Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

prosba o kontrolu logu

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Ivon
Návštěvník
Návštěvník
Příspěvky: 24
Registrován: 25 lis 2012 21:02

prosba o kontrolu logu

#1 Příspěvek od Ivon »

Ahoj!
Jako již několik kolegů i já mám problém s tím, že při otevření externího disku se mi ukáží místo souborů pouze zástupce. Stejně tak u Amazon Kindle.
Četla jsem o vytvoření logu přes UsbFix. Vyhodilo mi to tohle:

############################## | UsbFix V 7.096 | [Research]

User: Ivona (Administrator) # DOMA-QO9I0VR7RQ
Updated 15/08/2012 by El Desaparecido
Started at 16:28:22 | 18/11/2012

Website: http://eldesaparecido.com
Forum: http://forum.eldesaparecido.com
Suspicious file ? : http://eldesaparecido.com/upload.php
Contact: contact@eldesaparecido.com

PC: ATComputers (TRILINE PROFI ) (X86-based PC) # Desktop Computer
CPU: Intel(R) Pentium(R) 4 CPU 3.00GHz (3000)
RAM -> [Total : 511 | Free : 151]
BIOS: BIOS Date: 10/27/05 14:05:38 Ver: 08.00.10
BOOT: Normal boot

OS: Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
WB: Windows Internet Explorer 8.0.6001.18702

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 149 Gb (46 Mb free - 31%) [] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
G:\ -> Fixed drive # 931 Gb (815 Mb free - 87%) [My Book] # FAT32

################## | Active Processes |

C:\WINDOWS\System32\smss.exe (832)
C:\WINDOWS\system32\csrss.exe (884)
C:\WINDOWS\system32\winlogon.exe (912)
C:\WINDOWS\system32\services.exe (960)
C:\WINDOWS\system32\lsass.exe (972)
C:\WINDOWS\System32\Ati2evxx.exe (1148)
C:\WINDOWS\system32\svchost.exe (1164)
C:\WINDOWS\system32\svchost.exe (1220)
C:\WINDOWS\System32\svchost.exe (1368)
C:\WINDOWS\system32\svchost.exe (1408)
C:\WINDOWS\System32\svchost.exe (1628)
C:\WINDOWS\System32\svchost.exe (1728)
C:\WINDOWS\system32\spoolsv.exe (2000)
C:\WINDOWS\System32\svchost.exe (192)
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (228)
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (252)
C:\Program Files\Bonjour\mDNSResponder.exe (292)
C:\WINDOWS\system32\FsUsbExService.Exe (672)
C:\Program Files\Java\jre6\bin\jqs.exe (788)
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (804)
C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe (464)
C:\Program Files\CyberLink\Shared files\RichVideo.exe (520)
C:\Program Files\Spyware Terminator\sp_rsser.exe (700)
C:\WINDOWS\System32\svchost.exe (1284)
C:\WINDOWS\system32\Ati2evxx.exe (2800)
C:\WINDOWS\Explorer.EXE (3088)
C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe (3216)
C:\WINDOWS\system32\wscntfy.exe (4056)
C:\WINDOWS\System32\alg.exe (324)
C:\WINDOWS\RTHDCPL.EXE (2460)
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (2476)
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (3464)
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (3680)
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (3708)
C:\Program Files\Common Files\Java\Java Update\jusched.exe (4032)
C:\Program Files\iTunes\iTunesHelper.exe (536)
C:\WINDOWS\system32\ctfmon.exe (664)
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (692)
C:\Program Files\Smart PC Solutions\Magic Speed\MagicSpeedBooster.exe (748)
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (3248)
C:\Program Files\Messenger\msmsgs.exe (2444)
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (2472)
C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\3.exe (2764)
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (2180)
C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\3.exe (1824)
C:\Program Files\iPod\bin\iPodService.exe (2156)
C:\Program Files\Canon\SELPHY Photo Print\CIC_SPPhelper.exe (1852)
C:\Program Files\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe (2744)
C:\WINDOWS\system32\wuauclt.exe (3008)
C:\WINDOWS\system32\rundll32.exe (1736)
C:\Program Files\Philips\Wi-Fi MediaConnect\HTSRecover.exe (1300)
C:\Program Files\Common Files\Java\Java Update\jucheck.exe (1260)
C:\Program Files\Mozilla Firefox\firefox.exe (2240)
C:\Program Files\Mozilla Firefox\plugin-container.exe (1696)
C:\WINDOWS\system32\wbem\wmiprvse.exe (1360)
C:\UsbFix\Go.exe (2780)

################## | Files # Infected Folders |

Found ! C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\2.exe
Found ! C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\3.exe
Found ! G:\RECYCLER.lnk
Found ! G:\autorun.lnk
Found ! G:\wd_windows_tools.lnk
Found ! G:\wd_mac_tools.lnk
Found ! G:\Documentation.lnk
Found ! G:\System Volume Information.lnk
Found ! G:\Recycled.lnk
Found ! G:\Dokumenty.lnk
Found ! G:\9e9a674fcd8efbffbcf4176ddfd5ea.lnk
Found ! G:\672ec64c47a8ec25842cb697dbc38aca.lnk
Found ! G:\b4edd5a44d7f595015d9ff156a.lnk
Found ! G:\Ivona__Backup.lnk
Found ! G:\Ivona_Backup_HD.lnk
Found ! G:\Hry.lnk
Found ! G:\61dab42e7799f7358101.lnk
Found ! G:\15ff429ec372eeeb1315a51fded3.lnk
Found ! G:\50de869c79d5daf950.lnk
Found ! G:\f02dcda1b28ab1965d.lnk
Found ! G:\98fc17485a9177fc0c.lnk
Found ! G:\RECYCLER\470a1245.exe
Found ! G:\Recycler\desktop.ini

################## | Registry |


################## | Mountpoints2 |



################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F |
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: prosba o kontrolu logu

#2 Příspěvek od vyosek »

Zdravim :)

:arrow: Tam toho je, cela zoo i s babkou pokladni :arcisit:

:arrow: Dejte jeste prosim log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=105895
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Ivon
Návštěvník
Návštěvník
Příspěvky: 24
Registrován: 25 lis 2012 21:02

Re: prosba o kontrolu logu

#3 Příspěvek od Ivon »

Tady je:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Ivona at 2012-12-08 20:34:17
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 46 GB (30%) free of 153 GB
Total RAM: 511 MB (37% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-DOMA-QO9I0VR7RQ-Ivona.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1172763280.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-606747145-725345543-1003UA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{7CB0F1A3-DCEE-4579-A3BA-497C7A6601B5}.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\Mozilla\Firefox\Profiles\1x8kottw.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, jqs@sun.com:1.0, {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.0, {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0, {b2509cd4-17cd-45ed-8146-a82af038f493}:1.60, gmailbutton@mozdeveloper.com:0.1, smarterwiki@wikiatic.com:4.3.5, fastYoutubeDownloader@yevgenyandrov.net:1.2.2, {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, linkfilter@kaspersky.ru:11.0.1.400, {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7, {ea614400-e918-4741-9a97-7a972ff7c30b}:2.1.14, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, KavAntiBanner@Kaspersky.ru:11.0.1.400, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"
prefs.js - "keyword.URL" - "http://search.seznam.cz/?sourceid=FFlisticka_1&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}"=C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"=C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"=C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.271 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Picasa2\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Program Files\Mozilla Firefox\extensions\
KavAntiBanner@Kaspersky.ru
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
NPOFF12.DLL
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\Mozilla\Firefox\Profiles\1x8kottw.default\extensions\
fastYoutubeDownloader@yevgenyandrov.net
gmailbutton@mozdeveloper.com
staged
{20a82645-c095-46ed-80e3-08825760534b}
{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\Mozilla\Firefox\Profiles\1x8kottw.default\searchplugins\
firmycz.xml
mapycz.xml
zbocz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11222041-111B-46E3-BD29-EFB2449479B1}]
IEPlugin Class - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL [2008-12-24 145920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\TRANSLAT\WEBIE.DLL [2007-09-18 360448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG10\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll [2012-09-26 511968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL [2012-06-21 210400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2011-11-10 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-05 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-09-17 842296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-10 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-11-10 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\TRANSLAT\WEBIE.DLL [2007-09-18 360448]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-10-30 1019336]
{954F618B-0DEC-4D1A-9317-E0FC96F87865} - Alive Text to Speech - C:\PROGRA~1\ALIVEM~1\TEXTTO~1\IETOOL~1.DLL [2003-08-21 226304]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-05 279664]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll [2012-09-26 511968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-05-04 14396416]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-08-06 61440]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-09-08 47904]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-05 500208]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2011-07-05 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-08-19 421736]
"PService"=C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\6.exe [2012-11-30 367104]
"WINSXS32"=C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\16.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-10-28 94208]
"MagicSpeedBooster"=C:\Program Files\Smart PC Solutions\Magic Speed\MagicSpeedBooster.exe [2009-05-05 192784]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-11-08 39408]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-06-28 3318784]
"Mexmxy"=C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\Mexmxy.exe []
"Sexmxe"=C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\Sexmxe.exe []
"Yexmxk"=C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\Yexmxk.exe []
"Cexmxo"=C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\Cexmxo.exe []
"PService"=C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\6.exe [2012-11-30 367104]
"WINSXS32"=C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\6.exe [2012-11-30 367104]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe [2012-08-17 686792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2011-07-05 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteHelper]
C:\Program Files\Remote HD\Remote Helper\RemoteHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMail]
C:\Program Files\Seznam\Postak\Postak.exe []

C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění
Hlavní panel ATI CATALYST.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
SELPHY Photo Print Launcher.lnk - C:\Program Files\Canon\SELPHY Photo Print\CIC_SPPhelper.exe
Wi-Fi MediaConnect.lnk - C:\Program Files\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-04 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-01-30 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoInstrumentation"=1
"NoDriveAutoRun"=3

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=3
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\River Past\Wave@MP3\WaveAtMp3.exe"="C:\Program Files\River Past\Wave@MP3\WaveAtMp3.exe:*:Enabled:River Past Wave@MP3"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"G:\wd_windows_tools\samsung5210\npsasvr.exe"="G:\wd_windows_tools\samsung5210\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"G:\wd_windows_tools\samsung5210\npsvsvr.exe"="G:\wd_windows_tools\samsung5210\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe"="C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe:*:Enabled:AirMouse"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Java\jre6\launch4j-tmp\Stanza.exe"="C:\Program Files\Java\jre6\launch4j-tmp\Stanza.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Spyware Terminator Update Support"
"C:\Program Files\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe"="C:\Program Files\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe:*:Enabled:Wi-Fi MediaConnect"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"VIDC.PIM1"=PCLEPIM1.dll
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"VIDC.MJPG"=pvmjpg21.dll
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll
"aux1"=wdmaud.drv
"aux2"=wdmaud.drv
"midi2"=wdmaud.drv
"midi1"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll
"VIDC.FMVC"=fmcodec.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-11-28 14:46:23 ----A---- C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\6.exe
2012-11-25 16:54:42 ----A---- C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\4.exe
2012-11-18 16:42:52 ----RASHD---- C:\Autorun.inf
2012-11-18 16:16:00 ----A---- C:\UsbFix.txt
2012-11-18 15:56:44 ----A---- C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\2.exe

======List of files/folders modified in the last 1 month======

2012-12-08 20:29:35 ----D---- C:\Program Files\Mozilla Firefox
2012-12-08 20:17:08 ----D---- C:\WINDOWS
2012-12-08 20:15:58 ----D---- C:\WINDOWS\Temp
2012-12-08 20:15:40 ----A---- C:\Log.txt
2012-12-03 20:35:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-12-03 20:27:04 ----A---- C:\WINDOWS\TRNCOM.INI
2012-12-03 19:45:34 ----D---- C:\WINDOWS\system32\Lang
2012-11-30 21:23:18 ----A---- C:\WINDOWS\NeroDigital.ini
2012-11-28 16:32:42 ----D---- C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\calibre
2012-11-28 16:32:02 ----SHD---- C:\WINDOWS\Installer
2012-11-28 16:31:20 ----D---- C:\Program Files\Calibre2
2012-11-28 16:31:20 ----D---- C:\Config.Msi
2012-11-28 14:21:16 ----D---- C:\WINDOWS\system32
2012-11-23 14:19:44 ----D---- C:\Program Files
2012-11-23 14:17:07 ----A---- C:\WINDOWS\rafazon.bat
2012-11-18 16:41:06 ----D---- C:\UsbFix
2012-11-15 21:18:24 ----D---- C:\WINDOWS\system32\CatRoot2
2012-11-15 20:18:13 ----D---- C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\Spyware Terminator
2012-11-15 20:17:53 ----D---- C:\Program Files\Spyware Terminator
2012-11-15 19:51:49 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-09-27 36560]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-11-22 691696]
R0 SymDS;Symantec Data Store; C:\WINDOWS\system32\drivers\NIS\1309000.009\SYMDS.SYS [2011-07-26 340088]
R0 SymEFA;Symantec Extended File Attributes; C:\WINDOWS\system32\drivers\NIS\1309000.009\SYMEFA.SYS [2012-05-22 924320]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111123.001\BHDrvx86.sys []
R1 ccSet_NIS;Norton Internet Security Settings Manager; C:\WINDOWS\system32\drivers\NIS\1309000.009\ccSetx86.sys [2012-06-07 132768]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2006-03-18 26844]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NIS\1309000.009\SRTSPX.SYS [2012-07-06 32928]
R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\NIS\1309000.009\Ironx86.SYS [2012-04-18 149624]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NIS\1309000.009\SYMTDI.SYS [2012-04-18 388216]
R3 3xHybrid;Pinnacle PCTV Stereo service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-12-03 969728]
R3 actser;actser; C:\WINDOWS\system32\drivers\actser.sys [2004-01-28 22912]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-09-14 179200]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-05-04 2951680]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2007-05-12 47360]
R3 rt2870;Belkin 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-07-28 517632]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WFMC_VAD;WFMC Virtual Audio Device (WDM); C:\WINDOWS\system32\DRIVERS\wfmcvad.sys [2010-02-08 19328]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
S3 actvcomm;actvcomm; C:\WINDOWS\system32\drivers\actvcomm.sys [2004-04-28 78848]
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 atzas2wv;atzas2wv; C:\WINDOWS\system32\drivers\atzas2wv.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20111208.001\IDSxpx86.sys []
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20111209.003\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20111209.003\NAVEX15.SYS []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 pctvvbi;PCTVVBI; C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 6400]
S3 Ser2pl;SIEMENS Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-05-07 41472]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SPAInfoDrv;SPAInfoDrv; \??\C:\PROGRA~1\MOBILE~1\bin\SPAInfoDrv.sys []
S3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NIS\1309000.009\SRTSP.SYS [2012-07-06 574112]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2011-05-10 42496]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 VNUSB;VN Series Device; C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2006-04-07 38496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2009-01-30 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WUDFRd;WUDFRd; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [2006-09-28 82944]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-05-25 37664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2005-08-04 380928]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-07-12 387944]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-03-31 233472]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-11-10 153376]
R2 MemeoBackgroundService;MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [2008-11-07 25824]
R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2012-06-16 138272]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2008-10-24 244904]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2011-06-28 496128]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-08-19 821096]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-08-05 516096]
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Plánovač automatické aktualizace LiveUpdate;Plánovač automatické aktualizace LiveUpdate; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-08-13 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-08 182768]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-02-04 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: prosba o kontrolu logu

#4 Příspěvek od vyosek »

:arrow: Zapojte opet USB disky

:arrow: Spustte UsbFix a zvolte moznost Delete, po restartu se objevi log, ten sem dejte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Ivon
Návštěvník
Návštěvník
Příspěvky: 24
Registrován: 25 lis 2012 21:02

Re: prosba o kontrolu logu

#5 Příspěvek od Ivon »

############################## | UsbFix V 7.096 | [Deletion]

User: Ivona (Administrator) # DOMA-QO9I0VR7RQ
Updated 15/08/2012 by El Desaparecido
Started at 11:59:55 | 09/12/2012

Website: http://eldesaparecido.com
Forum: http://forum.eldesaparecido.com
Suspicious file ? : http://eldesaparecido.com/upload.php
Contact: contact@eldesaparecido.com

PC: ATComputers (TRILINE PROFI ) (X86-based PC) # Desktop Computer
CPU: Intel(R) Pentium(R) 4 CPU 3.00GHz (3000)
RAM -> [Total : 511 | Free : 142]
BIOS: BIOS Date: 10/27/05 14:05:38 Ver: 08.00.10
BOOT: Normal boot

OS: Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
WB: Windows Internet Explorer 8.0.6001.18702

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 149 Gb (45 Mb free - 30%) [] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
F:\ -> Removable drive # 3 Gb (3 Mb free - 88%) [Kindle] # FAT32
G:\ -> Fixed drive # 931 Gb (818 Mb free - 88%) [My Book] # FAT32
H:\ -> Removable drive # 984 Mb (658 Mb free - 67%) [KINGSTON] # FAT

################## | Active Processes |

C:\WINDOWS\System32\smss.exe (832)
C:\WINDOWS\system32\csrss.exe (884)
C:\WINDOWS\system32\winlogon.exe (912)
C:\WINDOWS\system32\services.exe (956)
C:\WINDOWS\system32\lsass.exe (968)
C:\WINDOWS\System32\Ati2evxx.exe (1140)
C:\WINDOWS\system32\svchost.exe (1156)
C:\WINDOWS\system32\svchost.exe (1212)
C:\WINDOWS\System32\svchost.exe (1360)
C:\WINDOWS\system32\svchost.exe (1400)
C:\WINDOWS\System32\svchost.exe (1608)
C:\WINDOWS\System32\svchost.exe (1716)
C:\WINDOWS\system32\spoolsv.exe (1988)
C:\WINDOWS\System32\svchost.exe (200)
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (232)
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (240)
C:\Program Files\Bonjour\mDNSResponder.exe (284)
C:\WINDOWS\system32\FsUsbExService.Exe (532)
C:\Program Files\Java\jre6\bin\jqs.exe (692)
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (712)
C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe (2028)
C:\Program Files\CyberLink\Shared files\RichVideo.exe (356)
C:\Program Files\Spyware Terminator\sp_rsser.exe (488)
C:\WINDOWS\System32\svchost.exe (848)
C:\WINDOWS\system32\Ati2evxx.exe (2964)
C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe (3052)
C:\WINDOWS\Explorer.EXE (3324)
C:\WINDOWS\system32\wscntfy.exe (436)
C:\WINDOWS\System32\alg.exe (1692)
C:\WINDOWS\RTHDCPL.EXE (2596)
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (2620)
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (2728)
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (2756)
C:\Program Files\Common Files\Java\Java Update\jusched.exe (2800)
C:\Program Files\iTunes\iTunesHelper.exe (2852)
C:\WINDOWS\system32\ctfmon.exe (2980)
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (3048)
C:\Program Files\Smart PC Solutions\Magic Speed\MagicSpeedBooster.exe (3176)
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (3528)
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (3552)
C:\Program Files\Messenger\msmsgs.exe (3568)
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (3636)
C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\6.exe (3928)
C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\6.exe (1352)
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (1644)
C:\Program Files\Canon\SELPHY Photo Print\CIC_SPPhelper.exe (3376)
C:\Program Files\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe (2788)
C:\Program Files\iPod\bin\iPodService.exe (3080)
C:\WINDOWS\system32\rundll32.exe (760)
C:\Program Files\Philips\Wi-Fi MediaConnect\HTSRecover.exe (948)
C:\WINDOWS\system32\wuauclt.exe (2496)
C:\Program Files\Common Files\Java\Java Update\jucheck.exe (524)
C:\Program Files\Mozilla Firefox\firefox.exe (1844)
C:\UsbFix\Go.exe (2144)
C:\WINDOWS\system32\wbem\wmiprvse.exe (3748)

################## | Stopped processes |

Stopped! C:\WINDOWS\System32\Ati2evxx.exe (1140)
Stopped! C:\WINDOWS\system32\spoolsv.exe (1988)
Stopped! C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (232)
Stopped! C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (240)
Stopped! C:\Program Files\Bonjour\mDNSResponder.exe (284)
Stopped! C:\WINDOWS\system32\FsUsbExService.Exe (532)
Stopped! C:\Program Files\Java\jre6\bin\jqs.exe (692)
Stopped! C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (712)
Stopped! C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe (2028)
Stopped! C:\Program Files\CyberLink\Shared files\RichVideo.exe (356)
Stopped! C:\Program Files\Spyware Terminator\sp_rsser.exe (488)
Stopped! C:\WINDOWS\system32\Ati2evxx.exe (2964)
Stopped! C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe (3052)
Stopped! C:\WINDOWS\Explorer.EXE (3324)
Stopped! C:\WINDOWS\system32\wscntfy.exe (436)
Stopped! C:\WINDOWS\System32\alg.exe (1692)
Stopped! C:\WINDOWS\RTHDCPL.EXE (2596)
Stopped! C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (2620)
Stopped! C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (2728)
Stopped! C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (2756)
Stopped! C:\Program Files\Common Files\Java\Java Update\jusched.exe (2800)
Stopped! C:\Program Files\iTunes\iTunesHelper.exe (2852)
Stopped! C:\WINDOWS\system32\ctfmon.exe (2980)
Stopped! C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (3048)
Stopped! C:\Program Files\Smart PC Solutions\Magic Speed\MagicSpeedBooster.exe (3176)
Stopped! C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (3528)
Stopped! C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (3552)
Stopped! C:\Program Files\Messenger\msmsgs.exe (3568)
Stopped! C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (3636)
Stopped! C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\6.exe (3928)
Stopped! C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\6.exe (1352)
Stopped! C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (1644)
Stopped! C:\Program Files\Canon\SELPHY Photo Print\CIC_SPPhelper.exe (3376)
Stopped! C:\Program Files\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe (2788)
Stopped! C:\Program Files\iPod\bin\iPodService.exe (3080)
Stopped! C:\WINDOWS\system32\rundll32.exe (760)
Stopped! C:\Program Files\Philips\Wi-Fi MediaConnect\HTSRecover.exe (948)
Stopped! C:\WINDOWS\system32\wuauclt.exe (2496)
Stopped! C:\Program Files\Common Files\Java\Java Update\jucheck.exe (524)
Stopped! C:\Program Files\Mozilla Firefox\firefox.exe (1844)

################## | Files # Infected Folders |

Deleted ! C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\2.exe
Deleted ! C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\4.exe
Deleted ! C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\6.exe
Deleted ! F:\system.lnk
Deleted ! F:\documents.lnk
Deleted ! F:\music.lnk
Deleted ! F:\audible.lnk
Deleted ! F:\.active-content-data.lnk
Deleted ! F:\linkjail.lnk
Deleted ! F:\localization.lnk
Deleted ! F:\keyboard.lnk
Deleted ! G:\RECYCLER.lnk
Deleted ! G:\autorun.lnk
Deleted ! G:\wd_windows_tools.lnk
Deleted ! G:\wd_mac_tools.lnk
Deleted ! G:\Documentation.lnk
Deleted ! G:\System Volume Information.lnk
Deleted ! G:\Recycled.lnk
Deleted ! G:\Dokumenty.lnk
Deleted ! G:\9e9a674fcd8efbffbcf4176ddfd5ea.lnk
Deleted ! G:\672ec64c47a8ec25842cb697dbc38aca.lnk
Deleted ! G:\b4edd5a44d7f595015d9ff156a.lnk
Deleted ! G:\Ivona__Backup.lnk
Deleted ! G:\Ivona_Backup_HD.lnk
Deleted ! G:\Hry.lnk
Deleted ! G:\61dab42e7799f7358101.lnk
Deleted ! G:\15ff429ec372eeeb1315a51fded3.lnk
Deleted ! G:\50de869c79d5daf950.lnk
Deleted ! G:\f02dcda1b28ab1965d.lnk
Deleted ! G:\98fc17485a9177fc0c.lnk
Deleted ! F:\RECYCLER\470a1245.exe
Not deleted ! C:\Recycler\S-1-5-21-1659004503-1757981266-725345543-1003
Deleted ! C:\Recycler\S-1-5-21-1993962763-606747145-725345543-1003
Not deleted ! C:\Recycler\S-1-5-21-527237240-362288127-682003330-1003
Deleted ! F:\autorun.inf
Deleted ! F:\Recycler\desktop.ini
Deleted ! G:\RECYCLER\470a1245.exe
Deleted ! G:\Recycler\desktop.ini
Deleted ! H:\RECYCLER\470a1245.exe
Deleted ! H:\Recycler\desktop.ini

(!) Temporary files deleted.

################## | Registry |


################## | Mountpoints2 |


################## | Listing |

[08/11/2006 - 16:07:19 | D ] C:\$VAULT$.AVG
[23/02/2007 - 17:40:08 | D ] C:\31926ee518054421a61b
[27/12/2006 - 15:38:17 | D ] C:\5388defb4a07c388b3bb20e5
[16/01/2009 - 17:42:37 | D ] C:\5c6fbcd00f57901f42aab35832
[14/06/2009 - 14:52:24 | D ] C:\60792de3c4ed3aed16
[17/07/2006 - 15:59:37 | D ] C:\8
[17/07/2006 - 16:02:56 | D ] C:\9219313d25f1ad9623f557
[21/12/2006 - 17:40:52 | D ] C:\950ed19da15aa239d9ae685f055d
[17/07/2006 - 16:08:54 | D ] C:\a431565cdd53b046dbbc2bac06
[17/07/2006 - 16:08:09 | D ] C:\aacbb1b
[06/03/2007 - 17:08:05 | N | 7680] C:\AssistentGraph.grf
[14/11/2009 - 12:50:49 | D ] C:\ATLAS Consulting
[05/05/2006 - 14:53:10 | N | 0] C:\AUTOEXEC.BAT
[18/11/2012 - 16:42:52 | RASHD ] C:\Autorun.inf
[15/08/2010 - 21:27:12 | D ] C:\Avenger
[15/08/2010 - 21:26:37 | N | 2214] C:\avenger.txt
[17/07/2006 - 16:01:56 | D ] C:\b917487eac6d4359a547
[05/05/2006 - 17:26:14 | D ] C:\Binaries
[19/06/2007 - 16:30:58 | N | 213] C:\boot.ini
[16/04/2003 - 13:00:00 | N | 4952] C:\Bootfont.bin
[01/09/2009 - 09:47:54 | N | 148] C:\ccJobMgr.dat
[25/11/2006 - 11:41:05 | D ] C:\col6596
[28/11/2012 - 16:31:21 | D ] C:\Config.Msi
[05/05/2006 - 14:53:10 | N | 0] C:\CONFIG.SYS
[30/07/2006 - 14:29:02 | D ] C:\DBBackup
[05/03/2010 - 20:00:31 | D ] C:\Documents and Settings
[31/01/2010 - 20:23:17 | D ] C:\Downloads
[30/08/2011 - 15:22:37 | N | 190] C:\drwtsn32.log
[28/12/2006 - 19:19:40 | N | 2005] C:\dvdfab_burn.log
[10/07/2011 - 11:59:46 | N | 90] C:\error.log
[28/11/2012 - 14:58:42 | N | 523] C:\hpfr3420.xml
[28/11/2012 - 14:58:42 | N | 389668] C:\hpfr3425.log
[29/09/2007 - 15:31:53 | N | 18017] C:\initemp.dat
[05/05/2006 - 14:53:10 | N | 0] C:\IO.SYS
[02/02/2010 - 14:33:36 | N | 40] C:\james.bat
[26/05/2010 - 19:41:26 | D ] C:\jexepackres
[31/08/2011 - 14:56:43 | D ] C:\kleaner.tmp
[09/12/2012 - 11:20:05 | N | 0] C:\Log.txt
[05/05/2006 - 14:53:10 | N | 0] C:\MSDOS.SYS
[12/07/2006 - 16:46:33 | RHD ] C:\MSOCache
[26/02/2007 - 17:26:10 | N | 47564] C:\NTDETECT.COM
[26/10/2008 - 14:04:26 | N | 250576] C:\ntldr
[22/05/2010 - 20:26:42 | D ] C:\Output Files
[09/12/2012 - 11:19:52 | ASH | 805306368] C:\pagefile.sys
[19/12/2006 - 17:55:10 | N | 13030] C:\PDOXUSRS.NET
[23/02/2007 - 17:04:40 | D ] C:\PLUGINS
[23/11/2012 - 14:19:44 | D ] C:\Program Files
[31/08/2011 - 14:00:28 | D ] C:\rafazon
[09/12/2012 - 12:09:04 | SHD ] C:\RECYCLER
[01/11/2012 - 16:30:34 | D ] C:\rsit
[20/06/2009 - 12:51:34 | N | 21536] C:\SDSSetup.log
[11/12/2011 - 15:10:44 | SHD ] C:\System Volume Information
[07/03/2010 - 16:31:11 | D ] C:\temp
[05/08/2007 - 13:09:35 | D ] C:\totalcmd
[18/09/2007 - 16:01:09 | D ] C:\TRANSLAT
[05/08/2007 - 13:27:13 | N | 59690] C:\treeinfo.wc
[04/08/2011 - 21:51:50 | D ] C:\Updater
[09/12/2012 - 12:09:04 | D ] C:\UsbFix
[09/12/2012 - 12:09:05 | A | 8658] C:\UsbFix.txt
[26/11/2006 - 17:18:41 | N | 18034] C:\vm404.log
[09/12/2012 - 11:42:30 | D ] C:\WINDOWS
[21/02/2010 - 20:32:48 | D ] C:\_CLTUI_E894D6B5_E3CA_4561_A244_272400640573_Session0
[21/02/2010 - 20:32:48 | D ] C:\_CLTUI_E894D6B5_E3CA_4561_A244_272400640573_Session1
[04/12/2012 - 19:51:58 | SHD ] F:\system
[04/12/2012 - 19:41:30 | D ] F:\documents
[12/09/2011 - 19:49:56 | D ] F:\music
[12/09/2011 - 19:50:38 | D ] F:\audible
[13/10/2012 - 20:04:30 | D ] F:\.active-content-data
[03/11/2012 - 13:48:04 | D ] F:\linkjail
[03/11/2012 - 13:51:38 | D ] F:\localization
[03/11/2012 - 13:53:02 | D ] F:\keyboard
[13/10/2012 - 20:56:16 | HD ] F:\RECYCLER
[30/11/2012 - 21:07:40 | N | 283] F:\driveinfo.calibre
[30/11/2012 - 21:45:10 | N | 176738] F:\metadata.calibre
[29/08/2011 - 14:04:34 | SHD ] G:\RECYCLER
[18/11/2012 - 16:42:58 | RASHD ] G:\Autorun.inf
[31/03/2008 - 11:57:12 | N | 87] G:\Install.ini
[03/12/2008 - 13:38:50 | N | 319488] G:\Setup.exe
[06/04/2009 - 16:48:46 | D ] G:\wd_windows_tools
[06/04/2009 - 16:50:12 | D ] G:\wd_mac_tools
[06/04/2009 - 16:50:14 | D ] G:\Documentation
[06/04/2009 - 16:50:20 | D ] G:\autorun
[12/11/2009 - 17:20:54 | SHD ] G:\System Volume Information
[12/11/2009 - 18:46:16 | SHD ] G:\Recycled
[31/08/2011 - 17:23:00 | D ] G:\9e9a674fcd8efbffbcf4176ddfd5ea
[30/10/2012 - 14:47:16 | ASH | 5632] G:\Thumbs.db
[08/11/2011 - 20:12:48 | D ] G:\672ec64c47a8ec25842cb697dbc38aca
[08/11/2011 - 20:20:20 | D ] G:\b4edd5a44d7f595015d9ff156a
[31/08/2010 - 17:58:48 | N | 3611392] G:\Make It Through The Day-Hanson.m4r
[31/08/2010 - 17:55:50 | N | 3103663] G:\Give A Little-Hanson.m4r
[31/08/2010 - 17:52:28 | N | 4112832] G:\And I Waited-Hanson.m4r
[17/02/2012 - 17:47:34 | N | 2788427] G:\And I Waited-Hanson-1.m4r
[12/11/2009 - 19:04:20 | D ] G:\Dokumenty
[12/11/2009 - 19:15:44 | N | 281] G:\Plocha.lnk
[13/11/2009 - 14:07:20 | D ] G:\Ivona__Backup
[19/06/2009 - 19:19:58 | N | 412788] G:\faktura_id_5200907928.pdf
[05/06/2009 - 17:53:10 | N | 4595166] G:\Submerge_1.7.2v48.dmg
[21/03/2009 - 17:18:52 | N | 4350196] G:\RESI - e-shop.mht
[15/09/2009 - 16:19:44 | N | 25607] G:\dictionary.txt
[24/09/2009 - 20:05:54 | N | 2163518] G:\Charmed_1x01_Something_Wicca_This_Way_Comes_Trailer_(HQ).avi
[24/09/2009 - 20:11:38 | N | 3394548] G:\Charmed_trailer_1x02_(_fan_made_).avi
[24/09/2009 - 20:13:12 | N | 2412254] G:\Charmed_Australian_Trailer___1x03.avi
[13/11/2009 - 15:59:18 | D ] G:\Ivona_Backup_HD
[19/11/2009 - 18:10:12 | D ] G:\Hry
[08/04/2010 - 22:08:50 | D ] G:\61dab42e7799f7358101
[15/04/2010 - 22:10:12 | D ] G:\15ff429ec372eeeb1315a51fded3
[25/04/2010 - 20:54:44 | N | 4324273] G:\webbuilder6.zip
[24/07/2010 - 22:15:40 | N | 78] G:\Install.log
[26/09/2010 - 22:20:20 | D ] G:\50de869c79d5daf950
[01/11/2010 - 22:05:48 | D ] G:\f02dcda1b28ab1965d
[07/02/2011 - 22:37:40 | D ] G:\98fc17485a9177fc0c
[22/03/2012 - 16:16:38 | N | 2039129] H:\IvonaUrbanova.pdf
[24/05/2012 - 21:23:32 | HD ] H:\RECYCLER
[24/05/2012 - 20:28:46 | N | 22896145] H:\Melodie-na-mobil.rar
[25/05/2012 - 15:23:44 | D ] H:\Melodie-na-mobil
[24/05/2012 - 15:51:32 | N | 95752] H:\Státnice Ab.docx
[26/05/2012 - 13:31:34 | N | 181208] H:\download.pdf
[02/05/2012 - 14:52:06 | N | 309356608] H:\Tomas_Klus-komplet.zip
[01/11/2012 - 17:07:34 | D ] H:\Autorun.inf
[27/11/2012 - 15:35:48 | N | 155702] H:\SKMBT_C22012112711510.pdf
[27/11/2012 - 14:29:02 | N | 119704] H:\37321.jpg
[23/11/2012 - 16:53:46 | N | 1775616] H:\Hand,-Cynthia---Nadpozemská.doc
[25/11/2012 - 14:18:28 | N | 1077530] H:\Sophie-Jordan---Firelight.pdf
[27/11/2012 - 14:16:38 | N | 11994] H:\imagesCAP0SJN2.jpg
[23/11/2012 - 16:04:34 | N | 3762795] H:\Fitzpatrick,-Becca---Ticho-(3.).doc

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_DOMA-QO9I0VR7RQ.zip
http://eldesaparecido.com/upload.php
Thank you for your contribution.

################## | E.O.F |
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: prosba o kontrolu logu

#6 Příspěvek od vyosek »

:arrow: Nechte flash disky pripojene

:arrow: Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Ivon
Návštěvník
Návštěvník
Příspěvky: 24
Registrován: 25 lis 2012 21:02

Re: prosba o kontrolu logu

#7 Příspěvek od Ivon »

log Rkill:
Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/11/2012 08:32:41 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\FsUsbExService.Exe (PID: 548) [WD-HEUR]
* C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\2.exe (PID: 1520) [UP-HEUR]
* C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\2.exe (PID: 3284) [UP-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 12/11/2012 08:37:37 PM
Execution time: 0 hours(s), 4 minute(s), and 56 seconds(s)
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: prosba o kontrolu logu

#8 Příspěvek od vyosek »

OK, pockam na ComboFix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Ivon
Návštěvník
Návštěvník
Příspěvky: 24
Registrován: 25 lis 2012 21:02

Re: prosba o kontrolu logu

#9 Příspěvek od Ivon »

Omlouvám se. Už nečekejte (dnes). Místo 10 min. už to jede víc jak 70 a nijak to nepostupuje. Vstávám do práce, tak to zkusím zítra.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: prosba o kontrolu logu

#10 Příspěvek od vyosek »

Pokud bude seknuty, tak restart, mackat F8 a zvolit Stav nouze s praci v siti a tam spustit ComboFix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Ivon
Návštěvník
Návštěvník
Příspěvky: 24
Registrován: 25 lis 2012 21:02

Re: prosba o kontrolu logu

#11 Příspěvek od Ivon »

Tak já vážně už nevím, co s tím. ComboFix už jsem dělala 3x. Místo 10min to jede 2 hodiny, když to dojede na 48 ukončených etap, hodí to chybu že pev.3exe musí být uchončen, pak to udělá ještě ty 2 etapy do 50. Poté to napíše, že to maže soubory a restartuje se PC. PC normálně naběhne, ale napíše, že musel být obnoven po závažné chybě. A nikde žádný vytvořený log není. Ani na ploše, ani na C:

Tenhle proces mi to udělalo 3x.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: prosba o kontrolu logu

#12 Příspěvek od vyosek »

:arrow: Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
  • Ukoncete vsechny programy
  • Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
  • Pockejte na dokonceni PreScanu
  • Zvolte moznost Prohledat (scan)
  • Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte
  • Detailni postup vc. obrazku mate zde http://forum.viry.cz/viewtopic.php?f=24&t=120452
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Ivon
Návštěvník
Návštěvník
Příspěvky: 24
Registrován: 25 lis 2012 21:02

Re: prosba o kontrolu logu

#13 Příspěvek od Ivon »

tak ten jede jako po másle:
RogueKiller V8.4.0 [Dec 15 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Ivona [Práva správce]
Mód : Kontrola -- Datum : 12/16/2012 20:18:28

¤¤¤ Škodlivé procesy: : 2 ¤¤¤
[SUSP PATH] A.exe -- C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\A.exe -> SMAZÁNO [TermProc]
[SUSP PATH] A.exe -- C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\A.exe -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 19 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Mexmxy (C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\Mexmxy.exe) -> NALEZENO
[RUN][SUSP PATH] HKCU\[...]\Run : Sexmxe (C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\Sexmxe.exe) -> NALEZENO
[RUN][SUSP PATH] HKCU\[...]\Run : Yexmxk (C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\Yexmxk.exe) -> NALEZENO
[RUN][SUSP PATH] HKCU\[...]\Run : Cexmxo (C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\Cexmxo.exe) -> NALEZENO
[RUN][ROGUE ST] HKCU\[...]\Run : PService (C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\6.exe) -> NALEZENO
[RUN][SUSP PATH] HKCU\[...]\Run : WINSXS32 (C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\A.exe) -> NALEZENO
[RUN][ROGUE ST] HKLM\[...]\Run : PService (C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\6.exe) -> NALEZENO
[RUN][ROGUE ST] HKLM\[...]\Run : WINSXS32 (C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\16.exe) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-1993962763-606747145-725345543-1003[...]\Run : Mexmxy (C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\Mexmxy.exe) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-1993962763-606747145-725345543-1003[...]\Run : Sexmxe (C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\Sexmxe.exe) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-1993962763-606747145-725345543-1003[...]\Run : Yexmxk (C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\Yexmxk.exe) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-1993962763-606747145-725345543-1003[...]\Run : Cexmxo (C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\Cexmxo.exe) -> NALEZENO
[RUN][ROGUE ST] HKUS\S-1-5-21-1993962763-606747145-725345543-1003[...]\Run : PService (C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\6.exe) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-1993962763-606747145-725345543-1003[...]\Run : WINSXS32 (C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\A.exe) -> NALEZENO
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
[SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\WINDOWS\ORION2~1.SCR) -> NALEZENO
[SERVICES][HIDDEN KEY] HKLM\[...]\ControlSet001\Services\P -> NALEZENO
[SERVICES][HIDDEN KEY] HKLM\[...]\ControlSet002\Services\P -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x80637D4E -> HOOKED (Unknown @ 0x82D69078)
SSDT[13] : NtAlertThread @ 0x80592C30 -> HOOKED (Unknown @ 0x82B74540)
SSDT[17] : NtAllocateVirtualMemory @ 0x80570BC5 -> HOOKED (Unknown @ 0x82B72008)
SSDT[19] : NtAssignProcessToJobObject @ 0x805E4D63 -> HOOKED (Unknown @ 0x82B7F668)
SSDT[31] : NtConnectPort @ 0x80590E53 -> HOOKED (Unknown @ 0x82D912D0)
SSDT[43] : NtCreateMutant @ 0x8058408D -> HOOKED (Unknown @ 0x824D5310)
SSDT[52] : NtCreateSymbolicLinkObject @ 0x805AD5D4 -> HOOKED (Unknown @ 0x82AD3CC8)
SSDT[53] : NtCreateThread @ 0x80584D39 -> HOOKED (Unknown @ 0x82CE3B40)
SSDT[57] : NtDebugActiveProcess @ 0x80663211 -> HOOKED (Unknown @ 0x82B92598)
SSDT[68] : NtDuplicateObject @ 0x8057F18D -> HOOKED (Unknown @ 0x82BE57F0)
SSDT[83] : NtFreeVirtualMemory @ 0x805710BF -> HOOKED (Unknown @ 0x82CF6228)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805A0F55 -> HOOKED (Unknown @ 0x82B8BE08)
SSDT[91] : NtImpersonateThread @ 0x805876BA -> HOOKED (Unknown @ 0x82CB37D0)
SSDT[97] : NtLoadDriver @ 0x805B52F0 -> HOOKED (Unknown @ 0x82AA8E78)
SSDT[108] : NtMapViewOfSection @ 0x8057AC21 -> HOOKED (Unknown @ 0x82CE0C60)
SSDT[114] : NtOpenEvent @ 0x80589D61 -> HOOKED (Unknown @ 0x82BAA9B8)
SSDT[122] : NtOpenProcess @ 0x8057F93A -> HOOKED (Unknown @ 0x82CFE410)
SSDT[123] : NtOpenProcessToken @ 0x805784EC -> HOOKED (Unknown @ 0x82AF6008)
SSDT[125] : NtOpenSection @ 0x80579192 -> HOOKED (Unknown @ 0x82B72630)
SSDT[128] : NtOpenThread @ 0x80596743 -> HOOKED (Unknown @ 0x82C0DB68)
SSDT[137] : NtProtectVirtualMemory @ 0x8057F56B -> HOOKED (Unknown @ 0x82AD5978)
SSDT[206] : unknown @ 0x805853B0 -> HOOKED (Unknown @ 0x82B93620)
SSDT[213] : NtSetContextThread @ 0x80635EFB -> HOOKED (Unknown @ 0x82BADBA0)
SSDT[228] : NtSetInformationProcess @ 0x80574B1F -> HOOKED (Unknown @ 0x82CB8198)
SSDT[240] : NtSetSystemInformation @ 0x805BFDB1 -> HOOKED (Unknown @ 0x82B73040)
SSDT[253] : NtSuspendProcess @ 0x80637C93 -> HOOKED (Unknown @ 0x82CAFE30)
SSDT[254] : NtSuspendThread @ 0x80637BAF -> HOOKED (Unknown @ 0x82B96FD0)
SSDT[257] : NtTerminateProcess @ 0x8058E8B1 -> HOOKED (Unknown @ 0x82AF72F0)
SSDT[258] : NtTerminateThread @ 0x80584966 -> HOOKED (Unknown @ 0x82BB9FD0)
SSDT[267] : NtUnmapViewOfSection @ 0x8057A7A9 -> HOOKED (Unknown @ 0x82C15BE0)
SSDT[277] : NtWriteVirtualMemory @ 0x805875EF -> HOOKED (Unknown @ 0x82CA8600)
S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x82AF6380)
S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x82AF5978)
S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x82AF55E8)
S_SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x82AF60A8)
S_SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x82BF5920)
S_SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x82D19FC0)
S_SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x82C9E120)
S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x82C5E490)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x82AF1130)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x82C1FFB0)

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600JS-22NCB1 +++++
--- User ---
[MBR] 25f3296c08e24215ee4a3825a578326f
[BSP] 5d19fc7fc5253c0e8156ce0848126f8d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] 6d8c2b570c934ad4444f562ec746423b
[BSP] 46624989cc4f8f404da809c89b62429d : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 983 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: WD 10EADS External USB Device +++++
--- User ---
[MBR] a65cf760d43b336347fb57bc883ace24
[BSP] 39cc44575b71c8e70f97ed1007b4e215 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[1]_S_12162012_02d2018.txt >>
RKreport[1]_S_12162012_02d2018.txt
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: prosba o kontrolu logu

#14 Příspěvek od vyosek »

:arrow: Spustte znovu RogueKiller
  • Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
  • Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
  • Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Ivon
Návštěvník
Návštěvník
Příspěvky: 24
Registrován: 25 lis 2012 21:02

Re: prosba o kontrolu logu

#15 Příspěvek od Ivon »

první log:
RogueKiller V8.4.0 [Dec 15 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Ivona [Práva správce]
Mód : Odebrat -- Datum : 12/17/2012 20:07:37

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 4 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Sexmxe (C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\Sexmxe.exe) -> VYMAZÁNO
[RUN][SUSP PATH] HKUS\S-1-5-21-1993962763-606747145-725345543-1003[...]\Run : Sexmxe (C:\Documents and Settings\Ivona.DOMA-QO9I0VR7RQ\Data aplikací\Sexmxe.exe) -> VYMAZÁNO
[SERVICES][HIDDEN KEY] HKLM\[...]\ControlSet001\Services\P\Start -> ERROR [0x1]
[SERVICES][HIDDEN KEY] HKLM\[...]\ControlSet002\Services\P\Start -> ERROR [0x1]

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x80637D4E -> HOOKED (Unknown @ 0x8251D768)
SSDT[13] : NtAlertThread @ 0x80592C30 -> HOOKED (Unknown @ 0x8251D828)
SSDT[17] : NtAllocateVirtualMemory @ 0x80570BC5 -> HOOKED (Unknown @ 0x8250CB80)
SSDT[19] : NtAssignProcessToJobObject @ 0x805E4D63 -> HOOKED (Unknown @ 0x8259EE50)
SSDT[31] : NtConnectPort @ 0x80590E53 -> HOOKED (Unknown @ 0x82DDEE70)
SSDT[43] : NtCreateMutant @ 0x8058408D -> HOOKED (Unknown @ 0x8251D518)
SSDT[52] : NtCreateSymbolicLinkObject @ 0x805AD5D4 -> HOOKED (Unknown @ 0x8259ECB0)
SSDT[53] : NtCreateThread @ 0x80584D39 -> HOOKED (Unknown @ 0x82520690)
SSDT[57] : NtDebugActiveProcess @ 0x80663211 -> HOOKED (Unknown @ 0x8259EF10)
SSDT[68] : NtDuplicateObject @ 0x8057F18D -> HOOKED (Unknown @ 0x82544370)
SSDT[83] : NtFreeVirtualMemory @ 0x805710BF -> HOOKED (Unknown @ 0x82520770)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805A0F55 -> HOOKED (Unknown @ 0x8251D5E8)
SSDT[91] : NtImpersonateThread @ 0x805876BA -> HOOKED (Unknown @ 0x8251D6A8)
SSDT[97] : NtLoadDriver @ 0x805B52F0 -> HOOKED (Unknown @ 0x8284AC70)
SSDT[108] : NtMapViewOfSection @ 0x8057AC21 -> HOOKED (Unknown @ 0x8251BD90)
SSDT[114] : NtOpenEvent @ 0x80589D61 -> HOOKED (Unknown @ 0x8251D458)
SSDT[122] : NtOpenProcess @ 0x8057F93A -> HOOKED (Unknown @ 0x825433D0)
SSDT[123] : NtOpenProcessToken @ 0x805784EC -> HOOKED (Unknown @ 0x82543398)
SSDT[125] : NtOpenSection @ 0x80579192 -> HOOKED (Unknown @ 0x8251D2D8)
SSDT[128] : NtOpenThread @ 0x80596743 -> HOOKED (Unknown @ 0x82544440)
SSDT[137] : NtProtectVirtualMemory @ 0x8057F56B -> HOOKED (Unknown @ 0x8259ED80)
SSDT[206] : unknown @ 0x805853B0 -> HOOKED (Unknown @ 0x8251D8E8)
SSDT[213] : NtSetContextThread @ 0x80635EFB -> HOOKED (Unknown @ 0x8250CB00)
SSDT[228] : NtSetInformationProcess @ 0x80574B1F -> HOOKED (Unknown @ 0x82544848)
SSDT[240] : NtSetSystemInformation @ 0x805BFDB1 -> HOOKED (Unknown @ 0x8259EFD0)
SSDT[253] : NtSuspendProcess @ 0x80637C93 -> HOOKED (Unknown @ 0x8251D398)
SSDT[254] : NtSuspendThread @ 0x80637BAF -> HOOKED (Unknown @ 0x825446B8)
SSDT[257] : NtTerminateProcess @ 0x8058E8B1 -> HOOKED (Unknown @ 0x825D4E48)
SSDT[258] : NtTerminateThread @ 0x80584966 -> HOOKED (Unknown @ 0x825206F0)
SSDT[267] : NtUnmapViewOfSection @ 0x8057A7A9 -> HOOKED (Unknown @ 0x82544338)
SSDT[277] : NtWriteVirtualMemory @ 0x805875EF -> HOOKED (Unknown @ 0x82520840)
S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x82B7D0D0)
S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x82B7C6D8)
S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x82B7C600)
S_SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x82B7CDC8)
S_SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x82B0E3D0)
S_SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x82B5E0D0)
S_SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x82B36718)
S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x82B39B20)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x82B190D8)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x82D3BEE0)

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600JS-22NCB1 +++++
--- User ---
[MBR] 25f3296c08e24215ee4a3825a578326f
[BSP] 5d19fc7fc5253c0e8156ce0848126f8d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] 6d8c2b570c934ad4444f562ec746423b
[BSP] 46624989cc4f8f404da809c89b62429d : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 983 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: WD 10EADS External USB Device +++++
--- User ---
[MBR] a65cf760d43b336347fb57bc883ace24
[BSP] 39cc44575b71c8e70f97ed1007b4e215 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[4]_D_12172012_02d2007.txt >>
RKreport[1]_S_12162012_02d2018.txt ; RKreport[2]_S_12172012_02d2003.txt ; RKreport[3]_S_12172012_02d2006.txt ; RKreport[4]_D_12172012_02d2007.txt


druhý log:
RogueKiller V8.4.0 [Dec 15 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Ivona [Práva správce]
Mód : Oprava HOSTS -- Datum : 12/17/2012 20:16:09

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Dokončeno : << RKreport[5]_H_12172012_02d2016.txt >>
RKreport[1]_S_12162012_02d2018.txt ; RKreport[2]_S_12172012_02d2003.txt ; RKreport[3]_S_12172012_02d2006.txt ; RKreport[4]_D_12172012_02d2007.txt ; RKreport[5]_H_12172012_02d2016.txt
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“