VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

combofix

https://forum.viry.cz:443/viewtopic.php?t=115463

Stránka 1 z 1

combofix

Napsal: 17 zář 2011 14:56
od ringov
Použil som Combofix na vlastne riziko, prepačte viem že to nemam robit .Prikladam log-------------ComboFix 11-09-16.01 - Administrator 17.09.2011 15:29:29.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.511.112 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\ehome\medctrro.exe
c:\windows\iun6002.exe
c:\windows\system32\d3d9caps.dat
c:\windows\system32\drivers\etc\lmhosts
.
.
((((((((((((((((((((((((( Files Created from 2011-08-17 to 2011-09-17 )))))))))))))))))))))))))))))))
.
.
2011-09-17 13:10 . 2011-09-17 13:10 -------- d-----w- c:\program files\InstallShield Installation Information
2011-09-17 13:09 . 2011-09-17 13:09 -------- d-----w- c:\program files\Common Files\PCSuite
2011-09-17 13:09 . 2011-09-17 13:09 -------- d-----w- c:\program files\Common Files\Nokia
2011-09-12 13:12 . 2011-09-12 13:12 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\ProgSense
2011-09-12 13:11 . 2011-09-12 13:15 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Orbit
2011-09-12 12:51 . 2011-09-12 12:51 -------- d-----w- c:\program files\Common Files\Java
2011-09-12 12:50 . 2011-09-12 12:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-10 08:16 . 2011-09-11 08:24 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Improved Software
2011-09-04 05:48 . 2011-09-06 20:38 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-09-04 05:47 . 2011-09-06 20:37 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-09-04 05:46 . 2011-07-04 11:12 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2011-09-03 14:40 . 2011-09-03 14:40 -------- d-----w- c:\documents and settings\Administrator\.thumbnails
2011-09-03 14:36 . 2011-09-03 14:55 -------- d-----w- c:\documents and settings\Administrator\.gimp-2.6
2011-09-03 11:52 . 2011-09-03 11:52 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\SUPERAntiSpyware.com
2011-09-03 11:52 . 2011-09-03 11:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-09-03 11:05 . 2011-09-03 11:05 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\CheckPoint
2011-09-03 10:50 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-03 10:50 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-03 10:50 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-03 10:50 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-03 10:50 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-03 10:50 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-03 10:50 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-03 10:50 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-03 10:49 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-09-03 10:49 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-03 10:49 . 2011-09-03 10:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-09-01 11:15 . 2011-09-01 11:15 -------- d-----w- C:\ConvImages
2011-09-01 10:04 . 2011-09-01 10:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-08-29 17:45 . 2011-08-29 17:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\ESET
2011-08-29 12:19 . 2011-09-03 10:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\ESET
2011-08-29 12:19 . 2011-09-03 10:47 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\ESET
2011-08-29 12:19 . 2011-08-29 12:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2011-08-29 12:14 . 2011-09-17 11:17 -------- d-----w- c:\windows\Internet Logs
2011-08-21 12:47 . 2011-08-21 12:47 -------- d-----w- c:\documents and settings\NetworkService\Plocha
2011-08-19 13:59 . 2011-08-19 13:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Panda Security
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-12 12:50 . 2010-08-02 15:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- d:\antiviry\Avast 6\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="d:\antiviry\Avast 6\avastUI.exe" [2011-09-06 3722416]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\antiviry\SuperAntiSpywer\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- d:\antiviry\SuperAntiSpywer\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0ssbtsr\0\0SsiEfr.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"sp_rssrv"=2 (0x2)
"cmdAgent"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\My Download Files\\Subory\\Skype\\Phone\\Skype.exe"=
