HPPLSBULK)
DRV - [2003.07.16 21:27:40 | 000,043,264 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2001.10.25 00:54:40 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001.08.18 11:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001.08.18 11:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001.08.18 11:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001.08.18 11:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001.08.18 11:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001.08.18 10:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001.08.18 10:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001.08.18 10:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001.08.18 10:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001.08.18 10:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001.08.18 10:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001.08.18 10:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001.08.18 10:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001.08.18 10:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2000.06.22 15:52:42 | 000,047,232 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\serport.sys -- (Serport)
DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.cz/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.16 23:48:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.03.17 09:59:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.03.17 19:25:01 | 000,000,000 | ---D | M]

[2009.03.26 23:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Data aplikací\Mozilla\Extensions
[2010.03.18 00:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Data aplikací\Mozilla\Firefox\Profiles\tl9rbtjk.default\extensions
[2009.09.24 20:32:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mike\Data aplikací\Mozilla\Firefox\Profiles\tl9rbtjk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.18 00:05:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.03.16 23:48:10 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.03.16 23:48:10 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.03.16 23:48:10 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.03.16 23:48:10 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.03.16 23:48:10 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.03.18 18:35:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
O4 - Startup: C:\Documents and Settings\Mike\Nabídka Start\Programy\Po spuštění\setup_9.0.0.722_18.03.2010_16-45.lnk = C:\Documents and Settings\Mike\Plocha\Virus Removal Tool\setup_9.0.0.722_18.03.2010_16-45\startup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 8672777078 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 8673145265 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.26 18:43:40 | 000,001,050 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT ]
O32 - AutoRun File - [2008.10.26 18:43:40 | 000,001,050 | ---- | M] () - E:\AUTOEXEC.UP -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = secfile] -- "C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ave.exe" /START "%1" %* ()
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010.03.18 20:35:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010.03.18 20:35:44 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\46500292.sys
[2010.03.18 20:35:43 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\4650029.sys
[2010.03.18 20:35:43 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\46500291.sys
[2010.03.18 20:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Plocha\Virus Removal Tool
[2010.03.18 18:51:37 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\cdrom.sys
[2010.03.18 18:27:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.03.18 18:27:57 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.03.18 18:27:57 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.03.18 18:27:57 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.03.18 18:27:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.03.18 18:26:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.03.18 17:26:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Data aplikací\Malwarebytes
[2010.03.18 17:26:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.03.18 17:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.03.18 17:26:19 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.03.18 17:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.03.18 17:23:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mike\Recent
[2010.03.18 13:29:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.03.18 11:46:12 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.03.18 11:21:40 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010.03.18 03:40:38 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010.03.18 03:40:26 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.03.17 19:53:12 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010.03.17 19:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET
[2010.03.17 19:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Data aplikací\ESET
[2010.03.17 19:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.03.17 19:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2010.03.17 18:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010.03.17 18:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.03.17 09:59:12 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010.03.17 09:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Dokumenty\Stažené soubory
[2010.03.15 22:25:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Dokumenty\Boolat Games
[2010.03.15 22:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\GameTop.com
[2010.02.26 20:38:31 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010.02.23 12:27:14 | 000,000,000 | ---D | C] -- C:\737_500ftcbt
[2010.02.23 12:27:11 | 000,000,000 | ---D | C] -- C:\CBT
[2010.02.23 12:26:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\A5W_DATA
[2009.04.17 21:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Google
[2009.04.16 09:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Google
[2009.04.05 21:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2009.03.26 20:26:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2009.02.25 21:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\NTRU Cryptosystems
[2008.05.08 05:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2008.05.08 05:55:44 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Mike\*.tmp files -> C:\Documents and Settings\Mike\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.03.18 21:49:20 | 000,012,394 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\hfJ5Mio0m8B0g
[2010.03.18 21:48:50 | 000,000,448 | -HS- | M] () -- C:\WINDOWS\setup_9.0.0.722_18.03.2010_16-45drv.spi
[2010.03.18 21:33:56 | 000,098,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\cdrom.sys
[2010.03.18 21:33:56 | 000,098,240 | ---- | M] () -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2010.03.18 20:36:30 | 000,002,206 | ---- | M] () -- C:\Documents and Settings\Mike\Nabídka Start\Programy\Po spuštění\setup_9.0.0.722_18.03.2010_16-45.lnk
[2010.03.18 20:01:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.18 20:01:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.18 20:01:15 | 3707,658,240 | -HS- | M] () -- C:\hiberfil.sys
[2010.03.18 19:24:04 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Mike\Plocha\mbr.exe
[2010.03.18 19:23:53 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Mike\defogger_reenable
[2010.03.18 19:02:03 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.03.18 18:53:44 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\Mike\NTUSER.DAT
[2010.03.18 18:53:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Mike\ntuser.ini
[2010.03.18 18:35:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.03.18 18:28:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.03.18 18:27:49 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.18 18:26:22 | 003,894,152 | R--- | M] () -- C:\Documents and Settings\Mike\Plocha\ComboFix.exe
[2010.03.18 17:55:01 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.18 17:26:25 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.03.18 17:21:10 | 000,001,550 | ---- | M] () -- C:\Documents and Settings\Mike\Plocha\CCleaner.lnk
[2010.03.18 17:18:32 | 000,308,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.03.18 15:12:52 | 000,000,593 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.03.18 15:12:52 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.03.18 14:10:10 | 000,000,960 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.03.18 13:49:07 | 000,002,433 | ---- | M] () -- C:\Documents and Settings\Mike\Plocha\HiJackThis.lnk
[2010.03.18 10:27:27 | 001,051,184 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.03.18 10:27:27 | 000,442,800 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.03.18 10:27:27 | 000,439,390 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.03.18 10:27:27 | 000,083,586 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.03.18 10:27:27 | 000,072,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.03.18 10:18:00 | 000,012,646 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\635429532
[2010.03.18 10:17:51 | 000,012,734 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\3696930130
[2010.03.18 10:16:42 | 000,002,504 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.03.18 10:11:46 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010.03.17 20:13:53 | 000,010,532 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\6JQ57
[2010.03.17 20:09:33 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mike\initToDc.ini
[2010.03.17 19:32:59 | 000,010,488 | -HS- | M] () -- C:\Documents and Settings\Mike\Local Settings\Data aplikací\6JQ57
[2010.03.17 19:21:46 | 000,200,192 | -HS- | M] () -- C:\Documents and Settings\Mike\Local Settings\Data aplikací\2303671498.dll
[2010.03.15 22:25:12 | 000,000,871 | ---- | M] () -- C:\Documents and Settings\Mike\Plocha\Travel Agency.lnk
[2010.03.15 17:28:45 | 000,003,152 | ---- | M] () -- C:\WINDOWS\WDICT32.INI
[2010.03.14 22:27:39 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.03.14 22:27:38 | 000,127,488 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.14 17:53:14 | 000,128,721 | ---- | M] () -- C:\Documents and Settings\Mike\Dokumenty\dane2009.pdf
[2010.03.12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010.03.03 17:09:26 | 000,411,522 | ---- | M] () -- C:\Documents and Settings\Mike\Dokumenty\dane.pdf
[2010.03.03 12:30:22 | 000,048,640 | ---- | M] () -- C:\Documents and Settings\Mike\Dokumenty\ctu_zadost_prukaz_vydani-prodlouzeni_platnosti_09-2008.doc
[2010.02.26 11:39:40 | 000,084,686 | ---- | M] () -- C:\WINDOWS\Run32A50.mch
[2010.02.26 11:32:17 | 000,000,085 | ---- | M] () -- C:\WINDOWS\A5W.INI
[2010.02.18 21:00:29 | 000,031,966 | ---- | M] () -- C:\Documents and Settings\Mike\Dokumenty\promoce_unor_2010.pdf
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Mike\*.tmp files -> C:\Documents and Settings\Mike\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.03.18 21:41:31 | 000,000,448 | -HS- | C] () -- C:\WINDOWS\setup_9.0.0.722_18.03.2010_16-45drv.spi
[2010.03.18 20:36:30 | 000,002,206 | ---- | C] () -- C:\Documents and Settings\Mike\Nabídka Start\Programy\Po spuštění\setup_9.0.0.722_18.03.2010_16-45.lnk
[2010.03.18 19:35:20 | 000,200,704 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ave.exe
[2010.03.18 19:27:35 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Mike\Plocha\mbr.exe
[2010.03.18 19:23:47 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Mike\defogger_reenable
[2010.03.18 18:52:11 | 003,894,152 | R--- | C] () -- C:\Documents and Settings\Mike\Plocha\ComboFix.exe
[2010.03.18 18:27:57 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.03.18 18:27:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.03.18 18:27:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.03.18 18:27:57 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.03.18 18:27:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.03.18 17:26:25 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.03.18 15:41:18 | 000,098,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2010.03.18 13:29:23 | 000,001,550 | ---- | C] () -- C:\Documents and Settings\Mike\Plocha\CCleaner.lnk
