VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Zamrza spodni lista

https://forum.viry.cz:443/viewtopic.php?t=113032

Stránka 1 z 1

Zamrza spodni lista

Napsal: 08 črc 2011 08:32
od Ales.vazler
Ahoj. Moc prosim o pomoc. Antivirus je bezmocny. Pouzivam eseta, ale neumi tento vir odstranit. udelal jsem log. Poprve. Snad spravne.

Windows Vista SP 1 (build 7601)
Boot Mode: Normal
Ověření souborů Microsoftu: Ano
Whitelist: Ano
Internet Explorer v9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
Log vygenerován: 8.7.2011 9:24:56
================================================================

Běžící procesy
================================================================

C:\WINDOWS\SYSTEM32\ATIESRXX.EXE
(rootkit?) audiodg.exe
C:\WINDOWS\SYSTEM32\ATIECLXX.EXE
C:\WINDOWS\SYSTEM32\AEADISRV.EXE
C:\WINDOWS\SYSTEM32\PRINTCTRL.EXE
C:\PROGRAM FILES\O2\O2CZ\EMMSN.EXE
C:\PROGRAM FILES\O2\NORI\NORI.EXE

Scanner
================================================================
[?] atiesrxx.exe
Non Microsoft v System32:
Nemá okno

[S] audiodg.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Advanced SystemCare 4]
Nelze otevřít

[?] atieclxx.exe
Non Microsoft v System32:

[R] ASCService.exe
EntryPoint v sekci: .ITEXT
|_ Celkový počet sekcí: 7

[?] AEADISRV.EXE
Non Microsoft v System32:
Nemá okno

[?] PrintCtrl.exe
Non Microsoft v System32:
Nemá okno
Soubor 7%

[R] WLIDSVC.EXE
Ověřený Microsoft: Ne
Podobná jména: WLIDSVC.EXE X WLIDSVCM.EXE

[R] WLIDSVCM.EXE
Ověřený Microsoft: Ne
Podobná jména: WLIDSVCM.EXE X WLIDSVC.EXE

[S] explorer.exe
Spouští se po startu HKLM Winlogon [Shell]
Podvržená cesta modulu: (40AC0000) [DLL] ?

[R] SynTPEnh.exe
Spouští se po startu HKLM Run [SynTPEnh]

[R] egui.exe
Spouští se po startu HKLM Run [egui]

[R] ASCTray.exe
Spouští se po startu HKCU Run [Advanced SystemCare 4]
EntryPoint v sekci: .ITEXT
|_ Celkový počet sekcí: 7

[R] DTLite.exe
Spouští se po startu HKCU Run [DAEMON Tools Lite]

[?] EMMSN.exe
Soubor 7%

[?] Nori.exe
Soubor 7%

[R] CToolbar.exe
EntryPoint v sekci: .ITEXT
|_ Celkový počet sekcí: 9
Skrytá cesta EXE: C:\PROGRA~1\Crawler\CToolbar.exe

[R] skypePM.exe
EntryPoint v sekci: CODE
|_ Celkový počet sekcí: 8


Po spuštění
================================================================

HKCU Run
|_ [R][DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun

HKLM Run
|_ [R][egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice

HKLM ShellServiceObjectDelayLoad
|_ [X][WebCheck] (Soubor nenalezen)

HKLM IC
|_ [?][{89820200-ECBD-11cf-8B85-00AA005B4340}] regsvr32.exe /s /n /i:U shell32.dll
|_ [X][{9B71D88C-C598-4935-C5D1-43AA4DB90836}] C:\Windows\system32\win32\system32.exe s


HKLM BHO
|_ [X][{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] (Soubor nenalezen)

Služby (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[X] Acronis OS Selector Reinstall Service
|_ Cesta: C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: AcronisOSSReinstallSvc
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Zastaveno
|_ Typ: Win32 Own Process
|_ Dependency:

[?] Andrea ADI Filters Service
|_ Cesta: C:\Windows\system32\AEADISRV.EXE
| |_ Výrobce: Andrea Electronics Corporation
| |_ Popis: Andrea filters APO access service (32-bit)
| |_ MD5: 4DC6B0772D1698F04FC79053A21C8260
|
|_ Jméno: AEADIFilters
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

[?] AMD External Events Utility
|_ Cesta: C:\Windows\system32\atiesrxx.exe
| |_ Výrobce: AMD
| |_ Popis: AMD External Events Service Module
| |_ MD5: A236CEE2BF90381E981EBB870429FA9B
|
|_ Jméno: AMD External Events Utility
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

[?] Net Driver HPZ12
|_ Cesta: C:\Windows\System32\svchost.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\system32\HPZinw12.dll
| |_ Výrobce: Hewlett-Packard
| |_ Popis: Dot4Net Module
| |_ MD5: 51C6D8BFBD4EA5B62A1BA7F4469250D3
|
|_ Jméno: Net Driver HPZ12
|_ StartName: NT AUTHORITY\LocalService
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

[?] Pml Driver HPZ12
|_ Cesta: C:\Windows\System32\svchost.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\system32\HPZipm12.dll
| |_ Výrobce: Hewlett-Packard
| |_ Popis: PmlDrv Module
| |_ MD5: 79834AA2FBF9FE81EEBB229024F6F7FC
|
|_ Jméno: Pml Driver HPZ12
|_ StartName: NT AUTHORITY\LocalService
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

[?] Printer Control
|_ Cesta: C:\Windows\system32\PrintCtrl.exe
| |_ Výrobce: ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM
| |_ Popis: PrintCtrl
| |_ MD5: 81DBFB92EC47CAC5A7DBAC688886C212
|
|_ Jméno: Printer Control
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:


Ovladače (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[X] adfs
|_ Cesta: C:\Windows\system32\drivers\adfs.sys
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: adfs
|_ StartName:
|_ Typ spouštění: Auto Start
|_ Status: Zastaveno
|_ Typ: Kernel Driver
|_ Dependency:

[?] ADI UAA Function Driver for High Definition Audio Service
|_ Cesta: C:\Windows\system32\drivers\ADIHdAud.sys
| |_ Výrobce: Analog Devices, Inc.
| |_ Popis: High Definition Audio Function Driver
| |_ MD5: 6C61BCEB60C2C187E6F96001FD69493E
|
|_ Jméno: ADIHdAudAddService
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] Agere Systems Soft Modem
|_ Cesta: C:\Windows\system32\DRIVERS\AGRSM.sys
| |_ Výrobce: LSI Corporation
| |_ Popis: SoftModem Device Driver
| |_ MD5: C6FA08A8CCA9001F3197525B07331715
|
|_ Jméno: AgereSoftModem
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] atikmdag
|_ Cesta: C:\Windows\system32\DRIVERS\atikmdag.sys
| |_ Výrobce: ATI Technologies Inc.
| |_ Popis: ATI Radeon Kernel Mode Driver
| |_ MD5: A4252328D2B1520571102992EF0B0E5C
|
|_ Jméno: atikmdag
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] HBtnKey
|_ Cesta: C:\Windows\system32\DRIVERS\cpqbttn.sys
| |_ Výrobce: Hewlett-Packard Development Company, L.P.
| |_ Popis: HP Tablet PC Key Button HID Driver
| |_ MD5: 7DAD592A4D28092D584CFB4DEEF1373D
|
|_ Jméno: HBtnKey
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] HpqKbFilter Driver
|_ Cesta: C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
| |_ Výrobce: Hewlett-Packard Development Company, L.P.
| |_ Popis: HpqKbFiltr Keyboard Filter Driver
| |_ MD5: 1210960FF8928950D2A786895B0C424A
|
|_ Jméno: HpqKbFiltr
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] HUAWEI Mobile Connect - USB Smart Card Reader
|_ Cesta: C:\Windows\system32\DRIVERS\ewdcsc.sys
| |_ Výrobce: Huawei Tech. Co., Ltd.
| |_ Popis: HUAWEI USB Smart Card Driver
| |_ MD5: C1258ADCBE6E51A3C06C234D2BDB81B5
|
|_ Jméno: Huawei
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] Huawei DataCard USB Modem and USB Serial
|_ Cesta: C:\Windows\system32\DRIVERS\ewusbmdm.sys
| |_ Výrobce: Huawei Technologies Co., Ltd.
| |_ Popis: USB Modem/Serial Device Driver
| |_ MD5: 988C0A49F09D75D3341CB419141793C1
|
|_ Jméno: hwdatacard
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] Huawei DataCard USB PNP Device
|_ Cesta: C:\Windows\system32\DRIVERS\ewusbdev.sys
| |_ Výrobce: Huawei Technologies Co., Ltd.
| |_ Popis: USB Modem/Serial Device Driver
| |_ MD5: A259D3619AA23D4562581067F85E2006
|
|_ Jméno: hwusbdev
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] ManyCam Virtual Webcam, WDM Video Capture Driver
|_ Cesta: C:\Windows\system32\DRIVERS\ManyCam.sys
| |_ Výrobce: ManyCam LLC.
| |_ Popis: ManyCam Virtual Webcam, WDM Video Capture Driver
| |_ MD5: C6D085C7045200143528136A43A65FDE
|
|_ Jméno: ManyCam
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 32 Bit
|_ Cesta: C:\Windows\system32\DRIVERS\NETw5s32.sys
| |_ Výrobce: Intel Corporation
| |_ Popis: Intel® Wireless WiFi Link Driver
| |_ MD5: 5B2DFA9C5C02DDF2A113CC0F551B59DF
|
|_ Jméno: NETw5s32
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] SCDEmu
|_ Cesta: C:\Windows\system32\drivers\SCDEmu.sys
| |_ Výrobce: PowerISO Computing, Inc.
| |_ Popis: PowerISO Virtual Drive
| |_ MD5: 612A3D69E603DBBE5C3C1079186A0393
|
|_ Jméno: SCDEmu
|_ StartName:
|_ Typ spouštění: System Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller
|_ Cesta: C:\Windows\system32\DRIVERS\yk62x86.sys
| |_ Výrobce:
| |_ Popis:
| |_ MD5: 30B73EB97218A16CBC6DE535782A1B35
|
|_ Jméno: yukonw7
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:


Moduly (Zobraz i bezpečné DLL: False, Jen bez výrobce: True, Zobraz registrované: False)
================================================================
[?] actprint.dll
|_ Cesta: C:\Windows\System32\spool\prtprocs\w32x86\ActPrint.dll
|_ MD5: 31918EA665631EF5448447AAD2F1057B
|_ Výrobce: ActMask Co.,Ltd
|_ Procesy
|_ spoolsv.exe (1556)

[?] hpcpp5r1.dll
|_ Cesta: C:\Windows\System32\spool\prtprocs\w32x86\hpcpp5r1.DLL
|_ MD5: 05EE0CF634385D65F968B2FB7C1AA375
|_ Výrobce: Hewlett-Packard Corporation
|_ Procesy
|_ spoolsv.exe (1556)

[?] mfc80u.dll
|_ Cesta: C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
|_ MD5: E2C48CD0132D4D1DC7D0DF9A6BEF686A
|_ Výrobce: Microsoft Corporation
|_ Procesy
|_ egui.exe (2772)

[?] wrltid.dll
|_ Cesta: C:\Program Files\O2\O2CZ\WRLTID.dll
|_ MD5: AEC0B386D9F9803305048C43BBDFD688
|_ Výrobce: Telefónica I+D
|_ Procesy
|_ EMMSN.exe (4016)

[?] mensajeriadirecta.dll
|_ Cesta: C:\Program Files\O2\O2CZ\MensajeriaDirecta.dll
|_ MD5: 075E157C0C67E84E227D5ACE4AF8810D
|_ Výrobce: Telefónica I+D
|_ Procesy
|_ EMMSN.exe (4016)

[?] agendalib.dll
|_ Cesta: C:\Program Files\O2\O2CZ\AgendaLib.dll
|_ MD5: 7886D6CFA7CDD50A2F063F012C019E1F
|_ Výrobce: ?
|_ Procesy
|_ EMMSN.exe (4016)

[?] sqlite3.dll
|_ Cesta: C:\Program Files\O2\O2CZ\sqlite3.dll
|_ MD5: 7C2DC40E725BCBB3B5F2757EB1443325
|_ Výrobce:
|_ Procesy
|_ EMMSN.exe (4016)
|_ firefox.exe (2856)
|_ plugin-container.exe (5436)

[?] legplug.nori.dll
|_ Cesta: C:\Program Files\O2\Nori\legplug.nori.dll
|_ MD5: E5D13950D79235D76E6FEB01A41ED97D
|_ Výrobce: Telefónica I+D
|_ Procesy
|_ Nori.exe (4072)

[?] plghwi.dll
|_ Cesta: C:\Program Files\O2\Nori\legplgs\plghwi.dll
|_ MD5: A237C9E71EF83D8AF75408CE39E990F5
|_ Výrobce: ?
|_ Procesy
|_ Nori.exe (4072)

[?] plgnvt.dll
|_ Cesta: C:\Program Files\O2\Nori\legplgs\plgnvt.dll
|_ MD5: 31F645114DE402CDC18A1ADFCC1C0222
|_ Výrobce: ?
|_ Procesy
|_ Nori.exe (4072)

[?] plgopt.dll
|_ Cesta: C:\Program Files\O2\Nori\legplgs\plgopt.dll
|_ MD5: 1424CAD5FC8C31975ABB7C50CD2114A0
|_ Výrobce: ?
|_ Procesy
|_ Nori.exe (4072)

[?] plgser.dll
|_ Cesta: C:\Program Files\O2\Nori\legplgs\plgser.dll
|_ MD5: D59288424B60B35438D2D10B2C61A729
|_ Výrobce: ?
|_ Procesy
|_ Nori.exe (4072)

[?] plgsie.dll
|_ Cesta: C:\Program Files\O2\Nori\legplgs\plgsie.dll
|_ MD5: 444981199A459538672F6A388679AA84
|_ Výrobce: ?
|_ Procesy
|_ Nori.exe (4072)

[?] plgzte.dll
|_ Cesta: C:\Program Files\O2\Nori\legplgs\plgzte.dll
|_ MD5: 7A9E67CB12A92D60CC11D84C5B2D27B6
|_ Výrobce: ?
|_ Procesy
|_ Nori.exe (4072)

[?] gobiplug.nori.dll
|_ Cesta: C:\Program Files\O2\Nori\gobiplug.nori.dll
|_ MD5: D9D034114AEAD71F6C334C48F723E377
|_ Výrobce: Telefónica I+D
|_ Procesy
|_ Nori.exe (4072)

[!] xshared.dll
|_ Cesta: C:\Program Files\Crawler\firefox\components\xshared.dll
|_ MD5: 54E8D9FED5A310A11A42EECA9D0E42A5
|_ Výrobce: Crawler.com
|_ Procesy
|_ firefox.exe (2856)

[!] xcomm.dll
|_ Cesta: C:\Program Files\Crawler\firefox\components\xcomm.dll
|_ MD5: 297CC1092851B49915A16F451DFE0901
|_ Výrobce: Crawler.com
|_ Procesy
|_ firefox.exe (2856)

[!] xwsg.dll
|_ Cesta: C:\Program Files\Crawler\firefox\components\xwsg.dll
|_ MD5: F81E328E8EFD963ADCCC279240EE44C5
|_ Výrobce: Crawler.com
|_ Procesy
|_ firefox.exe (2856)

[?] xsupport.dll
|_ Cesta: C:\Program Files\Crawler\firefox\components\xsupport.dll
|_ MD5: 2782C061D4B55B428EB42E1C61A89403
|_ Výrobce: Crawler.com
|_ Procesy
|_ firefox.exe (2856)

[!] ctbcomm.dll
|_ Cesta: C:\Program Files\Crawler\ctbcomm.dll
|_ MD5: F9C284615AA94AB7BD2D05B829810190
|_ Výrobce: Crawler.com
|_ Procesy
|_ CToolbar.exe (3028)

[!] websecurityguard.dll
|_ Cesta: C:\Program Files\Crawler\WebSecurityGuard.dll
|_ MD5: C66CE5FEA0D2F8E54E840C43143D62AF
|_ Výrobce: Crawler.com
|_ Procesy
|_ CToolbar.exe (3028)

[?] cxcore099.dll
|_ Cesta: C:\Program Files\ManyCam\Bin\cxcore099.dll
|_ MD5: 286284D4AE1C67D0D5666B1417DCD575
|_ Výrobce: Intel Corporation.
|_ Procesy
|_ Skype.exe (3148)

[?] cv099.dll
|_ Cesta: C:\Program Files\ManyCam\Bin\cv099.dll
|_ MD5: 2A8B33FEE2F84490D52A3A7C75254971
|_ Výrobce: Intel Corporation.
|_ Procesy
|_ Skype.exe (3148)



================================================================
Ultimate Process Manager v4.1.3 - [ Lodus Software ]

Re: Zamrza spodni lista

Napsal: 08 črc 2011 08:39
od chodnik74
Dobrý den :welcome:
U nás používáme log z RSIT,návod vás povede : http://www.viry.cz/forum/viewtopic.php?f=13&t=105895

Re: Zamrza spodni lista

Napsal: 08 črc 2011 08:46
od Ales.vazler
Mo dekuji a prikladam opravu.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Aleš at 2011-07-08 09:44:01
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 89 GB (37%) free of 238 GB
Total RAM: 3036 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:44:13, on 8.7.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\PrintCtrl.exe
C:\Windows\system32\PSIService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe
C:\Program Files\O2\O2CZ\EMMSN.exe
C:\Program Files\O2\Nori\Nori.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Aleš\Downloads\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Aleš.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://paflikkq.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://paflikkq.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://paflikkq.info
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{E220B78E-F4E6-49F2-9FF4-8B1F23658C3A}: NameServer = 160.218.161.60 194.228.211.33
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing)
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Printer Control - ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM - C:\Windows\system32\PrintCtrl.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

--
End of file - 7833 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1217497703-1813558402-3643225182-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1217497703-1813558402-3643225182-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-06-17 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 1791272]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-07-02 2202704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"=C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe [2011-04-21 402832]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-07-08 09:44:01 ----D---- C:\rsit
2011-07-08 09:44:01 ----D---- C:\Program Files\trend micro
2011-07-08 09:24:04 ----D---- C:\Program Files\Ultimate Process Manager
2011-07-08 07:47:24 ----A---- C:\Windows\system32\CmdLineExt.dll
2011-07-08 07:44:43 ----D---- C:\Windows\system32\xlive
2011-07-08 07:43:40 ----D---- C:\Program Files\OpenAL
2011-07-08 07:43:40 ----A---- C:\Windows\system32\wrap_oal.dll
2011-07-08 07:43:40 ----A---- C:\Windows\system32\OpenAL32.dll
2011-07-08 07:38:08 ----D---- C:\Program Files\Sega
2011-07-07 12:51:26 ----D---- C:\ProgramData\ESET
2011-07-07 12:51:26 ----D---- C:\Program Files\ESET
2011-07-07 12:30:44 ----D---- C:\Program Files\Crawler
2011-07-07 12:24:18 ----D---- C:\Program Files\Spyware Terminator
2011-07-07 06:55:07 ----A---- C:\Windows\system32\drivers\snapman.sys
2011-07-06 13:46:01 ----HD---- C:\Windows\system32\win32
2011-07-05 23:05:38 ----A---- C:\Windows\system32\SmartDefragBootTime.exe
2011-07-05 23:05:38 ----A---- C:\Windows\system32\drivers\SmartDefragDriver.sys
2011-07-05 20:18:11 ----D---- C:\Users\Aleš\AppData\Roaming\TeamViewer
2011-07-05 05:29:43 ----A---- C:\Windows\system32\tquery.dll
2011-07-05 05:29:43 ----A---- C:\Windows\system32\mssrch.dll
2011-07-05 05:29:42 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-07-05 05:29:41 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-07-05 05:29:41 ----A---- C:\Windows\system32\mssph.dll
2011-07-05 05:29:40 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-07-05 05:29:40 ----A---- C:\Windows\system32\mssvp.dll
2011-07-05 05:29:40 ----A---- C:\Windows\system32\mssphtb.dll
2011-07-05 05:29:40 ----A---- C:\Windows\system32\msscntrs.dll
2011-07-05 05:29:35 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-07-04 16:16:22 ----A---- C:\Windows\system32\d3dx10_39.dll
2011-07-04 16:16:22 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2011-07-04 16:16:21 ----A---- C:\Windows\system32\D3DX9_39.dll
2011-07-04 16:12:05 ----D---- C:\Users\Aleš\AppData\Roaming\Autodesk
2011-07-04 16:12:05 ----D---- C:\ProgramData\Autodesk
2011-07-03 22:31:33 ----D---- C:\Users\Aleš\AppData\Roaming\PearlMountainSoft
2011-07-03 22:31:33 ----D---- C:\ProgramData\PearlMountainSoft
2011-07-03 22:17:31 ----D---- C:\Program Files\Common Files\DAZ
2011-07-03 22:14:24 ----D---- C:\Users\Aleš\AppData\Roaming\DAZ 3D
2011-07-03 19:51:17 ----A---- C:\Users\Aleš\AppData\Roaming\pcouffin.sys
2011-07-03 19:51:17 ----A---- C:\Users\Aleš\AppData\Roaming\inst.exe
2011-07-03 19:21:29 ----D---- C:\Users\Aleš\AppData\Roaming\AVS4YOU
2011-07-03 19:19:35 ----D---- C:\Program Files\Common Files\AVSMedia
2011-07-03 19:18:52 ----D---- C:\ProgramData\AVS4YOU
2011-07-03 19:18:52 ----A---- C:\Windows\system32\msxml3a.dll
2011-07-03 19:05:30 ----D---- C:\Users\Aleš\AppData\Roaming\Vso
2011-06-30 00:43:59 ----A---- C:\Windows\system32\tsccvid.dll
2011-06-30 00:43:58 ----D---- C:\Program Files\CDVPlayer
2011-06-30 00:33:45 ----D---- C:\Program Files\Common Files\Macrovision Shared
2011-06-29 17:53:29 ----D---- C:\ProgramData\FLEXnet
2011-06-29 17:46:29 ----D---- C:\Program Files\Adobe Media Player
2011-06-29 17:44:34 ----D---- C:\Program Files\Common Files\Adobe AIR
2011-06-27 11:08:04 ----HD---- C:\Windows\msdownld.tmp
2011-06-27 11:07:58 ----D---- C:\Windows\system32\directx
2011-06-26 10:57:46 ----D---- C:\Users\Aleš\AppData\Roaming\Mount&Blade Warband
2011-06-26 10:51:39 ----D---- C:\Program Files\Mount&Blade Warband
2011-06-25 11:05:53 ----A---- C:\Windows\UC.PIF
2011-06-25 11:05:53 ----A---- C:\Windows\RAR.PIF
2011-06-25 11:05:53 ----A---- C:\Windows\PKZIP.PIF
2011-06-25 11:05:53 ----A---- C:\Windows\PKUNZIP.PIF
2011-06-25 11:05:53 ----A---- C:\Windows\NOCLOSE.PIF
2011-06-25 11:05:53 ----A---- C:\Windows\LHA.PIF
2011-06-25 11:05:53 ----A---- C:\Windows\ARJ.PIF
2011-06-25 11:05:52 ----D---- C:\Users\Aleš\AppData\Roaming\GHISLER
2011-06-25 11:05:52 ----D---- C:\totalcmd
2011-06-25 01:30:28 ----D---- C:\Users\Aleš\AppData\Roaming\vlc
2011-06-25 01:29:48 ----D---- C:\Program Files\VideoLAN
2011-06-25 00:14:28 ----D---- C:\Program Files\CamStudio
2011-06-24 23:50:39 ----A---- C:\Windows\system32\MPG4C32.dll
2011-06-24 23:50:37 ----D---- C:\Program Files\innoheim
2011-06-24 22:47:31 ----D---- C:\Users\Aleš\AppData\Roaming\ManyCam
2011-06-24 22:47:08 ----D---- C:\Program Files\ManyCam
2011-06-24 12:07:59 ----D---- C:\Program Files\VisualRoute
2011-06-24 11:29:31 ----D---- C:\Program Files\ICQ FORCE
2011-06-23 21:20:13 ----D---- C:\ProgramData\Kaspersky Lab
2011-06-21 04:03:32 ----D---- C:\ProgramData\eMule
2011-06-21 04:03:15 ----D---- C:\Program Files\eMule
2011-06-21 03:33:31 ----A---- C:\Windows\system32\roboot.exe
2011-06-20 19:05:20 ----D---- C:\Program Files\Garmin
2011-06-20 16:07:32 ----D---- C:\Users\Aleš\AppData\Roaming\GARMIN
2011-06-19 16:47:32 ----D---- C:\Windows\system32\Wat
2011-06-19 15:27:46 ----D---- C:\Program Files\Bethesda Softworks
2011-06-17 20:58:03 ----A---- C:\Windows\system32\mshtmled.dll
2011-06-17 20:58:02 ----A---- C:\Windows\system32\jscript9.dll
2011-06-17 20:58:02 ----A---- C:\Windows\system32\jscript.dll
2011-06-17 20:58:02 ----A---- C:\Windows\system32\ieui.dll
2011-06-17 20:58:02 ----A---- C:\Windows\system32\iertutil.dll
2011-06-17 20:58:00 ----A---- C:\Windows\system32\mshtml.dll
2011-06-17 20:58:00 ----A---- C:\Windows\system32\ieframe.dll
2011-06-17 20:57:59 ----A---- C:\Windows\system32\urlmon.dll
2011-06-17 20:56:13 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-06-17 20:56:13 ----A---- C:\Windows\system32\drivers\afd.sys
2011-06-17 20:56:11 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-06-17 20:56:11 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-06-17 20:56:11 ----A---- C:\Windows\system32\drivers\srv.sys
2011-06-17 20:56:04 ----A---- C:\Windows\system32\oleaut32.dll
2011-06-17 20:55:57 ----A---- C:\Windows\system32\inetcomm.dll
2011-06-17 20:55:15 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-06-17 20:55:14 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-06-17 20:55:14 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-06-17 20:39:11 ----HD---- C:\ProgramData\Common Files
2011-06-17 20:37:26 ----D---- C:\ProgramData\MFAData
2011-06-17 19:59:55 ----D---- C:\Windows\Sun
2011-06-17 13:51:31 ----D---- C:\ProgramData\Sun
2011-06-17 13:51:30 ----D---- C:\Program Files\Common Files\Java
2011-06-17 13:51:17 ----A---- C:\Windows\system32\javaws.exe
2011-06-17 13:51:17 ----A---- C:\Windows\system32\javaw.exe
2011-06-17 13:51:17 ----A---- C:\Windows\system32\java.exe
2011-06-17 13:51:17 ----A---- C:\Windows\system32\deployJava1.dll
2011-06-17 13:51:04 ----D---- C:\Program Files\Java
2011-06-16 17:20:31 ----D---- C:\Program Files\Firefly Studios
2011-06-16 17:07:12 ----D---- C:\Users\Aleš\AppData\Roaming\GameRanger
2011-06-12 23:06:50 ----A---- C:\Windows\system32\NCTWMAFile2.dll
2011-06-12 23:06:50 ----A---- C:\Windows\system32\NCTAudioPlayer2.dll
2011-06-12 23:06:50 ----A---- C:\Windows\system32\NCTAudioFile2.dll
2011-06-12 23:06:50 ----A---- C:\Windows\system32\msvcr70.dll
2011-06-12 23:06:49 ----D---- C:\Program Files\Free MP3 WMA WAV Converter
2011-06-12 22:50:05 ----D---- C:\ProgramData\Nero
2011-06-12 22:50:05 ----D---- C:\Program Files\Nero
2011-06-12 22:50:04 ----D---- C:\Program Files\Common Files\Ahead
2011-06-09 01:39:37 ----D---- C:\Users\Aleš\AppData\Roaming\iVisit Data
2011-06-09 01:39:31 ----A---- C:\Windows\system32\SaveTo.dll
2011-06-09 01:39:20 ----A---- C:\Windows\system32\PrintDisp.exe
2011-06-09 01:39:20 ----A---- C:\Windows\system32\PrintCtrl.exe
2011-06-09 01:39:20 ----A---- C:\Windows\system32\CPDF.dll
2011-06-09 01:39:20 ----A---- C:\Windows\system32\ActPDF.dll
2011-06-09 01:39:12 ----A---- C:\Windows\system32\PrtPass.exe
2011-06-09 01:39:11 ----A---- C:\Windows\system32\SetupDrv.exe
2011-06-09 01:39:11 ----A---- C:\Windows\system32\SetPrinter.exe
2011-06-09 01:39:11 ----A---- C:\Windows\system32\PrtTools.exe
2011-06-09 01:39:11 ----A---- C:\Windows\system32\PrtClient.exe
2011-06-09 01:39:11 ----A---- C:\Windows\system32\PrintLog.exe
2011-06-09 01:39:10 ----A---- C:\Windows\system32\gdiplus.dll
2011-06-09 01:17:43 ----D---- C:\Users\Aleš\AppData\Roaming\Camfrog

======List of files/folders modified in the last 1 months======

2011-07-08 09:44:05 ----D---- C:\Windows\Temp
2011-07-08 09:44:01 ----RD---- C:\Program Files
2011-07-08 09:38:24 ----D---- C:\Users\Aleš\AppData\Roaming\Skype
2011-07-08 09:23:00 ----D---- C:\Windows\System32
2011-07-08 09:22:59 ----D---- C:\Windows\inf
2011-07-08 09:22:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-08 09:16:37 ----D---- C:\Windows\system32\config
2011-07-08 09:13:44 ----D---- C:\Users\Aleš\AppData\Roaming\uTorrent
2011-07-08 08:09:51 ----D---- C:\Users\Aleš\AppData\Roaming\skypePM
2011-07-08 08:03:21 ----SHD---- C:\Windows\Installer
2011-07-08 08:02:58 ----SHD---- C:\System Volume Information
2011-07-08 07:57:36 ----RSD---- C:\Windows\assembly
2011-07-08 07:56:26 ----D---- C:\Windows\system32\Tasks
2011-07-08 07:44:31 ----HD---- C:\Program Files\InstallShield Installation Information
2011-07-08 07:43:40 ----D---- C:\Windows
2011-07-08 06:51:21 ----HD---- C:\ProgramData
2011-07-08 06:51:21 ----D---- C:\Windows\system32\drivers
2011-07-07 16:56:22 ----D---- C:\Windows\system32\catroot2
2011-07-07 13:11:18 ----D---- C:\Windows\Prefetch
2011-07-07 12:40:06 ----D---- C:\Windows\system32\wdi
2011-07-07 12:28:50 ----D---- C:\Program Files\Diablo II
2011-07-07 07:02:11 ----D---- C:\Program Files\Common Files
2011-07-07 04:52:30 ----D---- C:\Windows\system32\drivers\etc
2011-07-07 01:32:32 ----D---- C:\Users\Aleš\AppData\Roaming\IObit
2011-07-07 00:44:23 ----D---- C:\Program Files\IObit
2011-07-05 22:53:54 ----D---- C:\Program Files\Mozilla Firefox
2011-07-05 22:53:52 ----D---- C:\Program Files\Counter-Strike Xtreme V5
2011-07-05 22:50:42 ----D---- C:\Program Files\Windows Sidebar
2011-07-05 22:50:42 ----D---- C:\Program Files\Windows Media Player
2011-07-05 22:50:42 ----D---- C:\Program Files\Common Files\System
2011-07-05 22:50:42 ----D---- C:\Program Files\Common Files\microsoft shared
2011-07-05 22:50:42 ----D---- C:\Program Files\Common Files\Adobe
2011-07-05 22:50:42 ----D---- C:\Program Files\Adobe
2011-07-05 22:22:28 ----D---- C:\Windows\debug
2011-07-05 08:29:49 ----D---- C:\Windows\winsxs
2011-07-05 05:32:12 ----RSD---- C:\Windows\Fonts
2011-07-05 05:29:28 ----D---- C:\Windows\system32\catroot
2011-07-04 22:43:45 ----D---- C:\Users\Aleš\AppData\Roaming\Adobe
2011-07-03 22:29:42 ----D---- C:\Users\Aleš\AppData\Roaming\Identities
2011-06-30 00:43:58 ----N---- C:\Windows\Setup1.exe
2011-06-30 00:38:08 ----D---- C:\ProgramData\Adobe
2011-06-27 10:52:49 ----D---- C:\Windows\system32\NDF
2011-06-25 22:42:30 ----D---- C:\Windows\Microsoft.NET
2011-06-25 21:55:25 ----D---- C:\Users\Aleš\AppData\Roaming\Mozilla
2011-06-25 20:33:59 ----D---- C:\Users\Aleš\AppData\Roaming\Hamachi
2011-06-25 14:54:34 ----SD---- C:\Users\Aleš\AppData\Roaming\Microsoft
2011-06-24 22:47:37 ----D---- C:\Windows\system32\DriverStore
2011-06-23 20:41:07 ----D---- C:\Windows\Tasks
2011-06-23 20:41:07 ----D---- C:\Windows\system32\wfp
2011-06-23 20:41:06 ----D---- C:\Windows\system32\wbem
2011-06-23 20:40:14 ----D---- C:\Windows\registration
2011-06-21 22:36:48 ----AD---- C:\ProgramData\TEMP
2011-06-21 22:30:27 ----D---- C:\Users\Aleš\AppData\Roaming\Mirillis
2011-06-21 22:30:27 ----D---- C:\ProgramData\Mirillis
2011-06-21 22:29:39 ----D---- C:\Program Files\Mirillis
2011-06-21 22:18:50 ----D---- C:\Windows\Downloaded Program Files
2011-06-20 16:01:06 ----D---- C:\Program Files\Common Files\InstallShield
2011-06-17 21:11:54 ----D---- C:\Windows\system32\cs-CZ
2011-06-17 21:09:24 ----D---- C:\Windows\system32\en-US
2011-06-17 21:09:23 ----D---- C:\Program Files\Microsoft.NET
2011-06-17 21:02:42 ----D---- C:\Program Files\Microsoft Silverlight
2011-06-17 21:01:37 ----D---- C:\Program Files\Internet Explorer
2011-06-17 21:00:07 ----A---- C:\Windows\system32\MRT.exe
2011-06-17 15:16:39 ----D---- C:\Windows\system
2011-06-16 12:40:05 ----D---- C:\Windows\ModemLogs
2011-06-16 12:39:16 ----SD---- C:\ProgramData\Microsoft
2011-06-15 12:27:11 ----D---- C:\Users\Aleš\AppData\Roaming\Ahead
2011-06-12 22:51:05 ----D---- C:\Windows\ehome

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 25656]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-26 218688]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-04-28 114984]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2007-08-07 33052]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-06-24 136120]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-04-28 96896]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 35896]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2009-05-18 381440]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2010-01-26 1163328]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-04 4994048]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2011-05-30 25280]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2009-04-20 9344]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2009-04-29 15872]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 23424]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-12-15 102912]
R3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 101120]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 NETw5s32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 32 Bit; C:\Windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2008-10-09 1810856]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-06-04 1303728]
S2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2010-11-20 393216]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2010-11-20 60416]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\drivers\Dot4Prt.sys [2010-11-20 16384]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2010-12-02 18304]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2010-12-02 23168]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2010-12-02 8192]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2010-12-02 8192]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WINUSB;Ovladač WinUsb; C:\Windows\system32\DRIVERS\WinUSB.SYS [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdvancedSystemCareService;Advanced SystemCare Service; C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656]
R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2008-07-15 90112]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2009-12-03 26112]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-04 176128]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-07-02 810144]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-13 26168]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Printer Control;Printer Control; C:\Windows\system32\PrintCtrl.exe [2009-10-29 65536]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2007-06-05 177704]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 TeamViewer6;TeamViewer 6; C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-07-02 33584]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-07-04 1045256]
S3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-06-19 1343400]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

Re: Zamrza spodni lista

Napsal: 08 črc 2011 09:05
od chodnik74
:arrow: Odinstalujte SpyHunter,SpywareTerminator a vše od IOBitu...Poté všechny nepotřebné toolbary :)

:arrow: Spustíme si HijackThisObrázek

Kód: Vybrat vše

C:\Program Files\trend micro\Aleš.exe
(Pokud nenajdeme nebo nemáme,tak stáhneme ZDE )
  • Dále klikneme na tlačítko Do a system scan only
  • Najdeme a označíme následující položky:

    Kód: Vybrat vše

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://paflikkq.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://paflikkq.info
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://paflikkq.info
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
  • klikneme na položku Fix checked a potvrdíme tlačítkem Ano

:arrow: Obrázek TFC
  • Stáhneme a spustíme program
  • Klikneme na Start a potvrdíme OK
  • Program začne uklízet,poté restartuje pc
  • po použití program smažte

Poté začneme hledat havěť :)

:arrow: Malwarebytes' Anti-Malware Obrázek
  • Stáhneme,nainstalujeme a spustíme(pokud si nevíte rady jak,klikněte ZDE)
  • Vybereme Úplná kontrola a klikneme na tlačítko ProhledatObrázek
  • Program provede kontrolu počítače a na konci se vám objeví hláska,že bylo skenování dokončeno,tak potvrdíme tlačítkem OK
  • Objeví se vám log,který mi sem vložte
  • NIC NEMAZAT!!Program mívá občas falešné detekce,takže mazat budeme až po konzultaci :twisted:

Re: Zamrza spodni lista

Napsal: 08 črc 2011 10:35
od Ales.vazler
Tak po dokonceni analizy mamtento log

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Verze databáze: 7045

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

8.7.2011 11:34:19
mbam-log-2011-07-08 (11-34-08).txt

Typ: Úplná kontrola (C:\|)
Kontrolované objekty: 285305
Uplynulý čas: 1 hodin, 2 minut, 4 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 3
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 1
Infikované složky: 0
Infikované soubory: 11

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9B71D88C-C598-4935-C5D1-43AA4DB90836} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\win32 (Trojan.Agent) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Windows\System32\win32\system32.exe (Trojan.Agent) -> No action taken.
c:\programdata\microsoft\windows defender\localcopy\{07dee365-74e6-4ce6-83e3-5508c51357c7}-auto-keylogger-setup.exe (PUP.AutoKeylogger) -> No action taken.
c:\Users\Aleš\Desktop\ovladače+programy\fff-ea103.exe (RiskWare.Tool.CK) -> No action taken.
c:\Users\Aleš\Desktop\ovladače+programy\Adobe\keygen.exe (Malware.Packer.Gen) -> No action taken.
c:\Users\Aleš\Desktop\ovladače+programy\multi password recovery v.1.2.8\Patch\multi.password.recovery.1.x-2.x-patch.exe (Malware.Packer.Gen) -> No action taken.
c:\Users\Aleš\Desktop\ovladače+programy\nod32 - 32&64bit work licence!\eset nod32 antivirus 4 v4.2.58.5 100% works licence 32bit, 64bit cz\TNODUP\tnodup setup.exe (Trojan.Agent.CK) -> No action taken.
c:\Users\Aleš\Desktop\ovladače+programy\nod32 - 32&64bit work licence!\eset nod32 antivirus 4 v4.2.58.5 100% works licence 32bit, 64bit cz\TNODUP\TNODUP.exe (Trojan.Agent.CK) -> No action taken.
c:\Users\Aleš\Desktop\ovladače+programy\eset nod32 antivirus 4 v4.2.58.5 100% works licence 32bit, 64bit cz\TNODUP\tnodup setup.exe (Trojan.Agent.CK) -> No action taken.
c:\Users\Aleš\Desktop\ovladače+programy\eset nod32 antivirus 4 v4.2.58.5 100% works licence 32bit, 64bit cz\TNODUP\TNODUP.exe (Trojan.Agent.CK) -> No action taken.
c:\Users\Aleš\Desktop\ovladače+programy\slow-pcfighter v.1.4.95\slow-pcfighter v.1.4.95\Crack\slow-pcfighter.exe (Trojan.Agent) -> No action taken.
c:\Users\Aleš\AppData\Roaming\addon.dat (Malware.Trace) -> No action taken.

Re: Zamrza spodni lista

Napsal: 08 črc 2011 11:05
od Ales.vazler
Muzu tedy vse smazat abych to vyresil? Nic z toho nepotrebuji.

Re: Zamrza spodni lista

Napsal: 08 črc 2011 12:52
od chodnik74
Ano všechny nalazené položky smazat..co budeme dělat s nelegálním ESET?

Pravidla fora: č.1 a č.2, č.3

:arrow: Stáhneme si program CKScannerObrázek
  • Spustíme stažený program CKScanner.exe Obrázek
  • Klineme na tlačítko Search for files a počkáme Obrázek
  • Po dokončení se nám ukáže log,klikneme na Save List to File
  • Ve stejném umístění jako je program CKScanner.exe najdeme soubor ckfiles.txt
  • Otevřeme soubor ckfiles.txt a jeho obsah vložíme sem na forum
:arrow: Stáhněte a spusťte WVCheck.exe nebo WVCheck.zip
  • Stiskněte klávesu Enter
  • Program začne prohledávat váš PC,délka skenování je závislá na počtu souborů ve vašem PC (většinou do 5 minut)
  • Po dokončení skenování se vám zobrazí log,který mi sem zkopírujte (log najdete i na vaší Ploše)

Re: Zamrza spodni lista

Napsal: 09 črc 2011 10:54
od Ales.vazler
Eset take smazan. Nainstalovan a registrovan avast antivirus.

Re: Zamrza spodni lista

Napsal: 09 črc 2011 11:05
od chodnik74
Výborně...poprosím nový log z RSIT :)

Re: Zamrza spodni lista

Napsal: 09 črc 2011 11:15
od Ales.vazler
Moc dekuji za podporu. Snad je ten registrovany avast ucinnejsi nez eset. Na tyto kreknute veci prestavam verit a uz nic nelegalniho. Je to pekny, ale neochrani to. Tady je novy log

Logfile of random's system information tool 1.08 (written by random/random)
Run by Aleš at 2011-07-09 12:08:00
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 105 GB (44%) free of 238 GB
Total RAM: 3036 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:08:09, on 9.7.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\O2\O2CZ\EMMSN.exe
C:\Program Files\O2\Nori\Nori.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Users\Aleš\Downloads\RSIT.exe
C:\Program Files\trend micro\Aleš.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{E220B78E-F4E6-49F2-9FF4-8B1F23658C3A}: NameServer = 194.228.211.33 160.218.167.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing)
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Printer Control - ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM - C:\Windows\system32\PrintCtrl.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

--
End of file - 5592 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1217497703-1813558402-3643225182-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1217497703-1813558402-3643225182-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-06-17 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 1791272]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"=C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe [2011-04-21 402832]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-11-10 4240760]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-07-08 12:23:25 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2011-07-08 12:12:12 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-07-08 12:12:12 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-07-08 12:12:07 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-07-08 12:12:05 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-07-08 12:12:02 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-07-08 12:11:57 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-07-08 12:11:39 ----A---- C:\Windows\system32\aswBoot.exe
2011-07-08 12:11:32 ----D---- C:\ProgramData\AVAST Software
2011-07-08 12:11:32 ----D---- C:\Program Files\AVAST Software
2011-07-08 10:18:53 ----D---- C:\Users\Aleš\AppData\Roaming\Malwarebytes
2011-07-08 10:18:41 ----D---- C:\ProgramData\Malwarebytes
2011-07-08 09:44:01 ----D---- C:\rsit
2011-07-08 09:44:01 ----D---- C:\Program Files\trend micro
2011-07-08 09:24:04 ----D---- C:\Program Files\Ultimate Process Manager
2011-07-08 07:47:24 ----A---- C:\Windows\system32\CmdLineExt.dll
2011-07-08 07:44:43 ----D---- C:\Windows\system32\xlive
2011-07-08 07:43:40 ----D---- C:\Program Files\OpenAL
2011-07-08 07:43:40 ----A---- C:\Windows\system32\wrap_oal.dll
2011-07-08 07:43:40 ----A---- C:\Windows\system32\OpenAL32.dll
2011-07-08 07:38:08 ----D---- C:\Program Files\Sega
2011-07-07 12:30:44 ----D---- C:\Program Files\Crawler
2011-07-07 06:55:07 ----A---- C:\Windows\system32\drivers\snapman.sys
2011-07-06 13:46:01 ----HD---- C:\Windows\system32\win32
2011-07-05 20:18:11 ----D---- C:\Users\Aleš\AppData\Roaming\TeamViewer
2011-07-05 05:29:43 ----A---- C:\Windows\system32\tquery.dll
2011-07-05 05:29:43 ----A---- C:\Windows\system32\mssrch.dll
2011-07-05 05:29:42 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-07-05 05:29:41 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-07-05 05:29:41 ----A---- C:\Windows\system32\mssph.dll
2011-07-05 05:29:40 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-07-05 05:29:40 ----A---- C:\Windows\system32\mssvp.dll
2011-07-05 05:29:40 ----A---- C:\Windows\system32\mssphtb.dll
2011-07-05 05:29:40 ----A---- C:\Windows\system32\msscntrs.dll
2011-07-05 05:29:35 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-07-04 16:16:22 ----A---- C:\Windows\system32\d3dx10_39.dll
2011-07-04 16:16:22 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2011-07-04 16:16:21 ----A---- C:\Windows\system32\D3DX9_39.dll
2011-07-04 16:12:05 ----D---- C:\Users\Aleš\AppData\Roaming\Autodesk
2011-07-04 16:12:05 ----D---- C:\ProgramData\Autodesk
2011-07-03 22:31:33 ----D---- C:\Users\Aleš\AppData\Roaming\PearlMountainSoft
2011-07-03 22:31:33 ----D---- C:\ProgramData\PearlMountainSoft
2011-07-03 22:17:31 ----D---- C:\Program Files\Common Files\DAZ
2011-07-03 22:14:24 ----D---- C:\Users\Aleš\AppData\Roaming\DAZ 3D
2011-07-03 19:51:17 ----A---- C:\Users\Aleš\AppData\Roaming\pcouffin.sys
2011-07-03 19:51:17 ----A---- C:\Users\Aleš\AppData\Roaming\inst.exe
2011-07-03 19:21:29 ----D---- C:\Users\Aleš\AppData\Roaming\AVS4YOU
2011-07-03 19:19:35 ----D---- C:\Program Files\Common Files\AVSMedia
2011-07-03 19:18:52 ----D---- C:\ProgramData\AVS4YOU
2011-07-03 19:18:52 ----A---- C:\Windows\system32\msxml3a.dll
2011-07-03 19:05:30 ----D---- C:\Users\Aleš\AppData\Roaming\Vso
2011-06-30 00:43:59 ----A---- C:\Windows\system32\tsccvid.dll
2011-06-30 00:43:58 ----D---- C:\Program Files\CDVPlayer
2011-06-30 00:33:45 ----D---- C:\Program Files\Common Files\Macrovision Shared
2011-06-29 17:53:29 ----D---- C:\ProgramData\FLEXnet
2011-06-29 17:46:29 ----D---- C:\Program Files\Adobe Media Player
2011-06-29 17:44:34 ----D---- C:\Program Files\Common Files\Adobe AIR
2011-06-27 11:07:58 ----D---- C:\Windows\system32\directx
2011-06-26 10:57:46 ----D---- C:\Users\Aleš\AppData\Roaming\Mount&Blade Warband
2011-06-26 10:51:39 ----D---- C:\Program Files\Mount&Blade Warband
2011-06-25 11:05:53 ----A---- C:\Windows\UC.PIF
2011-06-25 11:05:53 ----A---- C:\Windows\RAR.PIF
2011-06-25 11:05:53 ----A---- C:\Windows\PKZIP.PIF
2011-06-25 11:05:53 ----A---- C:\Windows\PKUNZIP.PIF
2011-06-25 11:05:53 ----A---- C:\Windows\NOCLOSE.PIF
2011-06-25 11:05:53 ----A---- C:\Windows\LHA.PIF
2011-06-25 11:05:53 ----A---- C:\Windows\ARJ.PIF
2011-06-25 11:05:52 ----D---- C:\Users\Aleš\AppData\Roaming\GHISLER
2011-06-25 11:05:52 ----D---- C:\totalcmd
2011-06-25 01:30:28 ----D---- C:\Users\Aleš\AppData\Roaming\vlc
2011-06-25 01:29:48 ----D---- C:\Program Files\VideoLAN
2011-06-25 00:14:28 ----D---- C:\Program Files\CamStudio
2011-06-24 23:50:39 ----A---- C:\Windows\system32\MPG4C32.dll
2011-06-24 23:50:37 ----D---- C:\Program Files\innoheim
2011-06-24 22:47:31 ----D---- C:\Users\Aleš\AppData\Roaming\ManyCam
2011-06-24 22:47:08 ----D---- C:\Program Files\ManyCam
2011-06-24 12:07:59 ----D---- C:\Program Files\VisualRoute
2011-06-24 11:29:31 ----D---- C:\Program Files\ICQ FORCE
2011-06-23 21:20:13 ----D---- C:\ProgramData\Kaspersky Lab
2011-06-21 04:03:32 ----D---- C:\ProgramData\eMule
2011-06-21 04:03:15 ----D---- C:\Program Files\eMule
2011-06-21 03:33:31 ----A---- C:\Windows\system32\roboot.exe
2011-06-20 19:05:20 ----D---- C:\Program Files\Garmin
2011-06-20 16:07:32 ----D---- C:\Users\Aleš\AppData\Roaming\GARMIN
2011-06-19 16:47:32 ----D---- C:\Windows\system32\Wat
2011-06-19 15:27:46 ----D---- C:\Program Files\Bethesda Softworks
2011-06-17 20:58:03 ----A---- C:\Windows\system32\mshtmled.dll
2011-06-17 20:58:02 ----A---- C:\Windows\system32\jscript9.dll
2011-06-17 20:58:02 ----A---- C:\Windows\system32\jscript.dll
2011-06-17 20:58:02 ----A---- C:\Windows\system32\ieui.dll
2011-06-17 20:58:02 ----A---- C:\Windows\system32\iertutil.dll
2011-06-17 20:58:00 ----A---- C:\Windows\system32\mshtml.dll
2011-06-17 20:58:00 ----A---- C:\Windows\system32\ieframe.dll
2011-06-17 20:57:59 ----A---- C:\Windows\system32\urlmon.dll
2011-06-17 20:56:13 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-06-17 20:56:13 ----A---- C:\Windows\system32\drivers\afd.sys
2011-06-17 20:56:11 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-06-17 20:56:11 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-06-17 20:56:11 ----A---- C:\Windows\system32\drivers\srv.sys
2011-06-17 20:56:04 ----A---- C:\Windows\system32\oleaut32.dll
2011-06-17 20:55:57 ----A---- C:\Windows\system32\inetcomm.dll
2011-06-17 20:55:15 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-06-17 20:55:14 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-06-17 20:55:14 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-06-17 20:39:11 ----HD---- C:\ProgramData\Common Files
2011-06-17 20:37:26 ----D---- C:\ProgramData\MFAData
2011-06-17 19:59:55 ----D---- C:\Windows\Sun
2011-06-17 13:51:31 ----D---- C:\ProgramData\Sun
2011-06-17 13:51:30 ----D---- C:\Program Files\Common Files\Java
2011-06-17 13:51:17 ----A---- C:\Windows\system32\javaws.exe
2011-06-17 13:51:17 ----A---- C:\Windows\system32\javaw.exe
2011-06-17 13:51:17 ----A---- C:\Windows\system32\java.exe
2011-06-17 13:51:17 ----A---- C:\Windows\system32\deployJava1.dll
2011-06-17 13:51:04 ----D---- C:\Program Files\Java
2011-06-16 17:20:31 ----D---- C:\Program Files\Firefly Studios
2011-06-16 17:07:12 ----D---- C:\Users\Aleš\AppData\Roaming\GameRanger
2011-06-12 23:06:50 ----A---- C:\Windows\system32\NCTWMAFile2.dll
2011-06-12 23:06:50 ----A---- C:\Windows\system32\NCTAudioPlayer2.dll
2011-06-12 23:06:50 ----A---- C:\Windows\system32\NCTAudioFile2.dll
2011-06-12 23:06:50 ----A---- C:\Windows\system32\msvcr70.dll
2011-06-12 23:06:49 ----D---- C:\Program Files\Free MP3 WMA WAV Converter
2011-06-12 22:50:05 ----D---- C:\ProgramData\Nero
2011-06-12 22:50:05 ----D---- C:\Program Files\Nero
2011-06-12 22:50:04 ----D---- C:\Program Files\Common Files\Ahead

======List of files/folders modified in the last 1 months======

2011-07-09 12:08:06 ----D---- C:\Windows\Temp
2011-07-09 11:50:53 ----D---- C:\Windows\System32
2011-07-09 11:50:53 ----D---- C:\Windows\inf
2011-07-09 11:50:53 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-09 08:42:37 ----D---- C:\Windows\system32\config
2011-07-09 08:29:08 ----D---- C:\Windows
2011-07-08 13:57:35 ----RD---- C:\Program Files
2011-07-08 13:56:20 ----SHD---- C:\Windows\Installer
2011-07-08 13:56:00 ----SHD---- C:\System Volume Information
2011-07-08 13:43:17 ----RSD---- C:\Windows\assembly
2011-07-08 13:42:57 ----D---- C:\Windows\system32\cs-CZ
2011-07-08 13:41:46 ----D---- C:\Windows\Microsoft.NET
2011-07-08 13:41:35 ----D---- C:\Windows\system32\en-US
2011-07-08 13:41:34 ----D---- C:\Program Files\Microsoft.NET
2011-07-08 13:03:46 ----D---- C:\Users\Aleš\AppData\Roaming\uTorrent
2011-07-08 12:25:51 ----D---- C:\Program Files\Microsoft Office
2011-07-08 12:15:08 ----D---- C:\Windows\system32\Tasks
2011-07-08 12:12:12 ----D---- C:\Windows\system32\drivers
2011-07-08 12:11:39 ----D---- C:\Program Files\Windows Sidebar
2011-07-08 12:11:32 ----HD---- C:\ProgramData
2011-07-08 12:09:07 ----D---- C:\Windows\schemas
2011-07-08 10:16:21 ----D---- C:\Users\Aleš\AppData\Roaming\Skype
2011-07-08 08:09:51 ----D---- C:\Users\Aleš\AppData\Roaming\skypePM
2011-07-08 07:44:31 ----HD---- C:\Program Files\InstallShield Installation Information
2011-07-07 16:56:22 ----D---- C:\Windows\system32\catroot2
2011-07-07 13:11:18 ----D---- C:\Windows\Prefetch
2011-07-07 12:40:06 ----D---- C:\Windows\system32\wdi
2011-07-07 12:28:50 ----D---- C:\Program Files\Diablo II
2011-07-07 07:02:11 ----D---- C:\Program Files\Common Files
2011-07-07 04:52:30 ----D---- C:\Windows\system32\drivers\etc
2011-07-07 01:32:32 ----D---- C:\Users\Aleš\AppData\Roaming\IObit
2011-07-07 00:44:23 ----D---- C:\Program Files\IObit
2011-07-05 22:53:54 ----D---- C:\Program Files\Mozilla Firefox
2011-07-05 22:53:52 ----D---- C:\Program Files\Counter-Strike Xtreme V5
2011-07-05 22:50:42 ----D---- C:\Program Files\Windows Media Player
2011-07-05 22:50:42 ----D---- C:\Program Files\Common Files\System
2011-07-05 22:50:42 ----D---- C:\Program Files\Common Files\microsoft shared
2011-07-05 22:50:42 ----D---- C:\Program Files\Common Files\Adobe
2011-07-05 22:50:42 ----D---- C:\Program Files\Adobe
2011-07-05 22:22:28 ----D---- C:\Windows\debug
2011-07-05 08:29:49 ----D---- C:\Windows\winsxs
2011-07-05 05:32:12 ----RSD---- C:\Windows\Fonts
2011-07-05 05:29:28 ----D---- C:\Windows\system32\catroot
2011-07-04 22:43:45 ----D---- C:\Users\Aleš\AppData\Roaming\Adobe
2011-07-03 22:29:42 ----D---- C:\Users\Aleš\AppData\Roaming\Identities
2011-06-30 00:43:58 ----N---- C:\Windows\Setup1.exe
2011-06-30 00:38:08 ----D---- C:\ProgramData\Adobe
2011-06-27 10:52:49 ----D---- C:\Windows\system32\NDF
2011-06-25 21:55:25 ----D---- C:\Users\Aleš\AppData\Roaming\Mozilla
2011-06-25 20:33:59 ----D---- C:\Users\Aleš\AppData\Roaming\Hamachi
2011-06-25 14:54:34 ----SD---- C:\Users\Aleš\AppData\Roaming\Microsoft
2011-06-24 22:47:37 ----D---- C:\Windows\system32\DriverStore
2011-06-23 20:41:07 ----D---- C:\Windows\Tasks
2011-06-23 20:41:07 ----D---- C:\Windows\system32\wfp
2011-06-23 20:41:06 ----D---- C:\Windows\system32\wbem
2011-06-23 20:40:14 ----D---- C:\Windows\registration
2011-06-21 22:36:48 ----AD---- C:\ProgramData\TEMP
2011-06-21 22:30:27 ----D---- C:\Users\Aleš\AppData\Roaming\Mirillis
2011-06-21 22:30:27 ----D---- C:\ProgramData\Mirillis
2011-06-21 22:29:39 ----D---- C:\Program Files\Mirillis
2011-06-21 22:18:50 ----D---- C:\Windows\Downloaded Program Files
2011-06-20 16:01:06 ----D---- C:\Program Files\Common Files\InstallShield
2011-06-17 21:02:42 ----D---- C:\Program Files\Microsoft Silverlight
2011-06-17 21:01:37 ----D---- C:\Program Files\Internet Explorer
2011-06-17 21:00:07 ----A---- C:\Windows\system32\MRT.exe
2011-06-17 15:16:39 ----D---- C:\Windows\system
2011-06-17 13:13:03 ----D---- C:\Users\Aleš\AppData\Roaming\Camfrog
2011-06-16 12:40:05 ----D---- C:\Windows\ModemLogs
2011-06-16 12:39:16 ----SD---- C:\ProgramData\Microsoft
2011-06-15 12:27:11 ----D---- C:\Users\Aleš\AppData\Roaming\Ahead
2011-06-12 22:51:05 ----D---- C:\Windows\ehome

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 25656]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-07-04 441176]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-07-04 309848]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-07-04 43608]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-26 218688]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2007-08-07 33052]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 35896]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2009-05-18 381440]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2010-01-26 1163328]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-04 4994048]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2011-05-30 25280]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2009-04-20 9344]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2009-04-29 15872]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 23424]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-12-15 102912]
R3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 101120]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 NETw5s32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 32 Bit; C:\Windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2008-10-09 1810856]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-06-04 1303728]
S2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2010-11-20 393216]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2010-11-20 60416]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\drivers\Dot4Prt.sys [2010-11-20 16384]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys []
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2010-12-02 18304]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2010-12-02 23168]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2010-12-02 8192]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2010-12-02 8192]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WINUSB;Ovladač WinUsb; C:\Windows\system32\DRIVERS\WinUSB.SYS [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdvancedSystemCareService;Advanced SystemCare Service; C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656]
R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2008-07-15 90112]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2009-12-03 26112]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-04 176128]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-13 26168]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Printer Control;Printer Control; C:\Windows\system32\PrintCtrl.exe [2009-10-29 65536]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2007-06-05 177704]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 TeamViewer6;TeamViewer 6; C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe []
S3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-07-04 1045256]
S3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-06-19 1343400]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

Re: Zamrza spodni lista

Napsal: 10 črc 2011 20:01
od chodnik74
:arrow: Ano bude určitě účinnější :) protože cracknutým SW si do pc nataháte jen havěť :)

:arrow: Odinstaloval bych Advanced SystemCare 4 a vše od IOBit..takto si brzo zboříte systém :)

:arrow: Spustíme si HijackThisObrázek

Kód: Vybrat vše

C:\Program Files\trend micro\Aleš.exe
(Pokud nenajdeme nebo nemáme,tak stáhneme ZDE )
  • Dále klikneme na tlačítko Do a system scan only
  • Najdeme a označíme následující položky:

    Kód: Vybrat vše

    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
  • klikneme na položku Fix checked a potvrdíme tlačítkem Ano
:arrow: Poté provedeme údržbu pc :wink: lepší jak Advanced system care ;-)

Údržba PC:

1)Čištění dočasných složek + neplatné registry
:arrow: ObrázekCcleaner
  • Stáhneme a nainstalujeme program
  • Spustíme program
  • ČISTIČ
    Windows zde necháme vše jak je (pokud používáme IE,tak odškrkneme jeho položky) a zaškrkneme položky Start Menu zástupci a Zástupci na ploše
    Aplikace - necháme jak je,ale pokud používáme nějaký prohlížeč (Google chrome,Firefox,Opera..) tak odškrkneme jeho položky
    >Stiskeneme tlačítko Analyzovat a poté Spustit Cleaner
  • Registry
    >Stiskneme tlačítko Hledej problémy,program začne hledat neplatné registry..podé zvolíme Opravit vybrané problémy..
    >Program se zeptá,zda chceme vytvořit zálohu registrů,zvolíme ano a uložíme si někde zálohu(kdyby byli po opravení registru s něčím problémy,tak zálohu
    obnovíme tak,že spustíme uloženou zálohu a potvrdíme ano),dále zvolíme Opravit všechny problémy a Zavřít
    >opakujte dokud nebude registr bez problémů
  • Program používáme 1x 14dní (záleží na používání pc,můžeme i jednou týdně)
2)Defragmentace disku
:arrow: ObrázekDefraggler
  • Stáhneme a nainstalujeme program
  • Spustíme program
  • Vybereme disk ( C:,D:..prostě který používáme)
  • Pokud je ve sloupci Fragmentace více než 5% dejte Defragmentovat
  • Proveďte se všemi používanými disky
  • Provádíme 1x za měsíc
3)Aktualizace programů
:arrow: ObrázekFileHippo.com Update Checker
  • Stáhneme a nainstalujeme program(Při instalaci odškrkneme volbu Run at Startup )
  • Spustíme program
  • Program vyhledá nainstalované programy v PC a zjistí dostupné aktualizace
  • Poté se vám otevře internetová stránka,kde budou nabídnuté aplikace k aktualizování
    >X Updates Detected..to jsou dostupné aktualizace..
    > klikneme na zelenou šipečku a stáhneme program,poté nainstalujeme jeho aktuální verzi
    > :!: X Beta Updates Detected..tyto aktualizace nestahujte,jedná se o betaverze,které jsou ve vývoji a jsou nestabilní :)
  • Provádíme 1x za 14 dní nebo jednou za měsíc

:idea: Jak se pc chová :???:

Re: Zamrza spodni lista

Napsal: 12 črc 2011 17:58
od Ales.vazler
Vse jsem udelal podle navodu, a slape jak hodinky. Srdecne moc dekuju za pomoc

Re: Zamrza spodni lista

Napsal: 12 črc 2011 19:52
od chodnik74
Rád jsem vám pomohl :) hezký zbytek večera :bye:
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz