Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

prosim o kontrolu z RSIT

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
dokken
Návštěvník
Návštěvník
Příspěvky: 108
Registrován: 21 dub 2005 13:55
Bydliště: Louny

prosim o kontrolu z RSIT

#1 Příspěvek od dokken »

info.txt logfile of random's system information tool 1.06 2010-06-08 14:31:09

======Uninstall list======

:-)mojelogo SMS ToolBar v4.3.2.3-->"C:\Program Files\Mojelogo\SMS ToolBar\unins000.exe"
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.5 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A70500000002}
Air Strike-->C:\Program Files\Air Strike\Uninstal.exe
Aktualizace systému Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Aktualizace zabezpečení produktu Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
Alex Kočičák-->C:\Program Files\Alex Kočičák\Uninstall.exe
Atesty-Odstranit-->"C:\Program Files\Atesty\unins000.exe"
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
Call of Duty(R) 2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDROMEK číslo 26-->C:\Program Files\Centauri\CDROMEK26\uninstall.exe
CDROMEK číslo 28-->C:\Program Files\Centauri\CDROMEK28\uninstall.exe
Codec Pack - All In 1 6.0.3.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Counter-Strike 1.6-->C:\Program Files\Counter-Strike 1.6\Uninstal.exe
DesetiPrsty5 5.3-->C:\Program Files\DesetiPrsty\pmqUnInstall.exe
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
EA.com Matchup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F173C40-563E-11D4-89C5-0010ADDAAC33}\setup.exe" -l0x0 Uninstall
EA.com Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB97F52-512B-43EF-AAEC-4825C17B32ED}\setup.exe" -l0x0 Uninstall
FIFA 10 - Demo-->MsiExec.exe /X{9CD9CD94-76CC-4524-8617-DEB9C2D7C389}
FIFA 2002-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C5A8BA1-8114-11D5-0090-B800902724B3}\setup.exe" -l0x9 Uninstall
FIFA 2005 DEMO-->C:\Program Files\EA SPORTS\FIFA 2005 DEMO\EAUninstall.exe
Graffiti Studio 2.0-->"C:\Program Files\Graffiti Studio 2.0\unins000.exe"
GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
Guild Wars-->"C:\Program Files\Guild Wars\Gw.exe" -uninstall
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"F:\Roman\1_FIRST_ATTACK\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
ICQ7-->"C:\Program Files\InstallShield Installation Information\{88EB38EF-4D2C-436D-ABD3-56B232674062}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
ImageMixer VCD/DVD2 for OLYMPUS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}\Setup.exe" -l0x9 UNINSTALL
Intel Application Accelerator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
InterVideo WinDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Kobra 11 Nitro-->"C:\Program Files\TopCD\Kobra 11\unins000.exe"
Mario Worlds-->C:\Program Files\Mario Worlds\Uninstal.exe
Medicopter 117-->"C:\Program Files\TopCD\Medicopter 117\unins000.exe"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2000 Standard-->MsiExec.exe /I{00020405-78E1-11D2-B60F-006097C998E7}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0405-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
NHL 2000-->C:\WINDOWS\uninst.exe -f"C:\Program Files\EA SPORTS\NHL 2000\DeIsL1.isu"
NHL 99-->C:\WINDOWS\UNINST.EXE -f"C:\Program Files\EA SPORTS\NHL 99\DeIsL1.isu" -c"C:\Program Files\EA SPORTS\NHL 99\eauninst.dll
Nokia Connectivity Cable Driver-->RUNDLL32.EXE nsesetup.dll,DoNTUninst
OLYMPUS Master-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1033 /zUNINSTALL
OpenOffice.org 2.0-->MsiExec.exe /I{51A39193-A5F2-49E8-AD5F-D6AB6BD6FC8A}
Oprava Hotfix systému Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
Puzzle Mania-->MsiExec.exe /I{4E05ADB3-BE6B-4257-AE86-237C708278BB}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x5 -removeonly
Registry Mechanic 6.0-->"C:\Program Files\Registry Mechanic\unins000.exe"
Shrek 2 Ogre Bowler from WildGames (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\12DE795C-C3B5-4427-9C7E-A65617466E34\Uninstall.exe"
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Ericsson File Manager-->MsiExec.exe /X{EE5EC179-3C45-419E-B11E-F9972818CEF8}
Sony Ericsson MMS Home Studio-->MsiExec.exe /X{9AEBAA60-EE7F-4B30-AD0B-BA11EDE7EE7F}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Testy Autoškola-->MsiExec.exe /I{E42D62BA-2D98-4D08-8242-9F410ACA4727}
The Sims™ 2 Vyzkoušejte si-->C:\Program Files\EA GAMES\The Sims 2 Vyzkoušejte si\EAUninstall.exe
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
UEFA Champions League 2004 - 2005 Demo-->C:\Program Files\EA SPORTS\UEFA Champions League 2004 - 2005 Demo\EAUninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
USB PC Camera (SN9C101)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57383270-6F61-4DC8-A9B8-C1745FC29F38}\Setup.exe" -l0x9
Velká Cesta demo-->"C:\Program Files\Velká Cesta demo\unins000.exe"
VIA Display Driver 6.14.10.0102-->C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns
VIA Platforma Ovladače zařízení-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast-Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Zákon pouště-->"C:\Program Files\1C\Zákon pouště\unins000.exe"

======Security center information======

AV: avast! Antivirus

======System event log======

Computer Name: UZIVATEL-1AB63B
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě Služba modelu COM pro zápis na disk CD (IMAPI) úspěšně odeslán.

Record Number: 4319
Source Name: Service Control Manager
Time Written: 20100507111144.000000+120
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: UZIVATEL-1AB63B
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě Správce vzdáleného přístupu úspěšně odeslán.

Record Number: 4318
Source Name: Service Control Manager
Time Written: 20100507111140.000000+120
Event Type: Informace
User: UZIVATEL-1AB63B\Administrator

Computer Name: UZIVATEL-1AB63B
Event Code: 7036
Message: Stav služby Telefonní subsystém byl změněn na: Spuštěno

Record Number: 4317
Source Name: Service Control Manager
Time Written: 20100507111140.000000+120
Event Type: Informace
User:

Computer Name: UZIVATEL-1AB63B
Event Code: 7036
Message: Stav služby Kompatibilita pro rychlé přepínání uživatelů byl změněn na: Spuštěno

Record Number: 4316
Source Name: Service Control Manager
Time Written: 20100507111134.000000+120
Event Type: Informace
User:

Computer Name: UZIVATEL-1AB63B
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě Kompatibilita pro rychlé přepínání uživatelů úspěšně odeslán.

Record Number: 4315
Source Name: Service Control Manager
Time Written: 20100507111134.000000+120
Event Type: Informace
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: UZIVATEL-1AB63B
Event Code: 0
Message:
Record Number: 5
Source Name: ICQ Service
Time Written: 20100306094727.000000+060
Event Type: Informace
User:

Computer Name: UZIVATEL-1AB63B
Event Code: 1517
Message: Systém Windows uložil registr uživatele UZIVATEL-1AB63B\Administrator, ale některá z aplikací nebo služeb během odhlášení registr nadále používala. Paměť používaná registrem uživatele nebyla uvolněna. Registr bude uvolněn, jakmile již nebude používán.


To je často způsobeno tím, že jsou služby spuštěny pomocí uživatelského účtu. Zkuste služby konfigurovat pro spuštění pomocí účtu místní nebo síťové služby.

Record Number: 4
Source Name: Userenv
Time Written: 20100305223429.000000+060
Event Type: Upozornění
User: NT AUTHORITY\SYSTEM

Computer Name: UZIVATEL-1AB63B
Event Code: 11708
Message: Product: Adobe Reader 9.2 -- Installation operation failed.

Record Number: 3
Source Name: MsiInstaller
Time Written: 20100305201557.000000+060
Event Type: Informace
User: UZIVATEL-1AB63B\Administrator

Computer Name: UZIVATEL-1AB63B
Event Code: 1800
Message: Služba Centrum zabezpečení systému Windows byla spuštěna.

Record Number: 2
Source Name: SecurityCenter
Time Written: 20100305184837.000000+060
Event Type: Informace
User:

Computer Name: UZIVATEL-1AB63B
Event Code: 0
Message:
Record Number: 1
Source Name: ICQ Service
Time Written: 20100305184826.000000+060
Event Type: Informace
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 22 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=1601
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
Nahoru
Uživatelský avatar
1danab
Nováček
Nováček
Příspěvky: 1412
Registrován: 21 říj 2007 13:04
Bydliště: České Budějovice
Kontaktovat uživatele:
Kontaktovat uživatele 1danab

Re: prosim o kontrolu z RSIT

#2 Příspěvek od 1danab »

zdravím :)
stáhněte z mého podpisu RSIT, nechte proběhnout sken a výsledný log mi sem vložte
RSIT CureIt CCleaner CleanUp DDS GMER OTL
POKUD JSTE S NAŠÍM FÓREM SPOKOJENI, MŮŽETE HO PODPOŘIT ZDE Obrázek

Mějte vždy zazálohovaná všechna důležitá data !


Obrázek
Nahoru
dokken
Návštěvník
Návštěvník
Příspěvky: 108
Registrován: 21 dub 2005 13:55
Bydliště: Louny

Re: prosim o kontrolu z RSIT

#3 Příspěvek od dokken »

predem musim rict, ze na napadenem PC neni mozno stahnout RSIT (exovku jsem musel stahnout z jineho PC a prenest flashkou), take neni mozno odeslat log, avast nachazi neustale cca 10 trojanu. PC nesel takrka vubec, nasadil jsem Combofix i pres varovani, smazal toho dost a je jiz mozno na nem jaktztakz pracovat, prikladam teda logy jak z RSIT tak z CF.

Logfile of random's system information tool 1.07 (written by random/random)
Run by Administrator at 2010-06-08 15:35:15
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (10%) free of 38 GB
Total RAM: 382 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:35:30, on 8.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: :-)mojelogo SMS ToolBar - {CFBC2741-0C1F-11D6-9224-004F490BED09} - C:\Program Files\Mojelogo\SMS ToolBar\smsbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: winmm.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6041 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-08 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-06-08 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CFBC2741-0C1F-11D6-9224-004F490BED09} - :-)mojelogo SMS ToolBar - C:\Program Files\Mojelogo\SMS ToolBar\smsbar.dll [2007-02-12 745472]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2006-09-21 53248]
"snpstd"=C:\WINDOWS\vsnpstd.exe [2004-06-10 286720]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\Smtray.exe [2002-06-26 90112]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-08-10 16384000]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-06-21 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-06-21 126976]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-05-06 2815192]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe [2006-05-16 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.0\ICQ.exe [2010-03-28 133368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe [2006-05-16 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
C:\WINDOWS\system32\S3trayp.exe [2007-06-11 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSToolBar]
C:\Program Files\Mojelogo\SMS ToolBar\smstbar.exe [2007-02-12 1053184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE [2006-09-28 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Belkin Wireless USB Utility.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE [2001-10-24 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="winmm.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-06-21 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\VP-EYE\avi\avi.exe"="C:\VP-EYE\avi\avi.exe:*:Enabled:Video Monitor"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-06-08 15:33:25 ----A---- C:\ComboFix.txt
2010-06-08 15:07:31 ----D---- C:\Program Files\trend micro
2010-06-08 14:30:43 ----D---- C:\rsit
2010-06-08 14:14:27 ----D---- C:\Program Files\Crawler
2010-06-08 13:54:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2010-06-08 13:54:10 ----A---- C:\WINDOWS\system32\javaws.exe
2010-06-08 13:54:10 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-06-08 13:54:09 ----A---- C:\WINDOWS\system32\javaw.exe
2010-06-08 13:54:09 ----A---- C:\WINDOWS\system32\java.exe
2010-06-08 13:50:55 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Sun
2010-06-08 13:49:44 ----D---- C:\WINDOWS\system32\appmgmt
2010-06-08 13:44:49 ----A---- C:\WINDOWS\system32\wmpns.dll
2010-06-08 13:41:53 ----D---- C:\WINDOWS\Prefetch
2010-06-08 13:38:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-06-08 13:36:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-06-08 13:35:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-06-08 13:33:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2010-06-08 13:32:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-06-08 13:31:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-06-08 13:28:59 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-06-08 13:27:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-06-08 13:25:44 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-06-08 13:23:30 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-06-08 13:17:12 ----N---- C:\WINDOWS\system32\smtpapi.dll
2010-06-08 13:17:12 ----N---- C:\WINDOWS\system32\rwnh.dll
2010-06-08 13:17:12 ----N---- C:\WINDOWS\system32\comsdupd.exe
2010-06-08 13:17:08 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2010-06-08 13:17:08 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2010-06-08 13:17:08 ----N---- C:\WINDOWS\system32\ati3duag.dll
2010-06-08 13:17:08 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2010-06-08 13:17:08 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2010-06-08 13:17:08 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2010-06-08 13:17:08 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2010-06-08 13:17:08 ----N---- C:\WINDOWS\system32\aaclient.dll
2010-06-08 13:17:07 ----N---- C:\WINDOWS\system32\credssp.dll
2010-06-08 13:17:07 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2010-06-08 13:17:07 ----N---- C:\WINDOWS\system32\azroles.dll
2010-06-08 13:17:06 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2010-06-08 13:17:06 ----N---- C:\WINDOWS\system32\eapolqec.dll
2010-06-08 13:17:06 ----N---- C:\WINDOWS\system32\dot3ui.dll
2010-06-08 13:17:06 ----N---- C:\WINDOWS\system32\dot3svc.dll
2010-06-08 13:17:06 ----N---- C:\WINDOWS\system32\dot3msm.dll
2010-06-08 13:17:06 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2010-06-08 13:17:06 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2010-06-08 13:17:06 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2010-06-08 13:17:06 ----N---- C:\WINDOWS\system32\dot3api.dll
2010-06-08 13:17:06 ----N---- C:\WINDOWS\system32\dimsroam.dll
2010-06-08 13:17:06 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2010-06-08 13:17:06 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2010-06-08 13:17:05 ----N---- C:\WINDOWS\system32\eapsvc.dll
2010-06-08 13:17:05 ----N---- C:\WINDOWS\system32\eapqec.dll
2010-06-08 13:17:05 ----N---- C:\WINDOWS\system32\eappprxy.dll
2010-06-08 13:17:05 ----N---- C:\WINDOWS\system32\eapphost.dll
2010-06-08 13:17:05 ----N---- C:\WINDOWS\system32\eappgnui.dll
2010-06-08 13:17:05 ----N---- C:\WINDOWS\system32\eappcfg.dll
2010-06-08 13:17:04 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2010-06-08 13:17:03 ----N---- C:\WINDOWS\system32\kbdpash.dll
2010-06-08 13:17:03 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2010-06-08 13:17:03 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2010-06-08 13:17:03 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2010-06-08 13:17:02 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2010-06-08 13:17:02 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2010-06-08 13:17:02 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2010-06-08 13:17:02 ----N---- C:\WINDOWS\system32\kmsvc.dll
2010-06-08 13:17:01 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2010-06-08 13:17:01 ----N---- C:\WINDOWS\system32\mssha.dll
2010-06-08 13:17:01 ----N---- C:\WINDOWS\system32\mmcperf.exe
2010-06-08 13:17:01 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2010-06-08 13:17:01 ----N---- C:\WINDOWS\system32\mmcex.dll
2010-06-08 13:17:00 ----N---- C:\WINDOWS\system32\onex.dll
2010-06-08 13:17:00 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2010-06-08 13:17:00 ----N---- C:\WINDOWS\system32\napstat.exe
2010-06-08 13:17:00 ----N---- C:\WINDOWS\system32\napmontr.dll
2010-06-08 13:17:00 ----N---- C:\WINDOWS\system32\napipsec.dll
2010-06-08 13:17:00 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2010-06-08 13:16:58 ----N---- C:\WINDOWS\system32\slcoinst.dll
2010-06-08 13:16:58 ----N---- C:\WINDOWS\system32\setupn.exe
2010-06-08 13:16:58 ----N---- C:\WINDOWS\system32\s3gnb.dll
2010-06-08 13:16:58 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2010-06-08 13:16:58 ----N---- C:\WINDOWS\system32\rasqec.dll
2010-06-08 13:16:58 ----N---- C:\WINDOWS\system32\qutil.dll
2010-06-08 13:16:58 ----N---- C:\WINDOWS\system32\qcliprov.dll
2010-06-08 13:16:58 ----N---- C:\WINDOWS\system32\qagentrt.dll
2010-06-08 13:16:58 ----N---- C:\WINDOWS\system32\qagent.dll
2010-06-08 13:16:57 ----N---- C:\WINDOWS\system32\slserv.exe
2010-06-08 13:16:57 ----N---- C:\WINDOWS\system32\slrundll.exe
2010-06-08 13:16:57 ----N---- C:\WINDOWS\system32\slgen.dll
2010-06-08 13:16:57 ----N---- C:\WINDOWS\system32\slextspk.dll
2010-06-08 13:16:56 ----N---- C:\WINDOWS\system32\tsgqec.dll
2010-06-08 13:16:55 ----N---- C:\WINDOWS\system32\tspkg.dll
2010-06-08 13:16:54 ----N---- C:\WINDOWS\system32\wlanapi.dll
2010-06-08 13:16:52 ----N---- C:\WINDOWS\system32\xmllite.dll
2010-06-08 13:16:52 ----N---- C:\WINDOWS\slrundll.exe
2010-06-08 13:16:52 ----D---- C:\WINDOWS\system32\cs-cz
2010-06-08 13:16:50 ----D---- C:\WINDOWS\l2schemas
2010-06-08 13:16:49 ----D---- C:\WINDOWS\system32\cs
2010-06-08 13:16:49 ----D---- C:\WINDOWS\system32\bits
2010-06-08 13:10:15 ----D---- C:\WINDOWS\network diagnostic
2010-06-08 13:07:46 ----A---- C:\WINDOWS\002970_.tmp
2010-06-08 13:03:09 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-06-08 12:52:17 ----D---- C:\03ea3c0460ec57282e65cf00
2010-06-08 12:50:41 ----D---- C:\Program Files\Java
2010-06-08 12:50:38 ----D---- C:\Program Files\Common Files\Java
2010-06-08 12:10:21 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-06-08 12:10:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-06-08 11:57:50 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2010-06-08 11:57:46 ----D---- C:\Program Files\Registry Mechanic
2010-06-08 11:51:23 ----D---- C:\Program Files\CCleaner
2010-06-08 11:36:56 ----D---- C:\WINDOWS\temp
2010-06-08 11:17:48 ----A---- C:\Boot.bak
2010-06-08 11:17:42 ----RASHD---- C:\cmdcons
2010-06-08 11:13:48 ----D---- C:\WINDOWS\ERDNT
2010-06-08 09:58:02 ----D---- C:\WINDOWS\{D9FAE986-A4C1-4A2D-8B20-60F92F4222AD}
2010-06-08 09:51:43 ----D---- C:\WINDOWS\{9044EB87-7F7C-4801-9A35-1481E1017EAE}
2010-06-08 09:48:52 ----D---- C:\totalcmd
2010-06-08 09:48:52 ----A---- C:\WINDOWS\wincmd.ini
2010-06-08 09:47:34 ----D---- C:\Documents and Settings\Administrator\Data aplikací\U3
2010-05-31 08:55:06 ----D---- C:\WINDOWS\system32\LogFiles

======List of files/folders modified in the last 1 months======

2010-06-08 15:34:52 ----D---- C:\WINDOWS
2010-06-08 15:34:39 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-08 15:26:58 ----A---- C:\WINDOWS\system.ini
2010-06-08 15:22:38 ----D---- C:\WINDOWS\system32\drivers
2010-06-08 15:22:38 ----D---- C:\WINDOWS\system32
2010-06-08 15:22:38 ----D---- C:\WINDOWS\AppPatch
2010-06-08 15:22:34 ----D---- C:\Program Files\Common Files
2010-06-08 15:13:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-08 15:07:31 ----RD---- C:\Program Files
2010-06-08 15:05:39 ----HD---- C:\WINDOWS\inf
2010-06-08 14:01:11 ----D---- C:\WINDOWS\system32\config
2010-06-08 13:55:36 ----D---- C:\WINDOWS\Debug
2010-06-08 13:54:54 ----SHD---- C:\WINDOWS\Installer
2010-06-08 13:49:40 ----D---- C:\Program Files\Opera
2010-06-08 13:45:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-08 13:45:28 ----D---- C:\WINDOWS\system32\CatRoot
2010-06-08 13:44:52 ----A---- C:\WINDOWS\win.ini
2010-06-08 13:41:01 ----D---- C:\WINDOWS\system32\Setup
2010-06-08 13:41:00 ----D---- C:\WINDOWS\system32\wbem
2010-06-08 13:40:58 ----RSD---- C:\WINDOWS\Fonts
2010-06-08 13:37:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-08 13:28:25 ----D---- C:\WINDOWS\security
2010-06-08 13:26:16 ----D---- C:\Program Files\Messenger
2010-06-08 13:17:23 ----D---- C:\WINDOWS\WinSxS
2010-06-08 13:17:14 ----D---- C:\WINDOWS\ehome
2010-06-08 13:17:12 ----D---- C:\WINDOWS\system32\inetsrv
2010-06-08 13:17:11 ----D---- C:\WINDOWS\ime
2010-06-08 13:17:11 ----D---- C:\WINDOWS\Help
2010-06-08 13:16:51 ----D---- C:\WINDOWS\system32\usmt
2010-06-08 13:16:51 ----D---- C:\Program Files\Internet Explorer
2010-06-08 13:16:49 ----D---- C:\WINDOWS\PeerNet
2010-06-08 13:16:49 ----D---- C:\Program Files\Movie Maker
2010-06-08 13:13:06 ----D---- C:\WINDOWS\ServicePackFiles
2010-06-08 13:12:53 ----D---- C:\WINDOWS\system32\Restore
2010-06-08 13:12:53 ----D---- C:\WINDOWS\system32\npp
2010-06-08 13:12:51 ----D---- C:\WINDOWS\msagent
2010-06-08 13:12:50 ----D---- C:\WINDOWS\srchasst
2010-06-08 13:12:49 ----D---- C:\Program Files\NetMeeting
2010-06-08 13:12:47 ----D---- C:\WINDOWS\system32\Com
2010-06-08 13:12:45 ----D---- C:\Program Files\Windows Media Player
2010-06-08 13:12:44 ----D---- C:\Program Files\Windows NT
2010-06-08 13:12:44 ----D---- C:\Program Files\Outlook Express
2010-06-08 13:12:40 ----D---- C:\Program Files\Common Files\System
2010-06-08 13:12:15 ----D---- C:\WINDOWS\system32\oobe
2010-06-08 13:12:13 ----D---- C:\WINDOWS\system
2010-06-08 13:07:38 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-06-08 12:16:48 ----D---- C:\Program Files\Mozilla Firefox
2010-06-08 12:10:08 ----D---- C:\Program Files\Alwil Software
2010-06-08 12:01:15 ----RASH---- C:\boot.ini
2010-06-08 12:01:14 ----D---- C:\WINDOWS\pss
2010-06-08 11:53:35 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Media Player Classic
2010-06-08 11:01:02 ----SHD---- C:\System Volume Information
2010-06-08 10:30:55 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-08 10:12:13 ----D---- C:\Documents and Settings\Administrator\Data aplikací\OpenOffice.org2
2010-06-08 10:09:32 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-05-06 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-05-06 164048]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-05-06 46672]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2005-05-11 32256]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-05-06 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-05-06 100432]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-05-06 23376]
R3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 42496]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-08-10 4603904]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 S3GIGP;S3GIGP; C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2007-07-30 714240]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-08-22 98752]
S3 BLKWGU(Belkin);Belkin Wireless G USB Network Adapter(Belkin); C:\WINDOWS\system32\DRIVERS\BLKWGU.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-03-04 145408]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-21 807998]
S3 mbr;mbr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys []
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-06-28 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-06-28 8320]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-06-28 12288]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2004-11-11 43264]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-10-11 518720]
S3 snpstd;USB PC Camera (SN9C101); C:\WINDOWS\system32\DRIVERS\snpstd.sys [2005-04-26 390784]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-02 8064]
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2006-02-20 58288]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2005-04-30 86016]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-06-08 153376]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-07-15 45056]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-01 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 UMWdf;Sada ovladačů pro uživatelský režim systému Windows; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


log CF

ComboFix 10-06-07.04 - Administrator 08.06.2010 15:16:35.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.382.127 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-05-08 do 2010-06-08 )))))))))))))))))))))))))))))))
.

2010-06-08 13:07 . 2010-06-08 13:07 -------- d-----w- c:\program files\trend micro
2010-06-08 12:30 . 2010-06-08 12:31 -------- d-----w- C:\rsit
2010-06-08 12:14 . 2010-06-08 12:21 -------- d-----w- c:\program files\Crawler
2010-06-08 11:54 . 2010-06-08 11:53 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-08 11:44 . 2004-08-17 14:49 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-06-08 11:16 . 2008-04-14 06:52 32768 ------w- c:\windows\system32\setupn.exe
2010-06-08 10:52 . 2010-06-08 10:53 -------- d-----w- C:\03ea3c0460ec57282e65cf00
2010-06-08 10:50 . 2010-06-08 11:53 -------- d-----w- c:\program files\Java
2010-06-08 10:50 . 2010-06-08 11:54 -------- d-----w- c:\program files\Common Files\Java
2010-06-08 10:10 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-08 10:10 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-08 10:10 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-08 10:10 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-08 10:10 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-08 10:10 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-08 10:10 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-08 10:10 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-08 10:10 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-08 09:51 . 2010-06-08 09:51 -------- d-----w- c:\program files\CCleaner
2010-06-08 07:58 . 2010-06-08 07:58 -------- d-----w- c:\windows\{D9FAE986-A4C1-4A2D-8B20-60F92F4222AD}
2010-06-08 07:51 . 2010-06-08 07:51 -------- d-----w- c:\windows\{9044EB87-7F7C-4801-9A35-1481E1017EAE}
2010-06-08 07:48 . 2010-06-08 07:49 -------- d-----w- C:\totalcmd
2010-06-08 07:48 . 2008-08-08 05:04 545 ----a-w- c:\windows\UC.PIF
2010-06-08 07:48 . 2008-08-08 05:04 545 ----a-w- c:\windows\RAR.PIF
2010-06-08 07:48 . 2008-08-08 05:04 545 ----a-w- c:\windows\PKZIP.PIF
2010-06-08 07:48 . 2008-08-08 05:04 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-06-08 07:48 . 2008-08-08 05:04 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-06-08 07:48 . 2008-08-08 05:04 545 ----a-w- c:\windows\LHA.PIF
2010-06-08 07:48 . 2008-08-08 05:04 545 ----a-w- c:\windows\ARJ.PIF
2010-06-08 07:43 . 2001-10-24 09:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-06-08 07:43 . 2001-10-24 09:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-06-08 07:42 . 2008-04-13 22:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-05-31 06:55 . 2010-05-31 06:55 -------- d-----w- c:\windows\system32\LogFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-08 11:49 . 2009-10-04 13:57 -------- d-----w- c:\program files\Opera
2010-06-08 11:45 . 2001-10-25 11:00 82552 ----a-w- c:\windows\system32\perfc005.dat
2010-06-08 11:45 . 2001-10-25 11:00 437832 ----a-w- c:\windows\system32\perfh005.dat
2010-06-08 11:20 . 2006-10-24 05:20 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-08 11:20 . 2006-10-24 05:20 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-06-08 10:10 . 2006-10-24 06:43 -------- d-----w- c:\program files\Alwil Software
2010-06-08 08:30 . 2006-10-24 06:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-13 15:18 . 2008-06-23 17:29 -------- d-----w- c:\program files\Mozilla Thunderbird
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2006-09-21 53248]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16384000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi9"=c:\docume~1\ADMINI~1\LOCALS~1\Temp\vhoi.bak 2yADJIIHEP

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:8c4acd08

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Belkin Wireless USB Utility.lnk]
backup=c:\windows\pss\Belkin Wireless USB Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 01:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-03-28 12:39 133368 ----a-w- c:\program files\ICQ7.0\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
2006-05-16 15:50 40960 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
2007-06-11 03:15 176128 ----a-r- c:\windows\system32\S3Trayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSToolBar]
2007-02-12 10:30 1053184 ----a-w- c:\program files\Mojelogo\SMS ToolBar\smstbar.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\VP-EYE\\avi\\avi.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [13.10.2005 15:46 35328]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8.6.2010 12:10 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8.6.2010 12:10 19024]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\ugjsebwt.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-RegistryMechanic - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-08 15:26
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-746137067-1801674531-682003330-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Celkový čas: 2010-06-08 15:33:23
ComboFix-quarantined-files.txt 2010-06-08 13:33
ComboFix2.txt 2010-06-08 09:36

Před spuštěním: 2 681 323 520
Po spuštění: 2 654 744 576

- - End Of File - - 6D9E57BB1BF154B66F3457BA6EA2AC8C
Nahoru
Uživatelský avatar
1danab
Nováček
Nováček
Příspěvky: 1412
Registrován: 21 říj 2007 13:04
Bydliště: České Budějovice
Kontaktovat uživatele:
Kontaktovat uživatele 1danab

Re: prosim o kontrolu z RSIT

#4 Příspěvek od 1danab »

stáhněte GMER , rozbalte a spusťte

proběhne sken, po jeho ukončení se zobrazí výsledky

poté klikněte na Save a uložíte tak log, jehož obsah sem vložte

pak dle tohoto návodu absolvujte druhý sken a opět obsah logu sem :)
RSIT CureIt CCleaner CleanUp DDS GMER OTL
POKUD JSTE S NAŠÍM FÓREM SPOKOJENI, MŮŽETE HO PODPOŘIT ZDE Obrázek

Mějte vždy zazálohovaná všechna důležitá data !


Obrázek
Nahoru
dokken
Návštěvník
Návštěvník
Příspěvky: 108
Registrován: 21 dub 2005 13:55
Bydliště: Louny

Re: prosim o kontrolu z RSIT

#5 Příspěvek od dokken »

log1
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-06-09 00:36:27
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kgeirpob.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xF4F79AC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xF4F798EA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xF4F79A24]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----
Nahoru
dokken
Návštěvník
Návštěvník
Příspěvky: 108
Registrován: 21 dub 2005 13:55
Bydliště: Louny

Re: prosim o kontrolu z RSIT

#6 Příspěvek od dokken »

pri druhym skenu, mi gmer samovolne zmizel...
a opakovane mi nenabehl monitor, jeste mi to koliduje s nejakou hardwarovou botou. zkusim gmer ted znova
edit
bohuzel nejsem schopen dokoncit druhou fazi gmeru, gmer zmizi bez logu a objevi se vynucene vypnuti PC zhruba za 45 sekund, takova tabulka s odpoctem, bohuzel jsem nezachytil printscreen.
a co je nejvic divny, podari se PC spustit az na nekolikaty pokus....... :idea: ?
a HDD porad hrabe..
Nahoru
dokken
Návštěvník
Návštěvník
Příspěvky: 108
Registrován: 21 dub 2005 13:55
Bydliště: Louny

