Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

bordel v pc log prilozen

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
davus1
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 27 srp 2007 08:25

bordel v pc log prilozen

#1 Příspěvek od davus1 »

myslim ze mam v pc nebo mel neaky bordel mel jsem podobny problem jak http://www.viry.cz/forum/viewtopic.php?f=13&t=99313 . Nyni se vsechno tvari ok ale pro jistotu prikladam log.




Logfile of random's system information tool 1.06 (written by random/random)
Run by Dušan at 2010-05-05 19:40:50
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 13 GB (33%) free of 38 GB
Total RAM: 3071 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:40:56, on 5.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Razer\Diamondback 3G\razertra.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Dušan\Plocha\RSIT.exe
C:\Program Files\trend micro\Dušan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AtomicAlarmClock.exe
O4 - Global Startup: forteManager.lnk = ?
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 10409 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
kikin Plugin - C:\Program Files\kikin\ie_kikin.dll [2010-02-10 750256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTBatteryMeter"=C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe [2003-01-16 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-30 155648]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-03-21 69632]
"dvd43"=C:\Program Files\dvd43\dvd43_tray.exe [2006-05-22 694272]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-01-26 495616]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608]
"Diamondback"=C:\Program Files\Razer\Diamondback 3G\razerhid.exe [2007-08-01 147456]
"SoundMax"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-07-09 1657376]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-07-14 13877248]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-07-14 86016]
"WinFastDTV"=C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2009-05-27 90112]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-10-10 203264]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SkinClock"=C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe [2009-03-13 584704]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
forteManager.lnk - C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
WDDMStatus.lnk - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
WDSmartWare.lnk - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

C:\Documents and Settings\Dušan\Nabídka Start\Programy\Po spuštění
AtomicAlarmClock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\HRY\FlatOut2\FlatOut2.exe"="D:\HRY\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"D:\HRY\Call of Duty 2\CoD2MP_s.exe"="D:\HRY\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\mIRCcz\mirc32.exe"="C:\Program Files\mIRCcz\mirc32.exe:*:Enabled:mIRC"
"D:\HRY\Rise of Nationss\thrones.exe"="D:\HRY\Rise of Nationss\thrones.exe:*:Enabled:Rise of Nations"
"D:\HRY\Rise of Nationss\patriots.exe"="D:\HRY\Rise of Nationss\patriots.exe:*:Enabled:Rise of Nations"
"D:\HRY\Crysis\Bin32\Crysis.exe"="D:\HRY\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"D:\HRY\Crysis\Bin32\CrysisDedicatedServer.exe"="D:\HRY\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\HRY\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="D:\HRY\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\Microsoft Games\Rise Of Legends\legends.exe"="C:\Program Files\Microsoft Games\Rise Of Legends\legends.exe:*:Enabled:Rise Of Legends"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"D:\HRY\Crysis Wars\Bin32\Crysis.exe"="D:\HRY\Crysis Wars\Bin32\Crysis.exe:*:Enabled:Crysis"
"D:\HRY\MCM2\MCM2.EXE"="D:\HRY\MCM2\MCM2.EXE:*:Enabled:Microsoft® Motocross Madness 2"
"C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe"="C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe:*:Enabled:ENABLE"
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe:*:Enabled:ENABLE"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\WinFast\WFDTV\DVBTAP.exe"="C:\Program Files\WinFast\WFDTV\DVBTAP.exe:*:Enabled:WinFast DTV Application"
"C:\Program Files\WinFast\WFDTV\LiveUpdate\LiveUpdate.exe"="C:\Program Files\WinFast\WFDTV\LiveUpdate\LiveUpdate.exe:*:Enabled:WF LiveUpdate Application"
"C:\Program Files\Java\jre6\launch4j-tmp\frd.exe"="C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\HRY\THQ\Titan Quest Immortal Throne\Tqit.exe"="D:\HRY\THQ\Titan Quest Immortal Throne\Tqit.exe:*:Enabled:Tqit"
"D:\HRY\THQ\Titan Quest\Titan Quest.exe"="D:\HRY\THQ\Titan Quest\Titan Quest.exe:*:Enabled:Titan Quest"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Program Files\QIP Infium JadrisPack\infium.exe"="C:\Program Files\QIP Infium JadrisPack\infium.exe:*:Enabled:QIP Infium"
"D:\HRY\S.T.A.L.K.E.R. - Call of Pripyat\bin\xrEngine.exe"="D:\HRY\S.T.A.L.K.E.R. - Call of Pripyat\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Call of Pripyat (CLI)"
"D:\HRY\S.T.A.L.K.E.R. - Call of Pripyat\bin\dedicated\xrEngine.exe"="D:\HRY\S.T.A.L.K.E.R. - Call of Pripyat\bin\dedicated\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Call of Pripyat (SRV)"
"D:\HRY\Starcraft 2\StarCraft II Beta\StarCraft II.exe"="D:\HRY\Starcraft 2\StarCraft II Beta\StarCraft II.exe:*:Enabled:Blizzard Launcher"
"D:\HRY\Starcraft 2\StarCraft II Beta\Versions\Base14803\SC2.exe"="D:\HRY\Starcraft 2\StarCraft II Beta\Versions\Base14803\SC2.exe:*:Enabled:StarCraft II"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
shell\AutoRun\command - "L:\WD SmartWare.exe" autoplay=true

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49be5772-1ab7-11dd-820c-806d6172696f}]
shell\AutoRun\command - E:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{888e0278-f17e-11de-8d25-001bfc37a7bd}]
shell\AutoRun\command - "L:\WD SmartWare.exe" autoplay=true

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff666480-2de7-11df-996c-001bfc37a7bd}]
shell\AutoRun\command - N:\LaunchU3.exe -a


======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-05-04 20:46:03 ----A---- C:\WINDOWS\wininit.ini
2010-05-04 16:50:53 ----A---- C:\WINDOWS\Rzytob.exe
2010-05-03 16:05:08 ----A---- C:\WINDOWS\Rzytoa.exe
2010-05-02 16:14:04 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-05-02 16:14:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Blizzard Entertainment
2010-05-02 16:13:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\Blizzard
2010-04-20 21:54:19 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-04-16 22:26:30 ----A---- C:\WINDOWS\system32\xfcodec.dll
2010-04-15 21:32:11 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-15 21:32:04 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-15 21:29:51 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-15 21:29:47 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 22:29:29 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 22:29:22 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$

======List of files/folders modified in the last 1 months======

2010-05-05 19:40:53 ----D---- C:\Program Files\trend micro
2010-05-05 17:41:34 ----D---- C:\WINDOWS\Prefetch
2010-05-05 16:50:53 ----D---- C:\WINDOWS\Temp
2010-05-05 16:34:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-05-05 16:33:27 ----SD---- C:\WINDOWS\Tasks
2010-05-05 16:26:04 ----D---- C:\WINDOWS
2010-05-05 16:18:12 ----A---- C:\Documents and Settings\Dušan\Data aplikací\AtomicAlarmClock.ini
2010-05-05 14:44:29 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-04 22:35:49 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-05-04 20:53:48 ----D---- C:\WINDOWS\system32
2010-05-03 22:07:26 ----A---- C:\WINDOWS\system32\Dvbpws.dll
2010-05-03 20:56:06 ----D---- C:\WINDOWS\Minidump
2010-05-03 20:30:29 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-02 17:18:56 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-05-02 16:16:15 ----D---- C:\Program Files\Common Files
2010-05-02 16:13:50 ----RD---- C:\Program Files
2010-04-29 18:39:32 ----D---- C:\Program Files\Xfire
2010-04-26 14:55:12 ----D---- C:\Documents and Settings\Dušan\Data aplikací\uTorrent
2010-04-25 19:48:59 ----D---- C:\Program Files\HLSW
2010-04-21 16:34:22 ----D---- C:\WINDOWS\Debug
2010-04-20 23:59:06 ----HD---- C:\WINDOWS\inf
2010-04-15 21:32:42 ----SHD---- C:\WINDOWS\Installer
2010-04-15 21:32:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-04-15 21:32:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-15 21:32:08 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-15 21:32:05 ----D---- C:\WINDOWS\system32\drivers
2010-04-15 21:29:41 ----D---- C:\WINDOWS\ie8updates
2010-04-14 15:58:56 ----D---- C:\Documents and Settings\Dušan\Data aplikací\vlc
2010-04-14 15:57:33 ----D---- C:\Documents and Settings\Dušan\Data aplikací\dvdcss
2010-04-11 20:47:19 ----D---- C:\Documents and Settings\Dušan\Data aplikací\Autodesk
2010-04-11 20:47:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Autodesk
2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43008]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-08-26 281760]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-08-26 25888]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-18 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-18 55936]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.; C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-05-10 209171]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.; C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-05-10 9284]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.; C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-05-10 36261]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 dvd43llh;dvd43llh; C:\WINDOWS\System32\DRIVERS\dvd43llh.sys [2008-06-24 18816]
R3 DynCal;Dynamic Calibration Service; C:\WINDOWS\system32\drivers\Dyncal.sys [2003-11-14 8192]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 LGDDCDevice;LGDDCDevice; \??\C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-07-14 7741664]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
R3 Razerlow;Diamondback 3G USB Filter Driver; C:\WINDOWS\System32\Drivers\DB3G.sys [2005-04-24 13225]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 ULCDRHlp;ULCDRHlp; C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [2004-12-23 27392]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 avkufk5q;avkufk5q; C:\WINDOWS\system32\drivers\avkufk5q.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\DUAN~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-12-02 17480]
S3 LGII2CDevice;LGII2CDevice; \??\C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys []
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM); C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS); C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM); C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 90800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3); C:\WINDOWS\system32\drivers\wfeaglxt.sys []
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-09-28 109056]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-04-03 20543]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-07-13 131131]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-07-13 65599]
R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-07-14 168004]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-06-27 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-05-02 202024]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-02-27 603904]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WDDMService;WD SmartWare Drive Manager; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-05 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-02-27 360192]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
cernohous13
VIP in memoriam
VIP in memoriam
Příspěvky: 8721
Registrován: 09 pro 2006 06:19
Bydliště: Jablonec nad Nisou
Kontaktovat uživatele:
Kontaktovat uživatele cernohous13

Re: bordel v pc log prilozen

#2 Příspěvek od cernohous13 »

Zdravím,

znáš soubory
2010-05-04 16:50:53 ----A---- C:\WINDOWS\Rzytob.exe
2010-05-03 16:05:08 ----A---- C:\WINDOWS\Rzytoa.exe

pokud nevíš co je vytváří, tak
Stáhni si Obrázek ComboFix
a ulož ho na plochu.
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím Obrázek

-------------------------------------------------------------------------------------------------
> Podpora fóra <
Nahoru
davus1
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 27 srp 2007 08:25

Re: bordel v pc log prilozen

#3 Příspěvek od davus1 »

co je spouští to netuším

je tam toho strašně moc takze bych to musel hodit do 6 zprav .

hodil jsem to na edisk http://www.edisk.cz/stahni/44293/ComboF ... .79KB.html
Nahoru
Uživatelský avatar
cernohous13
VIP in memoriam
VIP in memoriam
Příspěvky: 8721
Registrován: 09 pro 2006 06:19
Bydliště: Jablonec nad Nisou
Kontaktovat uživatele:
Kontaktovat uživatele cernohous13

Re: bordel v pc log prilozen

#4 Příspěvek od cernohous13 »

Pro přehlednost si to dám do topicu bez snap shots :wink:

ComboFix 09-06-17.04 - Dušan 07.05.2010 14:44.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2457 [GMT 2:00]
Spuštěný z: c:\documents and settings\Dušan\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-04-07 do 2010-05-07 )))))))))))))))))))))))))))))))
.

2010-05-04 14:50 . 2010-05-03 14:06 171008 ----a-w- c:\windows\Rzytob.exe
2010-05-03 14:05 . 2010-05-03 14:05 171008 ----a-w- c:\windows\Rzytoa.exe
2010-05-02 14:14 . 2010-05-02 14:16 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-04-20 19:54 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-16 20:26 . 2010-04-16 20:26 41872 ----a-w- c:\windows\system32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-05 17:40 . 2009-06-19 21:15 -------- d-----w- c:\program files\trend micro
2010-05-03 20:07 . 2009-08-08 18:24 2 ----a-w- c:\windows\system32\Dvbpws.dll
2010-05-02 15:19 . 2009-06-27 19:38 138832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-02 15:18 . 2009-06-27 19:37 202024 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-29 16:39 . 2009-12-02 17:12 -------- d-----w- c:\program files\Xfire
2010-04-25 17:48 . 2008-10-24 19:55 -------- d-----w- c:\program files\HLSW
2010-04-02 11:58 . 2009-08-19 18:57 -------- d-----w- c:\program files\kikin
2010-03-28 12:16 . 2010-01-14 17:06 -------- d-----w- c:\program files\TQ Defiler
2010-03-28 08:02 . 2004-08-18 12:00 82552 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 08:02 . 2004-08-18 12:00 437832 ----a-w- c:\windows\system32\perfh005.dat
2010-03-26 23:00 . 2010-03-26 22:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-20 15:57 . 2010-03-20 15:28 -------- d-----w- c:\program files\AIMP2
2010-03-13 13:28 . 2010-03-13 13:28 -------- d-----w- c:\program files\Atomic Alarm Clock
2010-03-11 17:21 . 2008-05-05 13:50 -------- d-----w- c:\program files\Java
2010-03-10 06:17 . 2004-08-18 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:18 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-10-28 01:14 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:08 . 2004-08-18 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:08 . 2004-08-17 15:45 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:35 . 2004-08-18 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-18 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-06 13:22 . 2008-05-05 19:41 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-09 10:32 . 2009-12-02 17:16 148368 ----a-w- c:\program files\xfire_lang_cz.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-02-10 01:34 750256 ----a-w- c:\program files\kikin\ie_kikin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2009-03-13 584704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTBatteryMeter"="c:\program files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2006-05-22 694272]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-01-26 495616]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2009-05-27 90112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Duçan\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AtomicAlarmClock.exe [2009-3-13 584704]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2008-12-24 1126400]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\HRY\\FlatOut2\\FlatOut2.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\HRY\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\mIRCcz\\mirc32.exe"=
"d:\\HRY\\Rise of Nationss\\thrones.exe"=
"d:\\HRY\\Rise of Nationss\\patriots.exe"=
"d:\\HRY\\Crysis\\Bin32\\Crysis.exe"=
"d:\\HRY\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\HRY\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Microsoft Games\\Rise Of Legends\\legends.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"d:\\HRY\\Crysis Wars\\Bin32\\Crysis.exe"=
"d:\\HRY\\MCM2\\MCM2.EXE"=
"c:\\Program Files\\TuneUp Utilities 2009\\OneClickStarter.exe"=
"c:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\LiveUpdate\\LiveUpdate.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"d:\\HRY\\THQ\\Titan Quest Immortal Throne\\Tqit.exe"=
"d:\\HRY\\THQ\\Titan Quest\\Titan Quest.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\QIP Infium JadrisPack\\infium.exe"=
"d:\\HRY\\S.T.A.L.K.E.R. - Call of Pripyat\\bin\\xrEngine.exe"=
"d:\\HRY\\S.T.A.L.K.E.R. - Call of Pripyat\\bin\\dedicated\\xrEngine.exe"=
"d:\\HRY\\Starcraft 2\\StarCraft II Beta\\StarCraft II.exe"=
"d:\\HRY\\Starcraft 2\\StarCraft II Beta\\Versions\\Base14803\\SC2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:UDP"= 6112:UDP:ris-odblok

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12.9.2009 22:37 108289]
R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [18.8.2004 14:00 14336]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [27.2.2009 19:55 603904]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14.10.2009 15:31 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 10:58 20480]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [7.8.2009 19:58 209171]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [10.8.2009 8:22 9284]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [10.8.2009 8:23 36261]
R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [14.11.2003 3:46 8192]
R3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [24.12.2008 22:55 14336]
R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [8.4.2009 18:30 13225]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [24.12.2008 22:55 13312]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [28.8.2008 15:03 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [28.8.2008 15:03 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [28.8.2008 15:03 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [28.8.2008 15:03 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [28.8.2008 15:03 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [28.8.2008 15:03 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [28.8.2008 15:03 90800]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [25.12.2009 22:07 11520]
S3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3);c:\windows\system32\drivers\wfeaglxt.sys --> c:\windows\system32\drivers\wfeaglxt.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
SSHNAS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - "L:\WD SmartWare.exe" autoplay=true

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49be5772-1ab7-11dd-820c-806d6172696f}]
\Shell\AutoRun\command - E:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{888e0278-f17e-11de-8d25-001bfc37a7bd}]
\Shell\AutoRun\command - "L:\WD SmartWare.exe" autoplay=true

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff666480-2de7-11df-996c-001bfc37a7bd}]
\Shell\AutoRun\command - N:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-07-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
FF - ProfilePath -

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", "-1");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); // now unused
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.delay", 50);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-07 14:45
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1343024091-299502267-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:2b,b5,55,82,fb,1b,ce,0b,53,e0,3c,a5,57,1f,fd,60,11,dc,82,af,e2,
fb,36,68,b4,f3,79,d3,69,1e,7d,c8,38,a7,c6,45,3b,9e,02,df,5b,67,57,65,da,11,\
"rkeysecu"=hex:4c,e8,2d,46,ae,0b,27,68,53,3b,7e,f2,4a,d8,5c,74

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3520)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-05-07 14:47
ComboFix-quarantined-files.txt 2010-05-07 12:47
ComboFix2.txt 2009-06-18 17:22

Před spuštěním: Volných bajtů: 13 298 130 944
Po spuštění: Volných bajtů: 13 301 309 440

2384 --- E O F --- 2010-04-20 21:59
Nahoru
Uživatelský avatar
cernohous13
VIP in memoriam
VIP in memoriam
Příspěvky: 8721
Registrován: 09 pro 2006 06:19
Bydliště: Jablonec nad Nisou
Kontaktovat uživatele:
Kontaktovat uživatele cernohous13

Re: bordel v pc log prilozen

#5 Příspěvek od cernohous13 »

:?: Použil jsi nějaký starý ComboFix

:arrow: teď ComboFix odinstalujeme
jdi Start -> Spustit... a zkopíruj ComboFix /Uninstall (pozor, za x je mezera) -> OK

:arrow: pak použij
Stáhni a spusť T-cleaner http://sweb.cz/Marinus/T-Cleaner.exe - uklidí po použitých čističích.
Po spuštění ignoruj případné varování antiviru - je to v pořádku
Po provedení akce T-cleaner smažeš
Stáhni si Obrázek ComboFix
a ulož ho na plochu. - zatím nespouštěj
Ukonči všechna aktivní okna,vypni Antispy a Antivir
Otevři Poznámkový blok (Notepad) a zkopíruj celý zelený text z "CFscriptu".
Soubor ulož na plochu jako CFscript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.
Obrázek
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace
CFscript

Kód: Vybrat vše

KillAll::

File::
c:\windows\system32\Dvbpws.dll
c:\windows\Rzytob.exe
c:\windows\Rzytoa.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"SSBkgdUpdate"=-
"dvd43"=-
"NeroFilterCheck"=-
"SunJavaUpdateSched"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"6112:UDP"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

NetSvc::
SSHNAS
:arrow: po prozkoumání logu budeme pokračovat :wink:
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím Obrázek

-------------------------------------------------------------------------------------------------
> Podpora fóra <
Nahoru
davus1
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 27 srp 2007 08:25

Re: bordel v pc log prilozen

#6 Příspěvek od davus1 »

jo combofix jsem mel asi 2 roky
a pri zapnuti pc mi to hazi hlašku -viz. priloha
log po provedeni akce



ComboFix 10-05-06.05 - Dušan 07.05.2010 20:58:25.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2522 [GMT 2:00]
Spuštěný z: c:\documents and settings\Dušan\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Dušan\Plocha\CFscript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

FILE ::
"c:\windows\Rzytoa.exe"
"c:\windows\Rzytob.exe"
"c:\windows\system32\Dvbpws.dll"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Rzytoa.exe
c:\windows\Rzytob.exe
c:\windows\system32\Dvbpws.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


((((((((((((((((((((((((( Soubory vytvořené od 2010-04-07 do 2010-05-07 )))))))))))))))))))))))))))))))
.

