VIRY.CZ

Jak víte, že je to zdroj těch chyb?

Tohle znáte nebo to můžu smazat? Nelíbí se mi to
c:\users\Hero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RSD.exe.lnk

Název protokolu:System
Zdroj: nvstor32
Datum: 1.2.2011 17:56:54
ID události: 4
Kategorie úlohy:Není
Úroveň: Chyba
Klíčová slova: Klasické nastavení
Uživatel: Není k dispozici
Počítač: KGB
Popis:
Command to device was aborted.

Device: \Device\RaidPort0
Model: WDC WD2500KS-00MJB0
Firmware Version: 02.0
Serial Number: WD-WCANK6332493
Port: 0

Kód XML události:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="nvstor32" />
<EventID Qualifiers="49374">4</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2011-02-01T16:56:54.708000000Z" />
<EventRecordID>45415</EventRecordID>
<Channel>System</Channel>
<Computer>KGB</Computer>
<Security />
</System>
<EventData>
<Data>\Device\RaidPort0</Data>
<Data>WDC WD2500KS-00MJB0</Data>
<Data>02.0</Data>
<Data> WD-WCANK6332493</Data>
<Data>0</Data>
<Binary>0000000005002800000000000400DEC0000000000000000000000000000000000000000000000000</Binary>
</EventData>
</Event>


neznám, takže se to může klidně smazat. Kdyžtak ale až zítra, pro dnešek díky a dobrou noc.

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Dobré ráno.
Tady je log Combofixu:

ComboFix 11-01-31.02 - Hero 03.02.2011 8:34.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.3071.2379 [GMT 1:00]
Spuštěný z: c:\users\Hero\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Hero\Desktop\CFScript.txt
AV: avast! Internet Security *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
FW: avast! Internet Security *Disabled* {FB460EB6-4C6D-E564-6BF5-EEEF2B44B473}
SP: avast! Internet Security *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení

file zipped: c:\windows\pss\RSD.exe.lnk.Startup
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\pss\RSD.exe.lnk.Startup

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PXLDQPOW


((((((((((((((((((((((((( Soubory vytvořené od 2011-01-03 do 2011-02-03 )))))))))))))))))))))))))))))))
.

2011-02-03 07:38 . 2011-02-03 07:40 -------- d-----w- c:\users\Hero\AppData\Local\temp
2011-02-03 07:38 . 2011-02-03 07:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-02 16:45 . 2011-02-02 16:46 -------- d-----w- C:\TEMP
2011-02-02 11:53 . 2011-02-02 11:53 -------- d-----w- c:\program files\trend micro
2011-02-02 11:53 . 2011-02-02 11:53 -------- d-----w- C:\rsit
2011-02-01 20:49 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-01 20:49 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-01 20:48 . 2011-01-13 08:42 99792 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-02-01 20:48 . 2011-01-13 08:41 357968 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-01 20:48 . 2011-01-13 08:41 189904 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-02-01 20:48 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-01 20:48 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-01 20:48 . 2011-01-13 08:37 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-01 20:48 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-01 20:48 . 2011-01-13 08:21 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2011-02-01 20:48 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-01 20:48 . 2011-02-01 20:48 -------- d-----w- c:\programdata\Alwil Software
2011-02-01 20:48 . 2011-02-01 20:48 -------- d-----w- c:\program files\Alwil Software
2011-02-01 17:02 . 2011-02-01 17:02 -------- d---a-w- c:\windows\rundll16.exe
2011-02-01 17:02 . 2011-02-01 17:02 -------- d---a-w- c:\windows\logo1_.exe
2011-02-01 16:45 . 2011-02-01 16:45 -------- d---a-w- c:\windows\VDLL.DLL
2011-02-01 16:45 . 2011-02-01 16:45 -------- d---a-w- c:\windows\system32\runouce.exe
2011-02-01 16:45 . 2011-02-01 16:45 -------- d---a-w- c:\windows\RUNDL132.EXE
2011-02-01 16:45 . 2011-02-01 16:45 -------- d---a-w- c:\windows\logo_1.exe
2011-02-01 16:38 . 2011-02-01 16:38 632064 ----a-w- c:\windows\system32\msvcr80.dll
2011-02-01 16:38 . 2011-02-01 16:38 554240 ----a-w- c:\windows\system32\msvcp80.dll
2011-02-01 16:38 . 2011-02-01 16:38 34048 ----a-w- c:\windows\system32\eEmpty.exe
2011-02-01 16:38 . 2011-02-01 16:38 -------- d-----w- c:\program files\Common Files\MicroWorld
2011-02-01 16:38 . 2011-02-01 16:38 -------- d-----w- c:\programdata\MicroWorld
2011-02-01 16:35 . 2011-02-01 16:37 -------- d-----w- c:\users\Hero\AppData\Roaming\Download Manager
2011-02-01 00:17 . 2011-02-01 00:17 -------- d-----w- c:\program files\ESET
2011-01-31 17:29 . 2011-01-31 17:29 -------- d--h--w- c:\programdata\CanonBJ
2011-01-31 17:29 . 2009-07-14 01:15 70144 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNBPP3.DLL
2011-01-31 17:21 . 2011-01-31 17:21 -------- d-----w- c:\program files\Common Files\Canon
2011-01-31 15:08 . 2003-11-10 17:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-01-31 15:08 . 2003-11-10 17:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-01-31 15:08 . 2003-11-10 17:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-01-31 15:08 . 2003-11-10 17:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-01-31 15:08 . 2003-11-10 17:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-01-31 15:08 . 2011-01-31 15:08 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-01-31 15:08 . 2011-01-31 15:08 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-01-31 15:01 . 2011-01-31 15:01 -------- d-----w- C:\cabs
2011-01-31 13:26 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-31 13:26 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-31 13:26 . 2011-01-08 03:27 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-31 13:26 . 2011-01-08 03:27 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-31 13:26 . 2011-01-08 03:27 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-31 13:26 . 2011-01-08 03:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-31 13:26 . 2011-01-08 03:27 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-01-31 13:26 . 2011-01-08 03:27 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-01-31 13:26 . 2011-01-08 03:27 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-31 13:26 . 2011-01-08 03:27 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-01-31 13:26 . 2011-01-08 03:27 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-01-31 13:25 . 2011-01-31 13:27 -------- d-----w- c:\program files\NVIDIA Corporation
2011-01-31 13:10 . 2011-01-31 13:10 -------- d-----w- c:\programdata\Driver Inspector
2011-01-30 11:32 . 2011-01-30 11:32 -------- d-----w- c:\windows\system32\Addons
2011-01-30 11:22 . 2011-01-30 11:22 -------- d-----w- c:\windows\system32\captcha
2011-01-30 11:22 . 2011-01-30 11:22 -------- d-----w- c:\program files\temp
2011-01-30 11:22 . 2011-01-30 11:22 -------- d-----w- c:\windows\system32\Plugins
2011-01-25 20:41 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-24 08:59 . 2011-01-24 08:59 -------- d-----w- c:\windows\Sun
2011-01-21 13:11 . 2004-03-08 23:00 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-01-21 13:11 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-01-21 13:11 . 1998-06-23 23:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-01-21 13:11 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2011-01-21 13:11 . 2011-01-21 13:12 -------- d-----w- c:\program files\PDFCreator
2011-01-14 17:58 . 2011-01-14 17:58 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
2011-01-14 17:57 . 2011-01-14 18:02 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2011-01-14 17:57 . 2011-01-14 17:57 -------- d-----w- c:\program files\Application Verifier
2011-01-14 17:53 . 2011-01-14 17:53 -------- d-----w- c:\program files\Microsoft SDKs
2011-01-10 21:07 . 2011-01-20 22:14 -------- d-----w- C:\Rezistor
2011-01-08 20:47 . 2011-01-08 22:56 -------- d-----w- c:\users\Hero\AppData\Roaming\vlc
2011-01-07 20:06 . 2011-01-07 20:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 20:06 . 2011-01-07 20:06 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 20:06 . 2011-01-07 20:06 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-07 20:06 . 2011-01-07 20:06 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-01-07 20:06 . 2011-01-07 20:06 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-07 20:06 . 2011-01-07 20:06 2558568 ----a-w- c:\windows\system32\nvsvcr.dll
2011-01-07 20:06 . 2011-01-07 20:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-04 20:04 . 2011-02-01 23:19 -------- d-----w- c:\program files\Microsoft Games
2011-01-04 18:11 . 2011-01-04 18:11 -------- d-----w- c:\programdata\InstallShield
2011-01-04 18:10 . 2011-01-04 18:10 -------- d-----w- c:\program files\GIGABYTE
2011-01-04 18:06 . 2008-01-17 13:11 -------- d-----w- c:\windows\system32\GVUM071227

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-08 03:27 . 2011-01-31 13:26 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-12-29 00:33 . 2010-12-29 00:33 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-12-23 22:22 . 2010-12-25 09:31 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-12-14 13:43 . 2010-12-20 13:02 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2010-12-14 13:39 . 2010-12-20 13:02 21312 ----a-w- c:\windows\system32\authuitu.dll
2010-12-14 13:39 . 2010-12-20 13:02 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2010-12-14 04:35 . 2010-12-14 04:35 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2010-12-12 23:49 . 2010-12-12 23:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-16 11:01 . 2010-12-12 21:57 6273872 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D7D239C8-5DC3-4912-8345-37EDEDB3CE6C}\mpengine.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-01-13 08:47 120712 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKLM\~\startupfolder\C:^Users^Hero^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GIGABYTE VGA Utility.lnk]
path=c:\users\Hero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE VGA Utility.lnk
backup=c:\windows\pss\GIGABYTE VGA Utility.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-15 20:02 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-11-15 20:02 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-02-06 16:02 170496 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR10]
2009-12-20 01:50 941320 ----a-w- c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 15:06 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 15:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 08:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
2009-08-22 18:25 24576 ----a-w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2006-12-18 20:34 868352 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2010-06-09 15:25 2920448 ----a-w- c:\program files\WinFast\WFDTV\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
2010-06-09 12:53 101888 ----a-w- c:\program files\WinFast\WFDTV\DTVSchdl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /S
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

R3 CFcatchme;CFcatchme;c:\users\Hero\AppData\Local\Temp\CFcatchme.sys [x]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-12-23 23456]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-12 1343400]
R4 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [2009-12-19 814344]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2011-01-13 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-29 691696]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\DRIVERS\wfcxacap.sys [2007-09-19 9856]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2011-01-13 119200]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-12-14 1517376]
S2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [2007-09-19 31744]
S2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [2007-09-19 167040]
S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;c:\program files\FinalWire\AIDA64 Extreme Edition\kerneld.x32 [2010-12-18 28312]
S3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-05-28 21392]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-12-14 27632]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
S3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [2007-09-19 21248]
S3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [2007-09-19 15872]
S3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [2007-09-19 10496]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-09-15 316192]


--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - AIDA64DRIVER

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Hero\AppData\Roaming\Mozilla\Firefox\Profiles\b716zhc9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: List Open URLs: listopenurls@neoegm - %profile%\extensions\listopenurls@neoegm
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.urlbar.autoFill - true
FF - user.js: dom.disable_window_open_feature.menubar - true
FF - user.js: dom.disable_window_open_feature.resizable - false
FF - user.js: dom.disable_window_open_feature.minimizable - true
FF - user.js: browser.tabs.tabMinWidth - 40
FF - user.js: ui.submenuDelay - 33
FF - user.js: dom.disable_window_open_feature.scrollbars - true
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.ssl - true
FF - user.js: network.http.pipelining.maxrequests - 8
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AIDA64Driver]
"ImagePath"="\??\c:\program files\FinalWire\AIDA64 Extreme Edition\kerneld.x32"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\program files\FinalWire\AIDA64 Extreme Edition\aida64.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2011-02-03 08:43:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-03 07:43
ComboFix2.txt 2011-02-02 16:23

Před spuštěním: Volných bajtů: 88 370 540 544
Po spuštění: Volných bajtů: 88 159 219 712

- - End Of File - - 0AB07F5807D9553B95A77F5FE0929F4D

Ještě otestujte na www.virustotal.com
c:\windows\system32\drivers\DrvAgent32.sys
c:\windows\system32\easyUpdatusAPIU.dll

Zajímavé, virustotal mi píše u obou souborů, že název souboru není platný.
Už je to OK, musel jsem cestu k souborům zadat ručně, oba soubory jsou OK.

A ještě něco pro mě:
V prohlížeči událostí klikněte pravým myšítkem na protokol Systém->zvolte Uložit všechny události jako->uložte je do .evtx souboru a ten pak upněte na www.leteckaposta.cz

Tady to máte:

http://leteckaposta.cz/158521983



ps: něco napíšu, a zobrazí se něco jiného, nahoru jsem napsal "tady to máte"

ps: něco napíšu, a zobrazí se něco jiného

jak to myslíte

Promiňte, měl jsem něco neodkladného.

Napsal jsem: Tady to máte. a po odeslání tam bylo: tady kamarádovi.

napsal jsem: Tady to máte:

po odeslání tam je: Tady ke kamarádovi:

http://leteckaposta.cz/825797042

Jako zde na foru? A jste si jistý
Prosím na disku C je složka qoobox, můžete mi ji prosím azrarovat a upnout na www.leteckaposta.cz. Link mi vložte zde.

nelze archivovat:




Zajímavé, IE zobrazuje správně co napíšu, FF ne!

Zkuste mi hodit do raru jen složku qarantine

musel jsem vyjmout složku co nemohl rar přečíst a zbytek je tady:

http://leteckaposta.cz/167422742

taky jsou tam zajímavé věci, nestačím se divit.