Prosím o kontrolu Logu !!!

Zpráva

Baggio · #1 Příspěvek od **Baggio** » 07 dub 2010 12:26

Dobrý den,

prosím o kontroku logu. Určitě tam mám nějakou havěť, po cca 15 min se mi PC total blokne (nové). Tedy:

DĚKUJI !!!

Logfile of random's system information tool 1.06 (written by random/random)
Run by ... at 2010-04-07 13:15:34
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 119 GB (78%) free of 153 GB
Total RAM: 1978 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:19:37, on 7.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\DTS.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\AtService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\pdaBusiness\Qlock\Qlock.exe
C:\WINDOWS\TEMP\HLA504.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DL_
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [SetCacheMode] Rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKCU
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Qlock.lnk = C:\Program Files\pdaBusiness\Qlock\Qlock.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DL_
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DL_
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DL_
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DL_
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DL_
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DL_
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DL_
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.valeantvision.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Valeant.Corp.vrx
O17 - HKLM\Software\..\Telephony: DomainName = Valeant.Corp.vrx
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Valeant.Corp.vrx
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ICNPHARM.COM
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ICNPHARM.COM
O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll
O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\WINDOWS\system32\ADMonitor.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\WINDOWS\system32\AtService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\WINDOWS\system32\DTS.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\winvnc4.exe

--
End of file - 13638 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Dcsvyvi.job
C:\WINDOWS\tasks\FileCure Startup.job
C:\WINDOWS\tasks\FileCure.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\PMTask.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\TRANSLAT\WEBIE.DL_ [2006-07-11 319488]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{855F3B16-6D32-4FE6-8A56-BBB695989046}
{D4027C7F-154A-4066-A1AD-4243D8127440}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"PtiuPbmd"=ptipbm.dll,SetWriteBack []
"SetCacheMode"=ptipbmf.dll,SetWriteCacheMode []
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-07-03 1323008]
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2008-06-06 181536]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog []
"TPFNF7"=C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [2008-07-31 60192]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2008-03-24 68464]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2008-06-05 242976]
"OfficeScanNT Monitor"=C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [2006-02-07 356352]
"FingerPrintSoftware"=C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [2009-03-19 12095488]
"Media Codec Update Service"=C:\Program Files\Essentials Codec Pack\update.exe [2007-04-08 303104]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-11 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-01-22 141608]
"BlackBerryAutoUpdate"=C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2010-03-10 648536]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2009-07-08 236016]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-03-09 2769336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"pdfFactory Pro Dispatcher v2"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe [2005-11-24 491520]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2008-10-24 206112]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
Qlock.lnk - C:\Program Files\pdaBusiness\Qlock\Qlock.exe
VPN Client.lnk - C:\WINDOWS\Installer\{6DC47739-3BB0-4494-A43D-193BF54070AE}\Icon3E5562ED7.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ATFUS]
C:\WINDOWS\system32\FpWinLogonNp.dll [2009-03-19 180224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-07-10 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2008-03-17 34080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"HideLegacyLogonScripts"=1
"HideLogonScripts"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoWindowsUpdate"=1
"NoSMConfigurePrograms"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSMConfigurePrograms"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\RealVNC\VNC4\winvnc4.exe"="C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ea8bfe2-f9f5-11de-8389-0026c63f95ba}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ea8bfe5-f9f5-11de-8389-0026c63f95ba}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ea8bfe6-f9f5-11de-8389-0026c63f95ba}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{786514b5-180c-11df-83c7-0026c63f95ba}]
shell\AutoRun\command - F:\Launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee75d986-fd58-11de-8391-0026c63f95ba}]
shell\AutoRun\command - H:\DmailerSync_v9_0_15109.exe

======List of files/folders created in the last 1 months======

2010-04-07 13:15:34 ----D---- C:\rsit
2010-04-06 11:44:53 ----A---- C:\Log.txt
2010-04-05 21:55:06 ----D---- C:\2f39630400e602a8a04a00eb5d85baf2
2010-04-05 20:15:49 ----D---- C:\Documents and Settings\robert.janota\Application Data\Desktopicon
2010-04-05 20:15:36 ----A---- C:\WINDOWS\system32\vbzlib1.dll
2010-04-05 14:48:15 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-04-01 19:57:44 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-01 07:31:06 ----D---- C:\WINDOWS\Minidump
2010-03-29 22:50:34 ----D---- C:\Program Files\Common Files\Sonic Shared
2010-03-29 22:06:49 ----D---- C:\Documents and Settings\robert.janota\Application Data\InstallShield
2010-03-29 20:10:11 ----A---- C:\WINDOWS\ModemLog_Modem Bluetooth.txt
2010-03-27 22:43:46 ----A---- C:\Documents and Settings\robert.janota\Application Data\BBMS_EXCEPTION.txt
2010-03-27 22:43:04 ----D---- C:\Documents and Settings\All Users\Application Data\Research In Motion
2010-03-27 14:36:58 ----D---- C:\Documents and Settings\robert.janota\Application Data\Roxio
2010-03-27 14:33:58 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2010-03-27 14:30:10 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2010-03-27 14:30:00 ----D---- C:\Documents and Settings\All Users\Application Data\Sonic
2010-03-27 14:28:23 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2010-03-27 14:28:18 ----D---- C:\Program Files\Common Files\Roxio Shared
2010-03-27 14:25:19 ----D---- C:\Documents and Settings\robert.janota\Application Data\Blackberry Desktop
2010-03-27 13:50:11 ----D---- C:\Documents and Settings\robert.janota\Application Data\Research In Motion
2010-03-27 13:49:52 ----D---- C:\Program Files\Common Files\Research In Motion
2010-03-21 15:47:12 ----D---- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2010-03-16 17:15:24 ----D---- C:\Program Files\Network Stumbler
2010-03-16 12:24:14 ----A---- C:\WINDOWS\system32\ptpusd.dll
2010-03-16 12:24:14 ----A---- C:\WINDOWS\system32\ptpusb.dll
2010-03-15 09:07:33 ----A---- C:\WINDOWS\ModemLog_Nokia 6300 USB Modem.txt
2010-03-15 09:05:37 ----D---- C:\Program Files\PC Connectivity Solution