[2010.03.18 11:46:20 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.03.18 11:46:16 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010.03.18 11:21:41 | 000,002,433 | ---- | C] () -- C:\Documents and Settings\Mike\Plocha\HiJackThis.lnk
[2010.03.18 10:22:19 | 3707,658,240 | -HS- | C] () -- C:\hiberfil.sys
[2010.03.18 10:15:54 | 000,012,646 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\635429532
[2010.03.18 10:15:35 | 000,012,734 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\3696930130
[2010.03.18 10:15:10 | 000,012,394 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\hfJ5Mio0m8B0g
[2010.03.18 10:15:09 | 000,012,394 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\hfJ5Mio0m8B0g
[2010.03.17 19:58:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mike\initToDc.ini
[2010.03.17 19:55:30 | 000,010,532 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\6JQ57
[2010.03.17 18:52:28 | 000,200,192 | -HS- | C] () -- C:\Documents and Settings\Mike\Local Settings\Data aplikací\2303671498.dll
[2010.03.17 18:51:08 | 000,010,488 | -HS- | C] () -- C:\Documents and Settings\Mike\Local Settings\Data aplikací\6JQ57
[2010.03.17 18:46:00 | 000,010,532 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\6JQ57
[2010.03.17 18:45:57 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\LocalService\Data aplikací\zxcdyt.dat
[2010.03.15 22:25:12 | 000,000,871 | ---- | C] () -- C:\Documents and Settings\Mike\Plocha\Travel Agency.lnk
[2010.03.14 17:53:14 | 000,128,721 | ---- | C] () -- C:\Documents and Settings\Mike\Dokumenty\dane2009.pdf
[2010.03.03 17:09:25 | 000,411,522 | ---- | C] () -- C:\Documents and Settings\Mike\Dokumenty\dane.pdf
[2010.03.03 09:56:30 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\Mike\Dokumenty\ctu_zadost_prukaz_vydani-prodlouzeni_platnosti_09-2008.doc
[2010.02.23 12:26:56 | 000,084,686 | ---- | C] () -- C:\WINDOWS\Run32A50.mch
[2010.02.23 12:26:04 | 000,000,085 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2010.02.18 21:00:29 | 000,031,966 | ---- | C] () -- C:\Documents and Settings\Mike\Dokumenty\promoce_unor_2010.pdf
[2009.09.24 14:34:29 | 000,031,910 | ---- | C] () -- C:\WINDOWS\MSUMLT0G.INI
[2009.07.22 17:03:06 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009.06.24 07:16:20 | 000,002,073 | ---- | C] () -- C:\WINDOWS\TVEpaDrv.ini
[2009.06.24 07:16:09 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009.06.13 20:38:06 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Mike\Data aplikací\$_hpcst$.hpc
[2009.06.03 21:51:33 | 000,000,052 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2009.04.26 20:50:38 | 000,001,280 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Data aplikací\FASTWiz.html
[2009.04.26 20:38:31 | 000,062,701 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Data aplikací\FASTWiz.log
[2009.04.23 10:56:47 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.04.13 09:58:09 | 000,000,314 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2009.04.13 09:57:53 | 000,001,617 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2009.04.13 09:57:45 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HPP2800V.DLL
[2009.04.13 09:54:14 | 000,003,941 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
[2009.04.05 22:42:33 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009.03.30 10:33:06 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2009.03.29 16:12:58 | 000,067,564 | ---- | C] () -- C:\WINDOWS\System32\hahlsi.dll
[2009.03.29 15:36:50 | 000,003,152 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2009.03.29 15:36:39 | 000,004,391 | ---- | C] () -- C:\WINDOWS\WTRAN32.INI
[2009.03.29 15:36:20 | 000,000,999 | ---- | C] () -- C:\WINDOWS\SETUPWEB.INI
[2009.03.29 15:32:16 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.03.26 20:12:23 | 000,127,488 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.26 18:44:17 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Data aplikací\fusioncache.dat
[2009.03.26 18:44:16 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Data aplikací\setup.txt
[2009.03.26 18:44:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Data aplikací\WavXMapDrive.bat
[2009.02.26 05:09:18 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4980.dll
[2009.02.26 05:08:06 | 000,001,310 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009.02.25 21:52:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.02.25 21:49:38 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009.02.25 21:36:44 | 000,279,888 | ---- | C] () -- C:\WINDOWS\System32\brcmbsp.dll
[2009.02.25 21:34:22 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008.08.15 09:46:30 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008.05.08 05:52:43 | 000,003,568 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008.04.14 01:10:48 | 000,098,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\cdrom.sys
[2007.04.19 04:52:16 | 000,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll
[2007.04.19 04:28:10 | 000,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll
[2006.06.30 13:58:44 | 000,176,128 | R--- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006.06.30 13:58:44 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2005.10.14 10:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 10:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 10:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 10:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 10:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 10:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 10:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 10:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 10:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005.02.17 13:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005.02.17 13:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2002.03.21 13:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
< End of report >
Nahoru
Koďous
Návštěvník
Návštěvník
Příspěvky: 23
Registrován: 18 bře 2010 12:13

Re: XP Antispam

#24 Příspěvek od Koďous »

extras:

OTL Extras logfile created on: 18.3.2010 22:07:59 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Mike\Dokumenty\Downloaded and received files\Firefox_download
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 81,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,76 Gb Total Space | 35,36 Gb Free Space | 15,19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 125,21 Mb Total Space | 116,92 Mb Free Space | 93,38% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D7MR974J
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ave.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{1030DCDC-2425-407d-BEE1-13558B837FCA}" = HP Color LaserJet 2820/2830/2840 2.0
"{16BF9FAA-2804-48A9-823F-87DFD06969E0}" = LX navigation LXE
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections 13.0.42.0
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{384A291D-1138-4218-A41B-87CBAE22CFBA}" = hppFaxUtility
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Mobile Connect
"{4D43D5AF-A393-463D-8C78-8E6C4FA2CEE9}" = Sven 004 XS
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{564D0000-547B-4ED8-8070-85286CC8C9BF}" = OpenOffice.org 3.0
"{570425E6-B48B-4E58-8D9E-83F9026CA480}" = WinPilot 3D
"{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
"{59073DF9-3D3D-4FFC-AF41-C2C268A1A31E}" = hppTooCool
"{62C0C0B7-0779-4A40-937A-14A930B6F4A6}" = Dell ControlPoint Connection Manager
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6EA8A52B-8EA1-4A59-85AB-48132299061A}" = Intel(R) PRO Alerting Agent
"{71F00DA5-D21D-4245-8FC1-85849BBAD00D}" = Dell ControlPoint System Manager
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7D7F2CB5-F9A4-4E86-853D-1BADD936DDAD}" = hppscan2800
"{8043D1B8-81AE-4597-AAA8-1E1F49D6E4DF}" = hppManuals2800
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{85C70286-A56F-4834-BD24-B34EB76A93A2}" = ESET NOD32 Antivirus
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8F2ED3E6-4049-4BEF-B4CB-0208D24E302F}" = USB TO IRDA Driver 1.3.0.5
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A1261462-A2EF-4FAB-9513-48EBEFC9A76E}" = Dell Button Service
"{A28F43DA-258F-42EC-9C95-E6C9A7475670}" = hppIOFiles
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAB6D0F8-02B3-4E89-B24C-0BB153C21445}" = Windows Presentation Foundation Language Pack (CSY)
"{AC76BA86-1033-C740-7760-100000000002}" = Adobe Acrobat 7.0 Professional - Czech, Polish, Greek
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B20179BA-2872-432F-8D88-B8F44AED359B}" = Broadcom USH Host Components
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.82
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DB130417-BB04-4342-BE57-EC44456A7269}" = Music Jukebox Release 7
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{F2B5A2A7-2DF9-4361-8BD5-362714528B51}" = NHL® 09
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F99F74B4-972B-4B06-B893-6B3B0DB0128B}" = ACDSee Pro
"{FB09515C-8E3E-4E0F-A1F2-032F38DEC185}" = Microsoft .NET Framework 3.0 Czech Language Pack
"{FE3F3C9B-2C29-4FEE-A74F-11E436729F2C}" = Scan
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"5564564_is1" = Sierra SkyWare WinPilot ADV v9.00
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Balíček ovladače systému Windows - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"Adobe Acrobat 7.0 Professional - Czech, Polish, Greek - V" = Adobe Acrobat 7.0 Professional - Czech, Polish, Greek
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"Aviation Database 0604" = Aviation Database 0604
"Boss Generals_is1" = Boss Generals R3
"Broadcom 802.11 Application" = Nástroj pro bezdrátovou kartu WLAN Dell
"BSPlayerf" = BS.Player FREE
"CCleaner" = CCleaner
"ConnectLX" = ConnectLX
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Corel Applications" = Corel Applications
"Creative OA001" = Integrated Webcam Driver (1.03.02.0919)
"Dell Webcam Central" = Dell Webcam Central
"eMule" = eMule
"Ext2Ifs_for_NT501" = Ext2 IFS 1.11a for Windows XP
"FlarmTool" = FlarmTool 2.0
"Google Updater" = Google Updater
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photo & Imaging" = HP Image Zone 4.7
"HyperMediaCenter 3.5_is1" = HyperMediaCenter 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"KONICA MINOLTA magicolor 1600W" = KONICA MINOLTA magicolor 1600W
"Machinarium" = Machinarium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Matroska Pack" = Matroska Pack
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0 Czech Language Pack" = Microsoft .NET Framework 3.0 Czech Language Pack
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MV2Player" = MV2Player (remove only)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PDF-XChange 3_is1" = PDF-XChange 3.0
"phpEditorIDE_is1" = phpEditorIDE v5.5.5
"Picasa 3" = Picasa 3
"QIP 2005_is1" = QIP 2005 8080
"Safelog - CAA/JAA Logbook_is1" = Safelog - CAA/JAA Logbook
"SeeYou_is1" = SeeYou Version 3.1
"ShockwaveFlash" = Macromedia Flash Player 8
"Sierra SkyWare WinPilot PRO_is1" = Sierra SkyWare WinPilot PRO v8.08
"Singularis Demo" = Singularis Demo (remove only)
"SmartPCRecorder" = Smart PC Recorder - by freebird
"SpeedFan" = SpeedFan (remove only)
"Stellarium_is1" = Stellarium 0.10.2
"SubtitleWorkshop" = Subtitle Workshop 2.51
"Super Mario 3 : Mario Forever" = Super Mario 3 : Mario Forever
"Totalcmd" = Total Commander (Remove or Repair)
"Traktor Simulátor_is1" = Traktor Simulátor
"Travel Agency_is1" = Travel Agency
"TR-DVS V1.8.7" = TR-DVS V1.8.7
"TVEpaDrv" = MSI DigiVOX A/D II BDA Drivers
"uTorrent" = µTorrent
"VLC media player" = VLC media player 0.9.8a
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp (remove only)
"Windows CE Services" = Microsoft ActiveSync 3.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26.2.2010 17:16:51 | Computer Name = D7MR974J | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace game.dat, verze 0.0.0.0, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.

Error - 2.3.2010 5:55:05 | Computer Name = D7MR974J | Source = Google Update | ID = 20
Description =

Error - 2.3.2010 6:55:07 | Computer Name = D7MR974J | Source = Google Update | ID = 20
Description =

Error - 16.3.2010 15:55:05 | Computer Name = D7MR974J | Source = Google Update | ID = 20
Description =

Error - 17.3.2010 14:10:42 | Computer Name = D7MR974J | Source = Application Error | ID = 1000
Description = Chybující aplikace svchost.exe, verze 5.1.2600.5512, chybující modul
unknown, verze 0.0.0.0, adresa chyby 0x1314899f.

Error - 18.3.2010 6:08:28 | Computer Name = D7MR974J | Source = MsiInstaller | ID = 11706
Description = Product: AutoCAD 2007 - English -- Error 1706. No valid source could
be found for product AutoCAD 2007 - English. The Windows installer cannot continue.

Error - 18.3.2010 10:11:02 | Computer Name = D7MR974J | Source = Application Error | ID = 1000
Description = Chybující aplikace svchost.exe, verze 5.1.2600.5512, chybující modul
unknown, verze 0.0.0.0, adresa chyby 0x13149f12.

Error - 18.3.2010 14:30:56 | Computer Name = D7MR974J | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace egui.exe, verze 4.0.468.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 18.3.2010 15:00:09 | Computer Name = D7MR974J | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace gmer.exe, verze 1.0.15.15281, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 18.3.2010 15:00:09 | Computer Name = D7MR974J | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace gmer.exe, verze 1.0.15.15281, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

[ System Events ]
Error - 18.3.2010 14:33:31 | Computer Name = D7MR974J | Source = Service Control Manager | ID = 7000
Description = Služba aswMon2 neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 18.3.2010 14:33:35 | Computer Name = D7MR974J | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: Aavmker4 aswSP aswTdi

Error - 18.3.2010 14:58:50 | Computer Name = D7MR974J | Source = Service Control Manager | ID = 7011
Description = Vypršel časový limit (30000 milisekund) čekání na odezvu transakce
služby JavaQuickStarterService.

