Hidden objects

[kuntakinte]

Dobrý den, zajímalo by mě něco ohledne tzv. "hidden objects". Nejsem si zcela jist o co jde, nebo co to znamená, když mi antivir (avira) nějaké najde. Jestli je to nejak škodné pro PC, poprosil bych Vás o radu, jak se s nimi vypořádat, nebo jak zjistím že ten konkrétní je nebezpečný, protože jich nacházím prakticky pořád, když skenuju. Děkuju za radu Tady je poslední log Aviry:
Avira AntiVir Personal
Report file date: 25. júla 2010 16:36

Scanning for 2566895 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : ivan
Computer name : B-3DFA3368B9EC4

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 19.4.2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 20.4.2010 20:12:12
AVSCAN.DLL : 10.0.3.0 46440 Bytes 20.4.2010 20:12:12
LUKE.DLL : 10.0.2.3 104296 Bytes 7.3.2010 16:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 10.2.2010 21:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6.11.2009 14:14:48
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 14:12:51
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.1.2010 13:57:15
VBASE003.VDF : 7.10.3.75 996864 Bytes 26.1.2010 21:03:21
VBASE004.VDF : 7.10.4.203 1579008 Bytes 5.3.2010 14:24:00
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.4.2010 18:01:29
VBASE006.VDF : 7.10.7.218 2294784 Bytes 2.6.2010 10:39:57
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23.7.2010 13:25:34
VBASE008.VDF : 7.10.9.166 2048 Bytes 23.7.2010 13:25:35
VBASE009.VDF : 7.10.9.167 2048 Bytes 23.7.2010 13:25:35
VBASE010.VDF : 7.10.9.168 2048 Bytes 23.7.2010 13:25:35
VBASE011.VDF : 7.10.9.169 2048 Bytes 23.7.2010 13:25:35
VBASE012.VDF : 7.10.9.170 2048 Bytes 23.7.2010 13:25:35
VBASE013.VDF : 7.10.9.171 2048 Bytes 23.7.2010 13:25:35
VBASE014.VDF : 7.10.9.172 2048 Bytes 23.7.2010 13:25:35
VBASE015.VDF : 7.10.9.173 2048 Bytes 23.7.2010 13:25:35
VBASE016.VDF : 7.10.9.174 2048 Bytes 23.7.2010 13:25:35
VBASE017.VDF : 7.10.9.175 2048 Bytes 23.7.2010 13:25:35
VBASE018.VDF : 7.10.9.176 2048 Bytes 23.7.2010 13:25:35
VBASE019.VDF : 7.10.9.177 2048 Bytes 23.7.2010 13:25:35
VBASE020.VDF : 7.10.9.178 2048 Bytes 23.7.2010 13:25:35
VBASE021.VDF : 7.10.9.179 2048 Bytes 23.7.2010 13:25:35
VBASE022.VDF : 7.10.9.180 2048 Bytes 23.7.2010 13:25:35
VBASE023.VDF : 7.10.9.181 2048 Bytes 23.7.2010 13:25:35
VBASE024.VDF : 7.10.9.182 2048 Bytes 23.7.2010 13:25:35
VBASE025.VDF : 7.10.9.183 2048 Bytes 23.7.2010 13:25:35
VBASE026.VDF : 7.10.9.184 2048 Bytes 23.7.2010 13:25:35
VBASE027.VDF : 7.10.9.185 2048 Bytes 23.7.2010 13:25:35
VBASE028.VDF : 7.10.9.186 2048 Bytes 23.7.2010 13:25:35
VBASE029.VDF : 7.10.9.187 2048 Bytes 23.7.2010 13:25:35
VBASE030.VDF : 7.10.9.188 2048 Bytes 23.7.2010 13:25:35
VBASE031.VDF : 7.10.9.193 68608 Bytes 23.7.2010 13:25:35
Engineversion : 8.2.4.26
AEVDF.DLL : 8.1.2.0 106868 Bytes 24.4.2010 16:08:02
AESCRIPT.DLL : 8.1.3.41 1364346 Bytes 21.7.2010 20:31:57
AESCN.DLL : 8.1.6.1 127347 Bytes 13.5.2010 10:41:55
AESBX.DLL : 8.1.3.1 254324 Bytes 24.4.2010 16:08:02
AERDL.DLL : 8.1.8.2 614772 Bytes 21.7.2010 20:31:55
AEPACK.DLL : 8.2.3.2 471414 Bytes 21.7.2010 20:31:54
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 21.7.2010 20:31:53
AEHEUR.DLL : 8.1.2.6 2793846 Bytes 21.7.2010 20:31:53
AEHELP.DLL : 8.1.13.2 242039 Bytes 21.7.2010 20:31:49
AEGEN.DLL : 8.1.3.17 385396 Bytes 21.7.2010 20:31:48
AEEMU.DLL : 8.1.2.0 393588 Bytes 24.4.2010 16:08:01
AECORE.DLL : 8.1.16.2 192887 Bytes 21.7.2010 20:31:48
AEBB.DLL : 8.1.1.0 53618 Bytes 24.4.2010 16:08:01
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.1.2010 10:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 14.1.2010 10:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 18.2.2010 14:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 20.4.2010 20:12:13
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 20.4.2010 20:12:13
AVARKT.DLL : 10.0.0.14 227176 Bytes 20.4.2010 20:12:12
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.1.2010 07:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.1.2010 10:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.3.2010 13:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 19.2.2010 12:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.1.2010 11:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 20.4.2010 20:12:12

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, F:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: 25. júla 2010 16:36

Starting search for hidden objects.
HKEY_USERS\S-1-5-21-1004336348-492894223-725345543-1004\Software\SecuROM\License information\datasecu
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-1004336348-492894223-725345543-1004\Software\SecuROM\License information\rkeysecu
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\GIGABYTE\GEST\vout
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'msdtc.exe' - '39' Module(s) have been scanned
Scan process 'dllhost.exe' - '57' Module(s) have been scanned
Scan process 'dllhost.exe' - '44' Module(s) have been scanned
Scan process 'vssvc.exe' - '43' Module(s) have been scanned
Scan process 'avscan.exe' - '66' Module(s) have been scanned
Scan process 'avcenter.exe' - '94' Module(s) have been scanned
Scan process 'alg.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'sp_rsser.exe' - '23' Module(s) have been scanned
Scan process 'RichVideo.exe' - '19' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '17' Module(s) have been scanned
Scan process 'NBService.exe' - '43' Module(s) have been scanned
Scan process 'jqs.exe' - '32' Module(s) have been scanned
Scan process 'GSvr.exe' - '13' Module(s) have been scanned
Scan process 'ApplicationUpdater.exe' - '19' Module(s) have been scanned
Scan process 'ccc.exe' - '178' Module(s) have been scanned
Scan process 'MOM.exe' - '49' Module(s) have been scanned
Scan process 'OAhlp.exe' - '44' Module(s) have been scanned
Scan process 'oaui.exe' - '46' Module(s) have been scanned
Scan process 'avgnt.exe' - '47' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '28' Module(s) have been scanned
Scan process 'apdproxy.exe' - '44' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '41' Module(s) have been scanned
Scan process 'Explorer.EXE' - '91' Module(s) have been scanned
Scan process 'avshadow.exe' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'avguard.exe' - '52' Module(s) have been scanned
Scan process 'sched.exe' - '44' Module(s) have been scanned
Scan process 'spoolsv.exe' - '59' Module(s) have been scanned
Scan process 'oasrv.exe' - '63' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '31' Module(s) have been scanned
Scan process 'OAcat.exe' - '28' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '29' Module(s) have been scanned
Scan process 'svchost.exe' - '160' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '26' Module(s) have been scanned
Scan process 'lsass.exe' - '57' Module(s) have been scanned
Scan process 'services.exe' - '26' Module(s) have been scanned
Scan process 'winlogon.exe' - '72' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '489' files ).


Starting the file scan:

Begin scan in 'C:\'
Begin scan in 'D:\' <zaloha>
Begin scan in 'F:\'


End of the scan: 25. júla 2010 17:57
Used time: 1:21:17 Hour(s)

The scan has been done completely.

16353 Scanned directories
858994 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
858994 Files not concerned
9125 Archives were scanned
0 Warnings
0 Notes
467472 Objects were scanned with rootkit scan
3 Hidden objects were found

[motji]

Dobré ranko
Neznám Aviru, proto bych Vás poprosila raději o log ze rsitu, viz můj podpis

[kuntakinte]

Logfile of random's system information tool 1.08 (written by random/random)
Run by ivan at 2010-07-26 19:20:16
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 57 GB (44%) free of 131 GB
Total RAM: 2046 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:20:18, on 26.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\ivan\Desktop\RSIT.exe
C:\Program Files\trend micro\ivan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ivan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E933544-D40E-457F-95E0-1E7F0C6D435D}: NameServer = 195.168.1.2,195.168.1.4
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Služba Google Update (gupdate1c99ca5d283c91e) (gupdate1c99ca5d283c91e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8420 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab6eebdc09bce.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-492894223-725345543-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-492894223-725345543-1004UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\ctbr.dll [2010-04-14 1241960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-02-19 1262888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-31 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-31 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-02-19 1262888]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\ctbr.dll [2010-04-14 1241960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-07 16862208]
"NSLauncher"=C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe [2007-11-06 3096576]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-07 57344]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"@OnlineArmor GUI"=C:\Program Files\Tall Emu\Online Armor\oaui.exe [2009-12-05 6622920]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-03 98304]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"UpdatePDRShortCut"=C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2008-07-22 2772992]
"Google Update"=C:\Documents and Settings\ivan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-21 133104]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-03 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2009-12-05 923336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x43010000
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\MY DOCUMENTS\My Games\Dead Space\Dead Space.exe"="D:\MY DOCUMENTS\My Games\Dead Space\Dead Space.exe:*:Disabled:Dead Space ™"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\ivan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\ivan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\utorrent-lite\utorrent.exe"="C:\Program Files\utorrent-lite\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\FlatOut2\FlatOut2.exe"="C:\Program Files\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"D:\MY DOCUMENTS\z netu\Bulanci_1.82-0.exe"="D:\MY DOCUMENTS\z netu\Bulanci_1.82-0.exe:*:Enabled:Bulanci_1.82-0"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Dragon Age\bin_ship\daorigins.exe"="C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game"
"C:\Program Files\Dragon Age\DAOriginsLauncher.exe"="C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher"
"C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe"="C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater"
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Documents and Settings\ivan\Desktop\utorrent-portable\utorrent.exe"="C:\Documents and Settings\ivan\Desktop\utorrent-portable\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe"

======List of files/folders created in the last 1 months======

2010-07-18 11:26:38 ----D---- C:\rsit
2010-07-15 10:37:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-14 11:22:07 ----D---- C:\Program Files\Cool FLAC To MP3 Converter
2010-06-27 14:16:38 ----D---- C:\Program Files\Common Files\3DO Shared
2010-06-27 14:16:38 ----D---- C:\Program Files\3DO
2010-06-27 13:03:58 ----D---- C:\Program Files\directx

======List of files/folders modified in the last 1 months======

2010-07-26 19:20:16 ----D---- C:\Program Files\trend micro
2010-07-26 19:15:43 ----D---- C:\WINDOWS\Prefetch
2010-07-26 19:13:40 ----D---- C:\Program Files\Crawler
2010-07-26 19:13:32 ----D---- C:\Program Files\Mozilla Firefox
2010-07-26 19:13:02 ----D---- C:\WINDOWS\temp
2010-07-26 19:13:01 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-26 19:12:55 ----D---- C:\WINDOWS
2010-07-25 22:38:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-25 16:36:05 ----D---- C:\WINDOWS\Registration
2010-07-25 16:34:41 ----D---- C:\WINDOWS\Minidump
2010-07-25 16:34:41 ----D---- C:\WINDOWS\Debug
2010-07-19 11:25:20 ----SHD---- C:\WINDOWS\Installer
2010-07-19 11:25:20 ----RD---- C:\Program Files
2010-07-19 11:25:20 ----D---- C:\Config.Msi
2010-07-19 11:25:15 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-07-19 11:25:13 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-07-19 11:25:13 ----D---- C:\WINDOWS\system32\drivers
2010-07-19 11:25:12 ----D---- C:\WINDOWS\system32
2010-07-15 10:37:54 ----HD---- C:\WINDOWS\inf
2010-07-15 10:37:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-15 10:37:34 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-12 09:41:14 ----D---- C:\Documents and Settings\ivan\Application Data\ICQ
2010-07-12 09:35:34 ----A---- C:\WINDOWS\wincmd.ini
2010-07-02 22:28:33 ----D---- C:\Program Files\Electronic Arts
2010-07-02 22:28:32 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-02 21:39:05 ----A---- C:\WINDOWS\system32\MRT.exe
2010-06-27 14:16:38 ----D---- C:\Program Files\Common Files
2010-06-27 13:16:50 ----D---- C:\Program Files\CCleaner
2010-06-27 13:06:45 ----D---- C:\Documents and Settings\ivan\Application Data\uTorrent
2010-06-27 13:01:49 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2010-06-27 13:01:41 ----D---- C:\Documents and Settings\ivan\Application Data\Spyware Terminator

