Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Preventivka

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
postak4
Návštěvník
Návštěvník
Příspěvky: 59
Registrován: 03 dub 2006 18:25
Kontaktovat uživatele:
Kontaktovat uživatele postak4

Preventivka

#1 Příspěvek od postak4 »

Dobrý den!! Prosím o kontrolu. PC se prý sekal a spomaloval se chod systému. Vyčistil jsem, promazal, defrag, a instal místo AVG9 => AVAST free + scan po resetu.. žádné viry..
Děkuji za kontrolu :wink: :)
====================================


Logfile of random's system information tool 1.08 (written by random/random)
Run by doma at 2011-06-14 23:21:12
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 48 GB (63%) free of 76 GB
Total RAM: 767 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:21:15, on 14.6.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17096)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe
C:\Program Files\COMODO\COMODO BackUp\COSService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
F:\SLOZKA\Download\Bezpečnost\RSIT.exe
C:\Program Files\trend micro\doma.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Badoo Desktop] "C:\Documents and Settings\All Users\Data aplikací\Badoo\Badoo Desktop\1.4.0.925\Badoo.Desktop.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF6F08BF-23C4-4E6A-B15D-132751BEC29E}: NameServer = 212.111.0.10
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Comodo Online Storage Service (COSService.exe) - Unknown owner - C:\Program Files\COMODO\COMODO BackUp\COSService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Comodo BackUp Service (SynchronizationService.exe) - Unknown owner - C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe

--
End of file - 7696 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-05-10 819840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2010-10-09 2018368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-04-15 1164680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-10-10 842296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2010-10-09 2018368]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-05-10 819840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-03 86016]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2004-02-13 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-05-10 3459712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-04-18 15146376]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-10-10 39408]
"Badoo Desktop"=C:\Documents and Settings\All Users\Data aplikací\Badoo\Badoo Desktop\1.4.0.925\Badoo.Desktop.exe [2011-05-06 1013760]

C:\Documents and Settings\doma\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
avgrsstx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2011-06-14 23:21:13 ----D---- C:\Program Files\trend micro
2011-06-14 23:08:42 ----D---- C:\rsit
2011-06-14 23:03:00 ----D---- C:\Documents and Settings\doma\Data aplikací\WinRAR
2011-06-14 23:02:45 ----D---- C:\Program Files\WinRAR
2011-06-14 22:57:27 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2011-06-14 22:57:23 ----HDC---- C:\WINDOWS\$NtUninstallWdf01009$
2011-06-14 22:57:12 ----D---- C:\WINDOWS\LastGood
2011-06-14 22:56:54 ----D---- C:\Program Files\COMODO
2011-06-14 22:56:30 ----A---- C:\WINDOWS\system32\msvcr71.dll
2011-06-14 22:56:30 ----A---- C:\WINDOWS\system32\mfc71.dll
2011-06-14 22:56:30 ----A---- C:\WINDOWS\system32\gdiplus.dll
2011-06-14 20:05:52 ----D---- C:\Documents and Settings\doma\Data aplikací\ComodoGroup
2011-06-14 19:45:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2011-06-14 19:45:14 ----D---- C:\Program Files\Common Files\Java
2011-06-14 19:44:39 ----A---- C:\WINDOWS\system32\javaws.exe
2011-06-14 19:44:39 ----A---- C:\WINDOWS\system32\javaw.exe
2011-06-14 19:44:39 ----A---- C:\WINDOWS\system32\java.exe
2011-06-14 19:44:39 ----A---- C:\WINDOWS\system32\deployJava1.dll
2011-06-14 19:03:56 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-06-14 19:03:56 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-06-14 19:03:53 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-06-14 19:03:52 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-06-14 19:03:52 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-06-14 19:03:50 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-06-14 19:03:50 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-06-14 19:03:50 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-06-14 19:03:35 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-06-14 19:03:23 ----D---- C:\Program Files\AVAST Software
2011-06-14 19:03:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2011-06-14 19:00:15 ----A---- C:\CF-RC.txt
2011-06-14 18:59:39 ----A---- C:\Boot.bak
2011-06-14 18:59:35 ----RASHD---- C:\cmdcons
2011-06-14 18:57:19 ----A---- C:\WINDOWS\zip.exe
2011-06-14 18:57:19 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-06-14 18:57:19 ----A---- C:\WINDOWS\SWSC.exe
2011-06-14 18:57:19 ----A---- C:\WINDOWS\SWREG.exe
2011-06-14 18:57:19 ----A---- C:\WINDOWS\sed.exe
2011-06-14 18:57:19 ----A---- C:\WINDOWS\PEV.exe
2011-06-14 18:57:19 ----A---- C:\WINDOWS\MBR.exe
2011-06-14 18:57:19 ----A---- C:\WINDOWS\grep.exe
2011-06-14 18:35:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2011-06-14 17:48:49 ----D---- C:\Program Files\Common Files\Adobe
2011-06-14 17:34:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-06-14 17:26:10 ----D---- C:\WINDOWS\ERDNT
2011-06-14 17:20:55 ----D---- C:\Qoobox
2011-06-14 16:32:43 ----D---- C:\Program Files\Recuva
2011-06-14 16:26:31 ----D---- C:\Program Files\CCleaner
2011-06-13 19:04:33 ----D---- C:\Program Files\Defraggler
2011-06-13 17:33:10 ----A---- C:\WINDOWS\system32\hidserv.dll
2011-06-13 17:33:05 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys
2011-06-02 10:07:08 ----A---- C:\WINDOWS\system32\drivers\bdisk.sys
2011-06-02 10:06:58 ----A---- C:\WINDOWS\system32\drivers\cbufs.sys
2011-06-02 10:06:50 ----A---- C:\WINDOWS\system32\drivers\CBVD.sys
2011-06-02 10:06:42 ----A---- C:\WINDOWS\system32\drivers\vdbus.sys
2011-06-02 10:06:34 ----A---- C:\WINDOWS\system32\drivers\cbreparse.sys

======List of files/folders modified in the last 1 months======

2011-06-14 23:21:13 ----RD---- C:\Program Files
2011-06-14 22:58:34 ----D---- C:\WINDOWS\system32
2011-06-14 22:58:34 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-06-14 22:58:32 ----D---- C:\WINDOWS\Temp
2011-06-14 22:57:35 ----SHD---- C:\WINDOWS\Installer
2011-06-14 22:57:34 ----D---- C:\WINDOWS\system32\drivers
2011-06-14 22:57:32 ----HD---- C:\WINDOWS\inf
2011-06-14 22:57:31 ----D---- C:\WINDOWS
2011-06-14 22:57:09 ----D---- C:\WINDOWS\system32\CatRoot2
2011-06-14 22:27:16 ----D---- C:\Documents and Settings\doma\Data aplikací\Skype
2011-06-14 22:26:48 ----D---- C:\Documents and Settings\doma\Data aplikací\skypePM
2011-06-14 19:45:14 ----D---- C:\Program Files\Common Files
2011-06-14 19:44:07 ----D---- C:\Program Files\Java
2011-06-14 19:27:52 ----D---- C:\WINDOWS\Prefetch
2011-06-14 19:23:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-06-14 19:22:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype Extras
2011-06-14 19:03:46 ----D---- C:\WINDOWS\WinSxS
2011-06-14 18:59:39 ----RASH---- C:\boot.ini
2011-06-14 18:55:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg9
2011-06-14 18:53:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
2011-06-14 18:16:45 ----SD---- C:\Documents and Settings\doma\Data aplikací\Microsoft
2011-06-14 17:49:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-06-14 17:40:15 ----D---- C:\WINDOWS\SoftwareDistribution
2011-06-14 17:28:43 ----D---- C:\WINDOWS\system32\LogFiles
2011-06-14 17:28:43 ----D---- C:\WINDOWS\Minidump
2011-06-14 17:28:43 ----D---- C:\WINDOWS\Debug
2011-06-14 17:28:42 ----SHD---- C:\RECYCLER
2011-06-13 18:48:14 ----D---- C:\Documents and Settings
2011-05-30 17:16:40 ----D---- C:\Documents and Settings\doma\Data aplikací\dvdcss
2011-05-30 17:15:35 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-14 44672]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-05-10 30808]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-05-10 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-05-10 441176]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-05-10 307928]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-05-10 49240]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-05-10 19544]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-05-10 102616]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-04 11868]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-04 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-04 220032]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-03 6554496]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 vdbus;Virtual Disk Bus Enumerator; C:\WINDOWS\system32\DRIVERS\vdbus.sys [2011-06-02 575144]
R3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudio.sys [2003-10-20 73856]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-04 685056]
S0 bdisk;COMODO Disk Raw Access Filter; C:\WINDOWS\system32\drivers\bdisk.sys [2011-06-02 75216]
S0 CBUfs;CBUFS; C:\WINDOWS\system32\drivers\CBUFS.sys [2011-06-02 125040]
S0 cbvd;Comodo Encrypted Virtual Disk; C:\WINDOWS\system32\DRIVERS\cbvd.sys [2011-06-02 430048]
S3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys []
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys []
S3 reparse;Reparse; C:\WINDOWS\system32\DRIVERS\cbreparse.sys [2011-06-02 429408]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-05-10 42184]
R2 COSService.exe;Comodo Online Storage Service; C:\Program Files\COMODO\COMODO BackUp\COSService.exe [2011-06-02 579888]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 SynchronizationService.exe;Comodo BackUp Service; C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe [2011-06-02 1359664]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-03 159812]
S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------
_______________________________________________________________________

Velký dík patří týmu na www.viry.cz ;-) !!!
Nahoru
Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13399
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: Preventivka

#2 Příspěvek od Roli »

Zdravím, tyhle zbytečnosti fixni v HJT :

R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Badoo Desktop] "C:\Documents and Settings\All Users\Data aplikací\Badoo\Badoo Desktop\1.4.0.925\Badoo.Desktop.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

HJT najdeš zde :

C:\Program Files\trend micro\doma.exe

Fix znamená že spustíš HJT Obrázek

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Start >> Ovládací panely >> Přidat nebo odebrat odinstaluj ICQ6Toolbar


Projeď PC přes AVG Remover


Nakonec mi sem dej aktuální log.txt z Rsit.
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:
Nahoru
postak4
Návštěvník
Návštěvník
Příspěvky: 59
Registrován: 03 dub 2006 18:25
Kontaktovat uživatele:
Kontaktovat uživatele postak4

Re: Preventivka

#3 Příspěvek od postak4 »

Tak AVG remover jsem použil už při odinstalaci AVG, neboť jinak nešel odebrat :wink: .. Jinak jsem použil RSIT a posílám log..


Logfile of random's system information tool 1.06 (written by random/random)
Run by doma at 2011-06-20 23:37:22
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 39 GB (52%) free of 76 GB
Total RAM: 767 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:37:25, on 20.6.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17098)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\COMODO BackUp\COSService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe
C:\Program Files\COMODO\COMODO BackUp\CBU.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
f:\SLOZKA\Download\Aplikace pro USB portable\RSIT.exe
C:\Program Files\trend micro\doma.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF6F08BF-23C4-4E6A-B15D-132751BEC29E}: NameServer = 212.111.0.10
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Comodo Online Storage Service (COSService.exe) - Unknown owner - C:\Program Files\COMODO\COMODO BackUp\COSService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Comodo BackUp Service (SynchronizationService.exe) - Unknown owner - C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe

--
End of file - 5188 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\CBU taskID 63295419878 0.job
C:\WINDOWS\tasks\CBU taskID 63295419935 0.job
C:\WINDOWS\tasks\CBU taskID 63295419980 0.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-05-10 819840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-04-15 1164680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088]
"nwiz"=nwiz.exe /install []
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-05-10 3459712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-04-18 15146376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6870d7ec-d227-11df-82d2-0040ca721c1c}]
shell\AutoRun\command - F:\Launcher.exe


======List of files/folders created in the last 1 months======

2011-06-20 23:12:42 ----D---- C:\Documents and Settings\doma\Data aplikací\GHISLER
2011-06-20 23:12:41 ----D---- C:\totalcmd
2011-06-20 18:09:35 ----SHD---- C:\Config.Msi
2011-06-20 17:35:57 ----D---- C:\Documents and Settings\doma\Data aplikací\Comodo
2011-06-14 23:21:13 ----D---- C:\Program Files\trend micro
2011-06-14 23:08:42 ----D---- C:\rsit
2011-06-14 23:03:00 ----D---- C:\Documents and Settings\doma\Data aplikací\WinRAR
2011-06-14 23:02:45 ----D---- C:\Program Files\WinRAR
2011-06-14 22:57:27 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2011-06-14 22:57:23 ----HDC---- C:\WINDOWS\$NtUninstallWdf01009$
2011-06-14 22:56:54 ----D---- C:\Program Files\COMODO
2011-06-14 22:56:30 ----A---- C:\WINDOWS\system32\msvcr71.dll
2011-06-14 22:56:30 ----A---- C:\WINDOWS\system32\mfc71.dll
2011-06-14 22:56:30 ----A---- C:\WINDOWS\system32\gdiplus.dll
2011-06-14 20:05:52 ----D---- C:\Documents and Settings\doma\Data aplikací\ComodoGroup
2011-06-14 19:45:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2011-06-14 19:45:14 ----D---- C:\Program Files\Common Files\Java
2011-06-14 19:44:39 ----A---- C:\WINDOWS\system32\javaws.exe
2011-06-14 19:44:39 ----A---- C:\WINDOWS\system32\javaw.exe
2011-06-14 19:44:39 ----A---- C:\WINDOWS\system32\java.exe
2011-06-14 19:44:39 ----A---- C:\WINDOWS\system32\deployJava1.dll
2011-06-14 19:03:35 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-06-14 19:03:23 ----D---- C:\Program Files\AVAST Software
2011-06-14 19:03:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2011-06-14 19:00:15 ----A---- C:\CF-RC.txt
2011-06-14 18:59:39 ----A---- C:\Boot.bak
2011-06-14 18:59:35 ----RASHD---- C:\cmdcons
2011-06-14 18:57:19 ----A---- C:\WINDOWS\zip.exe
2011-06-14 18:57:19 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-06-14 18:57:19 ----A---- C:\WINDOWS\SWSC.exe
2011-06-14 18:57:19 ----A---- C:\WINDOWS\SWREG.exe
2011-06-14 18:57:19 ----A---- C:\WINDOWS\sed.exe
2011-06-14 18:57:19 ----A---- C:\WINDOWS\PEV.exe
2011-06-14 18:57:19 ----A---- C:\WINDOWS\MBR.exe
2011-06-14 18:57:19 ----A---- C:\WINDOWS\grep.exe
2011-06-14 18:35:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2011-06-14 17:48:49 ----D---- C:\Program Files\Common Files\Adobe
2011-06-14 17:34:13 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-06-14 17:26:10 ----D---- C:\WINDOWS\ERDNT
2011-06-14 17:20:55 ----D---- C:\Qoobox
2011-06-14 16:32:43 ----D---- C:\Program Files\Recuva
2011-06-14 16:26:31 ----D---- C:\Program Files\CCleaner
2011-06-13 19:04:33 ----D---- C:\Program Files\Defraggler
2011-06-13 17:33:10 ----A---- C:\WINDOWS\system32\hidserv.dll

======List of files/folders modified in the last 1 months======

2011-06-20 23:36:00 ----D---- C:\WINDOWS\Prefetch
2011-06-20 23:27:48 ----D---- C:\Program Files\Google
2011-06-20 23:19:33 ----D---- C:\WINDOWS\Temp
2011-06-20 23:12:43 ----D---- C:\WINDOWS
2011-06-20 22:26:51 ----D---- C:\Documents and Settings\doma\Data aplikací\Skype
2011-06-20 22:26:48 ----D---- C:\WINDOWS\Debug
2011-06-20 22:06:38 ----SD---- C:\WINDOWS\Tasks
2011-06-20 19:16:05 ----SHD---- C:\System Volume Information
2011-06-20 19:01:05 ----HD---- C:\WINDOWS\inf
2011-06-20 19:01:03 ----D---- C:\WINDOWS\system32\CatRoot2
2011-06-20 19:00:59 ----D---- C:\WINDOWS\repair
2011-06-20 19:00:57 ----D---- C:\WINDOWS\Registration
2011-06-20 18:29:22 ----D---- C:\WINDOWS\system32
2011-06-20 18:29:22 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-06-20 18:24:09 ----D---- C:\WINDOWS\Help
2011-06-20 18:24:04 ----D---- C:\WINDOWS\nview
2011-06-20 18:22:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-06-20 18:21:44 ----D---- C:\WINDOWS\system32\drivers
2011-06-20 18:21:35 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-06-20 18:10:26 ----SHD---- C:\WINDOWS\Installer
2011-06-20 18:02:24 ----D---- C:\Program Files\Internet Explorer
2011-06-20 17:58:52 ----D---- C:\WINDOWS\system32\cs-cz
2011-06-20 17:58:38 ----D---- C:\WINDOWS\ie7updates
2011-06-20 17:56:34 ----A---- C:\WINDOWS\system32\MRT.exe
2011-06-20 17:56:14 ----HD---- C:\WINDOWS\$hf_mig$
2011-06-20 17:34:22 ----A---- C:\WINDOWS\NeroDigital.ini
2011-06-20 16:15:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype Extras
2011-06-20 16:05:56 ----D---- C:\Documents and Settings\doma\Data aplikací\skypePM
2011-06-14 23:21:13 ----RD---- C:\Program Files
2011-06-14 19:45:14 ----D---- C:\Program Files\Common Files
2011-06-14 19:44:07 ----D---- C:\Program Files\Java
2011-06-14 19:03:46 ----D---- C:\WINDOWS\WinSxS
2011-06-14 18:59:39 ----RASH---- C:\boot.ini
2011-06-14 18:55:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg9
2011-06-14 18:53:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
2011-06-14 18:16:45 ----SD---- C:\Documents and Settings\doma\Data aplikací\Microsoft
2011-06-14 17:49:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-06-14 17:40:15 ----D---- C:\WINDOWS\SoftwareDistribution
2011-06-14 17:28:43 ----D---- C:\WINDOWS\system32\LogFiles
2011-06-14 17:28:43 ----D---- C:\WINDOWS\Minidump
2011-06-14 17:28:42 ----SHD---- C:\RECYCLER
2011-06-13 18:48:14 ----D---- C:\Documents and Settings
2011-05-30 17:16:40 ----D---- C:\Documents and Settings\doma\Data aplikací\dvdcss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-05-10 30808]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-05-10 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-05-10 441176]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-05-10 307928]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-05-10 49240]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-05-10 19544]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-05-10 102616]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-04 11868]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-04 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-04 220032]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-03 6554496]
R3 reparse;Reparse; C:\WINDOWS\system32\DRIVERS\cbreparse.sys [2011-06-02 429408]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 vdbus;Virtual Disk Bus Enumerator; C:\WINDOWS\system32\DRIVERS\vdbus.sys [2011-06-02 575144]
R3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudio.sys [2003-10-20 73856]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-04 685056]
S3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys []
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys []
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-05-10 42184]
R2 COSService.exe;Comodo Online Storage Service; C:\Program Files\COMODO\COMODO BackUp\COSService.exe [2011-06-02 579888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-03 159812]
R2 SynchronizationService.exe;Comodo BackUp Service; C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe [2011-06-02 1359664]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------
_______________________________________________________________________

Velký dík patří týmu na www.viry.cz ;-) !!!
Nahoru
Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13399
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: Preventivka

#4 Příspěvek od Roli »

Jelikož toho tam po AVG zůstává pořád dost,

stáhni SystemLook

spusť aplikaci a do otevřeného okna zkopíruj :

Kód: Vybrat vše

:filefind
*AVG*

:regfind
*AVG*

:service
*AVG*
pak klik na Look aplikace vytvoří SystemLook.txt jeho obsah mi sem zkopíruj.
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:
Nahoru
postak4
Návštěvník
Návštěvník
Příspěvky: 59
Registrován: 03 dub 2006 18:25
Kontaktovat uživatele:
Kontaktovat uživatele postak4

Re: Preventivka

#5 Příspěvek od postak4 »

SystemLook 04.09.10 by jpshortstuff
Log created at 19:40 on 21/06/2011 by doma
Administrator - Elevation successful

========== filefind ==========

Searching for "*AVG*"
C:\Documents and Settings\All Users\Data aplikací\avg9\Chjw\3e6cdb9c6cdb4d71\avgcchff.dat --a---- 391238 bytes [16:47 14/06/2011] [16:47 14/06/2011] C9F539C77A74C784DB774A44C1A538E5
C:\Documents and Settings\All Users\Data aplikací\avg9\Chjw\3e6cdb9c6cdb4d71\avgcchfi.dat --a---- 656 bytes [16:52 14/06/2011] [16:52 14/06/2011] E0B795676B484BE129DE257D40030A8C
C:\Documents and Settings\All Users\Data aplikací\avg9\Chjw\3e6cdb9c6cdb4d71\avgcchmf.dat --a---- 143510 bytes [16:47 14/06/2011] [16:47 14/06/2011] E1482D0B0095A1FAC4E318F9D9566604
C:\Documents and Settings\All Users\Data aplikací\avg9\Chjw\3e6cdb9c6cdb4d71\avgcchmi.dat --a---- 850 bytes [16:52 14/06/2011] [16:52 14/06/2011] 985FF2F4E8CA2B6793FDA61C9AF6E02D
C:\Documents and Settings\All Users\Data aplikací\MFAData\pack\avg10infoavi.ctf --a---- 3450 bytes [07:27 14/06/2011] [16:36 14/06/2011] EDD79F7F4BD888223F8E172EEA163AAC
C:\Documents and Settings\All Users\Data aplikací\MFAData\pack\avg10infooi.ctf --a---- 1949 bytes [07:27 14/06/2011] [16:36 14/06/2011] 9EFD74363BE26C2627A36CF8CC0540CC
C:\Documents and Settings\All Users\Data aplikací\MFAData\pack\avg10infowin.ctf --a---- 18422 bytes [07:27 14/06/2011] [16:36 14/06/2011] 6D906B4B6794583D04F0F2F44DF4322D
C:\Documents and Settings\All Users\Data aplikací\MFAData\pack\avgcom_mis.mdf --a---- 108862 bytes [16:35 14/06/2011] [16:36 14/06/2011] 41259F3FF9578A338928CE6D4CE144EA
C:\Documents and Settings\All Users\Data aplikací\MFAData\pack\Avgx86.msi --a---- 3489280 bytes [16:35 14/06/2011] [16:36 14/06/2011] 7EFE57020536C33B2839F4E785DAAB32
C:\Documents and Settings\All Users\Data aplikací\MFAData\pack\bins\poi10avgcom_lic8bc.bin --a---- 5934 bytes [21:42 24/09/2010] [16:35 14/06/2011] FACED487513DA5CB2153026F13CCBF97
C:\Documents and Settings\All Users\Data aplikací\MFAData\pack\bins\poi10avgcom_mis36rg.bin --a---- 114609 bytes [14:00 06/05/2011] [16:35 14/06/2011] 81028197EDCB2B0F3D98F31B63A865B1
C:\Documents and Settings\All Users\Data aplikací\MFAData\pack\bins\w10avgx1382li.bin --a---- 1084776 bytes [19:42 30/05/2011] [16:35 14/06/2011] 1AF858E416F73397EE15A83B239D972A
C:\Documents and Settings\doma\Dokumenty\avg9inst.log --a---- 7287884 bytes [16:14 14/06/2011] [16:12 14/06/2011] 1F53F8CF3CDA36F7BC360D47EA90C810
C:\install\avg_free_stf_en_8_176a1400.exe --a--c- 54157776 bytes [10:56 18/01/2009] [10:56 18/01/2009] F393FFCF6AB62C751AD6682FFB7F736B
C:\WINDOWS\Prefetch\AVGCMGR.EXE-2204F3C3.pf --a---- 24812 bytes [15:57 04/09/2010] [16:42 14/06/2011] 6C4912549B8FC3E8D01F8F279E0FCF97
C:\WINDOWS\Prefetch\AVGCSRVX.EXE-369D1E21.pf --a---- 14910 bytes [20:41 11/05/2010] [16:33 14/06/2011] BEB6A84856D931BCD92AFDC9E9DFDF1F
C:\WINDOWS\Prefetch\AVGDIAGEX.EXE-31155FE5.pf --a---- 41220 bytes [09:08 23/09/2010] [16:33 14/06/2011] CFCAFF3C1D63B3105C60EBB0E06DD64F
C:\WINDOWS\Prefetch\AVGEMC.EXE-1D50AA4A.pf --a---- 38904 bytes [20:41 11/05/2010] [16:33 14/06/2011] 0C2050E7ADA299E9466EA7B998E9A30D
C:\WINDOWS\Prefetch\AVGFWS9.EXE-33507B1E.pf --a---- 113612 bytes [10:04 17/03/2011] [16:33 14/06/2011] 772EDB8EE71797E06ED76C44B01140FC
C:\WINDOWS\Prefetch\AVGNSX.EXE-1E4BB7C6.pf --a---- 55336 bytes [15:56 04/09/2010] [16:33 14/06/2011] 48B62DB3B03AA9097892D71E911A3D02
C:\WINDOWS\Prefetch\AVGSRMAX.EXE-3B29F6BC.pf --a---- 40544 bytes [16:01 04/09/2010] [15:47 14/06/2011] 3F23C298D54734B79776764F6D96F1D5
C:\WINDOWS\Prefetch\AVGUPD.EXE-1C156B0E.pf --a---- 102444 bytes [17:23 03/09/2010] [15:46 14/06/2011] C306BA330D20035907EE677D4F648011

========== regfind ==========

Searching for "*AVG*"
No data found.

========== service ==========

*AVG* - Unable to open Service Handle.

-= EOF =-
_______________________________________________________________________

Velký dík patří týmu na www.viry.cz ;-) !!!
Nahoru
Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13399
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: Preventivka

#6 Příspěvek od Roli »

Tak že budeme uklízet.

Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files 
C:\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\Program Files\AVG
C:\Documents and Settings\All Users\Data aplikací\avg9
C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
C:\Documents and Settings\All Users\Data aplikací\MFAData
C:\Documents and Settings\doma\Dokumenty\avg9inst.log
C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
C:\install\avg_free_stf_en_8_176a1400.exe
C:\WINDOWS\Prefetch\AVGCMGR.EXE
C:\WINDOWS\Prefetch\AVGCSRVX.EXE
C:\WINDOWS\Prefetch\AVGDIAGEX.EXE
C:\WINDOWS\Prefetch\AVGEMC.EXE
C:\WINDOWS\Prefetch\AVGFWS9.EXE
C:\WINDOWS\Prefetch\AVGNSX.EXE
C:\WINDOWS\Prefetch\AVGSRMAX.EXE
C:\WINDOWS\Prefetch\AVGUPD.EXE

:reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\AVG\AVG9\avgam.exe"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\AVG\AVG9\avgdiagex.exe"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\AVG\AVG9\avgemc.exe"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\AVG\AVG9\avgupd.exe"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\AVG\AVG9\avgnsx.exe"=-

:services
Avgfwdx
Avgfwfd

:commands
[purity]
[emptytemp]
[start explorer]
klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:
Nahoru
postak4
Návštěvník
Návštěvník
Příspěvky: 59
Registrován: 03 dub 2006 18:25
Kontaktovat uživatele:
Kontaktovat uživatele postak4

Re: Preventivka

#7 Příspěvek od postak4 »

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\System32\SET3C.tmp moved successfully.
C:\WINDOWS\System32\SET40.tmp moved successfully.
C:\WINDOWS\System32\SET48.tmp moved successfully.
C:\WINDOWS\System32\SET90.tmp moved successfully.
C:\WINDOWS\002565_.tmp moved successfully.
C:\WINDOWS\SET21.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
File/Folder C:\Program Files\AVG not found.
File/Folder C:\Documents and Settings\All Users\Data aplikací\avg9 not found.
File/Folder C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar not found.
C:\Documents and Settings\All Users\Data aplikací\MFAData\pack\bins folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\MFAData\pack folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\MFAData\mkt\res folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\MFAData\mkt\hi folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\MFAData\mkt\cz folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\MFAData\mkt folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\MFAData\logs folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\MFAData folder moved successfully.
File/Folder C:\Documents and Settings\doma\Dokumenty\avg9inst.log not found.
File/Folder C:\WINDOWS\system32\DRIVERS\avgfwdx.sys not found.
File/Folder C:\install\avg_free_stf_en_8_176a1400.exe not found.
File/Folder C:\WINDOWS\Prefetch\AVGCMGR.EXE not found.
File/Folder C:\WINDOWS\Prefetch\AVGCSRVX.EXE not found.
File/Folder C:\WINDOWS\Prefetch\AVGDIAGEX.EXE not found.
File/Folder C:\WINDOWS\Prefetch\AVGEMC.EXE not found.
File/Folder C:\WINDOWS\Prefetch\AVGFWS9.EXE not found.
File/Folder C:\WINDOWS\Prefetch\AVGNSX.EXE not found.
File/Folder C:\WINDOWS\Prefetch\AVGSRMAX.EXE not found.
File/Folder C:\WINDOWS\Prefetch\AVGUPD.EXE not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\AVG\AVG9\avgam.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\AVG\AVG9\avgdiagex.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\AVG\AVG9\avgemc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\AVG\AVG9\avgupd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\AVG\AVG9\avgnsx.exe deleted successfully.
========== SERVICES/DRIVERS ==========
Service Avgfwdx stopped successfully!
Service Avgfwdx deleted successfully!
Service Avgfwfd stopped successfully!
Service Avgfwfd deleted successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 213394 bytes
->Flash cache emptied: 434 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: doma
->Temp folder emptied: 3925308 bytes
->Temporary Internet Files folder emptied: 10107356 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 702 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 572784 bytes
->Temporary Internet Files folder emptied: 33237 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32768 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 7295562 bytes

Total Files Cleaned = 21,00 mb


OTM by OldTimer - Version 3.1.18.0 log created on 06212011_214145

Files moved on Reboot...
C:\Documents and Settings\doma\Local Settings\Temporary Internet Files\Content.IE5\BOUI2W0I\background_button_green_full[1].png moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
_______________________________________________________________________

Velký dík patří týmu na www.viry.cz ;-) !!!
Nahoru
Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13399
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: Preventivka

#8 Příspěvek od Roli »

Tak a máme doufám po AVG.

Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!

tímto po sobě uklidí.


No a jaký je stav PC ?
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:
Nahoru
postak4
Návštěvník
Návštěvník
Příspěvky: 59
Registrován: 03 dub 2006 18:25
Kontaktovat uživatele:
Kontaktovat uživatele postak4

Re: Preventivka

#9 Příspěvek od postak4 »

:) :wink: Tváří se v kondici .. Start je svižný a žádné šubance.. Měl jsem ještě problém s VGA, ale přeintaloval jsem ovladače a OK. Síť se zdá bez problémů..

Děkuji za pomoc!! Příjemný večer :)
_______________________________________________________________________

Velký dík patří týmu na www.viry.cz ;-) !!!
Nahoru
Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13399
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: Preventivka

#10 Příspěvek od Roli »

Není zač a měj se :)
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:
Nahoru
Odpovědět

Zpět na „Preventivní kontroly logů“