VIRY.CZ

Dobrý podvečer, chtěla bych vás poprosit o pomoc. Už delší dobu (cca od nového roku) mi počítač občas zamrzne. Poslední dobou jsem ho začla sledovat, co ho k tomu vede, takže například: je spuštěný skype, chrome a chci pustit něco dalšího (třeba jen total commandera). Nebo jede chrome a word a chci pustit něco dalšího. Poměrně pravidelně se sekal, když jsem zároveň pustila email na seznamu a školní email – to už teď ale pro změnu zvládá v pohodě. No v podstatě mu stačí k záseku docela málo. Když už se zasekne, tak musím natvrdo počítač vypnout.

Ad modré smrti – ty naopak vykazují pěknou pravidelnost - 3x při připojení k wifi v autobusu student agency (tj. při každém pokusu, pak jsem to přestala zkoušet) - umře ani ne minutu po přípojení k síti. Pak 2x při použití combofixu - jak v normálním, tak v nouzovém režimu (combofix použit pod zdejším dozorem při lovu imaginárního trojana zde cca před měsícem). No a poslední modrá smrt byla včera - při vypínání počítače se mi zjevila nějaká tabulka, že cosi běží, bohužel jsem si nenapsala, co přesně to běželo, ale pamatuju si, že to byla spíš jen změť písmen a čísel, než normální název. Tak jsem odklikla ok, ať se to ukončí, pak se počítač začal vypínat, pak modrá smrt a pak se znovu sám zapl. Následující vypnutí už bylo v pohodě. Přikládám zprávu, kterou mi pc sdělil ohledně modré smrti (jelikož se v tom vůbec nevyznám, tak je tam i přímo zpráva o modré smrti + dva soubory, o kterých se v té zprávě píše).

http://leteckaposta.cz/620766103

Nevím, jestli to s tím nějak souvisí, ale ještě nefungujou tyhle tři věci:

- nedaří se mi nainstalovat cosi z aktualizací windows, zkoušela jsem gůglit, jak tuhle konkrétní chybu vyřešit, nicméně podobný problém s tím měl kdosi naposled v roce 2007 a nebylo mu nějak extra pomoženo, tak jsem se neodvážila nic dalšího dělat.

- při včerejším avast scanu avast zahlásil, že cosi nezvládl proskenovat. Až doteď vždycky proskenoval všecko a v pohodě. Trochu mě překvapuje, že v názvu těch neproskenovaných souborů je „avast“. Ale jsem fakt lama, takže možná je to ok. Printscreen avastu a aktualizací v předchozí odrážce je tu:

http://leteckaposta.cz/351307851

- no a do třetice - vcelku náhodně se mi v chrome zjevuje úplně dole černý pruh a obsah stránky až nad ním. Teď jsem ho přeinstalovala, takže to snad pomůže.

Jo ještě jsem zapomněla – mám takové neblahé tušení, že za to částečně můžu sama – neměla jsem vždycky úplně moc volného místa na disku... popravdě ho tam bývalo dost málo

Chtěla jsem přiložit log z rsit, ale nějak se nechce vyrobit. Když ho spustím, tak koukám na „writing header information“ a nic se neděje, ani po deseti minutách, když do okna kliknu, tak se to pro jistotu zasekne. Ve složce rsit sice je txt, ale prázdný. Možná je to jenom rukama – ale nevím, co přesně dělám špatně

Děkuji.

Zdravím! Zkuste provést sken RSIT v nouz. režimu. Myslím si ale, že problém bude v poškozerném systému, příp. v hardwaru.

Zdravíčko, tak nakonec se rsit zasekl tak, že nešel shodit jinak než restartem pc, po restartu už jel a dostal se až do fáze "listing event logs", ve které teď setrvává už dobře deset minut, tak nevím, jestli z něj ještě něco vypadne. Nicméně log ze složky rsit už je na světě (doufám, že je to to, co jsem měla udělat

)

Logfile of random's system information tool 1.08 (written by random/random)
Run by Eva at 2011-06-17 20:36:14
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 65 GB (22%) free of 295 GB
Total RAM: 2999 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:36:23, on 17.6.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Users\Eva\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Eva\Desktop\RSIT (1).exe
C:\Program Files\trend micro\Eva.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2645238
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: ZoneAlarm Security - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe /tray
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [googletalk] C:\Users\Eva\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Google Update] "C:\Users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Hledání panelu &AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\cs-CZ\local\search.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\APSHook.dll APSHook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\windows\system32\rpcnet.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 12620 bytes

======Scheduled tasks folder======

C:\windows\tasks\Ad-Aware Update (Weekly).job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1544480033-330469207-238630024-1004Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1544480033-330469207-238630024-1004UA.job
C:\windows\tasks\HPCeeScheduleForEva.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
BHO_Startup Class - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll [2008-05-02 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar BHO - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-02-03 1185120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Security Engine Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2011-02-15 599544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-05-10 819840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
ZoneAlarm Security Toolbar - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll [2011-03-28 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}]
QUICKfind BHO Object - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll [2007-02-16 457216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
Credential Manager for HP ProtectTools - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2008-05-21 58128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-02-03 1185120]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-05-10 819840]
{91da5e8a-3318-4f8c-b67e-5964de3ab546} - ZoneAlarm Security Toolbar - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll [2011-03-28 176936]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2011-02-15 599544]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-04-18 178712]
"accrdsub"=c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2007-05-16 293168]
"PTHOSTTR"=c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2008-05-08 238984]
"CognizanceTS"=c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2008-05-21 24848]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-27 1045800]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"File Sanitizer"=C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [2008-05-02 10244096]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-05-14 177456]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-04-21 197904]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [2008-03-19 3842048]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2008-06-10 150040]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2008-06-10 170520]
"Persistence"=C:\windows\system32\igfxpers.exe [2008-06-10 145944]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-12-12 722256]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-07-01 37888]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-04-04 1314816]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-05-10 3459712]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2011-03-18 1043968]
"ISW"=C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [2011-02-15 738808]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-03-18 2289664]
"googletalk"=C:\Users\Eva\AppData\Roaming\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"Google Update"=C:\Users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-30 136176]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\System32\APSHook.dll APSHook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2008-05-21 208896]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\windows\System32\Notepad.exe %1
.js - open - C:\windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-06-17 19:12:49 ----D---- C:\rsit
2011-06-15 15:24:15 ----A---- C:\windows\system32\mshtmled.dll
2011-06-15 15:24:14 ----A---- C:\windows\system32\ieui.dll
2011-06-15 15:24:14 ----A---- C:\windows\system32\iertutil.dll
2011-06-15 15:24:13 ----A---- C:\windows\system32\jscript9.dll
2011-06-15 15:24:13 ----A---- C:\windows\system32\jscript.dll
2011-06-15 15:24:12 ----A---- C:\windows\system32\mshtml.dll
2011-06-15 15:24:12 ----A---- C:\windows\system32\ieframe.dll
2011-06-15 15:24:11 ----A---- C:\windows\system32\urlmon.dll
2011-06-15 15:00:39 ----A---- C:\windows\system32\drivers\dfsc.sys
2011-06-15 15:00:31 ----A---- C:\windows\system32\drivers\afd.sys
2011-06-15 15:00:29 ----A---- C:\windows\system32\drivers\srvnet.sys
2011-06-15 15:00:29 ----A---- C:\windows\system32\drivers\srv2.sys
2011-06-15 15:00:28 ----A---- C:\windows\system32\oleaut32.dll
2011-06-15 15:00:05 ----A---- C:\windows\system32\inetcomm.dll
2011-06-15 15:00:03 ----A---- C:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 15:00:03 ----A---- C:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 15:00:03 ----A---- C:\windows\system32\drivers\mrxsmb.sys
2011-06-08 06:08:29 ----D---- C:\Users\Eva\AppData\Roaming\CheckPoint
2011-06-08 06:08:14 ----D---- C:\Program Files\Conduit
2011-06-08 06:08:11 ----D---- C:\Program Files\ZoneAlarm_Security
2011-06-08 06:07:51 ----D---- C:\Program Files\CheckPoint
2011-06-08 06:07:46 ----A---- C:\windows\system32\vsregexp.dll
2011-06-08 06:07:29 ----A---- C:\windows\system32\drivers\netio.sys
2011-06-08 06:07:18 ----A---- C:\windows\system32\zlcommdb.dll
2011-06-08 06:07:18 ----A---- C:\windows\system32\zlcomm.dll
2011-06-08 06:07:15 ----A---- C:\windows\system32\vswmi.dll
2011-06-08 06:07:14 ----A---- C:\windows\system32\zpeng25.dll
2011-06-08 06:07:14 ----A---- C:\windows\system32\vsxml.dll
2011-06-08 06:07:13 ----A---- C:\windows\system32\vspubapi.dll
2011-06-08 06:07:13 ----A---- C:\windows\system32\vsmonapi.dll
2011-06-08 06:07:13 ----A---- C:\windows\system32\vsdata.dll
2011-06-08 06:07:01 ----D---- C:\windows\system32\ZoneLabs
2011-06-08 06:07:01 ----A---- C:\windows\system32\drivers\vsdatant.sys
2011-06-08 06:06:30 ----A---- C:\windows\system32\vsutil.dll
2011-06-08 06:06:30 ----A---- C:\windows\system32\vsinit.dll
2011-06-04 23:08:15 ----D---- C:\ProgramData\Skype Extras
2011-06-04 23:07:23 ----D---- C:\Program Files\Common Files\Skype
2011-05-26 13:16:52 ----SD---- C:\32788R22FWJFW
2011-05-26 00:40:48 ----D---- C:\Program Files\CCleaner
2011-05-25 22:19:16 ----D---- C:\Users\Eva\AppData\Roaming\Malwarebytes
2011-05-25 22:19:07 ----D---- C:\ProgramData\Malwarebytes
2011-05-25 22:19:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-05-25 20:52:43 ----ASH---- C:\hiberfil.sys
2011-05-25 20:41:00 ----SD---- C:\Beruska.com
2011-05-25 18:22:49 ----A---- C:\windows\zip.exe
2011-05-25 18:22:49 ----A---- C:\windows\SWSC.exe
2011-05-25 18:22:49 ----A---- C:\windows\SWREG.exe
2011-05-25 18:22:49 ----A---- C:\windows\sed.exe
2011-05-25 18:22:49 ----A---- C:\windows\PEV.exe
2011-05-25 18:22:49 ----A---- C:\windows\NIRCMD.exe
2011-05-25 18:22:49 ----A---- C:\windows\MBR.exe
2011-05-25 18:22:49 ----A---- C:\windows\grep.exe
2011-05-25 18:22:42 ----D---- C:\windows\ERDNT
2011-05-25 18:07:49 ----A---- C:\windows\system32\drivers\aswFsBlk.sys
2011-05-25 18:07:48 ----A---- C:\windows\system32\drivers\aswSP.sys
2011-05-25 18:07:44 ----A---- C:\windows\system32\drivers\aswRdr.sys
2011-05-25 18:07:43 ----A---- C:\windows\system32\drivers\aswTdi.sys
2011-05-25 18:07:43 ----A---- C:\windows\system32\drivers\aswSnx.sys
2011-05-25 18:07:41 ----A---- C:\windows\system32\drivers\aswMonFlt.sys
2011-05-25 18:07:07 ----A---- C:\windows\system32\aswBoot.exe
2011-05-25 18:06:52 ----D---- C:\ProgramData\AVAST Software
2011-05-25 18:06:52 ----D---- C:\Program Files\AVAST Software
2011-05-25 16:48:40 ----D---- C:\Program Files\trend micro

======List of files/folders modified in the last 1 months======

2011-06-17 20:36:23 ----D---- C:\windows\Prefetch
2011-06-17 20:36:22 ----D---- C:\windows\Internet Logs
2011-06-17 20:36:11 ----D---- C:\windows\TEMP
2011-06-17 20:31:55 ----A---- C:\windows\system32\rpcnetp.exe
2011-06-17 20:31:48 ----A---- C:\windows\system32\rpcnetp.dll
2011-06-17 20:31:48 ----A---- C:\windows\system32\rpcnet.dll
2011-06-17 20:31:30 ----D---- C:\ProgramData\hpqLog
2011-06-17 18:41:22 ----D---- C:\windows\System32
2011-06-17 18:39:30 ----N---- C:\windows\system32\rpcnet.exe
2011-06-17 00:36:11 ----D---- C:\! e v i c k a
2011-06-17 00:31:00 ----D---- C:\windows\Minidump
2011-06-17 00:30:56 ----D---- C:\Windows
2011-06-16 19:33:50 ----D---- C:\windows\inf
2011-06-16 19:33:50 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-06-16 18:41:25 ----D---- C:\windows\Microsoft.NET
2011-06-16 18:41:24 ----RSD---- C:\windows\assembly
2011-06-16 07:45:06 ----SHD---- C:\windows\Installer
2011-06-16 07:37:52 ----SHD---- C:\System Volume Information
2011-06-15 19:58:26 ----D---- C:\Users\Eva\AppData\Roaming\vlc
2011-06-15 15:42:49 ----D---- C:\windows\winsxs
2011-06-15 15:30:08 ----D---- C:\windows\system32\drivers
2011-06-15 15:30:08 ----D---- C:\Program Files\Internet Explorer
2011-06-15 15:29:25 ----D---- C:\ProgramData\Microsoft Help
2011-06-15 15:27:05 ----D---- C:\windows\Debug
2011-06-15 15:27:02 ----A---- C:\windows\system32\mrt.exe
2011-06-15 15:24:23 ----D---- C:\windows\system32\catroot
2011-06-15 15:16:13 ----D---- C:\Program Files\Windows Mail
2011-06-15 14:58:56 ----D---- C:\windows\system32\catroot2
2011-06-13 15:34:23 ----D---- C:\Users\Eva\AppData\Roaming\dvdcss
2011-06-10 21:09:58 ----D---- C:\Users\Eva\AppData\Roaming\Skype
2011-06-10 16:50:38 ----D---- C:\Users\Eva\AppData\Roaming\skypePM
2011-06-10 05:39:09 ----D---- C:\Users\Eva\AppData\Roaming\Winamp
2011-06-08 19:50:49 ----D---- C:\Users\Eva\AppData\Roaming\HpUpdate
2011-06-08 06:08:14 ----RD---- C:\Program Files
2011-06-06 17:00:20 ----HD---- C:\Program Files\InstallShield Installation Information
2011-06-06 17:00:12 ----D---- C:\Program Files\Hewlett-Packard
2011-06-06 16:57:23 ----D---- C:\Swsetup
2011-06-06 16:52:08 ----D---- C:\windows\Tasks
2011-06-06 16:52:08 ----D---- C:\windows\system32\Tasks
2011-06-04 23:08:15 ----HD---- C:\ProgramData
2011-06-04 23:07:23 ----RD---- C:\Program Files\Skype
2011-06-04 23:07:23 ----D---- C:\Program Files\Common Files
2011-06-04 23:07:16 ----D---- C:\ProgramData\Skype
2011-05-29 20:05:10 ----D---- C:\Program Files\Opera
2011-05-28 02:20:59 ----D---- C:\! pavel
2011-05-25 21:09:23 ----D---- C:\ProgramData\Lavasoft
2011-05-25 21:09:14 ----DC---- C:\windows\system32\DRVSTORE
2011-05-25 20:49:16 ----D---- C:\windows\AppPatch
2011-05-20 17:44:35 ----D---- C:\ProgramData\MFAData
2011-05-19 13:52:38 ----D---- C:\ProgramData\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2008-04-07 25448]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\drivers\iastor.sys [2008-04-15 312344]
R0 MegaSR;MegaSR; C:\windows\system32\drivers\megasr.sys [2008-01-21 386616]
R0 PxHelp20;PxHelp20; C:\windows\System32\Drivers\PxHelp20.sys [2008-04-08 44944]
R0 SafeBoot;SafeBoot; C:\windows\system32\drivers\SafeBoot.sys [2008-05-14 108752]
R0 SbAlg;SbAlg; C:\windows\system32\drivers\SbAlg.sys [2008-05-14 51376]
R0 SbFsLock;SbFsLock; C:\windows\system32\drivers\SbFsLock.sys [2008-05-14 12928]
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr.sys [2011-05-10 25432]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2011-05-10 441176]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2011-05-10 307928]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2011-05-10 49240]
R1 RsvLock;RsvLock; C:\windows\system32\drivers\RsvLock.sys [2008-05-14 12496]
R1 SBRE;SBRE; \??\C:\windows\system32\drivers\SBREdrv.sys [2010-11-08 98392]
R1 vsdatant;Zone Alarm Firewall Driver; C:\windows\system32\DRIVERS\vsdatant.sys [2010-05-15 457304]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [2011-05-10 19544]
R2 aswMonFlt;aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
R2 ISWKL;ZoneAlarm Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-02-15 26872]
R3 Accelerometer;HP Accelerometer; C:\windows\system32\DRIVERS\Accelerometer.sys [2008-04-07 34664]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\ADIHdAud.sys [2008-04-11 382464]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\windows\system32\DRIVERS\bcmwl6.sys [2008-03-21 1207288]
R3 BthEnum;Služba Bluetooth Enumerator; C:\windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2008-02-01 80424]
R3 btwavdt;Bluetooth AVDT; C:\windows\system32\drivers\btwavdt.sys [2008-02-01 80936]
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2008-02-01 16168]
R3 HBtnKey;HBtnKey; C:\windows\system32\DRIVERS\cpqbttn.sys [2008-04-14 9344]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-19 16768]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2008-05-21 2369536]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\windows\system32\DRIVERS\snp2uvc.sys [2008-04-10 1804160]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2008-03-27 199472]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\windows\system32\DRIVERS\yk60x86.sys [2008-01-17 298496]
S0 Lbd;Lbd; C:\windows\system32\DRIVERS\Lbd.sys []
S0 OCDE;ZTekWare Original CD Emulator Service; C:\windows\System32\Drivers\OCDE.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\windows\system32\drivers\errdev.sys [2008-01-21 6656]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2008-01-21 45624]
S3 usbscan;Ovladač skeneru USB; C:\windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 vsdatant7;vsdatant7; C:\windows\System32\drivers\vsdatant.win7.sys []
S3 WUDFRd;WUDFRd; C:\windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 accoca;ActivClient Middleware Service; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [2007-05-16 182576]
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AEADIFilters;Andrea ADI Filters Service; C:\windows\system32\AEADISRV.EXE [2007-10-19 86016]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2007-12-11 12800]
R2 ASBroker;Logon Session Broker; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 ASChannel;Local Communication Channel; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-05-10 42184]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\windows\system32\svchost.exe [2008-01-21 21504]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\windows\system32\svchost.exe [2008-01-21 21504]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]
R2 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-05-14 34184]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-05-14 256512]
R2 HPFSService;File Sanitizer for HP ProtectTools; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2008-05-02 77824]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2008-04-07 24936]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-18 354840]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-10-09 107912]
R2 IswSvc;ZoneAlarm Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2011-02-15 488952]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-18 73728]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 rpcnet;Remote Procedure Call (RPC) Net; C:\windows\system32\rpcnet.exe [2011-06-17 58288]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2011-03-18 2435592]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-04-16 165192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB10;RoxMediaDB10; c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WPFFontCache_v0400;@c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

Toto je OK. Ještě poprosím o log z ComboFix.

ok, provedu. Ale obávám se, že uvidím zas modrou obrazovčičku, jako posledně.

Co je na ni napsáno?

nene, zatím nic

Já jen že mám takové neblahé tušení, že zas bude. Jdu to ověřit v praxi

tak sláva, mám několik nových šedivých vlasů, ale taky mám log. Žádná modrá smrt, nicméně cca půl hodiny probíhalo mazání čehosi infikovaného. Koukám, že je to úplně stejná věc, jak ten údajný vir, co jsme tu lovili posledně, který vypadal jako falešný poplach... takže jsem z toho jelen... Jo a potom, co se vyrobil log a combofix úplně doběhl, nešlo vůbec nic spustit, antivir, internet, commander, nic. Po dalším restartu už je všechno OK.

ComboFix 11-06-17.02 - Eva 17.06.2011 21:13:49.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.2999.1864 [GMT 2:00]
Spuštěný z: c:\users\Eva\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Setup.exe
c:\users\Eva\AppData\Roaming\EurekaLog
c:\users\Eva\AppData\Roaming\EurekaLog\EurekaLog.ini
.
c:\windows\System32\autochk.exe . . . je infikován!!
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-17 do 2011-06-17 )))))))))))))))))))))))))))))))
.
.
2011-06-17 19:36 . 2011-06-17 19:36 -------- d-----w- c:\users\McAfeeMVSUser\AppData\Local\temp
2011-06-17 19:36 . 2011-06-17 19:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-17 17:12 . 2011-06-17 18:36 -------- d-----w- C:\rsit
2011-06-15 13:24 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-15 13:24 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-15 13:24 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-15 13:00 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-15 13:00 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 13:00 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 13:00 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 13:00 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 13:00 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 13:00 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 13:00 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 13:00 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 13:00 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-06-13 10:51 . 2011-06-13 10:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-08 04:08 . 2011-06-08 04:08 -------- d-----w- c:\users\Eva\AppData\Roaming\CheckPoint
2011-06-08 04:08 . 2011-06-08 04:08 -------- d-----w- c:\program files\Conduit
2011-06-08 04:08 . 2011-06-08 04:08 -------- d-----w- c:\users\Eva\AppData\Local\Conduit
2011-06-08 04:07 . 2010-05-15 14:30 457304 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2011-06-04 21:08 . 2011-06-10 15:00 -------- d-----w- c:\programdata\Skype Extras
2011-06-04 21:07 . 2011-06-04 21:07 -------- d-----w- c:\program files\Common Files\Skype
2011-05-26 11:16 . 2011-06-17 19:11 -------- d-----w- C:\32788R22FWJFW
2011-05-25 22:40 . 2011-05-25 22:40 -------- d-----w- c:\program files\CCleaner
2011-05-25 20:19 . 2011-05-25 20:19 -------- d-----w- c:\users\Eva\AppData\Roaming\Malwarebytes
2011-05-25 20:19 . 2011-05-25 20:19 -------- d-----w- c:\programdata\Malwarebytes
2011-05-25 20:19 . 2011-05-26 16:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-25 18:41 . 2011-05-25 18:51 -------- d-----w- C:\Beruska.com
2011-05-25 16:07 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-25 16:07 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-25 16:07 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-25 16:07 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-25 16:07 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-25 16:07 . 2011-05-10 11:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-25 16:07 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-25 16:07 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-25 16:06 . 2011-05-25 16:06 -------- d-----w- c:\programdata\AVAST Software
2011-05-25 16:06 . 2011-05-25 16:06 -------- d-----w- c:\program files\AVAST Software
2011-05-25 14:48 . 2011-06-17 18:36 -------- d-----w- c:\program files\trend micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-17 19:39 . 2009-08-30 13:53 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2011-06-17 19:39 . 2009-09-28 12:09 58288 ----a-w- c:\windows\system32\rpcnet.dll
2011-06-17 19:38 . 2009-09-28 12:05 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2011-06-17 16:39 . 2009-09-28 12:09 58288 ------w- c:\windows\system32\rpcnet.exe
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-06 18:41 . 2011-04-06 18:41 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-06 18:41 . 2011-04-06 18:41 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-06 18:41 . 2011-04-06 18:41 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-06 18:41 . 2011-04-06 18:41 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-06 18:41 . 2011-04-06 18:41 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-06 18:41 . 2011-04-06 18:41 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-06 18:41 . 2011-04-06 18:41 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-06 18:41 . 2011-04-06 18:41 367104 ----a-w- c:\windows\system32\html.iec
2011-04-06 18:41 . 2011-04-06 18:41 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-06 18:41 . 2011-04-06 18:41 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-06 18:41 . 2011-04-06 18:41 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-06 18:41 . 2011-04-06 18:41 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-06 18:41 . 2011-04-06 18:41 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-06 18:41 . 2011-04-06 18:41 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-06 18:41 . 2011-04-06 18:41 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-06 18:41 . 2011-04-06 18:41 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-06 18:41 . 2011-04-06 18:41 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-06 18:41 . 2011-04-06 18:41 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-06 18:41 . 2011-04-06 18:41 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2009-05-18 12:30 . 2009-05-18 12:30 1822848 ----a-w- c:\program files\instmsiw.exe
2009-05-18 12:30 . 2009-05-18 12:30 9795072 ----a-w- c:\program files\openofficeorg31.msi
2009-05-18 12:30 . 2009-05-18 12:30 1709160 ----a-w- c:\program files\instmsia.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ZoneAlarm_Security\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"googletalk"="c:\users\Eva\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-05-08 238984]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2008-05-02 10244096]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-04-21 197904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-10 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-10 145944]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-17 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 738808]
.
c:\users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-15 384512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-16 727592]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-8-6 197904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R0 OCDE;ZTekWare Original CD Emulator Service;c:\windows\System32\Drivers\OCDE.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
S0 rpcnetp;rpcnetp; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-05-14 34184]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-05-14 256512]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2008-05-02 77824]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-04-07 24936]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-02-15 26872]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-02-15 488952]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544480033-330469207-238630024-1004Core.job
- c:\users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-30 17:39]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544480033-330469207-238630024-1004UA.job
- c:\users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-30 17:39]
.
2011-06-07 c:\windows\Tasks\HPCeeScheduleForEva.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-06 22:07]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_cz&c=83&bd=all&pf=cmnb
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Hledání panelu &AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\cs-CZ\local\search.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Orion2DeinstKey - c:\program files\Microprose\Orion2\DeIsL1.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-17 21:39
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\## aswSnx private storage
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(748)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'Explorer.exe'(5472)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\System32\APSHook.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\program files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
c:\windows\system32\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\rpcnet.exe
c:\windows\System32\rpcnetp.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Celkový čas: 2011-06-17 21:47:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-06-17 19:47
.
Před spuštěním: Volných bajtů: 67 629 289 472
Po spuštění: Volných bajtů: 67 426 996 224
.
Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - E1E5CF351DCBB236D97E2F9B72088135

OK. Byl tam trojan a rootkit. Ještě otestujte online tento soubor na www.virustotal.com : c:\windows\System32\autochk.exe .

done: http://www.virustotal.com/file-scan/rep ... 1308341611

Myslím, že je soubor v pořádku. Jako vir ho označily jen 3 málo známé antiviry. AV světových značek mlčí. Log již vypadá OK. Nastala nějaká změna?

Jo, provedla jsem úspěšný "zátěžový" test a počítač vůbec nemrzne a jede jak drak - úplně mi přechází oči

. Až pojedu příště Studentem, tak otestuju tu wifi

Cvičně jsem zkusila znova nainstalovat tu aktualizaci woken, ale opět nezabrala, ale nijak extra mě to netrápí (nevím, jestli by ne/mělo). Jenom mě trochu děsí, jak dlouho tam ta havěť v klídku odpočívala. Je nějaký (jiný:)) způsob, jak ji odhalit?

Udržujte aktuální antivir a na internetu nechoďte do jeho "temných zákoutí". Neklikejte na vše, co se vám nabízí. Co se týká té aktualizace, záleží na tom, co je to za záplatu.

jasné, což o to, prevenci teoreticky zvládám dobře (prakticky je to, jak vidět, o něco horší

) Spíš mně šlo o to, čím můžu počítač proskenovat, když příště nabudu dojmu, že je moc pomalý. Nedokážu totiž moc odlišit, jestli je pomalý oprávněně (když ho přetěžuju), nebo když je takto zanesen.

Hmm ty aktualizace hlásí, že:

Aktualizace zabezpečení rozhraní Microsoft .NET Framework 4 systémech Windows XP, Windows Server 2003, Windows Vista, Windows 7 a Windows Server 2008 platformy x86 (KB2518870)

Datum instalace: ‎17.‎6.‎2011 22:47

Stav instalace: Neúspěšné

Podrobnosti o chybě: Kód 643

Typ aktualizace: Důležité

Bylo zjištěno slabé místo zabezpečení, které by mohlo útočníkovi dovolit ohrozit bezpečnost počítače se systémem Windows a nainstalovaným rozhraním Microsoft .NET Framework a získat nad ním úplnou kontrolu. Instalací této aktualizace od společnosti Microsoft zajistíte lepší ochranu svého počítače. Po dokončení instalace této položky bude pravděpodobně třeba restartovat počítač.

Další informace:
http://go.microsoft.com/fwlink/?LinkID=212833

Nápověda a podpora:
http://support.microsoft.com

Původně mě tam vyděsilo to slovo "zabezpečení".

S combofixem je ještě něco potřeba udělat?

Děkuji vám mnohokráte

VIRY.CZ

Počítač zamrzá + občas modrá smrt

Počítač zamrzá + občas modrá smrt

Re: Počítač zamrzá + občas modrá smrt

Re: Počítač zamrzá + občas modrá smrt

Re: Počítač zamrzá + občas modrá smrt

Re: Počítač zamrzá + občas modrá smrt

Re: Počítač zamrzá + občas modrá smrt

Re: Počítač zamrzá + občas modrá smrt

Re: Počítač zamrzá + občas modrá smrt

Re: Počítač zamrzá + občas modrá smrt

Re: Počítač zamrzá + občas modrá smrt

Re: Počítač zamrzá + občas modrá smrt

Re: Počítač zamrzá + občas modrá smrt

Re: Počítač zamrzá + občas modrá smrt

Re: Počítač zamrzá + občas modrá smrt

Re: Počítač zamrzá + občas modrá smrt