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [2007-03-08 43528]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2008-11-23 97248]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-11-09 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-15 76544]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys []
R1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys []
R1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys []
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-03 4605952]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-21 93696]
R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-07 4739072]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-10-16 115840]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
S3 amc84wgp;amc84wgp; C:\WINDOWS\system32\drivers\amc84wgp.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-15 25280]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-12-17 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-12-17 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-12-17 21744]
S3 k600bus;Sony Ericsson 600i driver (WDM); C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 52384]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-05-11 6096]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-05-11 87456]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-05-11 79248]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-05-11 77072]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM); C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS); C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM); C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 90800]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-20 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-03 602112]
R2 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [2008-05-13 80392]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-31 153376]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\OAcat.exe [2009-12-05 1282248]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2009-04-17 247152]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-11-23 570880]
R2 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2009-12-05 3291336]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-07-14 593920]
S2 gupdate1c99ca5d283c91e;Služba Google Update (gupdate1c99ca5d283c91e); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-04 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-02-08 212480]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-11-23 306432]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 Prime95 Service;Prime95 Service; C:\Program Files\Prime95\prime95.exe []

-----------------EOF-----------------



Jinak jsem sem log s RSITu vkládal nedávno a byl v pohodě, jenom jsem tam nedodal zmíněný problém s hidden objects B)

[motji]

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

[kuntakinte]

Malwarebytes' Anti-Malware 1.44
Verzia databázy: 3677
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

27.7.2010 21:09:06
mbam-log-2010-07-27 (21-09-02).txt

Typ kontroly: Úplná (C:\|D:\|F:\|)
Objektov kontrolovaných: 306966
Uplynutý cas: 37 minute(s), 59 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 3

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
D:\MY DOCUMENTS\My Games\INSTAL\deadspace instal\bin.dll (Spyware.OnlineGames) -> No action taken.
D:\New instal\motherboard_driver_lan_realtek_8111.exe (Spyware.OnlineGames) -> No action taken.
D:\New instal\motherboard_driver_chipset_intel._p4x_sereis.exe (Spyware.OnlineGames) -> No action taken.

[motji]

Tyto dva soubory otestujte na www.virustotal.com
D:\New instal\motherboard_driver_lan_realtek_8111.exe
D:\New instal\motherboard_driver_chipset_intel._p4x_sereis.exe

[kuntakinte]

http://www.virustotal.com/analisis/b60d ... 1280303154
http://www.virustotal.com/analisis/e616 ... 1280303518

..jinak možná by bylo fajn spomenout že problém který jsem řešil posledně zrovna s Váma, jaksi přetrval a dělá potíže Jednalo se o:
http://www.viry.cz/forum/viewtopic.php?f=13&t=100146
kde byl problém s vypínaním PC. Nechci kupit jedno přes druhé ale pokud byste měla trochu času i na tohle tak Vám budu neskutečně vděčný

[motji]

Smažte tento soubor
D:\MY DOCUMENTS\My Games\INSTAL\deadspace instal\bin.dll

Takže pc se opět nevypíná? A po našem odvirování bylo vše v pořádku?

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe


- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

[kuntakinte]

combofix mi restartoval pc a po startu zbylo jenom pozadi a modry okno combofixu v kterem se jiz hodnou chvili nic nedeje. Co mam prosim delat? I tohle pisi pres phone

[motji]

Ještě počkejte...combofix se Vám restartoval hned po spuštění, nebo až u fáze50?