======List of files/folders modified in the last 1 months======

2010-04-07 13:19:37 ----D---- C:\Program Files\Trend Micro
2010-04-07 13:15:46 ----D---- C:\WINDOWS\Prefetch
2010-04-07 13:14:50 ----D---- C:\WINDOWS\Temp
2010-04-07 13:14:50 ----D---- C:\WINDOWS
2010-04-07 13:14:10 ----D---- C:\Program Files\CCleaner
2010-04-07 13:12:34 ----A---- C:\WINDOWS\SMSCFG.ini
2010-04-07 13:10:59 ----A---- C:\WINDOWS\ModemLog_ThinkPad Modem Adapter.txt
2010-04-07 13:10:48 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-07 13:09:48 ----SHD---- C:\WINDOWS\CSC
2010-04-07 10:28:38 ----D---- C:\Documents and Settings
2010-04-07 09:08:09 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-04-07 09:05:28 ----D---- C:\Program Files\Outlook Express
2010-04-07 08:30:32 ----D---- C:\Jean
2010-04-06 11:47:12 ----RD---- C:\Program Files
2010-04-06 09:17:39 ----AD---- C:\WINDOWS\system32
2010-04-06 09:17:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-05 22:02:17 ----D---- C:\WINDOWS\Debug
2010-04-05 21:46:02 ----D---- C:\Program Files\Mozilla Firefox
2010-04-05 20:15:45 ----SHD---- C:\WINDOWS\Installer
2010-04-05 20:15:44 ----SD---- C:\WINDOWS\Tasks
2010-04-05 15:04:24 ----D---- C:\WINDOWS\AppPatch
2010-04-05 14:48:30 ----D---- C:\WINDOWS\system32\drivers
2010-04-05 14:48:25 ----D---- C:\WINDOWS\WinSxS
2010-04-05 14:48:11 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-04-05 14:35:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-04 13:55:14 ----A---- C:\WINDOWS\WTRAN32.INI
2010-04-02 20:42:05 ----D---- C:\Documents and Settings\robert.janota\Application Data\vlc
2010-03-31 10:15:33 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-03-29 23:04:36 ----SD---- C:\Documents and Settings\robert.janota\Application Data\Microsoft
2010-03-29 22:58:48 ----HD---- C:\WINDOWS\inf
2010-03-29 22:51:23 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-29 22:51:04 ----RSD---- C:\WINDOWS\Fonts
2010-03-29 22:50:34 ----D---- C:\Program Files\Common Files
2010-03-29 22:48:51 ----D---- C:\Temp
2010-03-29 12:25:53 ----D---- C:\Documents and Settings\robert.janota\Application Data\dvdcss
2010-03-28 21:09:07 ----D---- C:\WINDOWS\Help
2010-03-28 21:09:07 ----A---- C:\WINDOWS\ODBCINST.INI
2010-03-28 21:09:07 ----A---- C:\WINDOWS\ODBC.INI
2010-03-16 19:40:51 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-16 19:40:46 ----D---- C:\Documents and Settings\All Users\Application Data\ICQ
2010-03-16 17:07:34 ----D---- C:\WINDOWS\system
2010-03-15 23:43:37 ----D---- C:\WINDOWS\system32\VPCache
2010-03-15 09:05:43 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-03-15 09:04:53 ----D---- C:\Program Files\Nokia
2010-03-15 09:04:48 ----D---- C:\Program Files\Common Files\Nokia
2010-03-15 09:03:07 ----D---- C:\Documents and Settings\All Users\Application Data\Installations
2010-03-15 08:58:44 ----D---- C:\Documents and Settings\robert.janota\Application Data\PC Suite

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-03-09 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-03-09 162640]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-03-09 46672]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-27 36096]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys []
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2008-05-12 17844]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2008-09-25 4442]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2008-07-31 4608]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-03-09 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-03-09 100432]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2008-04-09 12672]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2008-04-18 11904]
R2 TM_CFW;Common Firewall Driver; \??\C:\Program Files\Trend Micro\OfficeScan Client\tm_cfw.sys []
R2 TmFilter;Trend Micro Filter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys []
R2 TmPreFilter;Trend Micro PreFilter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys []
R2 VSApiNt;Trend Micro VSAPI NT; \??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-03-09 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-07-10 4125696]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver; C:\WINDOWS\System32\Drivers\ATSwpWDF.sys [2009-03-19 482176]
R3 BTDriver;Ovladač virtuálních komunikací Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-06-09 37160]
R3 BTKRNL;Enumenátor sběrnice Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-06-09 991144]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAU32.sys [2008-06-12 764416]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2004-02-02 139604]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver; C:\WINDOWS\system32\DRIVERS\e1y5132.sys [2008-06-13 243856]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-08 138752]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2008-03-26 40832]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2008-04-09 985472]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2008-04-09 210560]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2008-08-08 23720]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-06-26 3630080]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2008-09-25 31680]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2007-11-22 78720]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-07-03 225664]
R3 tpm;tpm; C:\WINDOWS\system32\DRIVERS\tpm.sys [2008-03-26 13824]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2008-04-09 731264]
S3 btaudio;Zvukové zařízení Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2008-06-09 534568]
S3 BTWDNDIS;Server pro přístup k síti LAN Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-06-09 156392]
S3 btwmodem;Modem Bluetooth; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2008-06-09 37032]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-06-09 47272]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2003-05-01 5220]
S3 E1000;Intel(R) PRO/1000 Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2006-01-07 163840]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-08-24 101120]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-01-21 18048]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-12-30 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-12-30 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-12-30 8320]
S3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2004-08-04 28672]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 prepdrvr;SMS Process Event Driver; \??\C:\WINDOWS\system32\CCM\prepdrv.sys []
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 RimUsb;zařízení BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2007-11-22 12032]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2007-11-22 11008]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-12-30 7936]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-04 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-12-30 7936]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-07-10 602112]
R2 ATService;AuthenTec Fingerprint Service; C:\WINDOWS\system32\AtService.exe [2009-03-19 1680632]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2008-05-29 342624]
R2 CcmExec;SMS Agent Host; C:\WINDOWS\system32\CCM\CcmExec.exe [2006-02-09 578784]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2004-08-27 1445912]
R2 dtsvc;Data Transfer Service; C:\WINDOWS\system32\DTS.exe [2009-03-19 98304]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-07-10 819200]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2008-08-08 41248]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-11-12 71096]
R2 ntrtscan;OfficeScanNT RealTime Scan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [2006-02-07 495616]
R2 OfcPfwSvc;OfficeScanNT Personal Firewall; C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe [2006-02-07 233552]
R2 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2008-09-25 94208]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-07-10 466944]
R2 S24EventMonitor;Intel® PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2008-07-10 901120]
R2 tmlisten;OfficeScanNT Listener; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [2006-02-07 614488]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2008-05-14 37416]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 545576]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-28 133104]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe []
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2009-07-08 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2009-07-08 170480]
S3 ADMonitor;AD Monitor; C:\WINDOWS\system32\ADMonitor.exe [2009-03-19 106496]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FingerprintServer;Fingerprint Server; C:\WINDOWS\system32\FpLogonServ.exe [2009-03-19 118784]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe []
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2009-07-08 1108464]
S3 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\winvnc4.exe [2007-02-14 852984]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

#2 Příspěvek od **motji** » 07 dub 2010 12:45

Hezké odpoledne

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

Baggio · #3 Příspěvek od **Baggio** » 07 dub 2010 20:20

Děkuji za vaši odpověď a pomoc!

ComboFix výsledek zde:

ComboFix 10-04-06.05 - robert.janota 07.04.2010 21:06:34.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1033.18.1978.1449 [GMT 2:00]
Spuštěný z: c:\documents and settings\robert.janota\My Documents\Stažené soubory\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Trend Micro OfficeScan Enterprise Client Firewall *enabled* {38B04FE9-0F6E-4920-BE0E-32C444623C30}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
c:\documents and settings\robert.janota\Application Data\Desktopicon
c:\documents and settings\robert.janota\Application Data\Desktopicon\eBay.ico
c:\documents and settings\robert.janota\Application Data\Desktopicon\uninst.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\vbzlib1.dll

----- BITS: Možné infikované stránky -----

hxxp://SEURZWSMS001:80
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-07 do 2010-04-07 )))))))))))))))))))))))))))))))
.

2010-04-07 11:15 . 2010-04-07 11:19 -------- d-----w- C:\rsit
2010-04-07 05:31 . 2010-04-07 05:31 2131336 ----a-w- c:\documents and settings\robert.janota\Application Data\Mozilla\Firefox\Profiles\tysq1smy.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-04-05 19:55 . 2010-04-05 19:57 -------- d-----w- C:\2f39630400e602a8a04a00eb5d85baf2
2010-04-05 12:48 . 2010-03-09 10:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-05 12:48 . 2010-03-09 10:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-05 12:48 . 2010-03-09 10:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-05 12:48 . 2010-03-09 10:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-05 12:48 . 2010-03-09 10:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-05 12:48 . 2010-03-09 10:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-05 12:48 . 2010-03-09 10:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-05 12:48 . 2010-03-09 10:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-05 12:48 . 2010-03-09 10:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-01 17:57 . 2010-04-05 13:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-01 03:04 . 2010-04-01 03:06 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2010-03-29 20:50 . 2010-03-29 20:50 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-03-29 20:06 . 2010-03-29 20:06 -------- d-----w- c:\documents and settings\robert.janota\Application Data\InstallShield
2010-03-29 08:20 . 2010-03-29 08:20 40484 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-27 20:43 . 2010-03-27 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-03-27 12:36 . 2010-03-27 12:36 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2010-03-27 12:36 . 2010-03-27 12:38 -------- d-----w- c:\documents and settings\robert.janota\Application Data\Roxio
2010-03-27 12:30 . 2010-03-27 12:30 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-03-27 12:30 . 2010-03-27 12:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-03-27 12:28 . 2010-03-29 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-03-27 12:28 . 2010-03-29 20:28 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-03-27 12:25 . 2009-01-09 14:18 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2010-03-27 12:25 . 2010-03-27 12:25 -------- d-----w- c:\documents and settings\robert.janota\Application Data\Blackberry Desktop
2010-03-27 11:50 . 2010-04-06 09:43 256 ----a-w- c:\windows\system32\pool.bin
2010-03-27 11:50 . 2010-03-27 20:42 -------- d-----w- c:\documents and settings\robert.janota\Application Data\Research In Motion
2010-03-27 11:49 . 2010-03-27 11:49 53248 ----a-r- c:\documents and settings\robert.janota\Application Data\Microsoft\Installer\{070B059B-F742-4532-B9D1-11E1E3887C6C}\ARPPRODUCTICON.exe
2010-03-27 11:49 . 2010-03-29 19:47 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-03-23 07:49 . 2010-03-23 07:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-03-21 13:47 . 2010-03-21 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\MSScanAppDataDir
2010-03-16 17:40 . 2010-03-16 17:40 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-03-16 17:40 . 2010-03-16 17:40 -------- d-----w- c:\documents and settings\robert.janota\Local Settings\Application Data\AOL
2010-03-16 15:15 . 2010-03-16 15:15 -------- d-----w- c:\program files\Network Stumbler
2010-03-16 10:24 . 2004-08-03 23:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-03-16 10:24 . 2001-08-17 21:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-03-15 07:05 . 2010-03-15 07:05 -------- d-----w- c:\program files\PC Connectivity Solution
2010-03-15 07:04 . 2010-03-15 07:03 34818368 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\NokiaSoftwareUpdaterSetup_2.4.6CZ.exe
2010-03-15 07:03 . 2010-03-15 07:03 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\msxml6Exec.exe
2010-03-15 07:03 . 2010-03-15 07:03 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\Sleep.exe
2010-03-15 07:03 . 2010-03-15 07:03 3203453 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\vcredistExec.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-07 11:19 . 2009-12-16 12:01 -------- d-----w- c:\program files\Trend Micro
2010-04-07 11:14 . 2010-01-26 15:08 -------- d-----w- c:\program files\CCleaner
2010-04-05 12:48 . 2010-01-28 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-02 18:42 . 2010-01-16 21:47 -------- d-----w- c:\documents and settings\robert.janota\Application Data\vlc
2010-03-29 21:07 . 2010-01-05 12:40 53376 ----a-w- c:\documents and settings\robert.janota\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-29 10:25 . 2010-01-17 08:09 -------- d-----w- c:\documents and settings\robert.janota\Application Data\dvdcss
2010-03-16 17:40 . 2009-12-16 11:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-16 17:40 . 2010-01-23 15:05 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2010-03-15 07:04 . 2010-02-20 22:41 -------- d-----w- c:\program files\Nokia
2010-03-15 07:04 . 2010-02-20 22:42 -------- d-----w- c:\program files\Common Files\Nokia
2010-03-15 07:03 . 2010-02-20 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-03-15 06:58 . 2010-02-20 22:42 -------- d-----w- c:\documents and settings\robert.janota\Application Data\PC Suite
2010-03-04 20:05 . 2010-03-04 19:08 -------- d-----w- c:\documents and settings\robert.janota\Application Data\Apple Computer
2010-03-04 19:10 . 2010-03-04 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-03-04 19:08 . 2010-03-04 19:07 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-04 19:08 . 2010-03-04 19:07 -------- d-----w- c:\program files\iTunes
2010-03-04 19:07 . 2010-03-04 19:07 -------- d-----w- c:\program files\iPod
2010-03-04 19:07 . 2010-03-04 19:06 -------- d-----w- c:\program files\Common Files\Apple
2010-03-04 19:07 . 2010-03-04 19:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-03-04 19:07 . 2010-03-04 19:07 -------- d-----w- c:\program files\QuickTime
2010-03-04 19:06 . 2010-03-04 19:06 -------- d-----w- c:\program files\Apple Software Update
2010-03-03 22:57 . 2010-03-03 22:57 49152 --sha-r- c:\windows\system32\kbdblrr.dll
2010-03-03 19:41 . 2010-03-03 19:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-03-03 19:41 . 2010-03-03 19:41 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-03-03 19:41 . 2010-02-20 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-03-03 18:34 . 2010-03-03 18:34 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D043E0F8-5EFA-4102-A863-08F39D9DF2F4}\Installer\CommonCustomActions\msxml6Exec.exe
2010-03-03 18:34 . 2010-03-03 18:34 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D043E0F8-5EFA-4102-A863-08F39D9DF2F4}\Installer\CommonCustomActions\Sleep.exe
2010-03-03 18:34 . 2010-03-03 18:34 3203453 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D043E0F8-5EFA-4102-A863-08F39D9DF2F4}\Installer\CommonCustomActions\vcredistExec.exe
2010-03-03 18:34 . 2010-03-03 18:36 34815368 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D043E0F8-5EFA-4102-A863-08F39D9DF2F4}\NokiaSoftwareUpdaterSetup_2.4.5CZ.exe
2010-03-02 07:59 . 2010-02-23 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-03-02 06:13 . 2010-02-23 22:14 -------- d-----w- c:\documents and settings\robert.janota\Application Data\skypePM
2010-02-23 22:37 . 2010-02-23 22:37 -------- d-----w- c:\documents and settings\robert.janota\Application Data\Zoner
2010-02-23 22:37 . 2010-02-23 22:37 -------- d-----w- c:\program files\Zoner
2010-02-23 22:14 . 2010-02-23 22:14 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-02-22 08:36 . 2010-02-22 08:36 -------- d-----w- c:\program files\Common Files\PCSuite
2010-02-22 08:34 . 2010-02-22 08:34 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe
2010-02-22 08:34 . 2010-02-22 08:34 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe
2010-02-22 08:34 . 2010-02-22 08:34 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-02-22 08:34 . 2010-02-22 08:34 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe
2010-02-22 08:33 . 2010-02-22 08:34 34701512 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_cze.exe
2010-02-22 06:25 . 2010-02-20 22:42 -------- d-----w- c:\documents and settings\robert.janota\Application Data\Nokia
2010-02-21 23:36 . 2010-02-21 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2010-02-20 22:44 . 2010-02-20 22:44 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-02-20 22:44 . 2010-02-20 22:44 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-02-20 22:40 . 2010-02-20 22:40 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2010-02-20 22:40 . 2010-02-20 22:40 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-02-20 22:40 . 2010-02-20 22:40 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2010-02-18 20:23 . 2010-02-18 20:23 -------- d-----w- c:\documents and settings\robert.janota\Application Data\Ashampoo
2010-02-18 20:23 . 2010-02-18 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2010-02-18 20:23 . 2010-02-18 20:23 -------- d-----w- c:\program files\Ashampoo
2010-02-09 03:49 . 2010-02-09 03:48 -------- d-----w- c:\program files\PDFCreator
2010-02-09 03:48 . 2010-02-09 03:48 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
2010-02-09 03:48 . 2010-02-09 03:48 136 ----a-w- c:\documents and settings\robert.janota\Local Settings\Application Data\fusioncache.dat
2010-01-31 13:37 . 2010-01-31 13:37 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-23 08:41 . 2010-01-23 08:41 82584 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-22 18:51 . 2010-01-22 18:51 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-21 13:53 . 2010-03-03 18:37 18048 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-01-20 17:33 . 2010-01-20 17:34 737280 ----a-w- c:\windows\iun6002.exe
2010-01-17 10:08 . 2009-09-24 06:33 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-14 13:41 . 2010-01-14 13:41 0 ----a-w- c:\windows\nsreg.dat
1999-04-23 22:22 . 1999-04-23 22:22 12 --sha-w- c:\windows\system\WININETICMP32.drv
.

------- Sigcheck -------

[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-11-24 491520]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"PtiuPbmd"="ptipbm.dll" [2003-09-17 24576]
"SetCacheMode"="ptipbmf.dll" [2004-04-10 24576]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"TpShocks"="TpShocks.exe" [2008-06-06 181536]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-09-25 331776]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-09-25 208896]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-31 60192]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-05 242976]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2006-02-07 356352]
"Media Codec Update Service"="c:\program files\Essentials Codec Pack\update.exe" [2007-04-08 303104]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-10 648536]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Qlock.lnk - c:\program files\pdaBusiness\Qlock\Qlock.exe [2009-12-21 1022464]
VPN Client.lnk - c:\windows\Installer\{6DC47739-3BB0-4494-A43D-193BF54070AE}\Icon3E5562ED7.ico [2009-12-16 6144]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2009-03-19 03:55 180224 ----a-w- c:\windows\system32\FpWinlogonNp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 15:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-03-17 15:02 34080 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3902666437-15429222-2940949894-24947\Scripts\Logon\0\0]
"Script"=antivirus.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3902666437-15429222-2940949894-24947\Scripts\Logon\1\0]
"Script"=Expire1_date.vbe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3902666437-15429222-2940949894-29961\Scripts\Logon\0\0]
"Script"=antivirus.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3902666437-15429222-2940949894-29961\Scripts\Logon\1\0]
"Script"=praha.vbe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3902666437-15429222-2940949894-29961\Scripts\Logon\1\1]
"Script"=tisk_praha.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3902666437-15429222-2940949894-29961\Scripts\Logon\1\2]
"Script"=zastupci.vbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 aac;Adaptec RAID Miniport Driver;c:\windows\system32\drivers\aac.sys [25.9.2009 1:39 47496]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [14.5.2008 17:21 19496]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5.4.2010 14:48 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.4.2010 14:48 19024]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [19.3.2009 5:48 1680632]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [16.12.2009 13:58 94208]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [6.9.2006 20:27 225808]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [6.9.2006 20:27 36368]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [17.12.2009 5:44 482176]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [17.12.2009 5:43 243856]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31.1.2010 15:37 691696]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [19.3.2009 5:53 98304]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28.1.2010 7:55 133104]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [19.3.2009 5:52 106496]
S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [19.3.2009 5:55 118784]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [3.3.2010 20:37 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [3.3.2010 20:37 8320]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 05:55]

2010-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 05:55]

2010-04-07 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-12-16 00:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WEBIE.DL_
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WEBIE.DL_
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WEBIE.DL_
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
FF - ProfilePath - c:\documents and settings\robert.janota\Application Data\Mozilla\Firefox\Profiles\tysq1smy.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=ATU2&o=14670&locale=en_EU&q=
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-eBay Icon - c:\documents and settings\robert.janota\Application Data\Desktopicon\uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-07 21:09
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1448)
c:\windows\system32\ATGinaHook.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.DLL
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
c:\windows\system32\FpWinLogonNp.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\windows\system32\AFSSClientLib.dll
.
Celkový čas: 2010-04-07 21:10:39
ComboFix-quarantined-files.txt 2010-04-07 19:10

Před spuštěním: 124 529 098 752 bytes free
Po spuštění: Volných bajtů: 124 494 155 776

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - B8FB320EA19783D026B5F24CD127C574

#4 Příspěvek od **motji** » 08 dub 2010 08:42

Otestujte na www.virustotal.com

c:\windows\system32\drivers\beep.sys
c:\windows\system32\drivers\null.sys
c:\windows\system32\drivers\acpiec.sys

-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.

jak to ted vypadá s počítačem?

Baggio · #5 Příspěvek od **Baggio** » 08 dub 2010 16:37

DĚKUJI !!! Zatím je to s PC stále na h...

) Stale stejné, po cca 15 min se sekne. Kopie výsledků jsou prosím zde:

Soubor beep.sys přijatý 2010.04.08 15:29:45 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 1/39 (2.57%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: ___.
Odhadovaný čas začátku mezi ___ a ___ .
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.04.08 -
AhnLab-V3 5.0.0.2 2010.04.08 -
AntiVir 7.10.6.48 2010.04.08 -
Antiy-AVL 2.0.3.7 2010.04.08 -
Authentium 5.2.0.5 2010.04.08 -
Avast 4.8.1351.0 2010.04.08 -
Avast5 5.0.332.0 2010.04.08 -
AVG 9.0.0.787 2010.04.08 -
BitDefender 7.2 2010.04.08 -
CAT-QuickHeal 10.00 2010.04.08 -
ClamAV 0.96.0.3-git 2010.04.08 -
Comodo 4539 2010.04.08 -
DrWeb 5.0.2.03300 2010.04.08 -
eSafe 7.0.17.0 2010.04.08 Win32.Banker
eTrust-Vet 35.2.7414 2010.04.08 -
F-Prot 4.5.1.85 2010.04.07 -
F-Secure 9.0.15370.0 2010.04.08 -
Fortinet 4.0.14.0 2010.04.08 -
GData 19 2010.04.08 -
Ikarus T3.1.1.80.0 2010.04.08 -
Jiangmin 13.0.900 2010.04.08 -
Kaspersky 7.0.0.125 2010.04.08 -
McAfee-GW-Edition 6.8.5 2010.04.08 -
Microsoft 1.5605 2010.04.08 -
NOD32 5010 2010.04.08 -
Norman 6.04.11 2010.04.08 -
nProtect 2009.1.8.0 2010.04.06 -
Panda 10.0.2.2 2010.04.07 -
PCTools 7.0.3.5 2010.04.08 -
Prevx 3.0 2010.04.08 -
Rising 22.42.03.03 2010.04.08 -
Sophos 4.52.0 2010.04.08 -
Sunbelt 6151 2010.04.08 -
Symantec 20091.2.0.41 2010.04.08 -
TheHacker 6.5.2.0.257 2010.04.08 -
TrendMicro 9.120.0.1004 2010.04.08 -
VBA32 3.12.12.4 2010.04.05 -
ViRobot 2010.4.8.2267 2010.04.08 -
VirusBuster 5.0.27.0 2010.04.08 -
Rozšiřující informace
File size: 4224 bytes
MD5...: da1f27d85e0d1525f6621372e7b685e9
SHA1..: e3d2dc5eb273fa701de8af13b60d6baac7629260
SHA256: 5a81a46a3bdd19dafc6c87d277267a5d44f3a1b5302f2cc1111d84b7bad5610d
ssdeep: 48:qvsINlblgYeU/DtYrmVimGxIBqOopSDKGV7Co+sjIZWQ7q2ue5WwGD+:ilbd/
DKrmLGWBqhev7X+MEWKLu+Ww8
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x66c
timedatestamp.....: 0x3b7d82e5 (Fri Aug 17 20:47:33 2001)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x424 0x480 5.77 64f775a399d212649b5b58a280791c2d
.rdata 0x780 0xad 0x100 2.62 0ace5f365131534c66de4137833221ad
INIT 0x880 0x284 0x300 4.44 13a9d0bea8490140305ffa9291acfd99
.rsrc 0xb80 0x3c8 0x400 3.22 9b654fc1759147ff04b147754f347be4
.reloc 0xf80 0x9a 0x100 2.80 5c4742feb834ca0995d1e806fe06cc57

( 2 imports )
> ntoskrnl.exe: MmLockPagableDataSection, KeCancelTimer, MmUnlockPagableImageSection, IoStartNextPacket, KeSetTimer, _allmul, IoStartPacket, KeInitializeEvent, KeInitializeTimer, KeInitializeDpc, IoCreateDevice, RtlInitUnicodeString, IoAcquireCancelSpinLock, KeRemoveDeviceQueue, KeRemoveEntryDeviceQueue, IoReleaseCancelSpinLock, IoDeleteDevice, IofCompleteRequest
> HAL.dll: ExReleaseFastMutex, KfRaiseIrql, KfLowerIrql, HalMakeBeep, ExAcquireFastMutex

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: BEEP Driver
original name: beep.sys
internal name: beep.sys
file version.: 5.1.2600.0 (XPClient.010817-1148)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

================================================================================

Soubor null.sys přijatý 2010.04.08 15:33:49 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 1/39 (2.57%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: ___.
Odhadovaný čas začátku mezi ___ a ___ .
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.04.08 -
AhnLab-V3 5.0.0.2 2010.04.08 -
AntiVir 7.10.6.48 2010.04.08 -
Antiy-AVL 2.0.3.7 2010.04.08 -
Authentium 5.2.0.5 2010.04.08 -
Avast 4.8.1351.0 2010.04.08 -
Avast5 5.0.332.0 2010.04.08 -
AVG 9.0.0.787 2010.04.08 -
BitDefender 7.2 2010.04.08 -
CAT-QuickHeal 10.00 2010.04.08 -
ClamAV 0.96.0.3-git 2010.04.08 -
Comodo 4539 2010.04.08 -
DrWeb 5.0.2.03300 2010.04.08 -
eSafe 7.0.17.0 2010.04.08 Win32.Banker
eTrust-Vet 35.2.7414 2010.04.08 -
F-Prot 4.5.1.85 2010.04.07 -
F-Secure 9.0.15370.0 2010.04.08 -
Fortinet 4.0.14.0 2010.04.08 -
GData 19 2010.04.08 -
Ikarus T3.1.1.80.0 2010.04.08 -
Jiangmin 13.0.900 2010.04.08 -
Kaspersky 7.0.0.125 2010.04.08 -
McAfee-GW-Edition 6.8.5 2010.04.08 -
Microsoft 1.5605 2010.04.08 -
NOD32 5010 2010.04.08 -
Norman 6.04.11 2010.04.08 -
nProtect 2009.1.8.0 2010.04.06 -
Panda 10.0.2.2 2010.04.08 -
PCTools 7.0.3.5 2010.04.08 -
Prevx 3.0 2010.04.08 -
Rising 22.42.03.03 2010.04.08 -
Sophos 4.52.0 2010.04.08 -
Sunbelt 6151 2010.04.08 -
Symantec 20091.2.0.41 2010.04.08 -
TheHacker 6.5.2.0.257 2010.04.08 -
TrendMicro 9.120.0.1004 2010.04.08 -
VBA32 3.12.12.4 2010.04.05 -
ViRobot 2010.4.8.2267 2010.04.08 -
VirusBuster 5.0.27.0 2010.04.08 -
Rozšiřující informace
File size: 2944 bytes
MD5...: 73c1e1f395918bc2c6dd67af7591a3ad
SHA1..: 80eb8a76e5579b0136281e4dd4e2d4e56b249e4c
SHA256: b21133a75253ec15e2dff66d3b480ab1a7e1a2360476c810e7aa55d0f0eb08d4
ssdeep: 48:q/w53pqaIBletto0JisjIZWQJ2RZ5WwGi:yw5E8tbiMEWJRHWw
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x59a
timedatestamp.....: 0x3b7d82eb (Fri Aug 17 20:47:39 2001)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.rdata 0x300 0x5d 0x80 3.03 555a6fcb463ffe83a6d22484a0173ef8
.data 0x380 0x74 0x80 0.36 f1b8b936ca1079ed501d25e46bb437e0
PAGE 0x400 0x106 0x180 4.43 e8b2d219072ac5f7c30747e20a4d7988
INIT 0x580 0x162 0x180 4.84 13f865388d3d939e5959de0e1cf09ba7
.rsrc 0x700 0x3c8 0x400 3.22 5483db5cb28aaa608022471db7996be1
.reloc 0xb00 0x3a 0x80 1.97 f1e58ef7a627145c127fa9f294da779c

( 1 imports )
> ntoskrnl.exe: IoDeleteSymbolicLink, RtlInitUnicodeString, IofCompleteRequest, IoCreateDevice, MmPageEntireDriver, IoDeleteDevice

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: NULL Driver
original name: null.sys
internal name: null.sys
file version.: 5.1.2600.0 (XPClient.010817-1148)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): embedded

============================================================

Soubor acpiec.sys přijatý 2010.04.08 15:35:59 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/39 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: ___.
Odhadovaný čas začátku mezi ___ a ___ .
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.04.08 -
AhnLab-V3 5.0.0.2 2010.04.08 -
AntiVir 7.10.6.48 2010.04.08 -
Antiy-AVL 2.0.3.7 2010.04.08 -
Authentium 5.2.0.5 2010.04.08 -
Avast 4.8.1351.0 2010.04.08 -
Avast5 5.0.332.0 2010.04.08 -
AVG 9.0.0.787 2010.04.08 -
BitDefender 7.2 2010.04.08 -
CAT-QuickHeal 10.00 2010.04.08 -
ClamAV 0.96.0.3-git 2010.04.08 -
Comodo 4539 2010.04.08 -
DrWeb 5.0.2.03300 2010.04.08 -
eSafe 7.0.17.0 2010.04.08 -
eTrust-Vet 35.2.7414 2010.04.08 -
F-Prot 4.5.1.85 2010.04.07 -
F-Secure 9.0.15370.0 2010.04.08 -
Fortinet 4.0.14.0 2010.04.08 -
GData 19 2010.04.08 -
Ikarus T3.1.1.80.0 2010.04.08 -
Jiangmin 13.0.900 2010.04.08 -
Kaspersky 7.0.0.125 2010.04.08 -
McAfee-GW-Edition 6.8.5 2010.04.08 -
Microsoft 1.5605 2010.04.08 -
NOD32 5010 2010.04.08 -
Norman 6.04.11 2010.04.08 -
nProtect 2009.1.8.0 2010.04.06 -
Panda 10.0.2.2 2010.04.08 -
PCTools 7.0.3.5 2010.04.08 -
Prevx 3.0 2010.04.08 -
Rising 22.42.03.03 2010.04.08 -
Sophos 4.52.0 2010.04.08 -
Sunbelt 6151 2010.04.08 -
Symantec 20091.2.0.41 2010.04.08 -
TheHacker 6.5.2.0.257 2010.04.08 -
TrendMicro 9.120.0.1004 2010.04.08 -
VBA32 3.12.12.4 2010.04.05 -
ViRobot 2010.4.8.2267 2010.04.08 -
VirusBuster 5.0.27.0 2010.04.08 -
Rozšiřující informace
File size: 11648 bytes
MD5...: 9859c0f6936e723e4892d7141b1327d5
SHA1..: f27a1ee007eb29db95bebeeb16f76322e2cdfdce
SHA256: 5e8f6a2fc4df2e5e92a1d66ecc2810e08b42b64e9cd0df4ad3f78ea8558b90af
ssdeep: 192:ElxS2tUZl301DjseUq1GBChRZEw6pCTO4IygTzW5ZBWA4Z3RQ3gZvH/:52UH
StUxaEwjq48W3BW34A/
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1d00
timedatestamp.....: 0x3b7d8553 (Fri Aug 17 20:57:55 2001)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x10ba 0x1100 6.27 053b88d5142ea84e21c7c7cdda7f529b
.rdata 0x1400 0x18f 0x200 3.97 fdb813c8982741c7db89f5a52ee8bfcd
.data 0x1600 0xac 0x100 1.72 b55ca904f231528b722088e547c5f5e0
PAGE 0x1700 0x5af 0x600 6.02 f88d52da9e8d975d5e2a08682c5acb92
INIT 0x1d00 0x468 0x480 5.27 ad373d9eff7d28e92ea828bda8bf81ed
.rsrc 0x2180 0x9e0 0xa00 3.39 babc28cb5a62d0d46fe2520eb423216b
.reloc 0x2b80 0x192 0x200 4.58 5b8cfaf344879d93f42d44b031871964

( 3 imports )
> ntoskrnl.exe: IoBuildSynchronousFsdRequest, KeInitializeEvent, IoBuildDeviceIoControlRequest, KeSetEvent, KeInitializeSpinLock, IoCreateDevice, RtlInitUnicodeString, KeInitializeDpc, KeInitializeTimer, IofCallDriver, IoAllocateIrp, IoAttachDeviceToDeviceStack, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, KeCancelTimer, KeSetTimer, ExfInterlockedRemoveHeadList, ExAllocatePoolWithTag, PoStartNextPowerIrp, PoCallDriver, IofCompleteRequest, MmLockPagableDataSection, IoFreeIrp, KeWaitForSingleObject, ExFreePool, IoDeleteDevice, InterlockedExchange, MmUnlockPagableImageSection
> HAL.dll: KeStallExecutionProcessor, KfAcquireSpinLock, WRITE_PORT_UCHAR, KfReleaseSpinLock, READ_PORT_UCHAR, KeQueryPerformanceCounter
> OPRGHDLR.SYS: RegisterOpRegionHandler

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: ACPI Embedded Controller Driver
original name: acpiec.sys
internal name: acpiec.sys
file version.: 5.1.2600.0 (xpclient.010817-1148)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

#6 Příspěvek od **motji** » 08 dub 2010 18:57

Ještě otestujte na www.virustotal.com
c:\windows\system\WININETICMP32.drv

Píšete, že pc je nové, dělám Vám to od začátku?

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT

-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

Baggio · #7 Příspěvek od **Baggio** » 08 dub 2010 21:51

DĚKUJI !!! Tuhle neplechu mi to dělá cca 10 dní, po cca 15 min se total blokne internet a notebook (tři měsíce nové Lenovo T500, XP), přežívám jen díky restartu přes baterii...

Používám denně CcCeaner, Avast free home, a Spybot - s tím mám ale někdy potíže, tak jsem ho odinstaloval.

==================================================================

Kopie MBAM:

Malwarebytes' Anti-Malware 1.45
http://www.malwarebytes.org

Verze databáze: 3969

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

8.4.2010 22:33:41
mbam-log-2010-04-08 (22-33-41).txt

Typ skenu: Úplný sken (C:\|D:\|E:\|)
Skenované objekty: 183127
Uplynulý čas: 53 minuta(y), 14 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

=============================================================================

VirusTotal:

Soubor WININETICMP32.drv přijatý 2010.04.08 20:48:55 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/39 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: ___.
Odhadovaný čas začátku mezi ___ a ___ .
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.04.08 -
AhnLab-V3 5.0.0.2 2010.04.08 -
AntiVir 7.10.6.49 2010.04.08 -
Antiy-AVL 2.0.3.7 2010.04.08 -
Authentium 5.2.0.5 2010.04.08 -
Avast 4.8.1351.0 2010.04.08 -
Avast5 5.0.332.0 2010.04.08 -
AVG 9.0.0.787 2010.04.08 -
BitDefender 7.2 2010.04.08 -
CAT-QuickHeal 10.00 2010.04.08 -
ClamAV 0.96.0.3-git 2010.04.08 -
Comodo 4541 2010.04.08 -
DrWeb 5.0.2.03300 2010.04.08 -
eSafe 7.0.17.0 2010.04.08 -
eTrust-Vet 35.2.7414 2010.04.08 -
F-Prot 4.5.1.85 2010.04.08 -
F-Secure 9.0.15370.0 2010.04.08 -
Fortinet 4.0.14.0 2010.04.08 -
GData 19 2010.04.08 -
Ikarus T3.1.1.80.0 2010.04.08 -
Jiangmin 13.0.900 2010.04.08 -
Kaspersky 7.0.0.125 2010.04.08 -
McAfee-GW-Edition 6.8.5 2010.04.08 -
Microsoft 1.5605 2010.04.08 -
NOD32 5011 2010.04.08 -
Norman 6.04.11 2010.04.08 -
nProtect 2009.1.8.0 2010.04.06 -
Panda 10.0.2.2 2010.04.08 -
PCTools 7.0.3.5 2010.04.08 -
Prevx 3.0 2010.04.08 -
Rising 22.42.03.03 2010.04.08 -
Sophos 4.52.0 2010.04.08 -
Sunbelt 6152 2010.04.08 -
Symantec 20091.2.0.41 2010.04.08 -
TheHacker 6.5.2.0.258 2010.04.08 -
TrendMicro 9.120.0.1004 2010.04.08 -
VBA32 3.12.12.4 2010.04.05 -
ViRobot 2010.4.8.2267 2010.04.08 -
VirusBuster 5.0.27.0 2010.04.08 -
Rozšiřující informace
File size: 12 bytes
MD5...: 62fba27afb7b2934c2a211af8c665a59
SHA1..: 25ee55cd0e6707c755ad012dc302c93decc12b34
SHA256: 8aa1e69fb1c0f3eae7a14de4738f560f901d15c0bca814cd810e154cf286448c
ssdeep: 3:aBySjn:KySjn
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

#8 Příspěvek od **motji** » 08 dub 2010 21:55

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.

Baggio · #9 Příspěvek od **Baggio** » 08 dub 2010 23:03

Děkuji !!! Ještě mám jeden postřeh. Když se mi podaří při zablokování počítače ještě normální cestou vyrestartovat notebook (ne přes baterku), otevře se mi při ukončování dialogové okno, že se jako ukončuje Firefox, ať počkam nebo ukončit, OK, prostě klasika, ale pak se mi otevře další dialogové okno s tím, že se ukončuje nějaký program, který pokaždé mění svůj název - jednou to byl agent.exe, pak jen "n", pak zase nějaká nepřehledná směs písmen - myslím, že stále mění svůj název...

===============================================

Zde jsou ty výsledky GMER:

Scan 1

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-08 23:29:42
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\ROBERT~1.JAN\LOCALS~1\Temp\kfpyipob.sys

---- System - GMER 1.0.15 ----

SSDT splh.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT splh.sys ZwEnumerateValueKey [0xB9ECE132]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A5C91F8

AttachedDevice \FileSystem\Ntfs \Ntfs TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

==================================================================

Scan 2:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-08 23:37:16
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\ROBERT~1.JAN\LOCALS~1\Temp\kfpyipob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAC6C4C56]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAC6C4B12]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xAC6C50C6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAC6C4FF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAC6C46E8]
SSDT splh.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT splh.sys ZwEnumerateValueKey [0xB9ECE132]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAC6C4BEC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAC6C4628]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAC6C468C]
SSDT splh.sys ZwQueryKey [0xB9ECE20A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAC6C4D0C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xAC6C5194]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAC6C4CCC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAC6C4E4C]

INT 0x63 ? 8915DF00
INT 0x74 ? 8915DF00
INT 0x83 ? 8A657BF8
INT 0x83 ? 8915DF00
INT 0x84 ? 8915DF00
INT 0x94 ? 8915DF00
INT 0xA4 ? 8915DF00
INT 0xB4 ? 8915DF00

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C9C 80503A70 4 Bytes CALL 5AFCA6BB
? splh.sys Systém nemůže nalézt uvedený soubor. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB951E000, 0x236DB7, 0xE8000020]
.text USBPORT.SYS!DllUnload B94C062C 5 Bytes JMP 8915D4E0

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EB6042] splh.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EB613E] splh.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EB60C0] splh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EB6800] splh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EB66D6] splh.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EC5B90] splh.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A5C91F8

AttachedDevice \FileSystem\Ntfs \Ntfs TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 892061F8
Device \Driver\usbuhci \Device\USBPDO-1 892061F8
Device \Driver\usbuhci \Device\USBPDO-2 892061F8
Device \Driver\usbehci \Device\USBPDO-3 891211F8
Device \Driver\usbuhci \Device\USBPDO-4 892061F8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBPDO-5 892061F8
Device \Driver\usbehci \Device\USBPDO-6 891211F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A6581F8
Device \Driver\usbuhci \Device\USBPDO-7 892061F8
Device \Driver\Cdrom \Device\CdRom0 891ED500
Device \Driver\iaStor \Device\Ide\iaStor0 [B9D8FD10] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [B9D8FD10] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [B9D8FD10] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 8504B1F8
Device \Driver\NetBT \Device\NetbiosSmb 8504B1F8

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBFDO-0 892061F8
Device \Driver\usbuhci \Device\USBFDO-1 892061F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 850181F8
Device \Driver\usbuhci \Device\USBFDO-2 892061F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{62C652DF-F559-4D22-96BE-2743A1B4A3A0} 8504B1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 850181F8
Device \Driver\usbehci \Device\USBFDO-3 891211F8
Device \Driver\usbuhci \Device\USBFDO-4 892061F8
Device \Driver\Ftdisk \Device\FtControl 8A6581F8
Device \Driver\usbuhci \Device\USBFDO-5 892061F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{DF466E93-C5D1-445C-A071-CB6FB385EFAB} 8504B1F8
Device \Driver\usbuhci \Device\USBFDO-6 892061F8
Device \Driver\usbehci \Device\USBFDO-7 891211F8
Device \FileSystem\Cdfs \Cdfs 850041F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Ovladač serveru pro přístup k\xa0síti LAN Bluetooth 1?
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCB 0x30 0xDB 0xA9 ...
Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Ovladač serveru pro přístup k\xa0síti LAN Bluetooth 1?
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCB 0x30 0xDB 0xA9 ...

---- EOF - GMER 1.0.15 ----

#10 Příspěvek od **motji** » 09 dub 2010 04:53

Já zatím nic nevidím

, ale nevzdáme se

Stahněte AVZ http://z-oleg.com/avz4.zip na plochu
- rozbalte tak aby byla jen jedna slozka avz4
- spusťe AVZ.exe

--------------

-klikněte na file-customscripts
-do okna vložte text

Kód: Vybrat vše

begin
ExecuteStdScr(1);
ExecuteStdScr(3);
RebootWindows(true);
end.

-klikněte na Run
-log pak vložte zde jako přílohu v zipu

Baggio · #11 Příspěvek od **Baggio** » 11 dub 2010 09:58

Dobrý den, vůbec mi tam nejde zkopírovat ted daný kod přes ctrl + C a V. Kurzor v okně jen bliká a to je vše, nejde tam nic psát, nic vložit...

#12 Příspěvek od **motji** » 11 dub 2010 10:01

Zkuste ho spustit takto:

- v menu File -Standard script, zvolte moznost (kliknutím do čtverečku): "1" a "3"
- klikněte na Execute selected scripts, potvrdi se "Yes"
- až skončí sken, vytvoří se složka LOG, v ní bude soubor virusinfo_syscure.zip , který přidáte do svého příspěvku jako přílohu

Baggio · #13 Příspěvek od **Baggio** » 11 dub 2010 14:01

Dobrý den, výsledek z AVZ posílám zde:

Děkuji

=============================================

AVZ Antiviral Toolkit log; AVZ version is 4.32
Scanning started at 11.4.2010 14:10:12
Database loaded: signatures - 270034, NN profile(s) - 2, malware removal microprograms - 56, signature database released 10.04.2010 22:53
Heuristic microprograms loaded: 382
PVS microprograms loaded: 9
Digital signatures of system files loaded: 194145
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: enabled
Windows version is: 5.1.2600, Service Pack 2 ; AVZ is run with administrator rights
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=0846E0)
Kernel ntkrnlpa.exe found in memory at address 804D7000
SDT = 8055B6E0
KiST = 80503960 (284)
Functions checked: 284, intercepted: 0, restored: 0
1.3 Checking IDT and SYSENTER
Analyzing CPU 1
Analyzing CPU 2
CmpCallCallBacks = 00092D3C
Disable callback - óćĺ íĺéňčđŕëčçîâŕíű
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
Driver loaded successfully
1.5 Checking IRP handlers
\FileSystem\ntfs[IRP_MJ_CREATE] = AC5DFFEE -> C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted
\FileSystem\ntfs[IRP_MJ_CLOSE] = AC5E002E -> C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted
\FileSystem\ntfs[IRP_MJ_WRITE] = AC5E010A -> C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted
\FileSystem\ntfs[IRP_MJ_QUERY_INFORMATION] = 8A5C91F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_SET_INFORMATION] = AC5E014A -> C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted
\FileSystem\ntfs[IRP_MJ_QUERY_EA] = 8A5C91F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_SET_EA] = 8A5C91F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_QUERY_VOLUME_INFORMATION] = 8A5C91F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_SET_VOLUME_INFORMATION] = 8A5C91F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_DIRECTORY_CONTROL] = 8A5C91F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_FILE_SYSTEM_CONTROL] = 8A5C91F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_DEVICE_CONTROL] = 8A5C91F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_LOCK_CONTROL] = 8A5C91F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_QUERY_SECURITY] = 8A5C91F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_SET_SECURITY] = 8A5C91F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_PNP] = 8A5C91F8 -> hook not defined
\FileSystem\FastFat[IRP_MJ_CREATE] = 892191F8 -> hook not defined
\FileSystem\FastFat[IRP_MJ_CLOSE] = 892191F8 -> hook not defined
\FileSystem\FastFat[IRP_MJ_WRITE] = 892191F8 -> hook not defined
\FileSystem\FastFat[IRP_MJ_QUERY_INFORMATION] = 892191F8 -> hook not defined
\FileSystem\FastFat[IRP_MJ_SET_INFORMATION] = 892191F8 -> hook not defined
\FileSystem\FastFat[IRP_MJ_QUERY_EA] = 892191F8 -> hook not defined
\FileSystem\FastFat[IRP_MJ_SET_EA] = 892191F8 -> hook not defined
\FileSystem\FastFat[IRP_MJ_QUERY_VOLUME_INFORMATION] = 892191F8 -> hook not defined
\FileSystem\FastFat[IRP_MJ_SET_VOLUME_INFORMATION] = 892191F8 -> hook not defined
\FileSystem\FastFat[IRP_MJ_DIRECTORY_CONTROL] = 892191F8 -> hook not defined
\FileSystem\FastFat[IRP_MJ_FILE_SYSTEM_CONTROL] = 892191F8 -> hook not defined
\FileSystem\FastFat[IRP_MJ_DEVICE_CONTROL] = 892191F8 -> hook not defined
\FileSystem\FastFat[IRP_MJ_LOCK_CONTROL] = 892191F8 -> hook not defined
\FileSystem\FastFat[IRP_MJ_PNP] = 892191F8 -> hook not defined
Checking - complete
2. Scanning RAM
Number of processes found: 66
Number of modules loaded: 474
Scanning RAM - complete
3. Scanning disks
C:\System Volume Information\_restore{9AB2435C-DE2B-4478-9105-C7393117FEFB}\RP31\A0046811.exe >>> suspicion for Backdoor.Win32.Eclypse ( 0041F192 00186D09 00178E59 0009F1EA 40960)
C:\System Volume Information\_restore{9AB2435C-DE2B-4478-9105-C7393117FEFB}\RP31\A0046813.exe >>> suspicion for Backdoor.Win32.Eclypse ( 0041F192 00186D09 00178E59 0009F1EA 40960)
Direct reading: C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\execmgr\00000002.msg
Direct reading: C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\InventoryAgent\00000004.msg
Direct reading: C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ReplyLocations\00000001.msg
Direct reading: C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ScheduledCleanup\0000000H.msg
Direct reading: C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_Cleanup\00000009.msg
Direct reading: C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyDownload\00000001.msg
Direct reading: C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyEvaluator\000000BX.msg
Direct reading: C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReplyAssignments\00000001.msg
Direct reading: C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SrcUpdateMgr\00000001.msg
Direct reading: C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\amp_[http]mp_locationmanager\0000000P.msg
Direct reading: C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_ddrendpoint\00000001.msg
Direct reading: C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_hinvendpoint\00000001.msg
Direct reading: C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_sinvendpoint\00000001.msg
Direct reading: C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_statusreceiver\00000005.msg
Direct reading: C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_statusreceiver\00000006.msg
Direct reading: C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_locationmanager\0000000W.msg
Direct reading: C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_policymanager\0000003O.msg
Direct reading: C:\WINDOWS\system32\drivers\sptd.sys
Direct reading: C:\WINDOWS\system32\kbdblrr.dll
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious software
Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: RemoteRegistry (Remote Registry)
>> Services: potentially dangerous service allowed: TermService (Terminal Services)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service)
>> Services: potentially dangerous service allowed: TlntSvr (Telnet)
>> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
>> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting Remote Desktop Sharing)
>> Services: potentially dangerous service allowed: RDSessMgr (Remote Desktop Help Session Manager)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
>> HDD autorun is allowed
>> Network drives autorun is allowed
>> Removable media autorun is allowed
Checking - complete
Files scanned: 173345, extracted from archives: 149714, malicious software found 0, suspicions - 2
Scanning finished at 11.4.2010 14:45:52
Time of scanning: 00:35:41
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://virusinfo.info conference
Creating archive of files from Quarantine
Creating archive of files from Quarantine - complete
System Analysis in progress
System Analysis - complete

#14 Příspěvek od **motji** » 11 dub 2010 14:05

Ten virusinfo_syscure.zip Vám nkde nevyskočil? Mkrněte, jestli není ve složce AVZ

Baggio · #15 Příspěvek od **Baggio** » 11 dub 2010 18:39

Dobrý den,

ne, nic mi nikde nevyskočilo. Je se vytvořil ten log a to je vše. Jde o to, že scanování AVZ trvá cca 30 min, ale Notebook a net mi zamrzne cca už po 20 min.

Jáká složka by to měla být?

Děkuji moc !!!

VIRY.CZ

Prosím o kontrolu Logu !!!

Prosím o kontrolu Logu !!!

Re: Prosím o kontrolu Logu !!!

Re: Prosím o kontrolu Logu !!!

Re: Prosím o kontrolu Logu !!!

Re: Prosím o kontrolu Logu !!!

Re: Prosím o kontrolu Logu !!!

Re: Prosím o kontrolu Logu !!!

Re: Prosím o kontrolu Logu !!!

Re: Prosím o kontrolu Logu !!!

Re: Prosím o kontrolu Logu !!!

Re: Prosím o kontrolu Logu !!!

Re: Prosím o kontrolu Logu !!!

Re: Prosím o kontrolu Logu !!!

Re: Prosím o kontrolu Logu !!!

Re: Prosím o kontrolu Logu !!!