Error - 18.3.2010 14:59:20 | Computer Name = D7MR974J | Source = Service Control Manager | ID = 7011
Description = Vypršel časový limit (30000 milisekund) čekání na odezvu transakce
služby JavaQuickStarterService.

Error - 18.3.2010 14:59:50 | Computer Name = D7MR974J | Source = Service Control Manager | ID = 7011
Description = Vypršel časový limit (30000 milisekund) čekání na odezvu transakce
služby JavaQuickStarterService.

Error - 18.3.2010 15:00:21 | Computer Name = D7MR974J | Source = Service Control Manager | ID = 7011
Description = Vypršel časový limit (30000 milisekund) čekání na odezvu transakce
služby JavaQuickStarterService.

Error - 18.3.2010 15:01:37 | Computer Name = D7MR974J | Source = Service Control Manager | ID = 7000
Description = Služba aswFsBlk neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 18.3.2010 15:01:37 | Computer Name = D7MR974J | Source = Service Control Manager | ID = 7000
Description = Služba aswMon2 neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 18.3.2010 15:01:45 | Computer Name = D7MR974J | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: Aavmker4 aswSP aswTdi

Error - 18.3.2010 15:04:01 | Computer Name = D7MR974J | Source = iaStor | ID = 262153
Description = Zařízení \Device\Ide\iaStor0 neodpovídá v periodě časového limitu.


< End of report >
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: XP Antispam

#25 Příspěvek od Caroprd111 »

Obrázek Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
[2010.03.18 19:35:20 | 000,200,704 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ave.exe

:COMMANDS
[EmptyTemp]
[ClearAllRestorePoints]
[Reboot]
Poté klikněte na Run fix, PC se restartuje, log vložte sem.


Obrázek Tohle otestujte na http://www.virustotal.com/cs/
C:\WINDOWS\System32\hahlsi.dll

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)
Obrázek
Nahoru
Koďous
Návštěvník
Návštěvník
Příspěvky: 23
Registrován: 18 bře 2010 12:13

Re: XP Antispam

#26 Příspěvek od Koďous »

omlouvám se za menší odmlku, log z otl:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ave.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Mike
->Temp folder emptied: 3009277 bytes
->Temporary Internet Files folder emptied: 1209011 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 94470111 bytes
->Flash cache emptied: 2400 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 4528072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 78413 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 99,00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.1.37.3 log created on 03192010_230109

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Nahoru
Koďous
Návštěvník
Návštěvník
Příspěvky: 23
Registrován: 18 bře 2010 12:13

Re: XP Antispam

#27 Příspěvek od Koďous »

výsledek z virustotal:

http://www.virustotal.com/cs/analisis/7 ... 1269036505
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: XP Antispam

#28 Příspěvek od Caroprd111 »

Obrázek Najděte a smažte:
C:\WINDOWS\System32\hahlsi.dll
Obrázek
Nahoru
Koďous
Návštěvník
Návštěvník
Příspěvky: 23
Registrován: 18 bře 2010 12:13

Re: XP Antispam

#29 Příspěvek od Koďous »

Dobrý den, včera večer jsem si trochu hrál, nainstaloval jsem Spyware doctor a ten mimo jiné našel tyto chyby:

19.3.2010 23:47:22:531
V tomto počítači byla zjištěna infekce
Název hrozby - RogueAntiSpyware.XPAntispyware
Typ - Spuštění
Rizikovost - Vysoká
Infekce - HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command, (Default) = "C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ave.exe" /START "firefox.exe"
- položku jsem z registru vymazal

19.3.2010 23:47:22:531
V tomto počítači byla zjištěna infekce
Název hrozby - RogueAntiSpyware.XPAntispyware
Typ - Spuštění
Rizikovost - Vysoká
Infekce - HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command, (Default) = "C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ave.exe" /START "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
- položku jsem z registru vymazal

Poté jsem pomocí MAM opravil zbylé chyby a nakonec pomocí Combofix znovu přepsal napadení soubor cdrom.sys.

Nyní vše vypadá v pořádku NOD ani osatní programy nehlásí problémy a okno XP Defender už nevyskakuje obnovil jsem ovladače DVD mechaniky a také funguje. Mám postupovat dále a smazat C:\WINDOWS\System32\hahlsi.dll?
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: XP Antispam

#30 Příspěvek od Caroprd111 »

Ano, postupujte dále.
Obrázek
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“