RelevantKnowledge odstránený, script na ComboFix

Zpráva

Nemaj_stres · #1 Příspěvek od **Nemaj_stres** » 20 bře 2010 21:46

ževraj treba pc dočistit ešte dalším scriptom

tu je log z combofixu:

Prosim prichystat script na combofix

ComboFix 10-03-19.08 - Tomas . 03. 2010 19:52:20.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.2047.1569 [GMT 1:00]
Running from: c:\documents and settings\Tomas\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\components\rlxg.dll
c:\program files\RelevantKnowledge\install.rdf
c:\program files\RelevantKnowledge\MSVCP71.DLL
c:\program files\RelevantKnowledge\MSVCR71.DLL
c:\program files\RelevantKnowledge\rlls.dll
c:\program files\RelevantKnowledge\rlls64.dll
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\rlph.dll
c:\program files\RelevantKnowledge\rlservice.exe
c:\program files\RelevantKnowledge\rlvknlg.exe
c:\program files\RelevantKnowledge\rlvknlg64.exe
c:\program files\RelevantKnowledge\rlxf.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\d3d10core.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\ReadMe.txt

.
((((((((((((((((((((((((( Files Created from 2010-02-20 to 2010-03-20 )))))))))))))))))))))))))))))))
.

2010-03-20 18:55 . 2010-03-20 18:55 -------- d-----w- c:\windows\system32\xircom
2010-03-20 18:55 . 2010-03-20 18:55 -------- d-----w- c:\windows\system32\wbem\snmp
2010-03-20 18:39 . 2010-03-20 18:41 -------- d-----w- c:\program files\Unlocker
2010-03-20 17:11 . 2010-03-20 17:27 -------- d-----w- c:\program files\trend micro
2010-03-20 17:11 . 2010-03-20 17:11 -------- d-----w- C:\rsit
2010-03-10 12:14 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 12:13 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-07 01:50 . 2010-03-07 01:50 -------- d-----w- c:\program files\ICQ6Toolbar
2010-03-07 01:49 . 2010-03-07 01:51 -------- d-----w- c:\program files\ICQ7.0
2010-03-06 22:54 . 2010-03-06 22:54 -------- d-----w- c:\program files\Gamesload Spiele
2010-03-02 00:03 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-03-02 00:03 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-03-02 00:03 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-03-02 00:03 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-03-02 00:03 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-03-02 00:03 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-03-02 00:03 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-03-01 23:36 . 2010-03-01 23:36 -------- d-----w- c:\windows\system32\LogFiles
2010-03-01 16:31 . 2010-03-01 16:31 -------- d-----w- c:\windows\Sun
2010-02-26 23:36 . 2010-02-27 20:52 -------- d-----w- c:\program files\uTorrent
2010-02-26 00:20 . 2010-02-26 00:21 -------- d-----w- c:\program files\Media Player Classic
2010-02-22 17:51 . 2007-03-08 04:20 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-02-22 17:51 . 2007-03-08 04:20 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-02-22 17:51 . 2007-03-30 15:07 267864 ----a-r- c:\windows\system32\hpzids01.dll
2010-02-22 17:51 . 2007-03-28 13:01 117760 ----a-w- c:\windows\system32\hpzll5ha.dll
2010-02-22 17:51 . 2007-03-28 12:57 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll
2010-02-22 17:51 . 2007-03-08 04:20 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-02-22 17:50 . 2008-04-13 21:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-02-22 17:50 . 2007-03-17 16:11 675840 ----a-r- c:\windows\system32\hpowiax3.dll
2010-02-22 17:50 . 2007-03-17 16:11 303104 ----a-r- c:\windows\system32\hpovst10.dll
2010-02-22 17:50 . 2007-03-17 16:11 569344 ----a-r- c:\windows\system32\hpotscl3.dll
2010-02-22 17:50 . 2007-03-08 04:20 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2010-02-22 17:50 . 2007-03-08 04:20 309760 ----a-r- c:\windows\system32\difxapi.dll
2010-02-22 17:48 . 2010-02-22 17:48 -------- d-----w- c:\program files\Common Files\HP
2010-02-22 17:48 . 2010-02-22 17:48 -------- d-----w- c:\program files\Hewlett-Packard
2010-02-22 17:48 . 2010-02-22 17:48 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-02-22 17:47 . 2010-02-22 17:50 -------- d-----w- c:\program files\HP
2010-02-22 17:47 . 2008-04-13 21:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-02-22 17:46 . 2010-02-22 17:52 141186 ----a-w- c:\windows\hpoins14.dat
2010-02-22 17:46 . 2007-06-05 23:07 2000 ------w- c:\windows\hpomdl14.dat
2010-02-21 22:09 . 2010-02-21 22:09 -------- d-----w- c:\program files\CountDown ShutDown PC
2010-02-19 16:57 . 2010-02-19 16:58 -------- d-----w- c:\program files\Ares
2010-02-19 09:17 . 2010-02-19 09:17 -------- d-----w- c:\program files\Rockstar Games
2010-02-19 09:16 . 2010-02-19 09:16 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-19 09:14 . 2010-02-19 09:19 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-02-19 09:14 . 2010-02-19 09:14 -------- d-----w- c:\windows\system32\xlive
2010-02-19 06:25 . 2010-02-19 06:30 -------- d-----w- c:\windows\SxsCaPendDel
2010-02-18 20:20 . 2010-03-20 18:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-18 20:03 . 2010-02-18 20:03 -------- d-----w- c:\windows\system32\KB905474
2010-02-18 20:03 . 2009-03-10 21:26 1435008 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2010-02-18 20:03 . 2009-03-10 21:18 454024 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2010-02-18 19:58 . 2008-04-14 06:52 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-02-18 19:55 . 2010-02-24 19:18 -------- d-----w- c:\windows\ie8updates
2010-02-18 19:32 . 2009-10-15 16:32 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-02-18 19:32 . 2009-10-15 16:32 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-02-18 19:32 . 2009-12-04 17:25 456832 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-18 19:32 . 2010-01-01 07:58 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-02-18 19:32 . 2009-06-21 21:48 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-02-18 19:27 . 2009-12-14 07:10 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2010-02-18 19:27 . 2009-09-04 21:05 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2010-02-18 19:26 . 2008-05-01 14:37 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2010-02-18 19:26 . 2009-07-31 04:30 1447424 ------w- c:\windows\system32\dllcache\msxml6.dll
2010-02-18 19:26 . 2009-07-31 04:30 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-02-18 19:26 . 2009-07-10 13:28 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-02-18 19:26 . 2009-12-09 05:55 726528 ------w- c:\windows\system32\dllcache\jscript.dll
2010-02-18 19:24 . 2009-12-09 14:33 2191488 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-18 19:24 . 2009-12-09 10:03 2147328 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-18 19:24 . 2009-12-09 10:03 2025984 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-18 19:23 . 2009-10-13 10:34 271360 ------w- c:\windows\system32\dllcache\oakley.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-20 18:55 . 2010-03-20 18:55 -------- d-----w- c:\program files\microsoft frontpage
2010-03-13 11:29 . 2001-10-25 12:00 79086 ----a-w- c:\windows\system32\perfc005.dat
2010-03-13 11:29 . 2001-10-25 12:00 432208 ----a-w- c:\windows\system32\perfh005.dat
2010-03-09 11:24 . 2010-02-17 20:36 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2010-02-17 20:36 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2010-02-17 20:36 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2010-02-17 20:36 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2010-02-17 20:36 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2010-02-17 20:36 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2010-02-17 20:36 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2010-02-17 20:36 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-07 01:50 . 2002-01-20 03:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-06 22:28 . 2002-01-20 03:40 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-23 20:22 . 2002-01-20 03:18 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-18 23:41 . 2010-02-17 23:02 -------- d-----w- c:\program files\Microsoft Works
2010-02-18 18:21 . 2010-02-18 18:21 53167 ----a-w- c:\windows\BricoPackUninst.cmd
2010-02-18 18:21 . 2010-02-18 18:20 6114 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-02-18 18:21 . 2008-04-14 06:52 219648 ----a-w- c:\windows\system32\uxtheme.dll
2010-02-18 17:17 . 2010-02-18 17:17 -------- d-----w- c:\program files\VideoInspector
2010-02-18 12:02 . 2010-02-18 12:02 -------- d-----w- c:\program files\Common Files\SRS
2010-02-18 12:02 . 2010-02-18 12:02 -------- d-----w- c:\program files\SRSLabs
2010-02-17 23:23 . 2010-02-17 21:36 -------- d-----w- c:\program files\EVEREST Ultimate Edition
2010-02-17 23:02 . 2010-02-17 21:01 -------- d-----w- c:\program files\MSBuild
2010-02-17 23:02 . 2010-02-17 23:02 -------- d-----w- c:\program files\Microsoft.NET
2010-02-17 23:00 . 2010-02-17 23:00 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-02-17 21:55 . 2010-02-17 21:55 -------- d-----w- c:\program files\CCleaner
2010-02-17 21:32 . 2010-02-17 21:32 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-02-17 21:17 . 2010-02-17 21:17 728858 ----a-w- c:\program files\Common Files\unins000.exe
2010-02-17 21:02 . 2010-02-17 21:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-17 21:02 . 2010-02-17 21:02 -------- d-----w- c:\program files\Java
2010-02-17 21:01 . 2010-02-17 21:01 -------- d-----w- c:\program files\Reference Assemblies
2010-02-17 20:50 . 2010-02-17 20:50 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-17 20:49 . 2010-02-17 20:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-17 20:46 . 2010-02-17 20:46 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-17 20:41 . 2010-02-17 20:41 0 ----a-w- c:\windows\nsreg.dat
2010-02-17 20:36 . 2010-02-17 20:36 -------- d-----w- c:\program files\Alwil Software
2010-02-17 19:42 . 2002-01-20 03:21 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-17 19:42 . 2002-01-20 03:21 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-02-17 19:38 . 2002-01-20 03:21 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-02-11 18:53 . 2010-02-17 20:36 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-02 18:00 . 2010-02-17 21:32 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-01-01 07:58 . 2009-06-04 12:13 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2009-06-04 12:06 916480 ----a-w- c:\windows\system32\wininet.dll
.

------- Sigcheck -------

[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe

[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RGSC"="e:\hry\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe" [2010-02-19 306088]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2009-05-12 2181672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"SkyTel"="SkyTel.EXE" [2007-04-04 1822720]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-06-04 128512]

c:\documents and settings\Tomas\Nabˇdka Start\Programy\Po spuçtŘnˇ\
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Hry\\GTA IV\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"e:\\Hry\\GTA IV\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Hry\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"e:\\Hry\\GTA IV\\Grand Theft Auto IV\\GTAIV.exe"=
"e:\\Hry\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17. 2. 2010 21:36 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17. 2. 2010 21:36 19024]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [7. 3. 2010 2:50 246520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-03-20 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-02-18 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
FF - ProfilePath - c:\documents and settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\ye9lrv6d.default\
FF - prefs.js: browser.search.selectedEngine - Azet
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL -
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2860)
c:\windows\system32\SHDOCVW.dll
c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll
c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Completion time: 2010-03-20 19:56:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-20 18:56

Pre-Run: Volných bajtů: 114 612 760 576
Post-Run: Volných bajtů: 114 600 976 384

- - End Of File - - 54B8DC7F1735CF5607A00C828E0387BB

#2 Příspěvek od **motji** » 20 bře 2010 22:55

Dobrý večer

Combofix by se neměl používat bez dozoru rádce, můžete si při neodborné manipulace nebo bugu programu poškodit systém.

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše


Restore::
c:\windows\system32\wuauclt.exe
c:\windows\explorer.exe

File::
c:\windows\Tasks\WGASetup.job
c:\windows\system32\KB905474\wgasetup.exe

DDS::
uStart Page = hxxp://start.icq.com/

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Poprosím o log ze Rsitu, viz můj podpis

jaké jsou problémy s počítačem?

Nemaj_stres · #3 Příspěvek od **Nemaj_stres** » 21 bře 2010 02:53

ComboFix log:

ComboFix 10-03-19.08 - Tomas . 03. 2010 2:44.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.2047.1485 [GMT 1:00]
Running from: c:\documents and settings\Tomas\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Tomas\Plocha\CFScript.txt.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\system32\KB905474\wgasetup.exe"
"c:\windows\Tasks\WGASetup.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\KB905474\wgasetup.exe
c:\windows\Tasks\WGASetup.job

c:\windows\explorer.exe . . . is infected!!

c:\windows\system32\wuauclt.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-02-21 to 2010-03-21 )))))))))))))))))))))))))))))))
.

2010-03-20 18:55 . 2010-03-20 18:55 -------- d-----w- c:\windows\system32\xircom
2010-03-20 18:55 . 2010-03-20 18:55 -------- d-----w- c:\windows\system32\wbem\snmp
2010-03-20 18:55 . 2010-03-20 18:55 -------- d-----w- c:\program files\microsoft frontpage
2010-03-20 17:11 . 2010-03-20 17:27 -------- d-----w- c:\program files\trend micro
2010-03-20 17:11 . 2010-03-20 17:11 -------- d-----w- C:\rsit
2010-03-10 12:14 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 12:13 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-07 01:50 . 2010-03-07 01:50 -------- d-----w- c:\program files\ICQ6Toolbar
2010-03-07 01:49 . 2010-03-07 01:51 -------- d-----w- c:\program files\ICQ7.0
2010-03-06 22:54 . 2010-03-06 22:54 -------- d-----w- c:\program files\Gamesload Spiele
2010-03-02 00:03 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-03-02 00:03 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-03-02 00:03 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-03-02 00:03 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-03-02 00:03 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-03-02 00:03 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-03-02 00:03 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-03-01 23:36 . 2010-03-01 23:36 -------- d-----w- c:\windows\system32\LogFiles
2010-03-01 16:31 . 2010-03-01 16:31 -------- d-----w- c:\windows\Sun
2010-02-26 23:36 . 2010-02-27 20:52 -------- d-----w- c:\program files\uTorrent
2010-02-26 00:20 . 2010-02-26 00:21 -------- d-----w- c:\program files\Media Player Classic
2010-02-22 17:51 . 2007-03-08 04:20 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-02-22 17:51 . 2007-03-08 04:20 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-02-22 17:51 . 2007-03-30 15:07 267864 ----a-r- c:\windows\system32\hpzids01.dll
2010-02-22 17:51 . 2007-03-28 13:01 117760 ----a-w- c:\windows\system32\hpzll5ha.dll
2010-02-22 17:51 . 2007-03-28 12:57 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll
2010-02-22 17:51 . 2007-03-08 04:20 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-02-22 17:50 . 2008-04-13 21:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-02-22 17:50 . 2007-03-17 16:11 675840 ----a-r- c:\windows\system32\hpowiax3.dll
2010-02-22 17:50 . 2007-03-17 16:11 303104 ----a-r- c:\windows\system32\hpovst10.dll
2010-02-22 17:50 . 2007-03-17 16:11 569344 ----a-r- c:\windows\system32\hpotscl3.dll
2010-02-22 17:50 . 2007-03-08 04:20 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2010-02-22 17:50 . 2007-03-08 04:20 309760 ----a-r- c:\windows\system32\difxapi.dll
2010-02-22 17:48 . 2010-02-22 17:48 -------- d-----w- c:\program files\Common Files\HP
2010-02-22 17:48 . 2010-02-22 17:48 -------- d-----w- c:\program files\Hewlett-Packard
2010-02-22 17:48 . 2010-02-22 17:48 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-02-22 17:47 . 2010-02-22 17:50 -------- d-----w- c:\program files\HP
2010-02-22 17:47 . 2008-04-13 21:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-02-22 17:46 . 2010-02-22 17:52 141186 ----a-w- c:\windows\hpoins14.dat
2010-02-22 17:46 . 2007-06-05 23:07 2000 ------w- c:\windows\hpomdl14.dat
2010-02-21 22:09 . 2010-02-21 22:09 -------- d-----w- c:\program files\CountDown ShutDown PC
2010-02-19 16:57 . 2010-02-19 16:58 -------- d-----w- c:\program files\Ares
2010-02-19 09:17 . 2010-02-19 09:17 -------- d-----w- c:\program files\Rockstar Games
2010-02-19 09:16 . 2010-02-19 09:16 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-19 09:14 . 2010-02-19 09:19 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-02-19 09:14 . 2010-02-19 09:14 -------- d-----w- c:\windows\system32\xlive
2010-02-19 06:25 . 2010-02-19 06:30 -------- d-----w- c:\windows\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-20 18:34 . 2010-02-18 20:20 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-13 11:29 . 2001-10-25 12:00 79086 ----a-w- c:\windows\system32\perfc005.dat
2010-03-13 11:29 . 2001-10-25 12:00 432208 ----a-w- c:\windows\system32\perfh005.dat
2010-03-09 11:24 . 2010-02-17 20:36 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2010-02-17 20:36 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2010-02-17 20:36 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2010-02-17 20:36 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2010-02-17 20:36 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2010-02-17 20:36 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2010-02-17 20:36 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2010-02-17 20:36 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-07 01:50 . 2002-01-20 03:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-06 22:28 . 2002-01-20 03:40 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-23 20:22 . 2002-01-20 03:18 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-18 23:41 . 2010-02-17 23:02 -------- d-----w- c:\program files\Microsoft Works
2010-02-18 18:21 . 2010-02-18 18:21 53167 ----a-w- c:\windows\BricoPackUninst.cmd
2010-02-18 18:21 . 2010-02-18 18:20 6114 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-02-18 18:21 . 2008-04-14 06:52 219648 ----a-w- c:\windows\system32\uxtheme.dll
2010-02-18 17:17 . 2010-02-18 17:17 -------- d-----w- c:\program files\VideoInspector
2010-02-18 12:02 . 2010-02-18 12:02 -------- d-----w- c:\program files\Common Files\SRS
2010-02-18 12:02 . 2010-02-18 12:02 -------- d-----w- c:\program files\SRSLabs
2010-02-17 23:23 . 2010-02-17 21:36 -------- d-----w- c:\program files\EVEREST Ultimate Edition
2010-02-17 23:02 . 2010-02-17 21:01 -------- d-----w- c:\program files\MSBuild
2010-02-17 23:02 . 2010-02-17 23:02 -------- d-----w- c:\program files\Microsoft.NET
2010-02-17 23:00 . 2010-02-17 23:00 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-02-17 21:55 . 2010-02-17 21:55 -------- d-----w- c:\program files\CCleaner
2010-02-17 21:32 . 2010-02-17 21:32 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-02-17 21:17 . 2010-02-17 21:17 728858 ----a-w- c:\program files\Common Files\unins000.exe
2010-02-17 21:02 . 2010-02-17 21:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-17 21:02 . 2010-02-17 21:02 -------- d-----w- c:\program files\Java
2010-02-17 21:01 . 2010-02-17 21:01 -------- d-----w- c:\program files\Reference Assemblies
2010-02-17 20:50 . 2010-02-17 20:50 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-17 20:49 . 2010-02-17 20:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-17 20:46 . 2010-02-17 20:46 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-17 20:41 . 2010-02-17 20:41 0 ----a-w- c:\windows\nsreg.dat
2010-02-17 20:36 . 2010-02-17 20:36 -------- d-----w- c:\program files\Alwil Software
2010-02-17 19:42 . 2002-01-20 03:21 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-17 19:42 . 2002-01-20 03:21 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-02-17 19:38 . 2002-01-20 03:21 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-02-11 18:53 . 2010-02-17 20:36 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-02 18:00 . 2010-02-17 21:32 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-01-01 07:58 . 2009-06-04 12:13 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2009-06-04 12:06 916480 ------w- c:\windows\system32\wininet.dll
.

------- Sigcheck -------

[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe

[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RGSC"="e:\hry\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe" [2010-02-19 306088]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2009-05-12 2181672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"SkyTel"="SkyTel.EXE" [2007-04-04 1822720]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-06-04 128512]

c:\documents and settings\Tomas\Nabˇdka Start\Programy\Po spuçtŘnˇ\
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Hry\\GTA IV\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"e:\\Hry\\GTA IV\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Hry\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"e:\\Hry\\GTA IV\\Grand Theft Auto IV\\GTAIV.exe"=
"e:\\Hry\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17. 2. 2010 21:36 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17. 2. 2010 21:36 19024]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [7. 3. 2010 2:50 246520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
FF - ProfilePath - c:\documents and settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\ye9lrv6d.default\
FF - prefs.js: browser.search.selectedEngine - Azet
FF - prefs.js: browser.startup.homepage - http://www.google.sk
FF - prefs.js: keyword.URL -
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2010-03-21 02:47:27
ComboFix-quarantined-files.txt 2010-03-21 01:47
ComboFix2.txt 2010-03-20 18:56

Pre-Run: Volných bajtů: 115 011 436 544
Post-Run: Volných bajtů: 114 978 586 624

- - End Of File - - A159B3F87BC756629B8ADAC6BCB78A69

RSIT log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Tomas at 2010-03-21 02:52:28
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 110 GB (88%) free of 125 GB
Total RAM: 2047 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:52:40, on 21. 3. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\EXPERTool\TBPanel.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tomas\Plocha\RSIT.exe
C:\Documents and Settings\Tomas\Plocha\Tomas.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [RGSC] E:\Hry\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5751 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-17 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-10 16126464]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-04-04 1822720]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-03-09 2769336]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-06-10 13758464]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-06-10 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RGSC"=E:\Hry\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe [2010-02-19 306088]
"GAINWARD"=C:\Program Files\EXPERTool\TBPanel.exe [2009-05-12 2181672]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Tomas\Nabídka Start\Programy\Po spuštění
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-06-04 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"E:\Hry\GTA IV\Grand Theft Auto IV\LaunchGTAIV.exe"="E:\Hry\GTA IV\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"E:\Hry\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe"="E:\Hry\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"E:\Hry\Battlefield Bad Company 2\BFBC2Updater.exe"="E:\Hry\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"E:\Hry\GTA IV\Grand Theft Auto IV\GTAIV.exe"="E:\Hry\GTA IV\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"E:\Hry\Far Cry\Bin32\FarCry.exe"="E:\Hry\Far Cry\Bin32\FarCry.exe:*:Enabled:Far Cry"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-03-21 02:47:27 ----A---- C:\ComboFix.txt
2010-03-21 02:43:24 ----D---- C:\ComboFix
2010-03-21 02:43:21 ----D---- C:\Qoobox
2010-03-20 19:55:12 ----D---- C:\WINDOWS\system32\xircom
2010-03-20 19:55:12 ----D---- C:\Program Files\xerox
2010-03-20 19:55:12 ----D---- C:\Program Files\microsoft frontpage
2010-03-20 19:51:40 ----A---- C:\WINDOWS\zip.exe
2010-03-20 19:51:40 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-03-20 19:51:40 ----A---- C:\WINDOWS\SWSC.exe
2010-03-20 19:51:40 ----A---- C:\WINDOWS\SWREG.exe
2010-03-20 19:51:40 ----A---- C:\WINDOWS\sed.exe
2010-03-20 19:51:40 ----A---- C:\WINDOWS\PEV.exe
2010-03-20 19:51:40 ----A---- C:\WINDOWS\NIRCMD.exe
2010-03-20 19:51:40 ----A---- C:\WINDOWS\MBR.exe
2010-03-20 19:51:40 ----A---- C:\WINDOWS\grep.exe
2010-03-20 19:51:35 ----D---- C:\WINDOWS\ERDNT
2010-03-20 18:11:45 ----D---- C:\rsit
2010-03-20 18:11:45 ----D---- C:\Program Files\trend micro
2010-03-10 15:13:55 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-10 13:13:22 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-03-07 02:50:53 ----D---- C:\Program Files\ICQ6Toolbar
2010-03-07 02:50:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2010-03-07 02:49:35 ----D---- C:\Documents and Settings\Tomas\Data aplikací\ICQ
2010-03-07 02:49:22 ----D---- C:\Program Files\ICQ7.0
2010-03-06 23:54:43 ----D---- C:\Program Files\Gamesload Spiele
2010-03-02 01:03:50 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2010-03-02 01:03:50 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2010-03-02 01:03:50 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2010-03-02 01:03:48 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2010-03-02 01:03:48 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2010-03-02 01:03:47 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2010-03-02 01:03:47 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2010-03-02 00:36:26 ----D---- C:\WINDOWS\system32\LogFiles
2010-03-01 17:31:33 ----D---- C:\WINDOWS\Sun
2010-03-01 04:43:14 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-28 02:37:35 ----A---- C:\WINDOWS\MegaManager.INI
2010-02-27 00:36:05 ----D---- C:\Program Files\uTorrent
2010-02-27 00:35:19 ----D---- C:\Documents and Settings\Tomas\Data aplikací\uTorrent
2010-02-27 00:34:06 ----D---- C:\WINDOWS\system32\appmgmt
2010-02-26 01:20:55 ----D---- C:\Program Files\Media Player Classic
2010-02-24 20:18:05 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-22 18:53:13 ----D---- C:\Documents and Settings\Tomas\Data aplikací\HP
2010-02-22 18:52:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\WEBREG
2010-02-22 18:51:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\Hewlett-Packard
2010-02-22 18:51:06 ----RA---- C:\WINDOWS\system32\hpzids01.dll
2010-02-22 18:51:05 ----A---- C:\WINDOWS\system32\hpzll5ha.dll
2010-02-22 18:50:48 ----RA---- C:\WINDOWS\system32\hppldcoi.dll
2010-02-22 18:50:48 ----RA---- C:\WINDOWS\system32\hpowiax3.dll
2010-02-22 18:50:48 ----RA---- C:\WINDOWS\system32\hpovst10.dll
2010-02-22 18:50:48 ----RA---- C:\WINDOWS\system32\hpotscl3.dll
2010-02-22 18:50:48 ----RA---- C:\WINDOWS\system32\difxapi.dll
2010-02-22 18:50:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\HPSSUPPLY
2010-02-22 18:49:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\HP Product Assistant
2010-02-22 18:49:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\HP
2010-02-22 18:48:53 ----D---- C:\Program Files\Common Files\HP
2010-02-22 18:48:40 ----D---- C:\Program Files\Hewlett-Packard
2010-02-22 18:48:31 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2010-02-22 18:47:41 ----D---- C:\Program Files\HP