Re: prosim o kontrolu z RSIT

#7 Příspěvek od dokken »

log z hijacku, jestli je to k necemu

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:22:37, on 9.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
F:\Roman\1_FIRST_ATTACK\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: :-)mojelogo SMS ToolBar - {CFBC2741-0C1F-11D6-9224-004F490BED09} - C:\Program Files\Mojelogo\SMS ToolBar\smsbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5828 bytes
Nahoru
Uživatelský avatar
1danab
Nováček
Nováček
Příspěvky: 1412
Registrován: 21 říj 2007 13:04
Bydliště: České Budějovice
Kontaktovat uživatele:
Kontaktovat uživatele 1danab

Re: prosim o kontrolu z RSIT

#8 Příspěvek od 1danab »

zkoušel jste ten druhý sken v nouzovém režimu?
RSIT CureIt CCleaner CleanUp DDS GMER OTL
POKUD JSTE S NAŠÍM FÓREM SPOKOJENI, MŮŽETE HO PODPOŘIT ZDE Obrázek

Mějte vždy zazálohovaná všechna důležitá data !


Obrázek
Nahoru
dokken
Návštěvník
Návštěvník
Příspěvky: 108
Registrován: 21 dub 2005 13:55
Bydliště: Louny

Re: prosim o kontrolu z RSIT

#9 Příspěvek od dokken »

tak uz se to skenuje v nouzaku...dlouho
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: prosim o kontrolu z RSIT

#10 Příspěvek od vyosek »

Zdravim,
omlouvam se kolegyni za vstup :)
Druhy log z gmeru muze trvat hodne dlouho - nekteri uzivatele hovori az o 4 hodinach - je to mnozstvim malych souboru kterymi se gmer musi prodirat...Pokud stale skenuje, neni treba se znepokojovat...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
dokken
Návštěvník
Návštěvník
Příspěvky: 108
Registrován: 21 dub 2005 13:55
Bydliště: Louny

Re: prosim o kontrolu z RSIT

#11 Příspěvek od dokken »

tady je

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-09 10:38:57
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kgeirpob.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF779F87E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF779FBFE]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\winlogon.exe[248] ntdll.dll!NtOpenKey 7C90D5B0 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\winlogon.exe[248] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\winlogon.exe[248] kernel32.dll!ExitProcess 7C81CAFA 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\winlogon.exe[248] WS2_32.dll!connect 71A94A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\winlogon.exe[248] WS2_32.dll!send 71A94C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\winlogon.exe[248] WS2_32.dll!WSARecv 71A94CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\winlogon.exe[248] WS2_32.dll!recv 71A9676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\winlogon.exe[248] WS2_32.dll!WSASend 71A968FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\services.exe[296] ntdll.dll!NtOpenKey 7C90D5B0 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\services.exe[296] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\services.exe[296] kernel32.dll!ExitProcess 7C81CAFA 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\services.exe[296] ws2_32.dll!connect 71A94A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\services.exe[296] ws2_32.dll!send 71A94C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\services.exe[296] ws2_32.dll!WSARecv 71A94CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\services.exe[296] ws2_32.dll!recv 71A9676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\services.exe[296] ws2_32.dll!WSASend 71A968FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\svchost.exe[472] ntdll.dll!NtOpenKey 7C90D5B0 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!ExitProcess 7C81CAFA 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\svchost.exe[472] ws2_32.dll!connect 71A94A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\svchost.exe[472] ws2_32.dll!send 71A94C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\svchost.exe[472] ws2_32.dll!WSARecv 71A94CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\svchost.exe[472] ws2_32.dll!recv 71A9676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\svchost.exe[472] ws2_32.dll!WSASend 71A968FA 5 Bytes JMP 10003A9C
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[612] ntdll.dll!NtOpenKey 7C90D5B0 5 Bytes JMP 10053DF4
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10053C3C
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[612] kernel32.dll!ExitProcess 7C81CAFA 5 Bytes JMP 10053E78
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[612] ws2_32.dll!connect 71A94A07 5 Bytes JMP 10053AF0
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[612] ws2_32.dll!send 71A94C27 5 Bytes JMP 10053264
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[612] ws2_32.dll!WSARecv 71A94CB5 5 Bytes JMP 100527F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[612] ws2_32.dll!recv 71A9676F 5 Bytes JMP 1005278C
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[612] ws2_32.dll!WSASend 71A968FA 5 Bytes JMP 10053A9C
.text C:\WINDOWS\Explorer.EXE[804] ntdll.dll!NtOpenKey 7C90D5B0 5 Bytes JMP 10003DF4
.text C:\WINDOWS\Explorer.EXE[804] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\Explorer.EXE[804] kernel32.dll!ExitProcess 7C81CAFA 5 Bytes JMP 10003E78
.text C:\WINDOWS\Explorer.EXE[804] ws2_32.dll!connect 71A94A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\Explorer.EXE[804] ws2_32.dll!send 71A94C27 5 Bytes JMP 10003264
.text C:\WINDOWS\Explorer.EXE[804] ws2_32.dll!WSARecv 71A94CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\Explorer.EXE[804] ws2_32.dll!recv 71A9676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\Explorer.EXE[804] ws2_32.dll!WSASend 71A968FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtOpenKey 7C90D5B0 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!ExitProcess 7C81CAFA 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\svchost.exe[828] ws2_32.dll!connect 71A94A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\svchost.exe[828] ws2_32.dll!send 71A94C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\svchost.exe[828] ws2_32.dll!WSARecv 71A94CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\svchost.exe[828] ws2_32.dll!recv 71A9676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\svchost.exe[828] ws2_32.dll!WSASend 71A968FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1016] ntdll.dll!NtOpenKey 7C90D5B0 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1016] kernel32.dll!ExitProcess 7C81CAFA 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1016] ws2_32.dll!connect 71A94A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1016] ws2_32.dll!send 71A94C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1016] ws2_32.dll!WSARecv 71A94CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1016] ws2_32.dll!recv 71A9676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1016] ws2_32.dll!WSASend 71A968FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1176] ntdll.dll!NtOpenKey 7C90D5B0 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1176] kernel32.dll!ExitProcess 7C81CAFA 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1176] WS2_32.dll!connect 71A94A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1176] WS2_32.dll!send 71A94C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1176] WS2_32.dll!WSARecv 71A94CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1176] WS2_32.dll!recv 71A9676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1176] WS2_32.dll!WSASend 71A968FA 5 Bytes JMP 10003A9C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Nahoru
dokken
Návštěvník
Návštěvník
Příspěvky: 108
Registrován: 21 dub 2005 13:55
Bydliště: Louny

Re: prosim o kontrolu z RSIT

#12 Příspěvek od dokken »

log je v poradku?
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: prosim o kontrolu z RSIT

#13 Příspěvek od vyosek »

Vydrzte, odpoledne ci navecer by tu kolegyne mela byt a koukne na to...
Kazdy radce ma svuj postup a muj vstup by mohl jeji plan nabourat...
Radci delaji tuhle praci ve svem volnem case a jen za slovo dekuji - zadne finance z toho nemame. Takze musite vydrzet. Pokud jste netrpelivy, odkazi Vas na placene podpory kde Vam to udelaji na pockani...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
dokken
Návštěvník
Návštěvník
Příspěvky: 108
Registrován: 21 dub 2005 13:55
Bydliště: Louny

Re: prosim o kontrolu z RSIT

#14 Příspěvek od dokken »

mbam

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4183

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

9.6.2010 13:55:53
mbam-log-2010-06-09 (13-55-53).txt

Typ skenu: Rychlý sken
Skenované objekty: 119936
Uplynulý čas: 10 minuta(y), 26 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 32
Infikované hodnoty registru: 2
Infikované datové položky registru: 0
Infikované složky: 6
Infikované soubory: 17

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CLASSES_ROOT\aimactivexdll.aimhelper (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\aimactivexdll.aimhelper.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\oeactivexdll.desktopbuttonhandler (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\oeactivexdll.desktopbuttonhandler.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\oeactivexdll.desktopoeaddin1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\oeactivexdll.desktopoeaddin1.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3fb17508-0bf4-4fde-845a-323a1052957c} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{42c23154-00fa-4a93-9de9-3eb523cffff6} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{803e73fe-cb73-4d49-8aff-653fd6f44171} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{57aba38e-6535-48f3-99fd-efdc62137c78} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{0514c9b0-e4c6-4d6b-a3a6-b38bc280b115} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d335d84d-61d8-4b5f-9c4e-067dc8b27ed5} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\AppID\AIMActiveXDLL.dll (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Addins\OEActiveXDLL.DesktopOEAddin1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhcr38j0e7en (Rogue.AntiVirusXP) -> No action taken.

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
C:\Documents and Settings\All Users\Data aplikací\Starware347 (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\buttons (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\contexts (Adware.Starware) -> No action taken.
C:\Documents and Settings\Administrator\Data aplikací\Starware347 (Adware.Starware) -> No action taken.
C:\Documents and Settings\Administrator\Data aplikací\Starware347\Manager (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Nabídka Start\Programy\Antivirus XP 2008 (Rogue.AntiVirusXP) -> No action taken.

Infikované soubory:
C:\Documents and Settings\All Users\Data aplikací\Starware347\buttons\FindIt.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\buttons\FindItHot.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\buttons\findithotxp.png (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\buttons\finditxp.png (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\buttons\Highlight.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\buttons\HighlightHot.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\buttons\highlighthotxp.png (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\buttons\highlightxp.png (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\buttons\jokesearch.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\buttons\pranks.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\buttons\starware_toolbar_icon.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\contexts\error.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\contexts\related.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\contexts\travel.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Administrator\Data aplikací\Starware347\Manager\ManagerOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Administrator\Data aplikací\Starware347\Manager\ManagerOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Nabídka Start\Programy\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk (Rogue.AntiVirusXP) -> No action taken.
Nahoru
Uživatelský avatar
1danab
Nováček
Nováček
Příspěvky: 1412
Registrován: 21 říj 2007 13:04
Bydliště: České Budějovice
Kontaktovat uživatele:
Kontaktovat uživatele 1danab

Re: prosim o kontrolu z RSIT

#15 Příspěvek od 1danab »

omlouvám se, ale dnes byl náročný den v práci :)

co nalezl Mbam smažte, po smazání restartujte pc a poté vložte nový log z RSITu
RSIT CureIt CCleaner CleanUp DDS GMER OTL
POKUD JSTE S NAŠÍM FÓREM SPOKOJENI, MŮŽETE HO PODPOŘIT ZDE Obrázek

Mějte vždy zazálohovaná všechna důležitá data !


Obrázek
Nahoru
Odpovědět

Zpět na „Preventivní kontroly logů“