2010-05-02 14:14 . 2010-05-02 14:16 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-04-20 19:54 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-16 20:26 . 2010-04-16 20:26 41872 ----a-w- c:\windows\system32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 18:46 . 2009-06-19 21:15 -------- d-----w- c:\program files\trend micro
2010-05-02 15:19 . 2009-06-27 19:38 138832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-02 15:18 . 2009-06-27 19:37 202024 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-29 16:39 . 2009-12-02 17:12 -------- d-----w- c:\program files\Xfire
2010-04-25 17:48 . 2008-10-24 19:55 -------- d-----w- c:\program files\HLSW
2010-04-02 11:58 . 2009-08-19 18:57 -------- d-----w- c:\program files\kikin
2010-03-28 12:16 . 2010-01-14 17:06 -------- d-----w- c:\program files\TQ Defiler
2010-03-28 08:02 . 2004-08-18 12:00 82552 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 08:02 . 2004-08-18 12:00 437832 ----a-w- c:\windows\system32\perfh005.dat
2010-03-26 23:00 . 2010-03-26 22:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-20 15:57 . 2010-03-20 15:28 -------- d-----w- c:\program files\AIMP2
2010-03-13 13:28 . 2010-03-13 13:28 -------- d-----w- c:\program files\Atomic Alarm Clock
2010-03-11 17:21 . 2008-05-05 13:50 -------- d-----w- c:\program files\Java
2010-03-10 06:17 . 2004-08-18 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:18 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-10-28 01:14 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:08 . 2004-08-18 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:08 . 2004-08-17 15:45 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:35 . 2004-08-18 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-18 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2009-08-09 10:32 . 2009-12-02 17:16 148368 ----a-w- c:\program files\xfire_lang_cz.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-02-10 01:34 750256 ----a-w- c:\program files\kikin\ie_kikin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2009-03-13 584704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTBatteryMeter"="c:\program files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 49152]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-01-26 495616]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2009-05-27 90112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Duçan\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AtomicAlarmClock.exe [2009-3-13 584704]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2008-12-24 1126400]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\HRY\\FlatOut2\\FlatOut2.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\HRY\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\mIRCcz\\mirc32.exe"=
"d:\\HRY\\Rise of Nationss\\thrones.exe"=
"d:\\HRY\\Rise of Nationss\\patriots.exe"=
"d:\\HRY\\Crysis\\Bin32\\Crysis.exe"=
"d:\\HRY\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\HRY\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Microsoft Games\\Rise Of Legends\\legends.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"d:\\HRY\\Crysis Wars\\Bin32\\Crysis.exe"=
"d:\\HRY\\MCM2\\MCM2.EXE"=
"c:\\Program Files\\TuneUp Utilities 2009\\OneClickStarter.exe"=
"c:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\LiveUpdate\\LiveUpdate.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"d:\\HRY\\THQ\\Titan Quest Immortal Throne\\Tqit.exe"=
"d:\\HRY\\THQ\\Titan Quest\\Titan Quest.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\QIP Infium JadrisPack\\infium.exe"=
"d:\\HRY\\S.T.A.L.K.E.R. - Call of Pripyat\\bin\\xrEngine.exe"=
"d:\\HRY\\S.T.A.L.K.E.R. - Call of Pripyat\\bin\\dedicated\\xrEngine.exe"=
"d:\\HRY\\Starcraft 2\\StarCraft II Beta\\StarCraft II.exe"=
"d:\\HRY\\Starcraft 2\\StarCraft II Beta\\Versions\\Base14803\\SC2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:UDP"= 6112:UDP:ris-odblok

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5.5.2008 21:41 691696]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12.9.2009 22:37 108289]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14.10.2009 15:31 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 10:58 20480]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [7.8.2009 19:58 209171]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [10.8.2009 8:22 9284]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [10.8.2009 8:23 36261]
R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [14.11.2003 3:46 8192]
R3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [24.12.2008 22:55 14336]
R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [8.4.2009 18:30 13225]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [24.12.2008 22:55 13312]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [28.8.2008 15:03 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [28.8.2008 15:03 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [28.8.2008 15:03 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [28.8.2008 15:03 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [28.8.2008 15:03 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [28.8.2008 15:03 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [28.8.2008 15:03 90800]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [25.12.2009 22:07 11520]
S3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3);c:\windows\system32\drivers\wfeaglxt.sys --> c:\windows\system32\drivers\wfeaglxt.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-07-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
FF - ProfilePath - c:\documents and settings\Dušan\Data aplikací\Mozilla\Firefox\Profiles\v2140jh4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-HijackThis - c:\program files\trend micro\HijackThis.exe
AddRemove-Mouse Magic CS - c:\windows\UnInstallX



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-07 21:05
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\docume~1\DUAN~1\LOCALS~1\Temp\{9A9B1473-A3BF-763F-BB5C-06B2E2216216}\ArcCon.dll 408064 bytes executable
c:\docume~1\DUAN~1\LOCALS~1\Temp\{9A9B1473-A3BF-763F-BB5C-06B2E2216216}\arcsoft1.bmp 28134 bytes
c:\docume~1\DUAN~1\LOCALS~1\Temp\{9A9B1473-A3BF-763F-BB5C-06B2E2216216}\setup.inx 143341 bytes

sken byl úspešně dokončen
skryté soubory: 3

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spdg.sys >>UNKNOWN [0x8AC75938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28
\Driver\ACPI -> ACPI.sys @ 0xb7e74cb8
\Driver\atapi -> atapi.sys @ 0xb7e2fb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb7d1ebb0
PacketIndicateHandler -> NDIS.sys @ 0xb7d2ba21
SendHandler -> NDIS.sys @ 0xb7d0987b
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1343024091-299502267-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:2b,b5,55,82,fb,1b,ce,0b,53,e0,3c,a5,57,1f,fd,60,11,dc,82,af,e2,
fb,36,68,b4,f3,79,d3,69,1e,7d,c8,38,a7,c6,45,3b,9e,02,df,5b,67,57,65,da,11,\
"rkeysecu"=hex:4c,e8,2d,46,ae,0b,27,68,53,3b,7e,f2,4a,d8,5c,74
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3972)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\msi.dll
c:\program files\Atomic Alarm Clock\Clock.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\System32\TUProgSt.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Razer\Diamondback 3G\razertra.exe
c:\program files\Razer\Diamondback 3G\razerofa.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Celkový čas: 2010-05-07 21:09:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-07 19:09

Před spuštěním: Volných bajtů: 15 827 308 544
Po spuštění: Volných bajtů: 15 683 137 536

- - End Of File - - F4A216C786D5832270A53978FC8AC06C
Přílohy
hlaska.JPG
hlaska.JPG (53.85 KiB) Zobrazeno 2214 x
Nahoru
Uživatelský avatar
cernohous13
VIP in memoriam
VIP in memoriam
Příspěvky: 8721
Registrován: 09 pro 2006 06:19
Bydliště: Jablonec nad Nisou
Kontaktovat uživatele:
Kontaktovat uživatele cernohous13

Re: bordel v pc log prilozen

#7 Příspěvek od cernohous13 »

Další CFscript

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\standardprofile\GloballyOpenPorts\List]
"6112:UDP"=-
Vypnout driver sptd.sys takto:
stáhni Obrázek http://jpshortstuff.247fixes.com/beta/Defogger.exe
spusť - klik "Disable" - potvrď hlášku "Continue" - dej sem log který se vytvoří - samozřejmě nech restartovat PC
stáhni MBR
Obrázek http://www2.gmer.net/mbr/mbr.exe ulož ho na plochu
klik Start -> Spustit... - do okna zkopíruj celý červený příkaz
"%userprofile%\plocha\mbr" -t -> OK
na ploše vznikne mbr.log - jeho obsah sem zkopíruj
:arrow: Jaká hláška vyskočí, když dáš "Přepnout" ?

:arrow: K čemu používáš "ArcSoft Connection Service" ?
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím Obrázek

-------------------------------------------------------------------------------------------------
> Podpora fóra <
Nahoru
davus1
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 27 srp 2007 08:25

Re: bordel v pc log prilozen

#8 Příspěvek od davus1 »

kdyz jsem aplikoval combofix tak se do c:\combofix nahazelo par věcí - nejspíš účel
ArcSoft Connection Service nepouzivam
kdyz dam prepnout u te hlasky tak se nic nestane jen se rozklikne nabidka start
defogger log

defogger_disable by jpshortstuff (25.01.10.1)
Log created at 16:42 on 08/05/2010 (Dušan)

Checking for autostart values...
Unable to open HKCU\~\Run key (2)
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-

log z mbr

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK


pc jsem restartoval až nakonec >> po logu z MBR, hláška se se neobjevila, najelo se mi samovolně do složky combofixu s těma věcima jak jsem psal (c:\combofix)
Nahoru
Uživatelský avatar
cernohous13
VIP in memoriam
VIP in memoriam
Příspěvky: 8721
Registrován: 09 pro 2006 06:19
Bydliště: Jablonec nad Nisou
Kontaktovat uživatele:
Kontaktovat uživatele cernohous13

Re: bordel v pc log prilozen

#9 Příspěvek od cernohous13 »

Tak si dáme ještě jeden CFscript

Kód: Vybrat vše

KillAll::

Folder::
C:\Documents and Settings\Dušan\Local Settings\Temp\{9A9B1473-A3BF-763F-BB5C-06B2E2216216}
C:\Program Files\Common Files\ArcSoft

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ArcSoft Connection Service"=-
:arrow: Kouknu na něj a jestli už nejsou problémy, tak budeme uklízet
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím Obrázek

-------------------------------------------------------------------------------------------------
> Podpora fóra <
Nahoru
davus1
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 27 srp 2007 08:25

Re: bordel v pc log prilozen

#10 Příspěvek od davus1 »

log po akci


ComboFix 10-05-06.05 - Dušan 08.05.2010 21:08:44.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2493 [GMT 2:00]
Spuštěný z: c:\documents and settings\Dušan\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Dušan\Plocha\CFscript.txt.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\ArcSoft
c:\program files\Common Files\ArcSoft\Bin\ArcAD.dll
c:\program files\Common Files\ArcSoft\Bin\ArcCon.dll
c:\program files\Common Files\ArcSoft\Bin\GdiPlus.dll
c:\program files\Common Files\ArcSoft\Bin\MagCore.dll
c:\program files\Common Files\ArcSoft\Bin\MagicFrame.dll
c:\program files\Common Files\ArcSoft\Bin\MagPCMac.dll
c:\program files\Common Files\ArcSoft\Bin\magPltfm.dll
c:\program files\Common Files\ArcSoft\Bin\MagUICommon.dll
c:\program files\Common Files\ArcSoft\Bin\MagUICommonET.dll
c:\program files\Common Files\ArcSoft\Bin\MagUIEngine.dll
c:\program files\Common Files\ArcSoft\Bin\MagUIImage.dll
c:\program files\Common Files\ArcSoft\Bin\MagUIInter.dll
c:\program files\Common Files\ArcSoft\Bin\uMagTreeCtrl.dll
c:\program files\Common Files\ArcSoft\Bin\unicows.dll
c:\program files\Common Files\ArcSoft\Connection Service\_regdata.arg
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACRun.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACStart.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\AcStBmhE.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\adcfg.ini
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcBmh.dll
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcBmhE.dll
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcDeploy.dll
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcRegister.ac
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcUpdateUI.dll
c:\program files\Common Files\ArcSoft\Connection Service\Bin\doc\Ar_ConnectHelp.htm
c:\program files\Common Files\ArcSoft\Connection Service\Bin\doc\Br_ConnectHelp.htm
c:\program files\Common Files\ArcSoft\Connection Service\Bin\doc\Bu_ConnectHelp.htm
c:\program files\Common Files\ArcSoft\Connection Service\Bin\doc\cs_ConnectHelp.htm
c:\program files\Common Files\ArcSoft\Connection Service\Bin\doc\Ct_ConnectHelp.htm
c:\program files\Common Files\ArcSoft\Connection Service\Bin\doc\Cz_ConnectHelp.htm
c:\program files\Common Files\ArcSoft\Connection Service\Bin\doc\Da_ConnectHelp.htm
c:\program files\Common Files\ArcSoft\Connection Service\Bin\doc\de_ConnectHelp.htm
c:\program files\Common Files\ArcSoft\Connection Service\Bin\doc\el_ConnectHelp.htm
c:\program files\Common Files\ArcSoft\Connection Service\Bin\doc\en_ConnectHelp.htm
c:\program files\Common Files\ArcSoft\Connection Service\Bin\doc\en_UninstallHelp.htm
c:\program files\Common Files\ArcSoft\Connection Service\Bin\doc\es_ConnectHelp.htm
c:\program files\Common Files\ArcSoft\Connection Service\Bin\doc\Fi_ConnectHelp.htm
c:\program files\Common Files\ArcSoft\Connection Service\Bin\doc\Fr_ConnectHelp.htm
c:\program files\Common Files\ArcSoft\Connection Service\Bin\doc\He_ConnectHelp.htm
c:\program files\Common Files\ArcSoft\Connection Service\Bin\doc\Hu_ConnectHelp.htm
c:\program files\Common Files\ArcSoft\Connection Service\Bin\doc\It_ConnectHelp.htm
c:\program files\Common Files\ArcSoft\Connection Service\Bin\doc\Ja_ConnectHelp.htm
c:\program files\Common Files\ArcSoft\Connection Service\Bin\doc\Ko_ConnectHelp.htm
c:\program files\Common Files\ArcSoft\Connection Service\Bin\doc\La_ConnectHelp.htm
c:\program files\Common Files\ArcSoft\Connection Service\Bin\doc\Mx_ConnectHelp.htm
c:\program files\Common Files\ArcSoft\Connection Service\Bin\doc\nl_ConnectHelp.htm
c:\program files\Common Files\ArcSoft\Connection Service\Bin\doc\No_ConnectHelp.htm
c:\program files\Common Files\ArcSoft\Connection Service\Bin\doc\Pl_ConnectHelp.htm
c:\program files\Common Files\ArcSoft\Connection Service\Bin\doc\Pt_ConnectHelp.htm
c:\program files\Common Files\ArcSoft\Connection Service\Bin\doc\Ro_ConnectHelp.htm
c:\program files\Common Files\ArcSoft\Connection Service\Bin\doc\Ru_ConnectHelp.htm
c:\program files\Common Files\ArcSoft\Connection Service\Bin\doc\Sk_ConnectHelp.htm
c:\program files\Common Files\ArcSoft\Connection Service\Bin\doc\Sv_ConnectHelp.htm
c:\program files\Common Files\ArcSoft\Connection Service\Bin\doc\Th_ConnectHelp.htm
c:\program files\Common Files\ArcSoft\Connection Service\Bin\doc\Tr_ConnectHelp.htm
c:\program files\Common Files\ArcSoft\Connection Service\Bin\CheckUpdate.ac
c:\program files\Common Files\ArcSoft\Connection Service\Bin\logupload.ini
c:\program files\Common Files\ArcSoft\Connection Service\Bin\msvcp60.dll
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ProductInfo.ac
c:\program files\Common Files\ArcSoft\Connection Service\Bin\UI\about.aui
c:\program files\Common Files\ArcSoft\Connection Service\Bin\UI\Albumforlang.aui
c:\program files\Common Files\ArcSoft\Connection Service\Bin\UI\ArcConRes.aui
c:\program files\Common Files\ArcSoft\Connection Service\Bin\UI\Au_components.aui
c:\program files\Common Files\ArcSoft\Connection Service\Bin\UI\Au_finish.aui
c:\program files\Common Files\ArcSoft\Connection Service\Bin\UI\AU_checking.aui
c:\program files\Common Files\ArcSoft\Connection Service\Bin\UI\Au_processing.aui
c:\program files\Common Files\ArcSoft\Connection Service\Bin\UI\Au_products.aui
c:\program files\Common Files\ArcSoft\Connection Service\Bin\UI\Au_settings.aui
c:\program files\Common Files\ArcSoft\Connection Service\Bin\UI\cell.aui
c:\program files\Common Files\ArcSoft\Connection Service\Bin\UI\CntStartTips.aui
c:\program files\Common Files\ArcSoft\Connection Service\Bin\UI\comb.aui
c:\program files\Common Files\ArcSoft\Connection Service\Bin\UI\ConnectSetting.aui
c:\program files\Common Files\ArcSoft\Connection Service\Bin\UI\EmbRegister.aui
c:\program files\Common Files\ArcSoft\Connection Service\Bin\UI\ExternalMenu.aui
c:\program files\Common Files\ArcSoft\Connection Service\Bin\UI\InfoListThumb.aui
c:\program files\Common Files\ArcSoft\Connection Service\Bin\UI\InfomationCenter.aui
c:\program files\Common Files\ArcSoft\Connection Service\Bin\UI\LanglistThumb.aui
c:\program files\Common Files\ArcSoft\Connection Service\Bin\UI\MsgBox.aui
c:\program files\Common Files\ArcSoft\Connection Service\Bin\UI\Pop.aui
c:\program files\Common Files\ArcSoft\Connection Service\Bin\UI\Products.aui
c:\program files\Common Files\ArcSoft\Connection Service\Bin\UI\ProxySetting.aui
c:\program files\Common Files\ArcSoft\Connection Service\Bin\UI\ResLanguages.aui
c:\program files\Common Files\ArcSoft\Connection Service\Bin\UI\UISetDemo.aui
c:\program files\Common Files\ArcSoft\Connection Service\Bin\UI\UISetting.aui
c:\program files\Common Files\ArcSoft\Connection Service\Bin\UI\UserInfo.aui
c:\program files\Common Files\ArcSoft\Connection Service\Bin\Updatersettings.ini
c:\program files\Common Files\ArcSoft\Connection Service\Bin\UserInfo.ac
c:\program files\Common Files\ArcSoft\Connection Service\gmidchg.xml
c:\program files\Common Files\ArcSoft\MPEG Engine\AacDecoderDll.dll
c:\program files\Common Files\ArcSoft\MPEG Engine\AacEncDll.dll
c:\program files\Common Files\ArcSoft\MPEG Engine\AACEncoder.ax
c:\program files\Common Files\ArcSoft\MPEG Engine\AacPlusDec.dll
c:\program files\Common Files\ArcSoft\MPEG Engine\AC3EncoderFilter.ax
c:\program files\Common Files\ArcSoft\MPEG Engine\AdavAC3Dec.dll
c:\program files\Common Files\ArcSoft\MPEG Engine\AdavAudioDec.dll
c:\program files\Common Files\ArcSoft\MPEG Engine\AdavMPAEncoder.dll
c:\program files\Common Files\ArcSoft\MPEG Engine\AdvDeInterlace.dll
c:\program files\Common Files\ArcSoft\MPEG Engine\ArcDemux.ax
c:\program files\Common Files\ArcSoft\MPEG Engine\ArcText.ax
c:\program files\Common Files\ArcSoft\MPEG Engine\ArcVEncoder.ax
c:\program files\Common Files\ArcSoft\MPEG Engine\ASAudio.ax
c:\program files\Common Files\ArcSoft\MPEG Engine\ASH264Enc.dll
c:\program files\Common Files\ArcSoft\MPEG Engine\ASH264Vid.dll
c:\program files\Common Files\ArcSoft\MPEG Engine\ASMpeg1Encoder.ax
c:\program files\Common Files\ArcSoft\MPEG Engine\ASMpeg1Encoder.dll
c:\program files\Common Files\ArcSoft\MPEG Engine\ASMpeg2Encoder.ax
c:\program files\Common Files\ArcSoft\MPEG Engine\ASMpeg2Encoder.dll
c:\program files\Common Files\ArcSoft\MPEG Engine\ASMPEG4Vid.dll
c:\program files\Common Files\ArcSoft\MPEG Engine\ASMPEGVid.dll
c:\program files\Common Files\ArcSoft\MPEG Engine\ASRealTimeMpeg1Encoder.ax
c:\program files\Common Files\ArcSoft\MPEG Engine\ASRealTimeMpeg1Encoder.dll
c:\program files\Common Files\ArcSoft\MPEG Engine\ASRealTimeMpeg2Encoder.ax
c:\program files\Common Files\ArcSoft\MPEG Engine\ASRealTimeMpeg2Encoder.dll
c:\program files\Common Files\ArcSoft\MPEG Engine\ASVid.ax
c:\program files\Common Files\ArcSoft\MPEG Engine\ASVidEnc.dll
c:\program files\Common Files\ArcSoft\MPEG Engine\deinterlace.ax
c:\program files\Common Files\ArcSoft\MPEG Engine\checkactivate.dll
c:\program files\Common Files\ArcSoft\MPEG Engine\checkcommon.dll
c:\program files\Common Files\ArcSoft\MPEG Engine\lpcmdec.ax
c:\program files\Common Files\ArcSoft\MPEG Engine\MP4Muxer.ax
c:\program files\Common Files\ArcSoft\MPEG Engine\mp4splitter.ax
c:\program files\Common Files\ArcSoft\MPEG Engine\Mpeg2AudioEncoder.ax
c:\program files\Common Files\ArcSoft\MPEG Engine\TSdump.ax
c:\program files\Common Files\ArcSoft\MPEG Engine\TSRead.ax
c:\program files\Common Files\ArcSoft\MPEG Engine\uMP4Encoder.ax
c:\program files\Common Files\ArcSoft\MPEG Engine\VBICodecFilter.ax

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ACDaemon
-------\Legacy_ACDaemon
-------\Service_ACDaemon
-------\Service_ACDaemon


((((((((((((((((((((((((( Soubory vytvořené od 2010-04-08 do 2010-05-08 )))))))))))))))))))))))))))))))
.

2010-05-02 14:14 . 2010-05-02 14:16 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-04-20 19:54 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-16 20:26 . 2010-04-16 20:26 41872 ----a-w- c:\windows\system32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 19:06 . 2008-05-05 14:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-07 18:46 . 2009-06-19 21:15 -------- d-----w- c:\program files\trend micro
2010-05-02 15:19 . 2009-06-27 19:38 138832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-02 15:18 . 2009-06-27 19:37 202024 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-29 16:39 . 2009-12-02 17:12 -------- d-----w- c:\program files\Xfire
2010-04-25 17:48 . 2008-10-24 19:55 -------- d-----w- c:\program files\HLSW
2010-04-02 11:58 . 2009-08-19 18:57 -------- d-----w- c:\program files\kikin
2010-03-28 12:16 . 2010-01-14 17:06 -------- d-----w- c:\program files\TQ Defiler
2010-03-28 08:02 . 2004-08-18 12:00 82552 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 08:02 . 2004-08-18 12:00 437832 ----a-w- c:\windows\system32\perfh005.dat
2010-03-26 23:00 . 2010-03-26 22:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-20 15:57 . 2010-03-20 15:28 -------- d-----w- c:\program files\AIMP2
2010-03-13 13:28 . 2010-03-13 13:28 -------- d-----w- c:\program files\Atomic Alarm Clock
2010-03-11 17:21 . 2008-05-05 13:50 -------- d-----w- c:\program files\Java
2010-03-10 06:17 . 2004-08-18 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:18 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-10-28 01:14 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:08 . 2004-08-18 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:08 . 2004-08-17 15:45 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:35 . 2004-08-18 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-18 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2009-08-09 10:32 . 2009-12-02 17:16 148368 ----a-w- c:\program files\xfire_lang_cz.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-02-10 01:34 750256 ----a-w- c:\program files\kikin\ie_kikin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTBatteryMeter"="c:\program files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 49152]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-01-26 495616]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2009-05-27 90112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2008-12-24 1126400]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\HRY\\FlatOut2\\FlatOut2.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\HRY\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\mIRCcz\\mirc32.exe"=
"d:\\HRY\\Rise of Nationss\\thrones.exe"=
"d:\\HRY\\Rise of Nationss\\patriots.exe"=
"d:\\HRY\\Crysis\\Bin32\\Crysis.exe"=
"d:\\HRY\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\HRY\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Microsoft Games\\Rise Of Legends\\legends.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"d:\\HRY\\Crysis Wars\\Bin32\\Crysis.exe"=
"d:\\HRY\\MCM2\\MCM2.EXE"=
"c:\\Program Files\\TuneUp Utilities 2009\\OneClickStarter.exe"=
"c:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\LiveUpdate\\LiveUpdate.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"d:\\HRY\\THQ\\Titan Quest Immortal Throne\\Tqit.exe"=
"d:\\HRY\\THQ\\Titan Quest\\Titan Quest.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\QIP Infium JadrisPack\\infium.exe"=
"d:\\HRY\\S.T.A.L.K.E.R. - Call of Pripyat\\bin\\xrEngine.exe"=
"d:\\HRY\\S.T.A.L.K.E.R. - Call of Pripyat\\bin\\dedicated\\xrEngine.exe"=
"d:\\HRY\\Starcraft 2\\StarCraft II Beta\\StarCraft II.exe"=
"d:\\HRY\\Starcraft 2\\StarCraft II Beta\\Versions\\Base14803\\SC2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:UDP"= 6112:UDP:ris-odblok

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5.5.2008 21:41 691696]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12.9.2009 22:37 108289]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14.10.2009 15:31 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 10:58 20480]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [7.8.2009 19:58 209171]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [10.8.2009 8:22 9284]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [10.8.2009 8:23 36261]
R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [14.11.2003 3:46 8192]
R3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [24.12.2008 22:55 14336]
R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [8.4.2009 18:30 13225]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [24.12.2008 22:55 13312]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [28.8.2008 15:03 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [28.8.2008 15:03 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [28.8.2008 15:03 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [28.8.2008 15:03 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [28.8.2008 15:03 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [28.8.2008 15:03 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [28.8.2008 15:03 90800]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [25.12.2009 22:07 11520]
S3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3);c:\windows\system32\drivers\wfeaglxt.sys --> c:\windows\system32\drivers\wfeaglxt.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-07-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
FF - ProfilePath - c:\documents and settings\Dušan\Data aplikací\Mozilla\Firefox\Profiles\v2140jh4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-08 21:15
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spba.sys >>UNKNOWN [0x8AC75938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28
\Driver\ACPI -> ACPI.sys @ 0xb7e74cb8
\Driver\atapi -> atapi.sys @ 0xb7e2fb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb7d1ebb0
PacketIndicateHandler -> NDIS.sys @ 0xb7d2ba21
SendHandler -> NDIS.sys @ 0xb7d0987b
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1343024091-299502267-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:2b,b5,55,82,fb,1b,ce,0b,53,e0,3c,a5,57,1f,fd,60,11,dc,82,af,e2,
fb,36,68,b4,f3,79,d3,69,1e,7d,c8,38,a7,c6,45,3b,9e,02,df,5b,67,57,65,da,11,\
"rkeysecu"=hex:4c,e8,2d,46,ae,0b,27,68,53,3b,7e,f2,4a,d8,5c,74
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3740)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Razer\Diamondback 3G\razertra.exe
c:\windows\System32\TUProgSt.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Razer\Diamondback 3G\razerofa.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-05-08 21:18:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-08 19:18
ComboFix2.txt 2010-05-07 19:09

Před spuštěním: Volných bajtů: 15 630 872 576
Po spuštění: Volných bajtů: 15 577 001 984

- - End Of File - - E79BB52DD1B0EAE078D229D2318B258A
Nahoru
Uživatelský avatar
cernohous13
VIP in memoriam
VIP in memoriam
Příspěvky: 8721
Registrován: 09 pro 2006 06:19
Bydliště: Jablonec nad Nisou
Kontaktovat uživatele:
Kontaktovat uživatele cernohous13

Re: bordel v pc log prilozen

#11 Příspěvek od cernohous13 »

:arrow: teď ComboFix odinstalujeme
jdi Start -> Spustit... a zkopíruj ComboFix /Uninstall (pozor, za x je mezera) -> OK
Stáhni TempFolderCleaner http://oldtimer.geekstogo.com/TFC.exe
Zavři všechny programy a spusť. Po ukončení akce bude PC restartován.
Pokud ne, restartuj sám.
(čistí Temp složky , nečistí URL, historii, prefetch ani cookies)
:arrow: pak použij
Stáhni a spusť T-cleaner http://sweb.cz/Marinus/T-Cleaner.exe - uklidí po použitých čističích.
Po spuštění ignoruj případné varování antiviru - je to v pořádku
Po provedení akce T-cleaner smažeš
:arrow: Mohu doporučit kontrolu a vyčištění Ccleanerem
Stáhni Ccleaner - http://www.slunecnice.cz/sw/ccleaner/
Při instalaci vyhodit fajfku u "Instalovat Yahoo! Toolbar"

zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.
spustit "Nástroje" > "Obnova systému" - 1.řádek zachovej, ostatní "Odstranit"

Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx
Ten si můžeš nechat i na budoucí občasné čištění.

:arrow: Po vyčištění by se hodila defragmentace
doporučuji http://www.slunecnice.cz/sw/defraggler/ + čeština
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím Obrázek

-------------------------------------------------------------------------------------------------
> Podpora fóra <
Nahoru
davus1
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 27 srp 2007 08:25

Re: bordel v pc log prilozen

#12 Příspěvek od davus1 »

spustit "Nástroje" > "Obnova systému" - 1.řádek zachovej, ostatní "Odstranit"
to jsem nepochopil trochu vic by to popsat nešlo v ccleaneru nevidim obnovu systemu v nastrojich si akorat muzu vybrat co chcu odstranit za programy a co pri startu pc
Nahoru
Uživatelský avatar
cernohous13
VIP in memoriam
VIP in memoriam
Příspěvky: 8721
Registrován: 09 pro 2006 06:19
Bydliště: Jablonec nad Nisou
Kontaktovat uživatele:
Kontaktovat uživatele cernohous13

Re: bordel v pc log prilozen

#13 Příspěvek od cernohous13 »

:o Asi máš vypnutý nástroj "Obnovení systému"

Klik Start -> Spustit... - zkopíruj %systemroot%\system32\restore\rstrui.exe -> OK

Pokud ti vyskočí, že je vypnuto, můžeš spustit a vytvoří se bod obnovení ze stávající konstelace. Pak při každém vypínání se uloží další bod obnovení (jedná se pouze o systémové soubory). Někdy se v případě problémů dá udělat náprava pouhým návratem na některý z uložených bodů obnovy.
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím Obrázek

-------------------------------------------------------------------------------------------------
> Podpora fóra <
Nahoru
davus1
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 27 srp 2007 08:25

Re: bordel v pc log prilozen

#14 Příspěvek od davus1 »

obnovu mam zaplou jen nechapu kde vzit 1.řádek zachovej, ostatní "Odstranit"
ja jsem na zadny radky a nejaky odstraneni nenarazil jen vyber datumu .....kdyztak muzes hodit screen aby to bylo nazorny.....ale to ani nemusime resit :D





Dík za pomoc. :)
Nahoru
Uživatelský avatar
cernohous13
VIP in memoriam
VIP in memoriam
Příspěvky: 8721
Registrován: 09 pro 2006 06:19
Bydliště: Jablonec nad Nisou
Kontaktovat uživatele:
Kontaktovat uživatele cernohous13

Re: bordel v pc log prilozen

#15 Příspěvek od cernohous13 »

Ccleaner
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.
spustit "Nástroje" > "Obnova systému" - 1.řádek zachovej, ostatní "Odstranit"
Obrázek

Označíš body s nejstaršími daty a dole je "Odstranit"


Nemáš zač - rádo se stalo a jsme tady i příště Obrázek
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím Obrázek

-------------------------------------------------------------------------------------------------
> Podpora fóra <
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“