======List of files/folders modified in the last 1 months======

2010-03-21 02:52:36 ----D---- C:\WINDOWS\Prefetch
2010-03-21 02:47:34 ----D---- C:\WINDOWS\Temp
2010-03-21 02:46:45 ----D---- C:\WINDOWS
2010-03-21 02:46:45 ----A---- C:\WINDOWS\system.ini
2010-03-21 02:46:31 ----SD---- C:\WINDOWS\Tasks
2010-03-21 02:46:31 ----D---- C:\WINDOWS\system32\KB905474
2010-03-21 02:45:51 ----D---- C:\WINDOWS\system32\drivers
2010-03-21 02:45:51 ----D---- C:\WINDOWS\system32
2010-03-21 02:45:51 ----D---- C:\WINDOWS\AppPatch
2010-03-21 02:45:50 ----D---- C:\Program Files\Common Files
2010-03-21 02:44:10 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-21 02:43:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-20 22:06:21 ----RD---- C:\Program Files
2010-03-20 19:55:12 ----D---- C:\WINDOWS\system32\wbem
2010-03-20 19:55:12 ----D---- C:\WINDOWS\ime
2010-03-20 19:34:35 ----D---- C:\Documents and Settings
2010-03-19 15:16:56 ----HD---- C:\WINDOWS\inf
2010-03-13 12:29:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-13 12:29:52 ----SD---- C:\Documents and Settings\Tomas\Data aplikací\Microsoft
2010-03-12 18:23:02 ----D---- C:\WINDOWS\Debug
2010-03-10 15:14:20 ----SHD---- C:\WINDOWS\Installer
2010-03-10 15:14:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-03-10 15:13:57 ----D---- C:\WINDOWS\system32\dllcache
2010-03-10 15:13:57 ----D---- C:\Program Files\Movie Maker
2010-03-10 15:13:50 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-10 01:13:52 ----A---- C:\WINDOWS\win.ini
2010-03-09 12:24:05 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-03-07 02:50:52 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-06 23:28:25 ----D---- C:\Program Files\Common Files\InstallShield
2010-03-02 06:30:12 ----A---- C:\WINDOWS\system32\MRT.exe
2010-03-02 01:03:51 ----D---- C:\WINDOWS\system32\DirectX
2010-03-02 01:03:32 ----RSD---- C:\WINDOWS\assembly
2010-03-02 01:02:45 ----D---- C:\WINDOWS\WinSxS
2010-02-25 01:20:12 ----D---- C:\Program Files\Adobe
2010-02-25 01:02:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-02-24 20:18:19 ----D---- C:\WINDOWS\ie8updates
2010-02-23 21:22:10 ----D---- C:\Program Files\Windows Media Connect 2
2010-02-22 18:48:44 ----D---- C:\WINDOWS\twain_32
2010-02-22 18:48:07 ----DC---- C:\WINDOWS\system32\DRVSTORE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-03-09 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-03-09 162640]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-03-09 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-03-09 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-03-09 100432]
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-03-09 23376]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-07-03 29696]
R3 catchme;catchme; \??\C:\DOCUME~1\Tomas\LOCALS~1\Temp\catchme.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-10 4397568]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-06-04 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-07-03 8087712]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 mbr;mbr; \??\C:\DOCUME~1\Tomas\LOCALS~1\Temp\mbr.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-06-04 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-06-04 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-17 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-06-10 168004]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

No a problémy sú také: napr. keď zatváram okná tak sa zatvárajú pomaly a zvyknú po nich ostať také obrysy alebo mi nechce načítavať obrázky na nete, niekedy keď som vytiahol a nas5 zastrčil modem do zástrčky tak ich už potom zobrazilo ale teraz už nechce.

#4 Příspěvek od **motji** » 21 bře 2010 07:15

Stáhněte SystemLook
http://jpshortstuff.247fixes.com/SystemLook.exe

- uložte ho na plochu a spustte.
- do okénka zkopírujte

Kód: Vybrat vše

:filefind
c:\windows\system32\wuauclt.exe
c:\windows\explorer.exe

- klikněte na Look, proběhne sken, na konci se zobrazí log, jehož obsah zkopírujete sem

Nemaj_stres · #5 Příspěvek od **Nemaj_stres** » 21 bře 2010 11:12

System Look log:

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 11:10 on 21/03/2010 by Tomas (Administrator - Elevation successful)

========== filefind ==========

Searching for "c:\windows\system32\wuauclt.exe"
No files found.

Searching for "c:\windows\explorer.exe"
No files found.

-=End Of File=-

#6 Příspěvek od **motji** » 21 bře 2010 22:15

Z přílohy si stahněte soubor v raru, rozbalte a uložte soubory přímo na disk C, tak aby cesta k nim byla
c:\wuauclt.exe
c:explorer.exe

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

FCOPY::
c:\wuauclt.exe | c:\windows\system32\wuauclt.exe
c:\explorer.exe | c:\windows\explorer.exe

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Nemaj_stres · #7 Příspěvek od **Nemaj_stres** » 21 bře 2010 22:45

Spravil som všetko ako si napísala, no scan nedokončilo, vyhodilo mi modrú smrť a následne sa PC reštartoval.

#8 Příspěvek od **motji** » 21 bře 2010 23:01

Zkuste to ještě jednou v nouzovém režimu. Pokud bude znovu modrá smrt, zkuste vyfotit, co je na ní napsáno za problém.

Nemaj_stres · #9 Příspěvek od **Nemaj_stres** » 22 bře 2010 07:47

OK - V núdzovom režime sa mi podarilo spraviť log, takže tu je:

ComboFix 10-03-19.08 - Administrator . 03. 2010 7:35.4.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.2047.1790 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Plocha\CFScript.txt.txt
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\explorer.exe
.
---- Previous Run -------
.
C:\explorer.exe

.
--------------- FCopy ---------------

c:\wuauclt.exe --> c:\windows\system32\wuauclt.exe
c:\explorer.exe --> c:\windows\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2010-02-22 to 2010-03-22 )))))))))))))))))))))))))))))))
.

2010-03-22 05:39 . 2010-03-22 05:39 -------- d-----w- c:\windows\LastGood
2010-03-21 21:30 . 2009-08-17 14:27 51224 ------w- C:\wuauclt.exe
2010-03-20 18:55 . 2010-03-20 18:55 -------- d-----w- c:\windows\system32\xircom
2010-03-20 18:55 . 2010-03-20 18:55 -------- d-----w- c:\windows\system32\wbem\snmp
2010-03-20 18:55 . 2010-03-20 18:55 -------- d-----w- c:\program files\microsoft frontpage
2010-03-20 17:11 . 2010-03-20 17:27 -------- d-----w- c:\program files\trend micro
2010-03-20 17:11 . 2010-03-20 17:11 -------- d-----w- C:\rsit
2010-03-10 12:14 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 12:13 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-07 01:50 . 2010-03-07 01:50 -------- d-----w- c:\program files\ICQ6Toolbar
2010-03-07 01:49 . 2010-03-07 01:51 -------- d-----w- c:\program files\ICQ7.0
2010-03-06 22:54 . 2010-03-06 22:54 -------- d-----w- c:\program files\Gamesload Spiele
2010-03-02 00:03 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-03-02 00:03 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-03-02 00:03 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-03-02 00:03 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-03-02 00:03 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-03-02 00:03 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-03-02 00:03 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-03-01 23:36 . 2010-03-01 23:36 -------- d-----w- c:\windows\system32\LogFiles
2010-03-01 16:31 . 2010-03-01 16:31 -------- d-----w- c:\windows\Sun
2010-02-26 23:36 . 2010-02-27 20:52 -------- d-----w- c:\program files\uTorrent
2010-02-26 00:20 . 2010-02-26 00:21 -------- d-----w- c:\program files\Media Player Classic
2010-02-22 17:51 . 2007-03-08 04:20 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-02-22 17:51 . 2007-03-08 04:20 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-02-22 17:51 . 2007-03-30 15:07 267864 ----a-r- c:\windows\system32\hpzids01.dll
2010-02-22 17:51 . 2007-03-28 13:01 117760 ----a-w- c:\windows\system32\hpzll5ha.dll
2010-02-22 17:51 . 2007-03-28 12:57 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll
2010-02-22 17:51 . 2007-03-08 04:20 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-02-22 17:50 . 2008-04-13 21:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-02-22 17:50 . 2007-03-17 16:11 675840 ----a-r- c:\windows\system32\hpowiax3.dll
2010-02-22 17:50 . 2007-03-17 16:11 303104 ----a-r- c:\windows\system32\hpovst10.dll
2010-02-22 17:50 . 2007-03-17 16:11 569344 ----a-r- c:\windows\system32\hpotscl3.dll
2010-02-22 17:50 . 2007-03-08 04:20 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2010-02-22 17:50 . 2007-03-08 04:20 309760 ----a-r- c:\windows\system32\difxapi.dll
2010-02-22 17:48 . 2010-02-22 17:48 -------- d-----w- c:\program files\Common Files\HP
2010-02-22 17:48 . 2010-02-22 17:48 -------- d-----w- c:\program files\Hewlett-Packard
2010-02-22 17:48 . 2010-02-22 17:48 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-02-22 17:47 . 2010-02-22 17:50 -------- d-----w- c:\program files\HP
2010-02-22 17:47 . 2008-04-13 21:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-02-22 17:46 . 2010-02-22 17:52 141186 ----a-w- c:\windows\hpoins14.dat
2010-02-22 17:46 . 2007-06-05 23:07 2000 ------w- c:\windows\hpomdl14.dat
2010-02-21 22:09 . 2010-02-21 22:09 -------- d-----w- c:\program files\CountDown ShutDown PC

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-22 06:33 . 2001-10-25 12:00 432072 ----a-w- c:\windows\system32\perfh005.dat
2010-03-22 06:33 . 2001-10-25 12:00 78950 ----a-w- c:\windows\system32\perfc005.dat
2010-03-22 06:32 . 2010-02-18 20:20 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-09 11:24 . 2010-02-17 20:36 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2010-02-17 20:36 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2010-02-17 20:36 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2010-02-17 20:36 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2010-02-17 20:36 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2010-02-17 20:36 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2010-02-17 20:36 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2010-02-17 20:36 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-07 01:50 . 2002-01-20 03:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-06 22:28 . 2002-01-20 03:40 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-23 20:22 . 2002-01-20 03:18 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-19 16:58 . 2010-02-19 16:57 -------- d-----w- c:\program files\Ares
2010-02-19 09:19 . 2010-02-19 09:14 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-02-19 09:17 . 2010-02-19 09:17 -------- d-----w- c:\program files\Rockstar Games
2010-02-19 09:16 . 2010-02-19 09:16 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-18 23:41 . 2010-02-17 23:02 -------- d-----w- c:\program files\Microsoft Works
2010-02-18 18:21 . 2010-02-18 18:21 53167 ----a-w- c:\windows\BricoPackUninst.cmd
2010-02-18 18:21 . 2010-02-18 18:20 6114 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-02-18 18:21 . 2008-04-14 06:52 219648 ----a-w- c:\windows\system32\uxtheme.dll
2010-02-18 17:17 . 2010-02-18 17:17 -------- d-----w- c:\program files\VideoInspector
2010-02-18 12:02 . 2010-02-18 12:02 -------- d-----w- c:\program files\Common Files\SRS
2010-02-18 12:02 . 2010-02-18 12:02 -------- d-----w- c:\program files\SRSLabs
2010-02-17 23:23 . 2010-02-17 21:36 -------- d-----w- c:\program files\EVEREST Ultimate Edition
2010-02-17 23:02 . 2010-02-17 21:01 -------- d-----w- c:\program files\MSBuild
2010-02-17 23:02 . 2010-02-17 23:02 -------- d-----w- c:\program files\Microsoft.NET
2010-02-17 23:00 . 2010-02-17 23:00 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-02-17 21:55 . 2010-02-17 21:55 -------- d-----w- c:\program files\CCleaner
2010-02-17 21:32 . 2010-02-17 21:32 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-02-17 21:17 . 2010-02-17 21:17 728858 ----a-w- c:\program files\Common Files\unins000.exe
2010-02-17 21:02 . 2010-02-17 21:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-17 21:02 . 2010-02-17 21:02 -------- d-----w- c:\program files\Java
2010-02-17 21:01 . 2010-02-17 21:01 -------- d-----w- c:\program files\Reference Assemblies
2010-02-17 20:50 . 2010-02-17 20:50 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-17 20:49 . 2010-02-17 20:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-17 20:46 . 2010-02-17 20:46 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-17 20:41 . 2010-02-17 20:41 0 ----a-w- c:\windows\nsreg.dat
2010-02-17 20:36 . 2010-02-17 20:36 -------- d-----w- c:\program files\Alwil Software
2010-02-17 19:42 . 2002-01-20 03:21 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-17 19:42 . 2002-01-20 03:21 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-02-17 19:38 . 2002-01-20 03:21 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-02-11 18:53 . 2010-02-17 20:36 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-02 18:00 . 2010-02-17 21:32 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-01-01 07:58 . 2009-06-04 12:13 353792 ----a-w- c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-03-21_01.46.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-10-25 12:00 . 2010-03-22 06:33 68408 c:\windows\system32\perfc009.dat
+ 2002-01-20 03:20 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2010-03-22 05:39 . 2009-08-17 14:27 51224 c:\windows\LastGood\system32\wuauclt.exe
+ 2001-10-25 12:00 . 2010-03-22 06:33 435704 c:\windows\system32\perfh009.dat
+ 2008-04-14 06:52 . 2009-08-17 14:26 1034240 c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-06-04 128512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"SkyTel"="SkyTel.EXE" [2007-04-04 1822720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-06-04 128512]

c:\documents and settings\Tomas\Nabˇdka Start\Programy\Po spuçtŘnˇ\
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Hry\\GTA IV\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"e:\\Hry\\GTA IV\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Hry\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"e:\\Hry\\GTA IV\\Grand Theft Auto IV\\GTAIV.exe"=
"e:\\Hry\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17. 2. 2010 21:36 162640]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17. 2. 2010 21:36 19024]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [7. 3. 2010 2:50 246520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2010-03-22 07:40:23
ComboFix-quarantined-files.txt 2010-03-22 06:40
ComboFix2.txt 2010-03-21 01:47
ComboFix3.txt 2010-03-20 18:56

Pre-Run: Volných bajtů: 114 112 176 128
Post-Run: Volných bajtů: 114 078 138 368

- - End Of File - - 918535DBFCA8A9E1548882B6D975069E

#10 Příspěvek od **motji** » 22 bře 2010 11:30

Jak to ted vypadá s počítačem?

odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
- spusťte gmer

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu

start-spustit
do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

ok

vytvoří se log s názvem mbr.log, vložte ho zde

Nemaj_stres · #11 Příspěvek od **Nemaj_stres** » 22 bře 2010 13:46

Tie obrysy sa mi zdajú že už sú na tom lepšie o niečo, ale obrázky mi stále nechce zobrazovať, no ja si myslím že to bude niečo s modemom, nevieš náhodou čo?

No a keď stiahnem a spustím SPTDinst-v162-x86 (32-bit) tak mi vyhodí toto a nedá sa kliknúť na Uninstall:

Obrázek

#12 Příspěvek od **motji** » 22 bře 2010 14:16

Nevadí, pokračujte Gmerem.
Nevím, modemem ne, spíš Vám chybí nějaký plugin?

Nemaj_stres · #13 Příspěvek od **Nemaj_stres** » 22 bře 2010 20:14

Nie nie s pluginom to nebude mať nič spoločné na 100 % lebo mám doma prepojene 2 PC cez switch no a na tom druhom PC obrázky nejdú tiež, preto mi to nejde do hlavy.

Môže byť že odchádza modem ?
Alebo žeby bol v ňom nejaký vírus? Je to možné?

GMER LOG 1:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-22 19:47:25
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Tomas\LOCALS~1\Temp\agtdipob.sys

---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB46A94FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB46A9322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB46A945C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

GMER LOG 2:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-22 20:05:21
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Tomas\LOCALS~1\Temp\agtdipob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB469CC56]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB469CB12]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xB469D0C6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB469CFF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB469C6E8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB469CBEC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB469C628]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB469C68C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB469CD0C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xB469D194]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB469CCCC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB469CE4C]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB46A94FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB46A9322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB46A945C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CE0 8050457C 4 Bytes CALL 4704AF47
PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP B46A9460 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB3D8 7 Bytes JMP B46A9326 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC54C 5 Bytes JMP B46A54BA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FD0 5 Bytes JMP B46A6972 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1174 7 Bytes JMP B46A9502 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB703B360, 0x3D46A5, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[736] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[736] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

No a s tým MBR som si nie celkom istý lebo mi tam nevihodilo žiadne okienko kde by sa dalo niečo nakopírovať.
No ale tu je log: (inak to isté čo je v logu bolo aj v tom príkazovom riadku)

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

#14 Příspěvek od **motji** » 22 bře 2010 20:58

Zkuste modem resetovat.

Mbr musíte spustit jinak,

start-spustit
do okénka zkopírujte

"%userprofile%\plocha\mbr" -t

ok

Nemaj_stres · #15 Příspěvek od **Nemaj_stres** » 22 bře 2010 22:51

Modem môžem resetovať koľko chcem ale nepomôže to, kedysi to pomohlo a obrázky mi zobrazilo no teraz už nezobrazí.

Už je to OK?

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

VIRY.CZ

RelevantKnowledge odstránený, script na ComboFix

RelevantKnowledge odstránený, script na ComboFix

Re: RelevantKnowledge odstránený, script na ComboFix

Re: RelevantKnowledge odstránený, script na ComboFix

Re: RelevantKnowledge odstránený, script na ComboFix

Re: RelevantKnowledge odstránený, script na ComboFix

Re: RelevantKnowledge odstránený, script na ComboFix

Re: RelevantKnowledge odstránený, script na ComboFix

Re: RelevantKnowledge odstránený, script na ComboFix

Re: RelevantKnowledge odstránený, script na ComboFix

Re: RelevantKnowledge odstránený, script na ComboFix

Re: RelevantKnowledge odstránený, script na ComboFix

Re: RelevantKnowledge odstránený, script na ComboFix

Re: RelevantKnowledge odstránený, script na ComboFix

Re: RelevantKnowledge odstránený, script na ComboFix

Re: RelevantKnowledge odstránený, script na ComboFix