VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Problém z vírmy

https://forum.viry.cz:443/viewtopic.php?t=109574

Stránka 3 z 6

Re: Problém z vírmy

Napsal: 26 úno 2011 22:58
od 7777
Klikol som na tento Počítač/E://Disk/ale nič ako zabezpečenie nevidím.
Potrebujem získať prístup k celému disku E. Nič také tam nemám.

Re: Problém z vírmy

Napsal: 26 úno 2011 23:05
od Rudy
Klikněte pravým myšítkem na ikonu disku>vlastnosti>zabezpečení.

Re: Problém z vírmy

Napsal: 26 úno 2011 23:35
od 7777
Klikol som na ikonu HDD a potom sa sekciu sdílení a zebezpečenie tiež som sa tam isto dostal cez vlastnosti. A kde napísať ten príkaz keď mi to vypisuje len že ak chcem niečo zdieľať tak nech to prtoahnem do zdieľanej zložky.

Re: Problém z vírmy

Napsal: 27 úno 2011 10:36
od Rudy
7777 píše:Klikol som na ikonu HDD a potom sa sekciu sdílení a zebezpečenie tiež som sa tam isto dostal cez vlastnosti. A kde napísať ten príkaz keď mi to vypisuje len že ak chcem niečo zdieľať tak nech to prtoahnem do zdieľanej zložky.
Ano. Když ikonu přetáhnete, vytvoří se v sdílené složce zástupce a přes něj se tam pak každý dostane.

Re: Problém z vírmy

Napsal: 27 úno 2011 17:55
od 7777
Pretiaho som všetko čo potrebujem upravovať ale vypisuje to to isté (Prístup zamietnutý) Pretiahol som zložky do Free zdieľaných dokumentov. No vypisuje to to isté.

Re: Problém z vírmy

Napsal: 27 úno 2011 19:11
od Rudy
Vydržte, já to zkonzultuji.

Re: Problém z vírmy

Napsal: 02 bře 2011 20:19
od Rudy
Zatím jsem se dověděl pouze to, že vámi požadovaná operace patrně není v XPHome možná. K tomu by byla třeba profi verze OS.

Re: Problém z vírmy

Napsal: 07 bře 2011 23:04
od 7777
Ok. Ale nejako to ísť musí lebo videl som už systemy na ktorých sa to dá.

Re: Problém z vírmy

Napsal: 08 bře 2011 18:39
od Rudy
7777 píše:Ok. Ale nejako to ísť musí lebo videl som už systemy na ktorých sa to dá.
A byly to XPHome?

Re: Problém z vírmy

Napsal: 16 bře 2011 14:08
od 7777
Ahoj tak dal som sa do povojnového respektíve pohackerského obnovovania a mazania duplicitných súborov. Smazal som už väčšinu duplicitných súborov pomocou programu DoubleKiller.exe no ešte mi ostalo plno súborov s ktorími mi nepomôžem. Mám súbory typu Doc a odt vytvorené v istom programe respektíve program mal obnoviť súbory ktoré hacker naposledy zmazal
a ten program mi na disku vytvoril 850 suborov doc a odt kde získal len časti textov nie celé texty ktoré hacker zmazal napríklad z mojich fantasy poviedok. V súboroch sú asi takto napísané

....
V 11 rokou vlády kráľa Arnolda (a blabala)
....
a hneď pod tým získalo časť ďalšej poviedky a celkovo s toho urobilo guláš.
Bol by nejaký program ktorý by vedel porovnávať texty v súboroch?

Ako respektíva ak sú zapísané ina než zhodne.
Lebo stačí aby boli texty prehodené a DoubleKiller ich nerozpozná ako zhodné.

PS:Nezistili ste nič ohľadom obmädzeného účtu.

Re: Problém z vírmy

Napsal: 16 bře 2011 17:51
od Rudy
Bohužel ne. V XPHome to zřejmě opravdu nejde.

Už zasa

Napsal: 18 bře 2011 20:25
od 7777
Ahoj mám podozrenie že som sa stal opäť obäťou útoku hackera alebo víru. Niektoré programy nereagujú ako by mali,hlavne mozila firefox.

ComboFix 11-03-18.01 - Tomaš 18.03.2011 20:35:40.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.524 [GMT 1:00]
Spuštěný z: c:\documents and settings\Tomaš\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-18 do 2011-03-18 )))))))))))))))))))))))))))))))
.
.
2011-03-18 09:01 . 2011-03-18 09:01 28752 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{B96AF35E-14B7-4565-B8BC-81E2D3A53A62}\MpKsl50bd686d.sys
2011-03-18 09:01 . 2011-02-11 06:54 5943120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{B96AF35E-14B7-4565-B8BC-81E2D3A53A62}\mpengine.dll
2011-03-10 20:10 . 2011-03-10 20:25 -------- d-----w- c:\program files\Tropico
2011-03-07 19:49 . 2011-03-07 20:48 -------- d-----w- c:\program files\ImageFans
2011-03-02 19:32 . 2011-03-02 20:20 -------- d-----w- c:\documents and settings\Free
2011-02-24 21:19 . 2011-02-24 21:19 -------- d-----w- c:\program files\ESET
2011-02-18 10:35 . 2011-02-18 10:35 -------- d-----w- c:\documents and settings\Animatrix
2011-02-17 11:03 . 2011-02-17 11:03 -------- d-----w- c:\documents and settings\Šehrezáda
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-21 19:39 . 2009-01-03 16:03 737280 ----a-w- c:\windows\iun6002.exe
2011-02-11 06:54 . 2010-05-26 11:01 5943120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-09 13:53 . 2006-03-02 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-03-02 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2008-08-29 08:30 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-08-29 08:30 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-03-02 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 08:47 . 2011-01-20 11:55 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2008-11-18 13:26 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2008-11-18 13:27 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2008-11-18 13:27 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2008-11-18 13:27 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2008-11-18 13:27 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2008-11-18 13:27 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2008-11-18 13:27 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2008-11-18 13:27 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-07 14:09 . 2006-03-02 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2006-03-02 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2006-03-02 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2006-03-02 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot@2011-02-17_22.43.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-03-02 12:00 . 2008-04-14 03:21 135168 c:\windows\system32\shsvcs.dll
+ 2006-03-02 12:00 . 2009-07-27 23:19 135168 c:\windows\system32\shsvcs.dll
+ 2011-03-02 19:39 . 2011-03-02 19:39 235168 c:\windows\system32\Macromed\Flash\FlashUtil10n_Plugin.exe
+ 2009-07-27 23:19 . 2009-07-27 23:19 135168 c:\windows\system32\dllcache\shsvcs.dll
+ 2006-03-02 12:00 . 2011-02-09 13:53 270848 c:\windows\system32\dllcache\sbe.dll
- 2006-03-02 12:00 . 2008-04-14 03:21 270848 c:\windows\system32\dllcache\sbe.dll
+ 2011-01-27 11:57 . 2011-01-27 11:57 677888 c:\windows\system32\dllcache\lhmstsc.exe
+ 2006-03-02 12:00 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll
- 2006-03-02 12:00 . 2008-04-14 03:21 186880 c:\windows\system32\dllcache\encdec.dll
+ 2010-01-27 01:07 . 2011-03-02 19:39 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2010-01-27 01:07 . 2011-02-17 08:21 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2011-02-02 07:58 . 2011-02-02 07:58 2067456 c:\windows\system32\dllcache\lhmstscx.dll
+ 2008-11-11 13:49 . 2011-03-09 14:40 37943240 c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
2010-10-06 20:01 2735200 ----a-w- c:\program files\Peer2Peer-EN\tbPee1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2010-10-06 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DA21BD13-CA22-42E3-A071-98F08F1CA1E7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2010-10-06 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 16841216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-11 143360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-11 172032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-11 143360]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-04-07 188416]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\ćehrez da\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-5-30 393216]
.
c:\documents and settings\Free\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-5-30 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuEjectPC"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"90:UDP"= 90:UDP:http://192.168.1.1
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [18.11.2008 14:27 294608]
R1 MpKsl50bd686d;MpKsl50bd686d;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{B96AF35E-14B7-4565-B8BC-81E2D3A53A62}\MpKsl50bd686d.sys [18.3.2011 10:01 28752]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.11.2008 14:27 17744]
S1 MpKsl36efd790;MpKsl36efd790;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{6915A039-FF3E-4907-93D9-399A91B00D2A}\MpKsl36efd790.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{6915A039-FF3E-4907-93D9-399A91B00D2A}\MpKsl36efd790.sys [?]
S2 gupdate1c9f5042a27337a;Služba Google Update (gupdate1c9f5042a27337a);c:\program files\Google\Update\GoogleUpdate.exe [24.6.2009 20:44 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [27.6.2010 14:22 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [27.6.2010 14:22 8320]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL50BD686D
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-02 19:43]
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 19:44]
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 19:44]
.
2011-03-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
.
2011-03-18 c:\windows\Tasks\User_Feed_Synchronization-{5786EE33-D097-4C5D-A371-CB21574AE907}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
Trusted Zone: digital-supply.com
Trusted Zone: download-soft-package.com
Trusted Zone: download-software-package.com
Trusted Zone: get-key-se10.com
Trusted Zone: is-software-download.com
Trusted Zone: digital-supply.com
Trusted Zone: get-key-se10.com
FF - ProfilePath - c:\documents and settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ilvifzo1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: Total Validator: validator@totalvalidator.com - %profile%\extensions\validator@totalvalidator.com
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: AutocompletePro - Your handy search suggestions tool: support@predictad.com - %profile%\extensions\support@predictad.com
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-18 20:40
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(2904)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\FreeTime\FormatFactory\FFModules\Filters\Haali\mmfinfo.dll
c:\program files\FreeTime\FormatFactory\FFModules\Filters\Haali\mkunicode.dll
c:\program files\FreeTime\FormatFactory\FFModules\AviSynthPlugins\VSFilter.dll
c:\program files\FreeTime\FormatFactory\FFModules\Filters\AviSplitter.ax
c:\program files\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ffdshow.ax
c:\program files\Common Files\Ahead\DSFilter\NeVideo.ax
c:\program files\Common Files\Ahead\Lib\AdvrCntr.dll
.
Celkový čas: 2011-03-18 20:43:41
ComboFix-quarantined-files.txt 2011-03-18 19:43
ComboFix2.txt 2011-02-17 22:45
ComboFix3.txt 2011-02-17 21:22
.
Před spuštěním: Volných bajtů: 11 550 240 768
Po spuštění: Volných bajtů: 11 690 393 600
.
- - End Of File - - DD944FA31B032E5B793467F63F6ACCA8

Re: Problém z vírmy

Napsal: 18 bře 2011 20:44
od Rudy
Dejte log z RSIT: http://www.viry.cz/forum/viewtopic.php?f=13&t=105895 .

Re: Problém z vírmy

Napsal: 18 bře 2011 20:50
od 7777
Logfile of random's system information tool 1.08 (written by random/random)
Run by Tomaš at 2011-03-18 20:46:51
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 11 GB (37%) free of 30 GB
Total RAM: 1014 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:47:38, on 18.3.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Alwil Software\Avast5\setup\avast.setup
E:\CD\RSIT.exe
C:\Program Files\trend micro\Tomaš.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Shareware.Pro-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee1.dll
O3 - Toolbar: Shareware.Pro-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee1.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.digital-supply.com
O15 - Trusted Zone: http://*.download-soft-package.com
O15 - Trusted Zone: http://*.download-software-package.com
O15 - Trusted Zone: http://*.get-key-se10.com
O15 - Trusted Zone: http://*.is-software-download.com
O15 - Trusted Zone: http://*.digital-supply.com (HKLM)
O15 - Trusted Zone: http://*.get-key-se10.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate1c9f5042a27337a) (gupdate1c9f5042a27337a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6626 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{5786EE33-D097-4C5D-A371-CB21574AE907}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-21 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-02 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-12-21 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
Shareware.Pro-EN Toolbar - C:\Program Files\Peer2Peer-EN\tbPee1.dll [2010-10-06 2735200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{da21bd13-ca22-42e3-a071-98f08f1ca1e7} - Shareware.Pro-EN Toolbar - C:\Program Files\Peer2Peer-EN\tbPee1.dll [2010-10-06 2735200]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-21 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-09-03 16841216]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-08-11 143360]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-08-11 172032]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-08-11 143360]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2008-06-29 52168]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2003-04-07 188416]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 997408]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-08-11 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoWelcomeScreen"=0
"NoStartMenuEjectPC"=0
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoStartMenuEjectPC"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - edit -

======List of files/folders created in the last 1 months======

2011-03-18 20:46:51 ----D---- C:\rsit
2011-03-18 20:46:51 ----D---- C:\Program Files\trend micro
2011-03-18 20:43:41 ----A---- C:\ComboFix.txt
2011-03-18 20:40:44 ----D---- C:\WINDOWS\temp
2011-03-18 20:33:14 ----A---- C:\WINDOWS\zip.exe
2011-03-18 20:33:14 ----A---- C:\WINDOWS\SWREG.exe
2011-03-18 20:33:14 ----A---- C:\WINDOWS\sed.exe
2011-03-18 20:33:14 ----A---- C:\WINDOWS\PEV.exe
2011-03-18 20:33:14 ----A---- C:\WINDOWS\NIRCMD.exe
2011-03-18 20:33:14 ----A---- C:\WINDOWS\MBR.exe
2011-03-18 20:33:14 ----A---- C:\WINDOWS\grep.exe
2011-03-18 20:33:13 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-03-18 20:33:13 ----A---- C:\WINDOWS\SWSC.exe
2011-03-10 21:10:29 ----D---- C:\Program Files\Tropico
2011-03-09 15:44:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2011-03-09 15:40:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2011-03-07 20:49:11 ----D---- C:\Program Files\ImageFans
2011-02-24 22:19:30 ----D---- C:\Program Files\ESET
2011-02-24 17:40:31 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$

======List of files/folders modified in the last 1 months======

2011-03-18 20:47:38 ----D---- C:\WINDOWS
2011-03-18 20:47:36 ----D---- C:\WINDOWS\system32
2011-03-18 20:46:51 ----RD---- C:\Program Files
2011-03-18 20:43:45 ----D---- C:\Qoobox
2011-03-18 20:43:38 ----A---- C:\WINDOWS\NeroDigital.ini
2011-03-18 20:41:03 ----A---- C:\WINDOWS\system.ini
2011-03-18 20:39:10 ----D---- C:\WINDOWS\system32\drivers
2011-03-18 20:39:10 ----D---- C:\WINDOWS\AppPatch
2011-03-18 20:39:07 ----D---- C:\Program Files\Common Files
2011-03-18 20:33:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-03-18 20:26:58 ----D---- C:\WINDOWS\Prefetch
2011-03-18 20:24:21 ----D---- C:\Documents and Settings\Tomaš\Data aplikací\OpenOffice.org2
2011-03-18 12:49:10 ----SD---- C:\WINDOWS\Tasks
2011-03-18 08:10:01 ----D---- C:\WINDOWS\system32\CatRoot2
2011-03-17 20:19:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google Updater
2011-03-15 22:54:46 ----D---- C:\WINDOWS\system32\drivers\UMDF
2011-03-14 21:16:26 ----A---- C:\WINDOWS\wincmd.ini
2011-03-14 21:13:14 ----A---- C:\WINDOWS\wcx_ftp.ini
2011-03-09 19:56:14 ----D---- C:\WINDOWS\Debug
2011-03-09 17:07:11 ----HD---- C:\WINDOWS\inf
2011-03-09 15:44:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-03-09 15:40:59 ----A---- C:\WINDOWS\system32\MRT.exe
2011-03-09 15:02:29 ----HD---- C:\WINDOWS\$hf_mig$
2011-03-09 10:04:40 ----D---- C:\Program Files\American Conquest
2011-03-05 18:20:35 ----D---- C:\Program Files\Mozilla Firefox
2011-03-03 10:07:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-03-02 20:32:33 ----SHD---- C:\WINDOWS\Installer
2011-03-02 20:32:33 ----D---- C:\Config.Msi
2011-03-02 20:32:13 ----D---- C:\Documents and Settings
2011-02-23 16:04:17 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-02-21 20:40:24 ----D---- C:\Program Files\BlueVoda Website Builder
2011-02-21 20:39:27 ----A---- C:\WINDOWS\iun6002.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-01-13 29392]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\SYSTEM32\DRIVERS\INTELPPM.SYS [2010-05-26 40192]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]
R1 MpKsl50bd686d;MpKsl50bd686d; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{B96AF35E-14B7-4565-B8BC-81E2D3A53A62}\MpKsl50bd686d.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-01-13 100176]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-07-22 161792]
R3 catchme;catchme; \??\C:\DOCUME~1\TOMA~1\LOCALS~1\Temp\catchme.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-08-11 6044864]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-05 4611072]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2008-09-24 29184]
S1 MpKsl36efd790;MpKsl36efd790; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{6915A039-FF3E-4907-93D9-399A91B00D2A}\MpKsl36efd790.sys []
S3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-08-14 1318464]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2009-08-26 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2009-08-26 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2009-08-26 21568]
S3 mbr;mbr; \??\C:\ComboFix\mbr.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WUDFRd;WUDFRd; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S2 gupdate1c9f5042a27337a;Služba Google Update (gupdate1c9f5042a27337a); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-24 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-24 182768]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: Problém z vírmy

Napsal: 18 bře 2011 21:34
od Rudy
Nežádal bych vás o RSIT, kdybyste byl dal předchozí post najednou. Po skenu CF je RSIT vždy čistý. Jenže čistý je i ComboFix. Máte zakázané sdílení?
Všechny časy jsou v UTC+01:00
Stránka 3 z 6

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz