Logfile of random's system information tool 1.08 (written by random/random)
Run by uzivatel at 2010-10-07 14:22:44
Microsoft Windows 7 Home Premium
System drive C: has 165 GB (73%) free of 227 GB
Total RAM: 4031 MB (80% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:22:47, on 7.10.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\trend micro\uzivatel.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Windows Boot Control] C:\Users\Public\S-2535-6853-2745\winrsvn.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 6608 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe"
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-7a2a7bc5-721a-4368-a8d9-c42b91b5d474 -SystemEventPortName:HostProcess-9f3582be-7230-455e-91b8-89787426c2f3 -IoCancelEventPortName:HostProcess-c3888497-2b90-46ff-8f6f-4f65e57bead4 -NonStateChangingEventPortName:HostProcess-72c56605-7ad7-4c1a-9e70-730a2433caaa -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:b755f761-b89b-4e9d-97cc-e75065ca3273
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
"F:\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-171723439-4197284614-298172725-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-171723439-4197284614-298172725-1001UA.job
C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-10-06 8158240]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Boot Control"=C:\Users\Public\S-2535-6853-2745\winrsvn.exe []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe []
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-06-28 2837864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 2 months======
2010-10-07 14:22:44 ----D---- C:\rsit
2010-10-07 14:22:44 ----D---- C:\Program Files\trend micro
2010-10-07 08:39:52 ----D---- C:\Program Files (x86)\ATSoftware
2010-09-29 12:29:27 ----A---- C:\Windows\system32\drivers\ks.sys
2010-09-29 12:21:37 ----A---- C:\Windows\SYSWOW64\tzres.dll
2010-09-29 12:21:37 ----A---- C:\Windows\system32\tzres.dll
2010-09-16 20:13:38 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2010-09-16 20:13:38 ----A---- C:\Windows\system32\iertutil.dll
2010-09-16 18:27:19 ----A---- C:\Windows\system32\spoolsv.exe
2010-08-30 18:53:15 ----D---- C:\Users\uzivatel\AppData\Roaming\XnView
2010-08-25 09:12:57 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2010-08-25 09:12:57 ----A---- C:\Windows\system32\oleaut32.dll
2010-08-17 16:19:42 ----A---- C:\Windows\system32\drivers\aswSP.sys
2010-08-17 16:19:42 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2010-08-17 16:19:41 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2010-08-17 16:19:40 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2010-08-17 16:19:38 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2010-08-17 16:19:05 ----A---- C:\Windows\SYSWOW64\aswBoot.exe
2010-08-17 16:19:03 ----D---- C:\ProgramData\Alwil Software
2010-08-17 16:19:03 ----D---- C:\Program Files\Alwil Software
2010-08-16 12:26:02 ----D---- C:\Users\uzivatel\AppData\Roaming\ICQ
2010-08-11 15:56:43 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-08-11 15:56:43 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-11 15:56:43 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-11 15:56:42 ----A---- C:\Windows\SYSWOW64\schannel.dll
2010-08-11 15:56:42 ----A---- C:\Windows\system32\schannel.dll
2010-08-11 15:56:35 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-11 15:56:34 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-11 15:56:33 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2010-08-11 15:56:33 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2010-08-11 15:56:30 ----A---- C:\Windows\system32\mshtml.dll
2010-08-11 15:56:30 ----A---- C:\Windows\system32\ieframe.dll
2010-08-11 15:56:29 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2010-08-11 15:56:29 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2010-08-11 15:56:28 ----A---- C:\Windows\SYSWOW64\wininet.dll
2010-08-11 15:56:28 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2010-08-11 15:56:28 ----A---- C:\Windows\SYSWOW64\mstime.dll
2010-08-11 15:56:28 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2010-08-11 15:56:28 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2010-08-11 15:56:28 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2010-08-11 15:56:28 ----A---- C:\Windows\SYSWOW64\ieui.dll
2010-08-11 15:56:28 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2010-08-11 15:56:28 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2010-08-11 15:56:28 ----A---- C:\Windows\system32\wininet.dll
2010-08-11 15:56:28 ----A---- C:\Windows\system32\urlmon.dll
2010-08-11 15:56:28 ----A---- C:\Windows\system32\mstime.dll
2010-08-11 15:56:28 ----A---- C:\Windows\system32\msfeedssync.exe
2010-08-11 15:56:28 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-08-11 15:56:28 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-11 15:56:28 ----A---- C:\Windows\system32\ieui.dll
2010-08-11 15:56:28 ----A---- C:\Windows\system32\iepeers.dll
2010-08-11 15:56:28 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-11 15:56:24 ----A---- C:\Windows\SYSWOW64\rtutils.dll
2010-08-11 15:56:24 ----A---- C:\Windows\SYSWOW64\iccvid.dll
2010-08-11 15:56:24 ----A---- C:\Windows\system32\rtutils.dll
2010-08-11 15:56:23 ----A---- C:\Windows\system32\win32k.sys
2010-08-11 15:56:22 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2010-08-11 15:56:22 ----A---- C:\Windows\system32\msxml3.dll
2010-08-11 14:27:03 ----D---- C:\složky
2010-08-08 18:36:58 ----D---- C:\Program Files (x86)\XnView
======List of files/folders modified in the last 2 months======
2010-10-07 14:22:45 ----D---- C:\Windows\Temp
2010-10-07 14:22:44 ----RHD---- C:\Program Files
2010-10-07 14:22:29 ----SD---- C:\ProgramData\Microsoft
2010-10-07 14:22:24 ----SD---- C:\Users\uzivatel\AppData\Roaming\Microsoft
2010-10-07 14:17:43 ----D---- C:\Windows\System32
2010-10-07 14:17:43 ----D---- C:\Windows\inf
2010-10-07 14:17:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-10-07 14:13:36 ----D---- C:\ProgramData\NVIDIA
2010-10-07 14:12:28 ----D---- C:\Windows\system32\config
2010-10-07 08:39:52 ----RHD---- C:\Program Files (x86)
2010-10-05 21:31:27 ----SHD---- C:\System Volume Information
2010-10-05 21:30:33 ----HD---- C:\Windows
2010-10-05 16:09:35 ----D---- C:\Windows\Prefetch
2010-10-04 22:48:29 ----D---- C:\totalcmd
2010-10-03 08:59:00 ----D---- C:\Windows\system32\drivers
2010-10-03 08:58:54 ----D---- C:\Windows\system32\drivers\UMDF
2010-09-30 21:11:02 ----D---- C:\Windows\system32\catroot2
2010-09-30 17:00:37 ----D---- C:\Windows\system32\Tasks
2010-09-29 21:37:41 ----D---- C:\Windows\Tasks
2010-09-29 21:09:55 ----D---- C:\Windows\rescache
2010-09-29 16:00:38 ----D---- C:\Windows\winsxs
2010-09-29 15:59:39 ----D---- C:\Windows\SYSWOW64\cs-CZ
2010-09-29 15:59:39 ----D---- C:\Windows\SysWOW64
2010-09-29 15:59:39 ----D---- C:\Windows\system32\cs-CZ
2010-09-29 15:59:39 ----D---- C:\Program Files\Internet Explorer
2010-09-29 15:59:39 ----D---- C:\Program Files (x86)\Internet Explorer
2010-09-29 15:59:38 ----D---- C:\Windows\system32\DriverStore
2010-09-29 12:29:31 ----D---- C:\Windows\system32\catroot
2010-09-23 21:55:55 ----D---- C:\Windows\Downloaded Program Files
2010-09-16 20:14:58 ----SHD---- C:\Windows\Installer
2010-09-16 20:14:54 ----D---- C:\ProgramData\Microsoft Help
2010-09-16 20:14:02 ----A---- C:\Windows\system32\MRT.exe
2010-09-04 15:03:38 ----D---- C:\Windows\system32\wdi
2010-08-25 15:45:10 ----D---- C:\Windows\AppPatch
2010-08-17 16:19:03 ----HD---- C:\ProgramData
2010-08-12 08:46:05 ----D---- C:\Windows\Microsoft.NET
2010-08-12 08:46:01 ----RSD---- C:\Windows\assembly
2010-08-12 06:49:52 ----D---- C:\Windows\SYSWOW64\migration
2010-08-12 06:49:52 ----D---- C:\Windows\system32\migration
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2009-08-04 241696]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-06-28 28752]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-06-28 121936]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-06-28 51280]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-06-28 20048]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-06-28 61008]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-10-06 2009376]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2009-06-28 28704]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 MSICDSetup;MSICDSetup; \??\E:\CDriver64.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-14 383008]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-07-14 239648]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-23 1255736]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosím o kontrolu logu, díky
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: prosím o kontrolu logu, díky
Zdravím 
Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu
Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu
- Spusťte, poté do spodního políčka vložte následující skript.
Kód: Vybrat vše
netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
autochk.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT
- Označte položku Pro všechny uživatele.
- Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
- Po dokončení, sem vložte logy OTL.Txt a Extras.txt
Přispějete na provoz fóra?