Chtěl bych poprosit o kontrolu logu, mám problém se spuštěním WIN XP. Děkuji
SmallARK
================================================================
[R]NtClose -> D:\windows\system32\drivers\aswSP.SYS
[R]NtCreateFile -> D:\windows\system32\drivers\SbFw.sys
[R]NtCreateKey -> D:\windows\system32\drivers\aswSP.SYS
[R]NtCreateProcess -> D:\windows\system32\drivers\SbFw.sys
[R]NtCreateProcessEx -> D:\windows\system32\drivers\SbFw.sys
[R]NtCreateThread -> D:\windows\system32\drivers\SbFw.sys
[R]NtDeleteFile -> D:\windows\system32\drivers\SbFw.sys
[R]NtDeleteKey -> D:\windows\system32\drivers\aswSP.SYS
[R]NtDeleteValueKey -> D:\windows\system32\drivers\aswSP.SYS
[R]NtDuplicateObject -> D:\windows\system32\drivers\aswSP.SYS
[R]NtLoadDriver -> D:\windows\system32\drivers\sbhips.sys
[R]NtMapViewOfSection -> D:\windows\system32\drivers\sbhips.sys
[R]NtOpenFile -> D:\windows\system32\drivers\SbFw.sys
[R]NtOpenKey -> D:\windows\system32\drivers\aswSP.SYS
[R]NtOpenProcess -> D:\windows\system32\drivers\aswSP.SYS
[R]NtOpenThread -> D:\windows\system32\drivers\aswSP.SYS
[R]NtQueryValueKey -> D:\windows\system32\drivers\aswSP.SYS
[R]NtRenameKey -> D:\windows\system32\drivers\aswSP.SYS
[R]NtRestoreKey -> D:\windows\system32\drivers\aswSP.SYS
[R]NtResumeThread -> D:\windows\system32\drivers\SbFw.sys
[R]NtSetInformationFile -> D:\windows\system32\drivers\SbFw.sys
[R]NtSetValueKey -> D:\windows\system32\drivers\aswSP.SYS
[R]NtWriteFile -> D:\windows\system32\drivers\SbFw.sys
MBR ROOTKIT DETECTED!
Běžící procesy
================================================================
Scanner
================================================================
[S] explorer.exe
Spouští se po startu HKLM Winlogon [Shell]
[R] AvastUI.exe
Spouští se po startu HKLM Run [avast5]
[R] jusched.exe
Spouští se po startu HKLM Run [SunJavaUpdateSched]
[R] schedhlp.exe
Spouští se po startu HKLM Run [Acronis Scheduler2 Service]
[S] ctfmon.exe
Spouští se po startu HKCU Run [CTFMON.EXE]
Po spuštění
================================================================
HKCU Run
|_ [X][SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
HKLM Run
|_ [R][avast5] D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
|_ [X][ATIModeChange] Ati2mdxx.exe (Soubor nenalezen)
|_ [X][KernelFaultCheck] D:\windows\system32\dumprep 0 -k (Soubor nenalezen)
HKLM IC
|_ [X][>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP (Soubor nenalezen)
|_ [?][{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] D:\WINDOWS\INF\mplayer2.inf ,PerUserStub.NT
|_ [?][{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] D:\WINDOWS\INF\msnetmtg.inf ,NetMtg.Install.PerUser.NT
|_ [?][{5945c046-1e7d-11d1-bc44-00c04fd912be}] D:\WINDOWS\INF\msmsgs.inf ,BLC.QuietInstall.PerUser
|_ [?][{6BF52A52-394A-11d3-B153-00C04F79FAA6}] D:\WINDOWS\INF\wmp.inf ,PerUserStub
|_ [?][{89820200-ECBD-11cf-8B85-00AA005B4340}] regsvr32.exe /s /n /i:U shell32.dll
HKLM Winlogon Notify
|_ [X][AtiExtEvent] Ati2evxx.dll (Soubor nenalezen)
Služby (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[X] Ati HotKey Poller
|_ Cesta: D:\windows\System32\Ati2evxx.exe
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: Ati HotKey Poller
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Zastaveno
|_ Typ:
|_ Dependency:
[X] Java Quick Starter
|_ Cesta: D:\Program Files\Java\jre6\bin\jqs.exe -service -config D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: JavaQuickStarterService
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:
Ovladače (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[?] AMD Processor Driver
|_ Cesta: D:\windows\System32\DRIVERS\AmdK8.sys
| |_ Výrobce: Advanced Micro Devices
| |_ Popis: AMD Processor Driver
| |_ MD5: 59301936898AE62245A6F09C0ABA9475
|
|_ Jméno: AmdK8
|_ StartName:
|_ Typ spouštění: System Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver
|_ Cesta: D:\windows\System32\DRIVERS\Rtenicxp.sys
| |_ Výrobce: Realtek Semiconductor Corporation
| |_ Popis: Realtek 10/100/1000 NDIS 5.1 Driver
| |_ MD5: BB0AE2171F08129F4F3FF9DF20FFBF89
|
|_ Jméno: RTLE8023xp
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] SVKP
|_ Cesta: D:\windows\System32\SVKP.sys
| |_ Výrobce: AntiCracking
| |_ Popis: SVKP driver for NT
| |_ MD5: F05028B163B92C302A74409D683AC9B0
|
|_ Jméno: SVKP
|_ StartName:
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
lNetStat
================================================================
Typ: PID Proces Local <-> Remote Status
-----------------------------------------------------------------------------------------
TCP (1176) svchost.exe 0.0.0.0:135 LISTENING
TCP (4) Systém 0.0.0.0:445 LISTENING
TCP (1304) svchost.exe 0.0.0.0:1026 LISTENING
TCP (4) Systém 0.0.0.0:1028 LISTENING
TCP (456) SbPFCl.exe 0.0.0.0:1029 LISTENING
TCP (456) SbPFCl.exe 0.0.0.0:1031 LISTENING
TCP (1228) SbPFSvc.exe 0.0.0.0:1033 LISTENING
TCP (2908) firefox.exe 0.0.0.0:1049 LISTENING
TCP (2908) firefox.exe 0.0.0.0:1053 LISTENING
TCP (1760) AvastSvc.exe 0.0.0.0:1340 LISTENING
TCP (1760) AvastSvc.exe 0.0.0.0:2819 LISTENING
TCP (1552) svchost.exe 0.0.0.0:5000 LISTENING
TCP (1228) SbPFSvc.exe 0.0.0.0:44334 LISTENING
TCP (1228) SbPFSvc.exe 0.0.0.0:44501 LISTENING
TCP (456) SbPFCl.exe 127.0.0.1:1029 <-> 127.0.0.1:44334 ESTABLISHED
TCP (456) SbPFCl.exe 127.0.0.1:1031 <-> 127.0.0.1:1033 ESTABLISHED
TCP (1228) SbPFSvc.exe 127.0.0.1:1033 <-> 127.0.0.1:1031 ESTABLISHED
TCP (2908) firefox.exe 127.0.0.1:1048 LISTENING
TCP (2908) firefox.exe 127.0.0.1:1048 <-> 127.0.0.1:1049 ESTABLISHED
TCP (2908) firefox.exe 127.0.0.1:1049 <-> 127.0.0.1:1048 ESTABLISHED
TCP (2908) firefox.exe 127.0.0.1:1052 LISTENING
TCP (2908) firefox.exe 127.0.0.1:1052 <-> 127.0.0.1:1053 ESTABLISHED
TCP (2908) firefox.exe 127.0.0.1:1053 <-> 127.0.0.1:1052 ESTABLISHED
TCP (0) 127.0.0.1:2822 TIME_WAIT
TCP (0) 127.0.0.1:2824 TIME_WAIT
TCP (0) 127.0.0.1:2829 TIME_WAIT
TCP (0) 127.0.0.1:2831 TIME_WAIT
TCP (0) 127.0.0.1:2833 TIME_WAIT
TCP (0) 127.0.0.1:2836 TIME_WAIT
TCP (800) jqs.exe 127.0.0.1:5152 LISTENING
TCP (800) jqs.exe 127.0.0.1:5152 CLOSE_WAIT
TCP (0) 127.0.0.1:12080 TIME_WAIT
TCP (0) 127.0.0.1:12080 TIME_WAIT
TCP (0) 127.0.0.1:12080 TIME_WAIT
TCP (0) 127.0.0.1:12080 TIME_WAIT
TCP (1228) SbPFSvc.exe 127.0.0.1:44334 <-> 127.0.0.1:1029 ESTABLISHED
TCP (0) 127.0.0.1:44501 TIME_WAIT
TCP (4) Systém 192.168.2.200:139 LISTENING
UDP (1176) svchost.exe 0.0.0.0:135 TIME_WAIT
UDP (4) Systém 0.0.0.0:445
UDP (988) lsass.exe 0.0.0.0:500
UDP (1516) svchost.exe 0.0.0.0:1025
UDP (1304) svchost.exe 0.0.0.0:1027
UDP (456) SbPFCl.exe 0.0.0.0:1030
UDP (456) SbPFCl.exe 0.0.0.0:1032
UDP (1516) svchost.exe 0.0.0.0:1057
UDP (1516) svchost.exe 0.0.0.0:1065
UDP (456) SbPFCl.exe 0.0.0.0:1975
UDP (1228) SbPFSvc.exe 0.0.0.0:44334
UDP (1304) svchost.exe 127.0.0.1:123
UDP (1552) svchost.exe 127.0.0.1:1900
UDP (1304) svchost.exe 192.168.2.200:123
UDP (4) Systém 192.168.2.200:137
UDP (4) Systém 192.168.2.200:138
UDP (1552) svchost.exe 192.168.2.200:1900
Moduly (Zobraz i bezpečné DLL: False, Jen bez výrobce: True, Zobraz registrované: False)
================================================================
[?] softokn3.dll
|_ Cesta: C:\Program Files\Mozilla Firefox\softokn3.dll
|_ MD5: 222AFED911CBF5F9A454ADEE53D31B30
|_ Výrobce: Mozilla Foundation
|_ Procesy
|_ firefox.exe (2908)
[?] nssdbm3.dll
|_ Cesta: C:\Program Files\Mozilla Firefox\nssdbm3.dll
|_ MD5: DCE543B6B3FF516BD65C1030E4B933FF
|_ Výrobce: Mozilla Foundation
|_ Procesy
|_ firefox.exe (2908)
[?] freebl3.dll
|_ Cesta: C:\Program Files\Mozilla Firefox\freebl3.dll
|_ MD5: 10BED437023F93DD1AD8EFA80E71280F
|_ Výrobce: Mozilla Foundation
|_ Procesy
|_ firefox.exe (2908)
================================================================
Ultimate Process Manager v4.1.3 - [ Lodus Software ]
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu logu
Zdravim, pekny vecer preji a vitam Vas u nas na foru
Prectete si pravidla fora a dejte log ze RSITu - vizte muj podpis
Co presneji si mam predstavit pod pojmem "problem se spustenim XP"
Prectete si pravidla fora a dejte log ze RSITu - vizte muj podpis
Co presneji si mam predstavit pod pojmem "problem se spustenim XP"
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu
Po startu PC je možné max. dostat se do Biosu, nouzový režim nefunguje, WiN XP se nechtějí nastartovat ukáže se pouze černá obrazovka. HD jsem vložil do jiného PC kde sem ho otevřel, přověřil všem možnými antiviry a nic.
Re: Prosím o kontrolu logu
Logfile of random's system information tool 1.08 (written by random/random)
Run by Vlk at 2010-07-30 18:53:43
Systém Microsoft Windows XP Professional Service Pack 1
System drive D: has 14 GB (74%) free of 19 GB
Total RAM: 2047 MB (69% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:53:49, on 30.7.2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
D:\windows\System32\smss.exe
D:\windows\system32\winlogon.exe
D:\windows\system32\services.exe
D:\windows\system32\lsass.exe
D:\windows\system32\svchost.exe
D:\windows\System32\svchost.exe
D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
D:\windows\Explorer.EXE
D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
D:\windows\System32\ctfmon.exe
D:\windows\system32\spoolsv.exe
D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\Program Files\ICQ6Toolbar\ICQ Service.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
D:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
D:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Vlk\Dokumenty\Stažené soubory\RSIT.exe
D:\Program Files\trend micro\Vlk.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/sm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [avast5] D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [adm_tray.exe] D:\Program Files\Acronis\DriveMonitor\adm_tray.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\windows\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\windows\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\windows\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\windows\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\windows\System32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - Unknown owner - D:\windows\System32\Ati2evxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ICQ Service - Unknown owner - D:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - D:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - D:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
--
End of file - 5387 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-29 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-29 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Rádio - D:\WINDOWS\System32\msdxm.ocx [2002-09-20 844828]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-06-21 1018680]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast5"=D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864]
"ATIModeChange"=Ati2mdxx.exe []
"SunJavaUpdateSched"=D:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"KernelFaultCheck"=D:\windows\system32\dumprep 0 -k []
"adm_tray.exe"=D:\Program Files\Acronis\DriveMonitor\adm_tray.exe [2010-06-04 530768]
"Acronis Scheduler2 Service"=D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2009-10-27 365560]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\windows\System32\ctfmon.exe [2002-09-20 13312]
"SpybotSD TeaTimer"=D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
D:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
Ati2evxx.dll []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91
"NoViewContextMenu"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoViewContextMenu"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2010-07-30 18:53:44 ----D---- D:\Program Files\trend micro
2010-07-30 18:53:43 ----D---- D:\rsit
2010-07-30 18:27:36 ----D---- D:\Program Files\Ultimate Process Manager
2010-07-30 17:27:43 ----A---- D:\windows\System32\drivers\SbFwIm.sys
2010-07-30 17:27:42 ----RA---- D:\windows\System32\drivers\SbFw.sys
2010-07-30 17:27:27 ----D---- D:\Program Files\Sunbelt Software
2010-07-30 17:23:13 ----D---- D:\Documents and Settings\All Users\Data aplikací\Acronis
2010-07-30 17:23:09 ----D---- D:\Program Files\Common Files\Acronis
2010-07-30 17:23:08 ----D---- D:\Program Files\Acronis
2010-07-29 21:12:42 ----D---- D:\windows\Minidump
2010-07-29 19:43:08 ----D---- D:\Program Files\TweakNow RegCleaner
2010-07-29 19:43:08 ----D---- D:\Documents and Settings\Vlk\Data aplikací\TweakNow RegCleaner
2010-07-29 19:33:47 ----D---- D:\Documents and Settings\All Users\Data aplikací\Sun
2010-07-29 19:33:42 ----D---- D:\Program Files\Common Files\Java
2010-07-29 19:33:02 ----A---- D:\windows\System32\javaws.exe
2010-07-29 19:33:02 ----A---- D:\windows\System32\deployJava1.dll
2010-07-29 19:33:01 ----A---- D:\windows\System32\javaw.exe
2010-07-29 19:33:01 ----A---- D:\windows\System32\java.exe
2010-07-29 19:32:30 ----D---- D:\Program Files\Java
2010-07-29 19:31:20 ----D---- D:\Documents and Settings\Vlk\Data aplikací\Sun
2010-07-29 18:22:14 ----D---- D:\Program Files\ICQ6Toolbar
2010-07-29 18:22:11 ----D---- D:\Documents and Settings\All Users\Data aplikací\ICQ
2010-07-29 18:21:46 ----D---- D:\Documents and Settings\Vlk\Data aplikací\ICQ
2010-07-29 18:21:26 ----D---- D:\Program Files\ICQ7.2
2010-07-29 10:18:56 ----A---- D:\windows\System32\drivers\amdide.sys
2010-07-29 09:52:37 ----D---- D:\Program Files\Driver Magician Lite
2010-07-29 09:52:37 ----A---- D:\windows\System32\msvbvm60.dll
2010-07-29 09:49:57 ----D---- D:\windows\System32\appmgmt
2010-07-29 09:33:37 ----A---- D:\windows\System32\drivers\stgswx.sys
2010-07-29 09:01:07 ----D---- D:\Documents and Settings\Vlk\Data aplikací\Macromedia
2010-07-29 09:01:07 ----D---- D:\Documents and Settings\Vlk\Data aplikací\Adobe
2010-07-29 08:52:21 ----D---- D:\Documents and Settings\Vlk\Data aplikací\Malwarebytes
2010-07-29 08:52:17 ----A---- D:\windows\System32\drivers\mbamswissarmy.sys
2010-07-29 08:52:16 ----D---- D:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-07-29 08:52:15 ----D---- D:\Program Files\Malwarebytes' Anti-Malware
2010-07-29 08:52:15 ----A---- D:\windows\System32\drivers\mbam.sys
2010-07-29 08:40:47 ----A---- D:\windows\System32\SVKP.sys
2010-07-29 08:40:43 ----D---- D:\Program Files\Disk Medic
2010-07-29 08:31:11 ----D---- D:\Program Files\Spybot - Search & Destroy
2010-07-29 08:31:11 ----D---- D:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-07-29 08:23:35 ----D---- D:\WUTemp
2010-07-29 08:23:31 ----A---- D:\windows\System32\iuengine.dll
2010-07-29 07:44:21 ----A---- D:\windows\System32\drivers\aswSP.sys
2010-07-29 07:44:19 ----A---- D:\windows\System32\drivers\aswRdr.sys
2010-07-29 07:44:18 ----A---- D:\windows\System32\drivers\aswTdi.sys
2010-07-29 07:44:15 ----A---- D:\windows\System32\drivers\aswmon2.sys
2010-07-29 07:44:15 ----A---- D:\windows\System32\drivers\aswmon.sys
2010-07-29 07:44:15 ----A---- D:\windows\System32\drivers\aavmker4.sys
2010-07-29 07:43:50 ----A---- D:\windows\System32\aswBoot.exe
2010-07-29 07:43:34 ----D---- D:\Program Files\Alwil Software
2010-07-29 07:43:34 ----D---- D:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-07-29 07:38:30 ----D---- D:\windows\LastGood
2010-07-29 07:35:04 ----D---- D:\Program Files\CCleaner
======List of files/folders modified in the last 1 months======
2010-07-30 18:53:44 ----RD---- D:\Program Files
2010-07-30 18:41:38 ----D---- D:\windows\Prefetch
2010-07-30 18:28:43 ----D---- D:\windows\System32\CatRoot2
2010-07-30 17:45:30 ----D---- D:\windows\Temp
2010-07-30 17:30:46 ----D---- D:\windows\Debug
2010-07-30 17:28:08 ----A---- D:\windows\SchedLgU.Txt
2010-07-30 17:27:55 ----SHD---- D:\windows\Installer
2010-07-30 17:27:47 ----HD---- D:\windows\inf
2010-07-30 17:27:43 ----D---- D:\windows\System32\drivers
2010-07-30 17:27:42 ----D---- D:\windows\system32
2010-07-30 17:23:14 ----D---- D:\windows\WinSxS
2010-07-30 17:23:09 ----D---- D:\Program Files\Common Files
2010-07-30 06:46:08 ----D---- D:\windows\System32\ReinstallBackups
2010-07-30 06:43:54 ----HD---- D:\Program Files\InstallShield Installation Information
2010-07-29 21:12:43 ----D---- D:\WINDOWS
2010-07-29 20:07:02 ----D---- D:\Program Files\Registrar Registry Manager
2010-07-29 19:57:26 ----D---- D:\windows\System32\config
2010-07-29 19:50:28 ----D---- D:\windows\security
2010-07-29 19:30:20 ----SD---- D:\windows\Downloaded Program Files
2010-07-29 09:50:27 ----A---- D:\windows\System32\PerfStringBackup.INI
2010-07-29 08:23:28 ----HD---- D:\Program Files\WindowsUpdate
2010-07-29 07:44:02 ----D---- D:\Program Files\Common Files\Microsoft Shared
2010-07-29 07:40:58 ----RSHDC---- D:\windows\System32\dllcache
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 amdide;amdide; D:\windows\System32\DRIVERS\amdide.sys [2007-10-12 9096]
R1 Aavmker4;avast! Asynchronous Virus Monitor; D:\windows\System32\drivers\Aavmker4.sys [2010-06-28 28880]
R1 AmdK8;AMD Processor Driver; D:\windows\System32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;aswSP; D:\windows\System32\drivers\aswSP.sys [2010-06-28 165456]
R1 aswTdi;avast! Network Shield Support; D:\windows\System32\drivers\aswTdi.sys [2010-06-28 46672]
R1 kbdhid;Ovladač klávesnice standardu HID; D:\windows\System32\DRIVERS\kbdhid.sys [2001-10-25 13952]
R1 SbFw;SbFw; D:\windows\system32\drivers\SbFw.sys [2008-07-16 269736]
R1 sbhips;Sunbelt HIPS Driver; D:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 aswMon2;aswMon2; D:\windows\System32\drivers\aswMon2.sys [2010-06-28 100176]
R2 SVKP;SVKP; \??\D:\windows\System32\SVKP.sys []
R3 aswRdr;aswRdr; D:\windows\System32\drivers\aswRdr.sys [2010-06-28 23376]
R3 hidusb;Ovladač třídy standardu HID; D:\windows\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; D:\windows\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; D:\windows\System32\DRIVERS\Rtenicxp.sys [2007-02-06 90880]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; D:\windows\System32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; D:\windows\System32\DRIVERS\usbccgp.sys [2002-08-29 28160]
R3 usbprint;Třída USB Printer; D:\windows\System32\DRIVERS\usbprint.sys [2002-08-29 24960]
S3 ati2mtag;ati2mtag; D:\windows\System32\DRIVERS\ati2mtag.sys []
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 rrSpy;rrSpy; D:\windows\system32\drivers\rrSpy.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; D:\windows\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcrSch2Svc;Acronis Scheduler2 Service; D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2009-10-27 660504]
R2 avast! Antivirus;avast! Antivirus; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 ICQ Service;ICQ Service; D:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-06-21 246584]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2010-07-29 153376]
R2 SbPF.Launcher;SbPF.Launcher; D:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-30 95528]
R2 SPF4;Sunbelt Personal Firewall 4; D:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-30 1361192]
S2 Ati HotKey Poller;Ati HotKey Poller; D:\windows\System32\Ati2evxx.exe []
S3 avast! Mail Scanner;avast! Mail Scanner; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S3 avast! Web Scanner;avast! Web Scanner; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
-----------------EOF-----------------
Run by Vlk at 2010-07-30 18:53:43
Systém Microsoft Windows XP Professional Service Pack 1
System drive D: has 14 GB (74%) free of 19 GB
Total RAM: 2047 MB (69% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:53:49, on 30.7.2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
D:\windows\System32\smss.exe
D:\windows\system32\winlogon.exe
D:\windows\system32\services.exe
D:\windows\system32\lsass.exe
D:\windows\system32\svchost.exe
D:\windows\System32\svchost.exe
D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
D:\windows\Explorer.EXE
D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
D:\windows\System32\ctfmon.exe
D:\windows\system32\spoolsv.exe
D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\Program Files\ICQ6Toolbar\ICQ Service.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
D:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
D:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Vlk\Dokumenty\Stažené soubory\RSIT.exe
D:\Program Files\trend micro\Vlk.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/sm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [avast5] D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [adm_tray.exe] D:\Program Files\Acronis\DriveMonitor\adm_tray.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\windows\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\windows\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\windows\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\windows\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\windows\System32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - Unknown owner - D:\windows\System32\Ati2evxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ICQ Service - Unknown owner - D:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - D:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - D:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
--
End of file - 5387 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-29 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-29 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Rádio - D:\WINDOWS\System32\msdxm.ocx [2002-09-20 844828]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-06-21 1018680]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast5"=D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864]
"ATIModeChange"=Ati2mdxx.exe []
"SunJavaUpdateSched"=D:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"KernelFaultCheck"=D:\windows\system32\dumprep 0 -k []
"adm_tray.exe"=D:\Program Files\Acronis\DriveMonitor\adm_tray.exe [2010-06-04 530768]
"Acronis Scheduler2 Service"=D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2009-10-27 365560]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\windows\System32\ctfmon.exe [2002-09-20 13312]
"SpybotSD TeaTimer"=D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
D:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
Ati2evxx.dll []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91
"NoViewContextMenu"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoViewContextMenu"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2010-07-30 18:53:44 ----D---- D:\Program Files\trend micro
2010-07-30 18:53:43 ----D---- D:\rsit
2010-07-30 18:27:36 ----D---- D:\Program Files\Ultimate Process Manager
2010-07-30 17:27:43 ----A---- D:\windows\System32\drivers\SbFwIm.sys
2010-07-30 17:27:42 ----RA---- D:\windows\System32\drivers\SbFw.sys
2010-07-30 17:27:27 ----D---- D:\Program Files\Sunbelt Software
2010-07-30 17:23:13 ----D---- D:\Documents and Settings\All Users\Data aplikací\Acronis
2010-07-30 17:23:09 ----D---- D:\Program Files\Common Files\Acronis
2010-07-30 17:23:08 ----D---- D:\Program Files\Acronis
2010-07-29 21:12:42 ----D---- D:\windows\Minidump
2010-07-29 19:43:08 ----D---- D:\Program Files\TweakNow RegCleaner
2010-07-29 19:43:08 ----D---- D:\Documents and Settings\Vlk\Data aplikací\TweakNow RegCleaner
2010-07-29 19:33:47 ----D---- D:\Documents and Settings\All Users\Data aplikací\Sun
2010-07-29 19:33:42 ----D---- D:\Program Files\Common Files\Java
2010-07-29 19:33:02 ----A---- D:\windows\System32\javaws.exe
2010-07-29 19:33:02 ----A---- D:\windows\System32\deployJava1.dll
2010-07-29 19:33:01 ----A---- D:\windows\System32\javaw.exe
2010-07-29 19:33:01 ----A---- D:\windows\System32\java.exe
2010-07-29 19:32:30 ----D---- D:\Program Files\Java
2010-07-29 19:31:20 ----D---- D:\Documents and Settings\Vlk\Data aplikací\Sun
2010-07-29 18:22:14 ----D---- D:\Program Files\ICQ6Toolbar
2010-07-29 18:22:11 ----D---- D:\Documents and Settings\All Users\Data aplikací\ICQ
2010-07-29 18:21:46 ----D---- D:\Documents and Settings\Vlk\Data aplikací\ICQ
2010-07-29 18:21:26 ----D---- D:\Program Files\ICQ7.2
2010-07-29 10:18:56 ----A---- D:\windows\System32\drivers\amdide.sys
2010-07-29 09:52:37 ----D---- D:\Program Files\Driver Magician Lite
2010-07-29 09:52:37 ----A---- D:\windows\System32\msvbvm60.dll
2010-07-29 09:49:57 ----D---- D:\windows\System32\appmgmt
2010-07-29 09:33:37 ----A---- D:\windows\System32\drivers\stgswx.sys
2010-07-29 09:01:07 ----D---- D:\Documents and Settings\Vlk\Data aplikací\Macromedia
2010-07-29 09:01:07 ----D---- D:\Documents and Settings\Vlk\Data aplikací\Adobe
2010-07-29 08:52:21 ----D---- D:\Documents and Settings\Vlk\Data aplikací\Malwarebytes
2010-07-29 08:52:17 ----A---- D:\windows\System32\drivers\mbamswissarmy.sys
2010-07-29 08:52:16 ----D---- D:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-07-29 08:52:15 ----D---- D:\Program Files\Malwarebytes' Anti-Malware
2010-07-29 08:52:15 ----A---- D:\windows\System32\drivers\mbam.sys
2010-07-29 08:40:47 ----A---- D:\windows\System32\SVKP.sys
2010-07-29 08:40:43 ----D---- D:\Program Files\Disk Medic
2010-07-29 08:31:11 ----D---- D:\Program Files\Spybot - Search & Destroy
2010-07-29 08:31:11 ----D---- D:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-07-29 08:23:35 ----D---- D:\WUTemp
2010-07-29 08:23:31 ----A---- D:\windows\System32\iuengine.dll
2010-07-29 07:44:21 ----A---- D:\windows\System32\drivers\aswSP.sys
2010-07-29 07:44:19 ----A---- D:\windows\System32\drivers\aswRdr.sys
2010-07-29 07:44:18 ----A---- D:\windows\System32\drivers\aswTdi.sys
2010-07-29 07:44:15 ----A---- D:\windows\System32\drivers\aswmon2.sys
2010-07-29 07:44:15 ----A---- D:\windows\System32\drivers\aswmon.sys
2010-07-29 07:44:15 ----A---- D:\windows\System32\drivers\aavmker4.sys
2010-07-29 07:43:50 ----A---- D:\windows\System32\aswBoot.exe
2010-07-29 07:43:34 ----D---- D:\Program Files\Alwil Software
2010-07-29 07:43:34 ----D---- D:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-07-29 07:38:30 ----D---- D:\windows\LastGood
2010-07-29 07:35:04 ----D---- D:\Program Files\CCleaner
======List of files/folders modified in the last 1 months======
2010-07-30 18:53:44 ----RD---- D:\Program Files
2010-07-30 18:41:38 ----D---- D:\windows\Prefetch
2010-07-30 18:28:43 ----D---- D:\windows\System32\CatRoot2
2010-07-30 17:45:30 ----D---- D:\windows\Temp
2010-07-30 17:30:46 ----D---- D:\windows\Debug
2010-07-30 17:28:08 ----A---- D:\windows\SchedLgU.Txt
2010-07-30 17:27:55 ----SHD---- D:\windows\Installer
2010-07-30 17:27:47 ----HD---- D:\windows\inf
2010-07-30 17:27:43 ----D---- D:\windows\System32\drivers
2010-07-30 17:27:42 ----D---- D:\windows\system32
2010-07-30 17:23:14 ----D---- D:\windows\WinSxS
2010-07-30 17:23:09 ----D---- D:\Program Files\Common Files
2010-07-30 06:46:08 ----D---- D:\windows\System32\ReinstallBackups
2010-07-30 06:43:54 ----HD---- D:\Program Files\InstallShield Installation Information
2010-07-29 21:12:43 ----D---- D:\WINDOWS
2010-07-29 20:07:02 ----D---- D:\Program Files\Registrar Registry Manager
2010-07-29 19:57:26 ----D---- D:\windows\System32\config
2010-07-29 19:50:28 ----D---- D:\windows\security
2010-07-29 19:30:20 ----SD---- D:\windows\Downloaded Program Files
2010-07-29 09:50:27 ----A---- D:\windows\System32\PerfStringBackup.INI
2010-07-29 08:23:28 ----HD---- D:\Program Files\WindowsUpdate
2010-07-29 07:44:02 ----D---- D:\Program Files\Common Files\Microsoft Shared
2010-07-29 07:40:58 ----RSHDC---- D:\windows\System32\dllcache
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 amdide;amdide; D:\windows\System32\DRIVERS\amdide.sys [2007-10-12 9096]
R1 Aavmker4;avast! Asynchronous Virus Monitor; D:\windows\System32\drivers\Aavmker4.sys [2010-06-28 28880]
R1 AmdK8;AMD Processor Driver; D:\windows\System32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;aswSP; D:\windows\System32\drivers\aswSP.sys [2010-06-28 165456]
R1 aswTdi;avast! Network Shield Support; D:\windows\System32\drivers\aswTdi.sys [2010-06-28 46672]
R1 kbdhid;Ovladač klávesnice standardu HID; D:\windows\System32\DRIVERS\kbdhid.sys [2001-10-25 13952]
R1 SbFw;SbFw; D:\windows\system32\drivers\SbFw.sys [2008-07-16 269736]
R1 sbhips;Sunbelt HIPS Driver; D:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 aswMon2;aswMon2; D:\windows\System32\drivers\aswMon2.sys [2010-06-28 100176]
R2 SVKP;SVKP; \??\D:\windows\System32\SVKP.sys []
R3 aswRdr;aswRdr; D:\windows\System32\drivers\aswRdr.sys [2010-06-28 23376]
R3 hidusb;Ovladač třídy standardu HID; D:\windows\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; D:\windows\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; D:\windows\System32\DRIVERS\Rtenicxp.sys [2007-02-06 90880]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; D:\windows\System32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; D:\windows\System32\DRIVERS\usbccgp.sys [2002-08-29 28160]
R3 usbprint;Třída USB Printer; D:\windows\System32\DRIVERS\usbprint.sys [2002-08-29 24960]
S3 ati2mtag;ati2mtag; D:\windows\System32\DRIVERS\ati2mtag.sys []
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 rrSpy;rrSpy; D:\windows\system32\drivers\rrSpy.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; D:\windows\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcrSch2Svc;Acronis Scheduler2 Service; D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2009-10-27 660504]
R2 avast! Antivirus;avast! Antivirus; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 ICQ Service;ICQ Service; D:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-06-21 246584]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2010-07-29 153376]
R2 SbPF.Launcher;SbPF.Launcher; D:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-30 95528]
R2 SPF4;Sunbelt Personal Firewall 4; D:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-30 1361192]
S2 Ati HotKey Poller;Ati HotKey Poller; D:\windows\System32\Ati2evxx.exe []
S3 avast! Mail Scanner;avast! Mail Scanner; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S3 avast! Web Scanner;avast! Web Scanner; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
-----------------EOF-----------------
Re: Prosím o kontrolu logu
Odinstalujte vsechny emulatory virtualnich jednotek (Deamon Tools, Alcohol 120%, PowerISO apod) Stahnete SPTD http://www.duplexsecure.com/en/downloads
- Vyberte z uvedene stranky verzi dle sveho operacniho systemu (32(x86)bit ci 64(x64)bit)
- Ulozte na plochu a spustte
- Zvolte moznost Uninstall a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte
Stahnete Defogger http://www.jpshortstuff.247fixes.com/Defogger.exe
- Ulozte na plochu a spustte
- Kliknete na Disable a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte
Stahnete MBR na plochu http://www2.gmer.net/mbr/mbr.exe Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R
- Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
"%userprofile%\plocha\mbr" -t- Kliknete na OK
- Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte
Dejte logy z Gmeru - viz muj podpis"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys amdide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys amdide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
Re: Prosím o kontrolu logu
Tak a ted gmer
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu
Jeste takova drobnost ne-li spise podstatna vec. Kdyz jste se do XPecek nedostal tak jak jste z nich dostal ten RSIT Pokud je disk jen pripojen do jineho PC a je na nem udelan RSIT, tak z nej nic nevyctem - dela sken beziciho systemu...
Pokud je disk jen pripojen do jineho PC a je na nem udelan RSIT, tak z nej nic nevyctem - dela sken beziciho systemu..."Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu
disk jen pripojen do jineho PC, mate pravdu
Re: Prosím o kontrolu logu
Ale jen jako vedlejsi, system z nej nebezi ze 
Tudiz testujeme zdrave PC
Samozrejme jej dokoncime a na ty poskozene XP bychom koukli pak...
Ovsem kdyz popisujete v jakem sjou stavu, tak bych zazalohoval dulezita data, zkusil opravnou instalaci a pak reinstal ci spise bych zakoupil W7 a XPecka bych tam uz necpal...
Tudiz testujeme zdrave PC
Samozrejme jej dokoncime a na ty poskozene XP bychom koukli pak...Ovsem kdyz popisujete v jakem sjou stavu, tak bych zazalohoval dulezita data, zkusil opravnou instalaci a pak reinstal ci spise bych zakoupil W7 a XPecka bych tam uz necpal...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu
JJ ,už to tak bude. Gmer beží už hodinu a pořád to nebere konce. Z napadeného HD potřebuji jen pár věcí co mám na ploše, ale nejde se tam dostat (háže mi to přístup odepřen) 
jinak bych to celé zformátoval..
jinak bych to celé zformátoval..Re: Prosím o kontrolu logu
Riff ma v navodu na gmer par minut, ale muze trvat i hodiny - "rekord" mam u uzivatele 4,5 hodiny K datum v uzivatelskych uctech (plocha, dokumenty) se dostava velmi tezko, ne-li je to nemozne, prave diky tomu pristupu ze je to ucet pro uzivatele a jen on tam na nem ma co pohledavat, vas to bere jako ciziho...."Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?