"d:\\My Download Files\\Subory\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\UTILITY\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\Skype.exe"=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [4.9.2011 7:46 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [4.9.2011 7:47 195416]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [4.9.2011 7:48 111320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3.9.2011 12:50 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3.9.2011 12:50 320856]
R1 SASDIFSV;SASDIFSV;d:\antiviry\SuperAntiSpywer\sasdifsv.sys [22.7.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;d:\antiviry\SuperAntiSpywer\SASKUTIL.SYS [12.7.2011 23:55 67664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.9.2011 12:50 20568]
R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.SYS [14.5.2007 10:26 508288]
R3 S3SAVAGE4;S3SAVAGE4;c:\windows\system32\drivers\s3savg4m.sys [10.8.2000 14:03 84704]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [15.5.2011 12:55 32377]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [12.6.2011 16:08 27064]
S3 S3SAVAGE4M;S3SAVAGE4M;c:\windows\system32\drivers\s3sav4m.sys [7.7.2008 18:00 77824]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-17 c:\windows\Tasks\PandaUSBVaccine.job
- e:\panda\Panda USB Vaccine\RunInteractiveWin.exe [2011-04-13 14:45]
.
.
------- Supplementary Scan -------
.
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 192.168.100.1
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-17 15:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1957994488-1677128483-854245398-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b3,22,01,3a,f3,8c,ea,4d,8d,d2,45,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b3,22,01,3a,f3,8c,ea,4d,8d,d2,45,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,57,fe,94,e8,f9,a9,65,49,b0,f4,f4,\
.
[HKEY_USERS\S-1-5-21-1957994488-1677128483-854245398-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{08ED0636-64FD-61D9-364E-9A9BBB53EE63}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jakknfcnnjkcgajdennp"=hex:61,61,00,00
"kakknfcnpibefgiikiapla"=hex:61,61,00,00
"fakknfcncjhc"=hex:66,61,6e,62,63,66,70,64,65,70,70,62,00,9d
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="329D70EB43324576547CAE18148B66458CC20CF9668BE6189C638887621C608986DE056F9444B22EF01C45FE4139B402D9C6CD197C90B8E79E42883A17F6D8344C2EBE915C7A1753C7F6E2A91FE45171BFF72597932A803970B1E049FC5DC7263D05D2D62EBED4E0100F9F6C4C5493AC0E042FBDF7952A68A024550EAEA6CE9AC241C7480D1FE212AF4BE7A1DBEB64134B78DDD469B036946F747B633748A3927E237971F5CE4969C4F5FD28D5B846C5B0C976AC1D8038A0D5DC3EA918620ED1C1519764D6A1282C9E3DF5DF3467CA2B2CCF14963AADD8B3FC00DD44C7B36D6015D527340F12B262C2B3B8AE664D986D5EC3236B5C02D5B8C460FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E6679DB7CE019D40AA5CA6A0AC4980AC7933C2DD959BF4059B6DB07FCA07F22017FDD0CC0D2BF623B49F10C77374AA482F8357D2FBE605310B42E1ABACC4C56D1E52636FF74F4C85650786AE058C3797A5A6AE18AE224E09E48B94AFEBC1CCC02A562E8F73A4E9FB17AE6743BE103F27C49A282B52F8F1CE035CB079DC23BC1DD1E6BC2D9F6839EABCDE84B5B078805A7EAF7B0E043AA208F2ADEE7A47B05EC95EC36D4C917B367A7FBE7F3ADBDDCF5AF5172EC45158A78076585C2AE7550CD1CE13F27552E27196395D518CB6FD929504671FD93DEADC44831D5D836EA1B804D5DA53325F4813EF7BAA45E5A9BB41BC361B7EDA3FADAFA742A025857F4966745A88E91429F6D17A877CFB08959BEBC3CB10CF5A42FC26BF12E73EB132A42EF9766D65AE15607CED560D67384AC934E5B909EE6CA55D55E50360078F92AFBC2FF73CC9177C9A73C69278D1BE8E11D01E28AC852CBB76693ADA573129A08951F2E20F6C6C2C5DAB459DC055E71C650BAE74051636CC92A09C1482410ED1F5C169ECE1774C6405306E87CBE105215D429DAE80F4AC921F50B45B7813D00C5EF47980136CDA5B141C881BE13A69C030E8B21BF14BB43C31DD6C12B2D286AC4C674FBCE91BBFB9AEA2A153B1F86F0FBE847A331094F8EC7EC671CE9382CA04722AD6F28D2CA69B9C0808DECC87721788AEC822F3A2A6BCE19737D95D77BDD4226147AB0A98BE93CCA55121A6A6D3573597AF4A9C1BEE36D9F3F131B65DFED755C3151F50B1BCA4CEE754B19AE9F8418C7F8BBDED7587570B959D062C30B8B9271F7BBDB41857CA5852AE5DE439C83A7F3F7547AC7DAB14BA45F63F2C43131AD6D4FBA86F43CAEFC1F74022A7D0301E9DBED2E182D616D2D56401748ABABC8B485556371D7ED6770803ACB368BEA1381E7C463F7FF38BEE68E301757F916997052D14F3BE683E35CC315BF90FE88FCDD90CB843951ECF3827CC82C02593CFBAB776001DB6F34971D3D3FA"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1060)
d:\antiviry\SuperAntiSpywer\SASWINLO.DLL
.
Completion time: 2011-09-17 15:49:41
ComboFix-quarantined-files.txt 2011-09-17 13:49
.
Pre-Run: 1 999 052 800
Post-Run: 1 943 298 048
.
Current=2 Default=2 Failed=7 LastKnownGood=6 Sets=1,2,4,5,6,7
- - End Of File - - 289A2A44ACE38C807A22ADA3B760890F

Re: combofix

Napsal: 17 zář 2011 14:58
od chodnik74
Dobrý den :welcome:
příště nic nespouštějte prosím bez vyzvání...

:arrow: Nebezpeči Combofixu
  • Program je primárně určený pro rádce,takže svévolným použitím ztrácíte nárok na pomoc
  • Maže stopy po veškeré havěti,takže když ho použijete sami,tak v RSITU nic nejde vidět
  • Výsledný log je potřeba doluštit a dočistit,protože Combofix neumí mazat vše
  • Combofix může mít chybu,zboří vám systém a pokud nevíte,kam ukládá své zálohy a jak je obnovit,tak vás čeká reinstall systému
  • Combofix nekontroluje důležité knihovny(například hall.dll)
Hned na to mrknu :)

Re: combofix

Napsal: 17 zář 2011 15:07
od chodnik74
Příště si sám ale napíšete script,pokud si budete Combofix spouštět,jak se vám zamane :evil:

:arrow: Otevřeme si Poznámkový blok Obrázek
  • (stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)
  • Vložíme do něj následující script:

    Kód: Vybrat vše

    KillAll::

RegLock::
[HKEY_USERS\S-1-5-21-1957994488-1677128483-854245398-500\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_USERS\S-1-5-21-1957994488-1677128483-854245398-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{08ED0636-64FD-61D9-364E-9A9BBB53EE63}*]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

RegNull::
[HKEY_USERS\S-1-5-21-1957994488-1677128483-854245398-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{08ED0636-64FD-61D9-364E-9A9BBB53EE63}*]

FixCSet::
  • Soubor uložíme na Plochu jako CFScript.txt
  • Poté tento soubor uchopíme levým tlačítkem myši a přetáhneme na ikonu Combofixu a upustíme

    Obrázek
  • Poté Combofix provede všechny operace a udělá nový log,který sem vložte

Re: combofix

Napsal: 17 zář 2011 15:23
od ringov
Nabuduce ho bez vas nespustim,prepacte.Urobil som co ste napisali a neukazalo log.

Re: combofix

Napsal: 17 zář 2011 15:27
od chodnik74
Měl by být na disku C:\ jako Combofix.txt

Re: combofix

Napsal: 17 zář 2011 15:30
od ringov
ComboFix 11-09-16.01 - Administrator 17.09.2011 15:29:29.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.511.112 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\ehome\medctrro.exe
c:\windows\iun6002.exe
c:\windows\system32\d3d9caps.dat
c:\windows\system32\drivers\etc\lmhosts
.
.
((((((((((((((((((((((((( Files Created from 2011-08-17 to 2011-09-17 )))))))))))))))))))))))))))))))
.
.
2011-09-17 13:10 . 2011-09-17 13:10 -------- d-----w- c:\program files\InstallShield Installation Information
2011-09-17 13:09 . 2011-09-17 13:09 -------- d-----w- c:\program files\Common Files\PCSuite
2011-09-17 13:09 . 2011-09-17 13:09 -------- d-----w- c:\program files\Common Files\Nokia
2011-09-12 13:12 . 2011-09-12 13:12 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\ProgSense
2011-09-12 13:11 . 2011-09-12 13:15 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Orbit
2011-09-12 12:51 . 2011-09-12 12:51 -------- d-----w- c:\program files\Common Files\Java
2011-09-12 12:50 . 2011-09-12 12:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-10 08:16 . 2011-09-11 08:24 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Improved Software
2011-09-04 05:48 . 2011-09-06 20:38 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-09-04 05:47 . 2011-09-06 20:37 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-09-04 05:46 . 2011-07-04 11:12 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2011-09-03 14:40 . 2011-09-03 14:40 -------- d-----w- c:\documents and settings\Administrator\.thumbnails
2011-09-03 14:36 . 2011-09-03 14:55 -------- d-----w- c:\documents and settings\Administrator\.gimp-2.6
2011-09-03 11:52 . 2011-09-03 11:52 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\SUPERAntiSpyware.com
2011-09-03 11:52 . 2011-09-03 11:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-09-03 11:05 . 2011-09-03 11:05 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\CheckPoint
2011-09-03 10:50 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-03 10:50 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-03 10:50 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-03 10:50 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-03 10:50 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-03 10:50 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-03 10:50 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-03 10:50 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-03 10:49 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-09-03 10:49 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-03 10:49 . 2011-09-03 10:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-09-01 11:15 . 2011-09-01 11:15 -------- d-----w- C:\ConvImages
2011-09-01 10:04 . 2011-09-01 10:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-08-29 17:45 . 2011-08-29 17:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\ESET
2011-08-29 12:19 . 2011-09-03 10:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\ESET
2011-08-29 12:19 . 2011-09-03 10:47 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\ESET
2011-08-29 12:19 . 2011-08-29 12:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2011-08-29 12:14 . 2011-09-17 11:17 -------- d-----w- c:\windows\Internet Logs
2011-08-21 12:47 . 2011-08-21 12:47 -------- d-----w- c:\documents and settings\NetworkService\Plocha
2011-08-19 13:59 . 2011-08-19 13:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Panda Security
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-12 12:50 . 2010-08-02 15:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- d:\antiviry\Avast 6\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="d:\antiviry\Avast 6\avastUI.exe" [2011-09-06 3722416]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\antiviry\SuperAntiSpywer\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- d:\antiviry\SuperAntiSpywer\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0ssbtsr\0\0SsiEfr.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"sp_rssrv"=2 (0x2)
"cmdAgent"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\My Download Files\\Subory\\Skype\\Phone\\Skype.exe"=
"d:\\My Download Files\\Subory\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\UTILITY\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\Skype.exe"=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [4.9.2011 7:46 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [4.9.2011 7:47 195416]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [4.9.2011 7:48 111320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3.9.2011 12:50 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3.9.2011 12:50 320856]
R1 SASDIFSV;SASDIFSV;d:\antiviry\SuperAntiSpywer\sasdifsv.sys [22.7.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;d:\antiviry\SuperAntiSpywer\SASKUTIL.SYS [12.7.2011 23:55 67664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.9.2011 12:50 20568]
R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.SYS [14.5.2007 10:26 508288]
R3 S3SAVAGE4;S3SAVAGE4;c:\windows\system32\drivers\s3savg4m.sys [10.8.2000 14:03 84704]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [15.5.2011 12:55 32377]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [12.6.2011 16:08 27064]
S3 S3SAVAGE4M;S3SAVAGE4M;c:\windows\system32\drivers\s3sav4m.sys [7.7.2008 18:00 77824]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-17 c:\windows\Tasks\PandaUSBVaccine.job
- e:\panda\Panda USB Vaccine\RunInteractiveWin.exe [2011-04-13 14:45]
.
.
------- Supplementary Scan -------
.
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 192.168.100.1
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-17 15:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1957994488-1677128483-854245398-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b3,22,01,3a,f3,8c,ea,4d,8d,d2,45,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b3,22,01,3a,f3,8c,ea,4d,8d,d2,45,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,57,fe,94,e8,f9,a9,65,49,b0,f4,f4,\
.
[HKEY_USERS\S-1-5-21-1957994488-1677128483-854245398-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{08ED0636-64FD-61D9-364E-9A9BBB53EE63}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jakknfcnnjkcgajdennp"=hex:61,61,00,00
"kakknfcnpibefgiikiapla"=hex:61,61,00,00
"fakknfcncjhc"=hex:66,61,6e,62,63,66,70,64,65,70,70,62,00,9d
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="329D70EB43324576547CAE18148B66458CC20CF9668BE6189C638887621C608986DE056F9444B22EF01C45FE4139B402D9C6CD197C90B8E79E42883A17F6D8344C2EBE915C7A1753C7F6E2A91FE45171BFF72597932A803970B1E049FC5DC7263D05D2D62EBED4E0100F9F6C4C5493AC0E042FBDF7952A68A024550EAEA6CE9AC241C7480D1FE212AF4BE7A1DBEB64134B78DDD469B036946F747B633748A3927E237971F5CE4969C4F5FD28D5B846C5B0C976AC1D8038A0D5DC3EA918620ED1C1519764D6A1282C9E3DF5DF3467CA2B2CCF14963AADD8B3FC00DD44C7B36D6015D527340F12B262C2B3B8AE664D986D5EC3236B5C02D5B8C460FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E6679DB7CE019D40AA5CA6A0AC4980AC7933C2DD959BF4059B6DB07FCA07F22017FDD0CC0D2BF623B49F10C77374AA482F8357D2FBE605310B42E1ABACC4C56D1E52636FF74F4C85650786AE058C3797A5A6AE18AE224E09E48B94AFEBC1CCC02A562E8F73A4E9FB17AE6743BE103F27C49A282B52F8F1CE035CB079DC23BC1DD1E6BC2D9F6839EABCDE84B5B078805A7EAF7B0E043AA208F2ADEE7A47B05EC95EC36D4C917B367A7FBE7F3ADBDDCF5AF5172EC45158A78076585C2AE7550CD1CE13F27552E27196395D518CB6FD929504671FD93DEADC44831D5D836EA1B804D5DA53325F4813EF7BAA45E5A9BB41BC361B7EDA3FADAFA742A025857F4966745A88E91429F6D17A877CFB08959BEBC3CB10CF5A42FC26BF12E73EB132A42EF9766D65AE15607CED560D67384AC934E5B909EE6CA55D55E50360078F92AFBC2FF73CC9177C9A73C69278D1BE8E11D01E28AC852CBB76693ADA573129A08951F2E20F6C6C2C5DAB459DC055E71C650BAE74051636CC92A09C1482410ED1F5C169ECE1774C6405306E87CBE105215D429DAE80F4AC921F50B45B7813D00C5EF47980136CDA5B141C881BE13A69C030E8B21BF14BB43C31DD6C12B2D286AC4C674FBCE91BBFB9AEA2A153B1F86F0FBE847A331094F8EC7EC671CE9382CA04722AD6F28D2CA69B9C0808DECC87721788AEC822F3A2A6BCE19737D95D77BDD4226147AB0A98BE93CCA55121A6A6D3573597AF4A9C1BEE36D9F3F131B65DFED755C3151F50B1BCA4CEE754B19AE9F8418C7F8BBDED7587570B959D062C30B8B9271F7BBDB41857CA5852AE5DE439C83A7F3F7547AC7DAB14BA45F63F2C43131AD6D4FBA86F43CAEFC1F74022A7D0301E9DBED2E182D616D2D56401748ABABC8B485556371D7ED6770803ACB368BEA1381E7C463F7FF38BEE68E301757F916997052D14F3BE683E35CC315BF90FE88FCDD90CB843951ECF3827CC82C02593CFBAB776001DB6F34971D3D3FA"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1060)
d:\antiviry\SuperAntiSpywer\SASWINLO.DLL
.
Completion time: 2011-09-17 15:49:41
ComboFix-quarantined-files.txt 2011-09-17 13:49
.
Pre-Run: 1 999 052 800
Post-Run: 1 943 298 048
.
Current=2 Default=2 Failed=7 LastKnownGood=6 Sets=1,2,4,5,6,7
- - End Of File - - 289A2A44ACE38C807A22ADA3B760890F

Re: combofix

Napsal: 17 zář 2011 15:32
od chodnik74
To je ten starý..jiný tam není? Pokud ne,zkuste opakovat CFScript ještě jednou :)

Re: combofix

Napsal: 17 zář 2011 15:40
od ringov
Na c-cku mam iba toto-[IMG=http://img263.imageshack.us/img263/632/beznzvunk.th.png][/IMG]

Uploaded with ImageShack.us

Re: combofix

Napsal: 17 zář 2011 17:32
od chodnik74
Nevadí..

:arrow: Stiskněte klávesovou kombinaci WIN+R( nebo start-spustit ),čímž se vám otevře okno pro zadání příkazu pro spuštění a zkopírujte a vložte sem následujíci text: Combofix /Uninstall a dejte enter


:arrow: ObrázekT-Cleaner
  • Spustíme,zmáčkneme klávesu A a potvrdíme ENTER(některé antiviry mohou detekovat utilitu jako vir-jedá se o falešný poplach,proto IGNOROVAT nebo dočasně vypnout antivir )
  • po použití T-Cleaner smažte ;-)

:arrow: Obrázek TFC
  • Stáhneme a spustíme program
  • Klikneme na Start a potvrdíme OK
  • Program začne uklízet,poté restartuje pc
  • po použití program smažte



Údržba PC:

1)Čištění dočasných složek + neplatné registry
:arrow: ObrázekCcleaner
  • Stáhneme a nainstalujeme program
  • Spustíme program
  • ČISTIČ
    Windows zde necháme vše jak je (pokud používáme IE,tak odškrkneme jeho položky) a zaškrkneme položky Start Menu zástupci a Zástupci na ploše a odškrkneme volbu Zbytky souborů v paměti
    Aplikace - necháme jak je,ale pokud používáme nějaký prohlížeč (Google chrome,Firefox,Opera..) tak odškrkneme jeho položky
    >Stiskeneme tlačítko Analyzovat a poté Spustit Cleaner
  • Registry
    >Stiskneme tlačítko Hledej problémy,program začne hledat neplatné registry..podé zvolíme Opravit vybrané problémy..
    >Program se zeptá,zda chceme vytvořit zálohu registrů,zvolíme ano a uložíme si někde zálohu(kdyby byli po opravení registru s něčím problémy,tak zálohu obnovíme tak,že spustíme uloženou zálohu a potvrdíme ano),dále zvolíme Opravit všechny problémy a Zavřít
    >opakujte dokud nebude registr bez problémů
  • Program používáme 1x 14dní (záleží na používání pc,můžeme i jednou týdně)
2)Defragmentace disku
:arrow: ObrázekDefraggler
  • Stáhneme a nainstalujeme program
  • Spustíme program
  • Vybereme disk ( C:,D:..prostě který používáme)
  • Pokud je ve sloupci Fragmentace více než 5% dejte Defragmentovat
  • Proveďte se všemi používanými disky
  • Provádíme 1x za měsíc
3)Aktualizace programů
:arrow: ObrázekFileHippo.com Update Checker
  • Stáhneme a nainstalujeme program(Při instalaci odškrkneme volbu Run at Startup )
  • Spustíme program
  • Program vyhledá nainstalované programy v PC a zjistí dostupné aktualizace
  • Poté se vám otevře internetová stránka,kde budou nabídnuté aplikace k aktualizování
    >X Updates Detected..to jsou dostupné aktualizace..
    > klikneme na zelenou šipečku a stáhneme program,poté nainstalujeme jeho aktuální verzi
    > :!: X Beta Updates Detected..tyto aktualizace nestahujte,jedná se o betaverze,které jsou ve vývoji a jsou nestabilní :)
  • Provádíme 1x za 14 dní nebo jednou za měsíc
:arrow: Jak se chová PC :???: + nový RSIT

Re: combofix

Napsal: 17 zář 2011 18:13
od ringov
Asi bude problem v AvastInternetSecurity co som si stiehol z Ulozto,bol tam na 1-rok s nejakym aktivatorom.Skusal som ho ,isiel asi tyzden no potom pc spomalilo.Uz mam naspat Avast free a Zone Alarm a PC ide dobre dakujem.----Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2011-09-17 19:07:48
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (25%) free of 8 GB
Total RAM: 511 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:09:57 , on 17.9.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
D:\ANTIVIRY\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
D:\ANTIVIRY\SuperAntiSpywer\SASCORE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
G:\Nová složka\bin\jqs.exe
E:\panda\Panda USB Vaccine\USBVaccine.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
D:\FIREWALLY\ZoneA larm\ZoneAlarm\zlclient.exe
D:\UTILITY\Opera\opera.exe
D:\ANTIVIRY\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Program Files\Trend Micro\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\ANTIVIRY\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Nová složka\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Nová složka\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\ANTIVIRY\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\FIREWALLY\ZoneA larm\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast] "D:\ANTIVIRY\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O20 - Winlogon Notify: !SASWinLogon - D:\ANTIVIRY\SuperAntiSpywer\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - D:\ANTIVIRY\SuperAntiSpywer\SASCORE.EXE
O23 - Service: avast! Antivirus - AVAST Software - D:\ANTIVIRY\Avast\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - G:\Nová složka\bin\jqs.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 3350 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\PandaUSBVaccine.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - D:\ANTIVIRY\Avast\aswWebRepIE.dll [2011-09-06 806456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - G:\Nová složka\bin\jp2ssv.dll [2011-09-12 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - G:\Nová složka\lib\deploy\jqs\ie\jqs_plugin.dll [2011-09-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - D:\ANTIVIRY\Avast\aswWebRepIE.dll [2011-09-06 806456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"=D:\FIREWALLY\ZoneA larm\ZoneAlarm\zlclient.exe [2011-03-18 1043968]
"avast"=D:\ANTIVIRY\Avast\avastUI.exe [2011-09-06 3722416]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=2
"sdAuxService"=2
"sp_rssrv"=2
"cmdAgent"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
D:\ANTIVIRY\SuperAntiSpywer\SASWINLO.DLL [2011-05-04 551296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=D:\ANTIVIRY\SuperAntiSpywer\SASSEH.DLL [2011-07-19 113024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoInstrumentation"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"D:\My Download Files\Subory\Skype\Phone\Skype.exe"="D:\My Download Files\Subory\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\My Download Files\Subory\Skype\Plugin Manager\skypePM.exe"="D:\My Download Files\Subory\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\UTILITY\Opera\opera.exe"="D:\UTILITY\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Documents and Settings\Administrator\Plocha\Skype.exe"="C:\Documents and Settings\Administrator\Plocha\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=C:\WINDOWS\system32\ir32_32.dll
"vidc.iv32"=C:\WINDOWS\system32\ir32_32.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=serwvdrv.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.iv50"=ir50_32.dll
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"VIDC.IV41"=IR41_32.AX
"wave2"=wdmaud.drv
"midi"=wdmaud.drv
"wave3"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-09-17 19:07:48 ----D---- C:\rsit
2011-09-17 18:47:54 ----D---- C:\Documents and Settings\Administrator\Data aplikací\SUPERAntiSpyware.com
2011-09-17 18:44:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-09-17 18:36:05 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-09-17 18:36:05 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-09-17 18:35:59 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-09-17 18:35:59 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-09-17 18:35:59 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-09-17 18:35:58 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-09-17 18:35:58 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-09-17 18:35:58 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-09-17 18:35:00 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-09-17 18:25:49 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2011-09-17 18:25:48 ----A---- C:\WINDOWS\ntbtlog.txt
2011-09-17 18:12:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-09-17 18:04:58 ----A---- C:\WINDOWS\system32\vsregexp.dll
2011-09-17 18:04:54 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2011-09-17 18:04:54 ----A---- C:\WINDOWS\system32\zlcomm.dll
2011-09-17 18:04:40 ----A---- C:\WINDOWS\system32\vswmi.dll
2011-09-17 18:04:38 ----D---- C:\WINDOWS\system32\ZoneLabs
2011-09-17 18:04:38 ----A---- C:\WINDOWS\system32\zpeng25.dll
2011-09-17 18:04:38 ----A---- C:\WINDOWS\system32\vsxml.dll
2011-09-17 18:04:38 ----A---- C:\WINDOWS\system32\vspubapi.dll
2011-09-17 18:04:38 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2011-09-17 18:04:34 ----A---- C:\WINDOWS\system32\vsdatant.sys
2011-09-17 18:03:24 ----A---- C:\WINDOWS\system32\vsutil.dll
2011-09-17 18:03:24 ----A---- C:\WINDOWS\system32\vsinit.dll
2011-09-17 18:03:24 ----A---- C:\WINDOWS\system32\vsdata.dll
2011-09-17 17:51:58 ----A---- C:\WINDOWS\system32\d3d9caps.dat
2011-09-17 16:01:29 ----SHD---- C:\RECYCLER
2011-09-17 15:10:01 ----D---- C:\Program Files\InstallShield Installation Information
2011-09-17 15:09:46 ----D---- C:\Program Files\Common Files\PCSuite
2011-09-17 15:09:45 ----D---- C:\Program Files\Common Files\Nokia
2011-09-12 15:12:02 ----D---- C:\Documents and Settings\Administrator\Data aplikací\ProgSense
2011-09-12 15:11:46 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Orbit
2011-09-12 14:51:17 ----D---- C:\Program Files\Common Files\Java
2011-09-12 14:50:49 ----A---- C:\WINDOWS\system32\javaws.exe
2011-09-12 14:50:49 ----A---- C:\WINDOWS\system32\javaw.exe
2011-09-12 14:50:49 ----A---- C:\WINDOWS\system32\java.exe
2011-09-10 10:16:48 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Improved Software
2011-09-03 13:05:41 ----D---- C:\Documents and Settings\Administrator\Data aplikací\CheckPoint
2011-09-03 12:49:54 ----A---- C:\WINDOWS\avastSS.scr
2011-09-03 12:49:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2011-09-01 13:15:57 ----D---- C:\ConvImages
2011-09-01 12:04:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-08-31 19:00:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2011-08-30 16:04:44 ----D---- C:\WINDOWS\temp
2011-08-29 14:19:30 ----D---- C:\Documents and Settings\Administrator\Data aplikací\ESET
2011-08-29 14:14:18 ----D---- C:\WINDOWS\Internet Logs
2011-08-19 15:59:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\Panda Security
2011-08-19 15:31:00 ----A---- C:\WINDOWS\system32\.ini

======List of files/folders modified in the last 1 month======

2011-09-17 19:09:57 ----D---- C:\Program Files\Trend Micro
2011-09-17 19:05:12 ----SHD---- C:\System Volume Information
2011-09-17 19:05:12 ----D---- C:\WINDOWS\system32\Restore
2011-09-17 19:04:47 ----D---- C:\WINDOWS\system32\CatRoot2
2011-09-17 18:54:22 ----D---- C:\Config.Msi
2011-09-17 18:52:20 ----D---- C:\WINDOWS
2011-09-17 18:52:19 ----D---- C:\WINDOWS\system32
2011-09-17 18:36:05 ----D---- C:\WINDOWS\system32\drivers
2011-09-17 18:35:50 ----SHD---- C:\WINDOWS\Installer
2011-09-17 18:35:40 ----D---- C:\WINDOWS\WinSxS
2011-09-17 18:35:32 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-09-17 18:27:53 ----HD---- C:\WINDOWS\inf
2011-09-17 18:16:06 ----D---- C:\WINDOWS\system32\drivers\etc
2011-09-17 16:47:36 ----D---- C:\WINDOWS\system32\config
2011-09-17 15:43:37 ----A---- C:\WINDOWS\system.ini
2011-09-17 15:42:09 ----D---- C:\WINDOWS\EHome
2011-09-17 15:36:20 ----D---- C:\WINDOWS\AppPatch
2011-09-17 15:36:09 ----D---- C:\Program Files\Common Files
2011-09-17 15:10:01 ----RD---- C:\Program Files
2011-09-12 14:50:20 ----A---- C:\WINDOWS\system32\deployJava1.dll
2011-09-11 10:22:07 ----D---- C:\WINDOWS\SoftwareDistribution
2011-09-04 07:58:33 ----ASH---- C:\boot.ini
2011-09-04 07:58:33 ----A---- C:\WINDOWS\win.ini
2011-09-03 17:04:31 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Skype
2011-08-31 19:49:18 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Opera
2011-08-29 14:20:34 ----D---- C:\WINDOWS\system32\CatRoot
2011-08-29 12:25:14 ----D---- C:\WINDOWS\system32\NtmsData
2011-08-29 12:12:20 ----D---- C:\Documents and Settings
2011-08-29 12:02:39 ----D---- C:\WINDOWS\Registration
2011-08-26 11:57:00 ----D---- C:\Program Files\SpaceMonger
2011-08-26 11:19:26 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2011-08-26 11:19:16 ----D---- C:\WINDOWS\assembly
2011-08-19 14:56:21 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-09-06 30808]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-09-06 34392]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-09-06 442200]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-09-06 320856]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-09-06 52568]
R1 SASDIFSV;SASDIFSV; \??\D:\ANTIVIRY\SuperAntiSpywer\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\D:\ANTIVIRY\SuperAntiSpywer\SASKUTIL.SYS []
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2010-05-13 532224]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-09-06 20568]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-09-06 110552]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 SpeakerPhone;SpeakerPhone; C:\WINDOWS\System32\DRIVERS\HSF_SPKP.sys [2001-08-17 73279]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
R3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
R3 PAC207;Trust WB-1400T Webcam; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-14 508288]
R3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 S3SAVAGE4;S3SAVAGE4; C:\WINDOWS\system32\DRIVERS\s3savg4m.sys [2000-08-10 84704]
S0 dwshd;dwshd; C:\WINDOWS\system32\drivers\dwshd.sys []
S3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.sys []
S3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\drivers\AmdLLD.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-07-30 18048]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-07-30 23040]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PRODIGY;PRODIGY; C:\WINDOWS\System32\Drivers\PRODIGY.SYS [2006-08-29 32377]
S3 Revoflt;Revoflt; C:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
S3 S3SAVAGE4M;S3SAVAGE4M; C:\WINDOWS\System32\DRIVERS\s3sav4m.sys [2001-08-17 77824]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-07-30 8192]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-07-30 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; D:\ANTIVIRY\SuperAntiSpywer\SASCORE.EXE [2011-08-12 116608]
R2 avast! Antivirus;avast! Antivirus; D:\ANTIVIRY\Avast\AvastSvc.exe [2011-09-06 44768]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 JavaQuickStarterService;Java Quick Starter; G:\Nová složka\bin\jqs.exe [2011-09-12 153376]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2011-03-18 2435592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-30 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-30 136176]
S4 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

Re: combofix

Napsal: 17 zář 2011 18:43
od chodnik74
Vše vypadá v pořádku,nelegální programy nedoporučuji používat,ikdyž neberu v úvahu,že je to nelegální,tak je to největším zdrojem havěti a problémů vůbec ;-)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz