Avira Premium neaktualizuje soubory, Outpostu se nelíbí IGMP

[twin1]

Druhý pokus pro C:\WINDOWS\system32\drivers\afwcore.sys:
Při načítání stránky VirusTotalu se o slovo hlásila popup okna ajax.googleapis.com, která jsem při prvním pokusu jednorázově blokovala. 2x pokus o scan neprošel se stejným výsledkem, který je v předchozím příspěvku. Pak jsem vymazala historii i data v Opeře a restartovala ji. Při druhém pokusu žádost ajax.googleapis.com Popup okna vyskočila 2x a byla jednorázově povolena. Tlačítko Send se promačkávalo, ale k přenosu nedošlo. Po znovunačtení stránky žádost ajax.googleapis.com Popup okna vyskočila jen jednou, byla znovu jednorázově povolena - a tady je výsledek:

C:\WINDOWS\system32\drivers\afwcore.sys

MD5 : 81330048c020238b03ffe419b6e871bc
SHA1 : 126860dba3f8676c4a67cdd0f646f941cf6913be
SHA256: 95164f3647895b136228272aa9a3c92eecec22f9179ccb37807d1792a2d3e33c
ssdeep: 6144:d1/LuJ05iVlTHCVuUEF0VM3nuuZ9F/7Y8aAOlheZydDg5b/LrmpFKFzor+jCiq:3fCHxmK
R8bjIyd7K
File size : 257304 bytes
First seen: 2009-11-28 13:19:57
Last seen : 2010-08-14 10:01:44
TrID:
Win32 Executable Generic (58.4%)
Clipper DOS Executable (13.8%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.7%)
VXD Driver (0.2%)
sigcheck:
publisher....: Agnitum Ltd.
copyright....: (c) Agnitum Ltd. All rights reserved.
product......: Outpost Firewall
description..: Agnitum Firewall Core Driver
original name: afwcore.sys
internal name: afwcore.sys
file version.: 1.0.452.10702 for WXP x86 built by: WinDDK
comments.....: n/a
signers......: Agnitum Ltd.
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 12:20 PM 11/2/2009
verified.....: -
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x3AB05
timedatestamp....: 0x4AEEB266 (Mon Nov 02 10:20:22 2009)
machinetype......: 0x14c (I386)

[[ 7 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x480, 0x399AC, 0x39A00, 6.54, 78daf05de25b9aca5020789710cad678
.rdata, 0x39E80, 0x424, 0x480, 5.21, e703e965bca8ddb7dca43eebb41110f6
.data, 0x3A300, 0x108, 0x180, 0.40, 003cd81484f87ec295e4bc35eb217b18
PAGE, 0x3A480, 0x61A, 0x680, 5.89, 0fc203092b81f29cac06b57272cd69c9
INIT, 0x3AB00, 0xC12, 0xC80, 5.52, d870479505865c11374089a0e2639a02
.rsrc, 0x3B780, 0x3C0, 0x400, 3.25, 026849ca1c55da56414c4a59c18a8d7a
.reloc, 0x3BB80, 0x176C, 0x1780, 6.38, 6680b8d13b5b3d2458467fa7c5a14517

[[ 4 import(s) ]]
ntoskrnl.exe: KeQuerySystemTime, KeSetTimerEx, KeInitializeDpc, KeInitializeTimer, _vsnprintf, KeInitializeMutex, KeWaitForSingleObject, ZwOpenKey, ZwClose, ObfDereferenceObject, RtlUpcaseUnicodeString, RtlEqualUnicodeString, RtlCompareUnicodeString, KeDelayExecutionThread, _allmul, ObReferenceObjectByHandle, ZwQueryValueKey, ZwWriteFile, ZwSetInformationFile, ZwCreateFile, ZwQueryInformationFile, KeInitializeEvent, IoFreeWorkItem, IoQueueWorkItem, IoAllocateWorkItem, KeRemoveQueueDpc, MmMapLockedPagesSpecifyCache, KeInsertQueueDpc, IoReleaseCancelSpinLock, KeSetImportanceDpc, IoDeleteDevice, IoDeleteSymbolicLink, IoCreateUnprotectedSymbolicLink, IoCreateDevice, IofCompleteRequest, ExRegisterCallback, ExCreateCallback, _purecall, ObfReferenceObject, MmUnmapLockedPages, IoFreeMdl, MmUnlockPages, MmProbeAndLockPages, IoAllocateMdl, KeSetEvent, PsTerminateSystemThread, PsCreateSystemThread, PsGetCurrentProcessId, RtlAppendUnicodeToString, RtlCopyUnicodeString, ObQueryNameString, RtlPrefixUnicodeString, ZwOpenFile, ZwQuerySystemInformation, PsSetLoadImageNotifyRoutine, PsSetCreateProcessNotifyRoutine, PsRemoveLoadImageNotifyRoutine, ExGetPreviousMode, IoFreeIrp, IoAllocateIrp, IoGetRelatedDeviceObject, IoAcquireCancelSpinLock, MmBuildMdlForNonPagedPool, IoBuildDeviceIoControlRequest, ObReferenceObjectByName, IoDriverObjectType, IoGetLowerDeviceObject, KeResetEvent, ZwReadFile, ZwDeviceIoControlFile, KeTickCount, KeBugCheckEx, IofCallDriver, IoWMIRegistrationControl, RtlCompareMemory, RtlQueryRegistryValues, RtlStringFromGUID, RtlFreeUnicodeString, RtlInitUnicodeString, MmGetSystemRoutineAddress, memset, memcpy, ExAllocatePoolWithTag, IoWMIWriteEvent, ExUnregisterCallback, ExFreePoolWithTag, _aulldiv, strstr, ExRaiseStatus, ProbeForWrite, ProbeForRead, KeUnstackDetachProcess, KeStackAttachProcess, PsLookupProcessByProcessId, ZwQueryDirectoryFile, RtlIsNameLegalDOS8Dot3, IoGetDeviceObjectPointer, ZwQueryInformationProcess, ZwOpenProcess, RtlUpperString, RtlInitString, RtlUnwind
HAL.dll: KfAcquireSpinLock, KfReleaseSpinLock, ExReleaseFastMutex, KeGetCurrentIrql, ExAcquireFastMutex
NDIS.SYS: NdisReleaseReadWriteLock, NdisAcquireReadWriteLock, NdisInitializeReadWriteLock
TDI.SYS: TdiRegisterPnPHandlers, TdiDeregisterPnPHandlers, TdiMapUserRequest

[motji]

Já bych potřebovala vidět, jestli něco našli antiviry v těch souborech.

[twin1]

Bohužel, to nevím. Stránka vypadala trošku jinak, než minule. Soubory se zařadily do fronty ke zpracování a čekaly na podepsaný komentář, který je měl při zpracování posunout ve frontě dopředu. Tady jsem nevěděla, co komentovat, takže na zpracování se čeká. Jak se dostat k výsledkům, nevím. Avira se od rebootu po AVZ zatím drží.

[motji]

Až budete mít čas, můžete to prosím zopakovat?
Je možné, že máte něco špatně nastaveno ve firewallu. Já bych Vám doporučila spíše jiný firewall.

[twin1]

Druhý pokus dopadl stejně i s vypnutým firewallem, centrum zabezpečení řvalo. Zkouším poslat odkaz na stránky.

C:\WINDOWS\system32\drivers\afwcore.sys
http://www.virustotal.com/file-scan/rep ... 1281858615

E:\zabava\Numericon\Uninstall.exe
http://www.virustotal.com/file-scan/rep ... 1281858481

H:\install\karty\Unofficial Spiderman Solitaire V1.3\digitalfan.EXE
http://www.virustotal.com/file-scan/rep ... 1281858106

[motji]

Můžete prosím dát screen?

[twin1]

Opera je momentálně odinstalována, stejně, jako Open Office. Zkusila jsem to ve Firefoxu, dopadá to stejně. Nějaký screen jsem se snažila poslat v příloze, ale i na BMP mi to psalo, že přípona není povolena (i bez přípony). Já jsem v neděli spustila kompletní analýzu disků v Tune Up a zjistila, že datový disk E: se chová jako disk se systémem. Objevila jsem na něm pozůstatky dávno odinstalovaného System mechanicu 6 a Genius Drivers (taky odinstalovanou, měla jsem z Computru starší plnou verzi, pak vydali novější plnou verzi, ale ta chtěla automaticky upgradovat na nejnovější se slevou, vrátit původní nižší se mi už nepovedlo). Teď už se E: chivá jako datový, ale neznámý proces se znovu objevil a svchhost se mi pořád nelíbí (15:11:35 SVCHOST.EXE OUT UDP 255.255.255.255 67 *Povolit Odchozí UDP od BOOTPC k BOOTPS pro SVCHOST.EXE 328 0). To nevím, co to má být. Tady je poslední RSIT:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-08-16 20:18:11
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 14 GB (28%) free of 50 GB
Total RAM: 639 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:20:27, on 16.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [OutpostMonitor] "C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" /tray /noservice
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Najít pomocí &Google - C:\Documents and Settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
O8 - Extra context menu item: Přeložit stránku pomocí Google - C:\Documents and Settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0948983460
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE57FFD4-D167-44D2-ACE1-FDF460994276}: NameServer = 78.136.128.4 78.136.128.12
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8503 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar.dll [2008-08-09 745472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-30 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-30 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar.dll [2008-08-09 745472]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"=Mixer.exe /startup []
"OutpostFeedBack"=C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe [2010-02-09 439784]
"OutpostMonitor"=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [2010-02-09 2447488]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-09-14 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"GreyMSIAds"=1
"NoRecentDocsNetHood"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======List of files/folders created in the last 1 months======

2010-08-15 23:53:47 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Avira
2010-08-15 23:36:36 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2010-08-15 23:36:03 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2010-08-15 23:36:03 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys
2010-08-15 23:36:03 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2010-08-15 23:36:03 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys
2010-08-15 23:35:32 ----D---- C:\Program Files\Avira
2010-08-15 18:56:15 ----A---- C:\WINDOWS\system32\unrar.dll
2010-08-15 18:56:14 ----A---- C:\WINDOWS\avisplitter.ini
2010-08-15 18:56:12 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2010-08-15 18:56:11 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2010-08-15 18:56:11 ----A---- C:\WINDOWS\system32\xvidcore.dll
2010-08-15 18:56:11 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2010-08-15 18:56:10 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2010-08-15 18:56:06 ----D---- C:\Program Files\K-Lite Codec Pack
2010-08-01 07:43:55 ----SHD---- C:\RECYCLER
2010-08-01 07:42:19 ----D---- C:\_OTL
2010-07-30 19:04:49 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
2010-07-30 19:04:08 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-07-30 19:03:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-07-30 19:03:45 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-07-30 19:03:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-29 08:03:21 ----A---- C:\ComboFix.txt
2010-07-29 07:20:23 ----A---- C:\WINDOWS\zip.exe
2010-07-29 07:20:23 ----A---- C:\WINDOWS\SWSC.exe
2010-07-29 07:20:23 ----A---- C:\WINDOWS\SWREG.exe
2010-07-29 07:20:23 ----A---- C:\WINDOWS\sed.exe
2010-07-29 07:20:23 ----A---- C:\WINDOWS\PEV.exe
2010-07-29 07:20:23 ----A---- C:\WINDOWS\NIRCMD.exe
2010-07-29 07:20:23 ----A---- C:\WINDOWS\MBR.exe
2010-07-29 07:20:23 ----A---- C:\WINDOWS\grep.exe
2010-07-29 07:20:22 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-07-29 07:19:49 ----D---- C:\WINDOWS\ERDNT
2010-07-29 07:06:54 ----D---- C:\Qoobox
2010-07-27 14:58:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\ATI

======List of files/folders modified in the last 1 months======

2010-08-16 20:20:02 ----D---- C:\Program Files\trend micro
2010-08-16 20:19:03 ----A---- C:\WINDOWS\ModemLog_Axesstel USB Modem.txt
2010-08-16 20:18:03 ----D---- C:\Program Files\Mozilla Firefox
2010-08-16 20:17:57 ----D---- C:\WINDOWS\Prefetch
2010-08-16 20:17:19 ----D---- C:\WINDOWS\Temp
2010-08-16 20:12:36 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-16 20:08:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-16 19:44:03 ----D---- C:\WINDOWS
2010-08-16 08:48:42 ----D---- C:\WINDOWS\system32\NtmsData
2010-08-16 06:30:56 ----D---- C:\WINDOWS\Registration
2010-08-16 01:00:01 ----D---- C:\WINDOWS\system32\Filt
2010-08-15 23:36:36 ----D---- C:\WINDOWS\system32\drivers
2010-08-15 23:35:32 ----RD---- C:\Program Files
2010-08-15 23:35:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Avira
2010-08-15 19:00:44 ----D---- C:\WINDOWS\system32
2010-08-15 17:59:53 ----D---- C:\Config.Msi
2010-08-15 17:47:56 ----SHD---- C:\WINDOWS\Installer
2010-08-15 17:45:26 ----RSD---- C:\WINDOWS\assembly
2010-08-15 17:44:26 ----D---- C:\Program Files\OpenOffice.org 3
2010-08-15 13:49:31 ----D---- C:\Program Files\Yahoo!
2010-08-15 12:47:57 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Skype
2010-08-15 10:02:32 ----D---- C:\WINDOWS\system32\config
2010-08-13 20:05:45 ----D---- C:\rsit
2010-08-12 00:06:40 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-11 19:03:32 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Simple Sudoku
2010-08-11 18:18:35 ----D---- C:\WINDOWS\Debug
2010-08-11 10:44:44 ----HD---- C:\WINDOWS\inf
2010-08-11 10:44:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-11 10:43:19 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-11 10:26:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-11 10:21:11 ----D---- C:\WINDOWS\WinSxS
2010-08-11 09:40:41 ----D---- C:\Program Files\Internet Explorer
2010-08-11 09:38:27 ----D---- C:\WINDOWS\ie8updates
2010-08-11 09:06:38 ----D---- C:\Program Files\Movie Maker
2010-08-10 07:14:33 ----SHD---- C:\WINDOWS\CSC
2010-08-06 16:33:41 ----A---- C:\WINDOWS\win.ini
2010-08-03 18:50:54 ----D---- C:\WINDOWS\system32\Restore
2010-08-03 11:09:32 ----A---- C:\WINDOWS\system32\MRT.exe
2010-08-01 18:19:50 ----A---- C:\WINDOWS\cncscore.ini
2010-08-01 13:10:28 ----D---- C:\Program Files\Common Files
2010-08-01 11:52:07 ----D---- C:\WINDOWS\SxsCaPendDel
2010-08-01 11:45:55 ----D---- C:\Program Files\HP
2010-08-01 11:36:24 ----SD---- C:\WINDOWS\Tasks
2010-07-29 22:00:38 ----D---- C:\WINDOWS\system32\1029
2010-07-29 07:52:22 ----A---- C:\WINDOWS\system.ini
2010-07-29 07:48:38 ----D---- C:\WINDOWS\system32\drivers\etc
2010-07-29 07:34:31 ----D---- C:\WINDOWS\AppPatch
2010-07-29 07:12:30 ----SHD---- C:\System Volume Information
2010-07-27 14:52:19 ----D---- C:\Program Files\ATI Technologies
2010-07-27 14:44:00 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2010-07-27 14:43:34 ----D---- C:\WINDOWS\system32\DirectX
2010-07-27 14:41:00 ----RD---- C:\WINDOWS\Web
2010-07-27 08:30:31 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-23 06:48:51 ----D---- C:\Program Files\Mozilla Thunderbird

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hotcore2;hotcore2; C:\WINDOWS\system32\drivers\hotcore2.sys [2006-10-02 30808]
R0 hotcore3;Hotcore helper; C:\WINDOWS\system32\DRIVERS\hotcore3.sys [2008-09-26 40496]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2008-09-14 120992]
R0 timounter;Acronis True Image Backup Archive Explorer; C:\WINDOWS\system32\DRIVERS\timntr.sys [2008-09-14 400864]
R0 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 SandBox;SandBox; C:\WINDOWS\system32\DRIVERS\SandBox.sys [2010-02-09 715000]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 StarPortLite;StarPort Storage Controller (Lite); C:\WINDOWS\system32\DRIVERS\StarPortLite.sys [2007-12-27 85760]
R1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys [2008-09-26 129824]
R1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys [2008-09-26 32048]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2007-10-29 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-01-02 9728]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R2 Prvflder;Prvflder; C:\WINDOWS\system32\DRIVERS\prvflder.sys [2006-04-21 70912]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-09-14 32768]
R3 afw;Agnitum firewall driver; C:\WINDOWS\system32\DRIVERS\afw.sys [2009-02-18 31128]
R3 afwcore;afwcore; C:\WINDOWS\system32\drivers\afwcore.sys [2009-11-02 257304]
R3 ASWFilt;ASWFilt; C:\WINDOWS\system32\Filt\ASWFilt.dll [2010-02-09 34488]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-14 2455040]
R3 Axtmvflt;Axesstel USB Filter Service; C:\WINDOWS\system32\DRIVERS\Axtmvflt.sys [2007-03-22 3456]
R3 Axtmvmdm;Axesstel USB Modem; C:\WINDOWS\system32\DRIVERS\Axtmvmdm.sys [2007-03-26 40064]
R3 Axtmvprt;Axesstel Diagnostic Port; C:\WINDOWS\System32\Drivers\Axtmvprt.sys [2007-03-26 38784]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2003-10-19 25856]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-06-10 47360]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 cmuda3;C-Media PCI Audio Interface; C:\WINDOWS\system32\drivers\cmuda3.sys [2004-08-16 798592]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VIAudio;Zvukový řadič VIA AC'97 (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2004-08-04 84480]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [2007-09-04 410904]
R2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2010-02-09 1338160]
R2 AntiVirMailService;Avira AntiVir MailGuard; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [2010-03-30 337064]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-04-01 405672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-14 483328]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-30 153376]
R2 prfldsvc;Private Folder Service; C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe [2006-04-21 69632]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-14 593920]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-08-23 306432]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[twin1]

Opera je momentálně odinstalována, stejně, jako Open Office. Zkusila jsem to ve Firefoxu, dopadá to stejně. Nějaký screen jsem se snažila poslat v příloze, ale i na BMP mi to psalo, že přípona není povolena (i bez přípony). Já jsem v neděli spustila kompletní analýzu disků v Tune Up a zjistila, že datový disk E: se chová jako disk se systémem. Objevila jsem na něm pozůstatky dávno odinstalovaného System mechanicu 6 a Genius Drivers (taky odinstalovanou, měla jsem z Computru starší plnou verzi, pak vydali novější plnou verzi, ale ta chtěla automaticky upgradovat na nejnovější se slevou, vrátit původní nižší se mi už nepovedlo). Teď už se E: chivá jako datový, ale neznámý proces se znovu objevil a svchhost se mi pořád nelíbí (15:11:35 SVCHOST.EXE OUT UDP 255.255.255.255 67 *Povolit Odchozí UDP od BOOTPC k BOOTPS pro SVCHOST.EXE 328 0). To nevím, co to má být. Tady je poslední RSIT:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-08-16 20:18:11
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 14 GB (28%) free of 50 GB
Total RAM: 639 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:20:27, on 16.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [OutpostMonitor] "C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" /tray /noservice
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Najít pomocí &Google - C:\Documents and Settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
O8 - Extra context menu item: Přeložit stránku pomocí Google - C:\Documents and Settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0948983460
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE57FFD4-D167-44D2-ACE1-FDF460994276}: NameServer = 78.136.128.4 78.136.128.12
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8503 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar.dll [2008-08-09 745472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-30 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-30 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar.dll [2008-08-09 745472]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"=Mixer.exe /startup []
"OutpostFeedBack"=C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe [2010-02-09 439784]
"OutpostMonitor"=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [2010-02-09 2447488]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-09-14 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"GreyMSIAds"=1
"NoRecentDocsNetHood"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======List of files/folders created in the last 1 months======

2010-08-15 23:53:47 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Avira
2010-08-15 23:36:36 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2010-08-15 23:36:03 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2010-08-15 23:36:03 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys
2010-08-15 23:36:03 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2010-08-15 23:36:03 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys
2010-08-15 23:35:32 ----D---- C:\Program Files\Avira
2010-08-15 18:56:15 ----A---- C:\WINDOWS\system32\unrar.dll
2010-08-15 18:56:14 ----A---- C:\WINDOWS\avisplitter.ini
2010-08-15 18:56:12 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2010-08-15 18:56:11 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2010-08-15 18:56:11 ----A---- C:\WINDOWS\system32\xvidcore.dll
2010-08-15 18:56:11 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2010-08-15 18:56:10 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2010-08-15 18:56:06 ----D---- C:\Program Files\K-Lite Codec Pack
2010-08-01 07:43:55 ----SHD---- C:\RECYCLER
2010-08-01 07:42:19 ----D---- C:\_OTL
2010-07-30 19:04:49 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
2010-07-30 19:04:08 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-07-30 19:03:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-07-30 19:03:45 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-07-30 19:03:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-29 08:03:21 ----A---- C:\ComboFix.txt
2010-07-29 07:20:23 ----A---- C:\WINDOWS\zip.exe
2010-07-29 07:20:23 ----A---- C:\WINDOWS\SWSC.exe
2010-07-29 07:20:23 ----A---- C:\WINDOWS\SWREG.exe
2010-07-29 07:20:23 ----A---- C:\WINDOWS\sed.exe
2010-07-29 07:20:23 ----A---- C:\WINDOWS\PEV.exe
2010-07-29 07:20:23 ----A---- C:\WINDOWS\NIRCMD.exe
2010-07-29 07:20:23 ----A---- C:\WINDOWS\MBR.exe
2010-07-29 07:20:23 ----A---- C:\WINDOWS\grep.exe
2010-07-29 07:20:22 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-07-29 07:19:49 ----D---- C:\WINDOWS\ERDNT
2010-07-29 07:06:54 ----D---- C:\Qoobox
2010-07-27 14:58:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\ATI

======List of files/folders modified in the last 1 months======

2010-08-16 20:20:02 ----D---- C:\Program Files\trend micro
2010-08-16 20:19:03 ----A---- C:\WINDOWS\ModemLog_Axesstel USB Modem.txt
2010-08-16 20:18:03 ----D---- C:\Program Files\Mozilla Firefox
2010-08-16 20:17:57 ----D---- C:\WINDOWS\Prefetch
2010-08-16 20:17:19 ----D---- C:\WINDOWS\Temp
2010-08-16 20:12:36 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-16 20:08:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-16 19:44:03 ----D---- C:\WINDOWS
2010-08-16 08:48:42 ----D---- C:\WINDOWS\system32\NtmsData
2010-08-16 06:30:56 ----D---- C:\WINDOWS\Registration
2010-08-16 01:00:01 ----D---- C:\WINDOWS\system32\Filt
2010-08-15 23:36:36 ----D---- C:\WINDOWS\system32\drivers
2010-08-15 23:35:32 ----RD---- C:\Program Files
2010-08-15 23:35:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Avira
2010-08-15 19:00:44 ----D---- C:\WINDOWS\system32
2010-08-15 17:59:53 ----D---- C:\Config.Msi
2010-08-15 17:47:56 ----SHD---- C:\WINDOWS\Installer
2010-08-15 17:45:26 ----RSD---- C:\WINDOWS\assembly
2010-08-15 17:44:26 ----D---- C:\Program Files\OpenOffice.org 3
2010-08-15 13:49:31 ----D---- C:\Program Files\Yahoo!
2010-08-15 12:47:57 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Skype
2010-08-15 10:02:32 ----D---- C:\WINDOWS\system32\config
2010-08-13 20:05:45 ----D---- C:\rsit
2010-08-12 00:06:40 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-11 19:03:32 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Simple Sudoku
2010-08-11 18:18:35 ----D---- C:\WINDOWS\Debug
2010-08-11 10:44:44 ----HD---- C:\WINDOWS\inf
2010-08-11 10:44:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-11 10:43:19 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-11 10:26:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-11 10:21:11 ----D---- C:\WINDOWS\WinSxS
2010-08-11 09:40:41 ----D---- C:\Program Files\Internet Explorer
2010-08-11 09:38:27 ----D---- C:\WINDOWS\ie8updates
2010-08-11 09:06:38 ----D---- C:\Program Files\Movie Maker
2010-08-10 07:14:33 ----SHD---- C:\WINDOWS\CSC
2010-08-06 16:33:41 ----A---- C:\WINDOWS\win.ini
2010-08-03 18:50:54 ----D---- C:\WINDOWS\system32\Restore
2010-08-03 11:09:32 ----A---- C:\WINDOWS\system32\MRT.exe
2010-08-01 18:19:50 ----A---- C:\WINDOWS\cncscore.ini
2010-08-01 13:10:28 ----D---- C:\Program Files\Common Files
2010-08-01 11:52:07 ----D---- C:\WINDOWS\SxsCaPendDel
2010-08-01 11:45:55 ----D---- C:\Program Files\HP
2010-08-01 11:36:24 ----SD---- C:\WINDOWS\Tasks
2010-07-29 22:00:38 ----D---- C:\WINDOWS\system32\1029
2010-07-29 07:52:22 ----A---- C:\WINDOWS\system.ini
2010-07-29 07:48:38 ----D---- C:\WINDOWS\system32\drivers\etc
2010-07-29 07:34:31 ----D---- C:\WINDOWS\AppPatch
2010-07-29 07:12:30 ----SHD---- C:\System Volume Information
2010-07-27 14:52:19 ----D---- C:\Program Files\ATI Technologies
2010-07-27 14:44:00 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2010-07-27 14:43:34 ----D---- C:\WINDOWS\system32\DirectX
2010-07-27 14:41:00 ----RD---- C:\WINDOWS\Web
2010-07-27 08:30:31 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-23 06:48:51 ----D---- C:\Program Files\Mozilla Thunderbird

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hotcore2;hotcore2; C:\WINDOWS\system32\drivers\hotcore2.sys [2006-10-02 30808]
R0 hotcore3;Hotcore helper; C:\WINDOWS\system32\DRIVERS\hotcore3.sys [2008-09-26 40496]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2008-09-14 120992]
R0 timounter;Acronis True Image Backup Archive Explorer; C:\WINDOWS\system32\DRIVERS\timntr.sys [2008-09-14 400864]
R0 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 SandBox;SandBox; C:\WINDOWS\system32\DRIVERS\SandBox.sys [2010-02-09 715000]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 StarPortLite;StarPort Storage Controller (Lite); C:\WINDOWS\system32\DRIVERS\StarPortLite.sys [2007-12-27 85760]
R1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys [2008-09-26 129824]
R1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys [2008-09-26 32048]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2007-10-29 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-01-02 9728]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R2 Prvflder;Prvflder; C:\WINDOWS\system32\DRIVERS\prvflder.sys [2006-04-21 70912]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-09-14 32768]
R3 afw;Agnitum firewall driver; C:\WINDOWS\system32\DRIVERS\afw.sys [2009-02-18 31128]
R3 afwcore;afwcore; C:\WINDOWS\system32\drivers\afwcore.sys [2009-11-02 257304]
R3 ASWFilt;ASWFilt; C:\WINDOWS\system32\Filt\ASWFilt.dll [2010-02-09 34488]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-14 2455040]
R3 Axtmvflt;Axesstel USB Filter Service; C:\WINDOWS\system32\DRIVERS\Axtmvflt.sys [2007-03-22 3456]
R3 Axtmvmdm;Axesstel USB Modem; C:\WINDOWS\system32\DRIVERS\Axtmvmdm.sys [2007-03-26 40064]
R3 Axtmvprt;Axesstel Diagnostic Port; C:\WINDOWS\System32\Drivers\Axtmvprt.sys [2007-03-26 38784]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2003-10-19 25856]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-06-10 47360]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 cmuda3;C-Media PCI Audio Interface; C:\WINDOWS\system32\drivers\cmuda3.sys [2004-08-16 798592]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VIAudio;Zvukový řadič VIA AC'97 (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2004-08-04 84480]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [2007-09-04 410904]
R2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2010-02-09 1338160]
R2 AntiVirMailService;Avira AntiVir MailGuard; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [2010-03-30 337064]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-04-01 405672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-14 483328]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-30 153376]
R2 prfldsvc;Private Folder Service; C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe [2006-04-21 69632]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-14 593920]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-08-23 306432]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[motji]

Já už v tom mám mišmaš , co je s Firefoxem?

Ve firewallu to blokujte, ale já opravdu nikde nic nevidím

[twin1]

Toto dopadlo ve Firefoxu stejně. Dá se zjistit, co by mohlo používat awfcore.sys?

Dejte soubor otestovat na http://www.virustotal.com

C:\WINDOWS\system32\drivers\afwcore.sys
E:\zabava\Numericon\Uninstall.exe
H:\install\karty\Unofficial Spiderman Solitaire V1.3\digitalfan.EXE

-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky
-pokud se Vás zeptá, dejte soubor otestovat znovu, tak aby to byl soubor z Vašeho počítače


Já tu budu zas až večer.

[motji]

Mělo by to být od firewallu.
Ale nerozumím , jak to myslíte s tím firefoxem.

[twin1]

Tohle bylo v Opeře, ta je momentálně odinstalovaná, ale ve Firefoxu to dopadlo stejně. Akorát ten screen bmp se mi nepodařilo odeslat, vyýaduje se bmp, ale bmp není povoleno.
Možná nebude na škodu přeinstalovat Outpost, ale to zase bude procedura na půl dne, pokud se mi podaří vyštrachat klíč.

Bohužel, to nevím. Stránka vypadala trošku jinak, než minule. Soubory se zařadily do fronty ke zpracování a čekaly na podepsaný komentář, který je měl při zpracování posunout ve frontě dopředu. Tady jsem nevěděla, co komentovat, takže na zpracování se čeká. Jak se dostat k výsledkům, nevím. Avira se od rebootu po AVZ zatím drží.

[motji]

Ty soubory už netestujte, pravděpodobně budou v pořádku.
Nechcete Outpost vyměnit za jiný, méně náročný firewall?

[twin1]

Několik jsem jich zkoušela, Outpost vyhrál. Rozhodně si nemůžu pořídit firewall, který okamžitě po nainstalování přebírá nad PC kontrolu a dožaduje se aktualizace. Pokud mi neběží SP, nemůžou spustit USB modem s vytáčeným spojením - Ufon.

[motji]

Prominte, nerozumím

Pokud mi neběží SP, nemůžou spustit USB modem s vytáčeným spojením - Ufon.