[kuntakinte]

Restartoval se hned po spuštění, protože potřeboval vyřadit virtuální CD mechaniky, pak se Windows nakopnul jenom s pozadím a oknem combofixu, v kterém se nic neudělo cca hodinu, tak jsem to (vím že jsem pravděpodobně neměl), ale ukončil. Pak jsem jej spustil znovu, a tady je log:

ComboFix 10-07-29.01 - ivan 29.07.2010 22:29:50.7.4 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.2046.1468 [GMT 2:00]
Running from: c:\documents and settings\ivan\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ivan\Application Data\Dealio
c:\documents and settings\ivan\Application Data\Dealio\res\widgets.xml
c:\documents and settings\ivan\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml

.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-29 )))))))))))))))))))))))))))))))
.

2010-07-18 09:26 . 2010-07-18 09:26 -------- d-----w- C:\rsit
2010-07-14 19:46 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-14 09:22 . 2010-07-14 09:32 -------- d-----w- c:\program files\Cool FLAC To MP3 Converter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-29 20:26 . 2008-11-23 06:45 -------- d-----w- c:\documents and settings\ivan\Application Data\Spyware Terminator
2010-07-29 19:59 . 2008-11-21 19:17 16608 ----a-w- c:\windows\gdrv.sys
2010-07-29 19:56 . 2008-11-23 06:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-07-29 19:48 . 2010-04-21 12:20 -------- d-----w- c:\program files\Crawler
2010-07-26 17:20 . 2009-04-14 20:34 -------- d-----w- c:\program files\trend micro
2010-07-19 09:25 . 2008-11-23 07:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-12 07:41 . 2009-02-09 16:03 -------- d-----w- c:\documents and settings\ivan\Application Data\ICQ
2010-07-02 20:28 . 2009-01-18 12:10 -------- d-----w- c:\program files\Electronic Arts
2010-07-02 20:28 . 2008-11-21 19:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-27 12:17 . 2010-06-27 12:16 -------- d-----w- c:\program files\Common Files\3DO Shared
2010-06-27 12:17 . 2010-06-27 12:16 -------- d-----w- c:\program files\3DO
2010-06-27 11:16 . 2008-11-21 20:28 -------- d-----w- c:\program files\CCleaner
2010-06-27 11:06 . 2009-02-12 14:19 -------- d-----w- c:\documents and settings\ivan\Application Data\uTorrent
2010-06-27 11:03 . 2010-06-27 11:03 -------- d-----w- c:\program files\directx
2010-06-22 15:03 . 2008-11-23 06:45 -------- d-----w- c:\program files\Spyware Terminator
2010-06-17 12:57 . 2010-03-29 16:55 -------- d-----w- c:\program files\ICQ6.5
2010-06-16 13:30 . 2010-06-16 13:30 50354 ----a-w- c:\documents and settings\ivan\Application Data\Facebook\uninstall.exe
2010-06-16 13:30 . 2010-06-16 13:30 -------- d-----w- c:\documents and settings\ivan\Application Data\Facebook
2010-06-14 14:31 . 2008-11-21 19:04 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\ivan\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-06-07 10:48 . 2008-11-23 06:52 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-26 16:41 . 2008-11-21 19:11 28584 ----a-w- c:\documents and settings\ivan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-26 16:28 . 2010-05-26 16:29 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
2010-05-02 05:22 . 2006-02-28 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]
"Google Update"="c:\documents and settings\ivan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-21 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 16862208]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-11-06 3096576]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-12-05 6622920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-12-05 923336]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Google Update"="c:\documents and settings\ivan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OSSelectorReinstall"=c:\program files\Common Files\Acronis\AcronisDiskDirector\oss_reinstall.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\MY DOCUMENTS\\My Games\\Dead Space\\Dead Space.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\ivan\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\utorrent-lite\\utorrent.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\MY DOCUMENTS\\z netu\\Bulanci_1.82-0.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Documents and Settings\\ivan\\Desktop\\utorrent-portable\\utorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [20.1.2010 22:25 223312]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [20.1.2010 22:25 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [20.1.2010 22:25 29776]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [23.11.2008 8:45 141312]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [30.4.2009 20:01 135336]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 1:51 380928]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [21.11.2008 21:18 80392]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [20.1.2010 22:25 1282248]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [20.1.2010 22:25 3291336]
S2 gupdate1c99ca5d283c91e;Služba Google Update (gupdate1c99ca5d283c91e);c:\program files\Google\Update\GoogleUpdate.exe [4.3.2009 10:47 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [1.3.2010 23:51 16512]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [16.11.2009 15:34 25832]
S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [11.5.2005 14:12 52384]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\drivers\k600mdfl.sys [11.5.2005 14:12 6096]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\drivers\k600mdm.sys [11.5.2005 14:12 87456]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\drivers\k600mgmt.sys [11.5.2005 14:12 79248]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\k600obex.sys [11.5.2005 14:12 77072]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [28.11.2008 13:05 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [28.11.2008 13:05 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [28.11.2008 13:05 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [28.11.2008 13:05 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [28.11.2008 13:06 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [28.11.2008 13:05 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [28.11.2008 13:05 90800]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.11.2008 11:36 691696]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-07-02 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]

2010-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cab6eebdc09bce.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 08:47]

2010-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 08:47]

2010-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-492894223-725345543-1004Core.job
- c:\documents and settings\ivan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-21 20:27]

2010-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-492894223-725345543-1004UA.job
- c:\documents and settings\ivan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-21 20:27]
.
.
------- Supplementary Scan -------
.
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Crawler Search - tbr:iemenu
TCP: {0E933544-D40E-457F-95E0-1E7F0C6D435D} = 195.168.1.2,195.168.1.4
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\ivan\Application Data\Mozilla\Firefox\Profiles\kyqg5x4k.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}\components\FFAlert.dll
FF - plugin: c:\documents and settings\ivan\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\ivan\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-29 22:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1004336348-492894223-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:1c,8f,36,48,b4,7e,af,ea,b8,0c,cb,2e,6c,c4,bd,e6,6c,c0,ae,df,26,
12,57,01,bb,40,1b,c4,2e,34,2c,17,a3,b4,99,27,db,0d,5e,23,6c,2b,87,1e,64,9a,\
"rkeysecu"=hex:93,9c,c1,81,e5,43,3c,08,ad,0e,ad,7b,41,d0,2e,e1
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(632)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2010-07-29 22:37:27
ComboFix-quarantined-files.txt 2010-07-29 20:37

Pre-Run: 59 594 465 280 bytes free
Post-Run: 13 adresárov, 59 588 440 064 voľných bajtov

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 7656F004896F9DEEEBF0638A7A29A9D7


Co se týče toho vypínání, po tom co jsme udělali posledně vypadal chvíli ok, jenomže problém je v tom, že se třeba nevypne jednou ze tří pokusů o vypnutí/restart/úsporní režim. Takže je těžko říct jestli to že to chvíli šlapalo byla jenom náhoda, nebo to něčemu dovopravdy pomohlo. Každopádně netrvalo zas tak dlouho a zas dělá potíže

[motji]

Nevypne se znamená co? Neukončí se vůbec?
Změnilo se ted něco?

[kuntakinte]

Nevypne se znamená že se prostě všechno naoko poukončuje, zůstane jenom pozadí s pracovní plochy, ikony zmiznou, všechno zmizne, a PC takhle zůstane a jediný co dál jde, je spustit správce úloh, kterého okno stejně při manipulaci s ním (třeba jej dám přes něj znovu vypnout) jenom zamrzne. Jediný spůsob jak se pak z toho stavu dostat je prostě resetnout komp přidržením power, místo toho aby se vypnul sám, jak má. Jestli se teď něco změnilo zatím nevím, protože jak jsem řekl, není to pravidlo že to nejde, takže výsledek uvidím až po několika použitích PC.

[motji]

Dobře, tak to teď odzkoušejte a nahlaste stav .
Když se Vám tohle stane, podívejte se do protokolu událostí, jestli tam k tomu nebude nějaký záznam, pomohlo by nám to

[kuntakinte]

Děkuju, jenom bych se zeptal co je to protokol událostí a kde jej najdu?