PROSÍM O KONTROLU LOGU

Zpráva

MATRIXXXX · #1 Příspěvek od **MATRIXXXX** » 06 lis 2009 09:34

Logfile of random's system information tool 1.06 (written by random/random)
Run by NEO at 2009-11-06 09:33:04
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 2 GB (8%) free of 22 GB
Total RAM: 2046 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:05, on 6.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\QIP Infium\infium.exe
C:\Program Files\ASUS\PC Probe II\Probe2.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\ASUS\AASP\1.00.81\aaCenter.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\NEO.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.seznam.cz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.6.58\ShoppingReport.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PC Probe II V1.04.05.lnk = ?
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Startup: Zástupce - amd_dc_opt.lnk = C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.6.58\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.6.58\ShoppingReport.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6770 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1231413370.job
C:\WINDOWS\tasks\SpyHunter Scanner.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
ShoppingReport - C:\Program Files\ShoppingReport\Bin\2.6.58\ShoppingReport.dll [2009-10-13 1185056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-01-19 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-08 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-08 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_0.dll [2009-07-13 2215960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\JMRaidSetup.exe [2006-11-16 1953792]
"WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2006-12-26 196608]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-09-15 81000]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-09-23 1657448]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SmartRAM"=C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe [2009-01-06 202064]
"Infium"=C:\Program Files\QIP Infium\infium.exe [2009-02-03 5136384]
"PlayNC Launcher"= []

C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Nabídka Start\Programy\Po spuštění
PC Probe II V1.04.05.lnk - C:\Program Files\ASUS\PC Probe II\Probe2.exe
Rainmeter.lnk - C:\Program Files\Rainmeter\Rainmeter.exe
Zástupce - amd_dc_opt.lnk - C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll [2008-07-22 210168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Graphisoft\ArchiCAD 11\ArchiCAD.exe"="C:\Program Files\Graphisoft\ArchiCAD 11\ArchiCAD.exe:*:Enabled:ArchiCAD 11.0.0 Component"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Průzkumník Windows"
"C:\Program Files\Graphisoft\ArchiCAD 12\ArchiCAD.exe"="C:\Program Files\Graphisoft\ArchiCAD 12\ArchiCAD.exe:*:Enabled:ArchiCAD 12.0.0 Component"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"E:\BURN OUT\BurnoutLauncher.exe"="E:\BURN OUT\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"E:\BURN OUT\BurnoutConfigTool.exe"="E:\BURN OUT\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"E:\BURN OUT\BurnoutParadise.exe"="E:\BURN OUT\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"G:\Warcraft III\war3.exe"="G:\Warcraft III\war3.exe:*:Enabled:Warcraft III"
"C:\Program Files\SoundSpectrum\G-Force\G-Force Standalone.exe"="C:\Program Files\SoundSpectrum\G-Force\G-Force Standalone.exe:*:Enabled:G-Force Standalone"
"G:\Program Files\Activision\Prototype\prototypef.exe"="G:\Program Files\Activision\Prototype\prototypef.exe:*:Enabled:Prototype(TM)"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"G:\Downloads\utorrent.exe"="G:\Downloads\utorrent.exe:*:Enabled:µTorrent"
"C:\torrent\utorrent.exe"="C:\torrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-11-06 09:29:08 ----D---- C:\rsit
2009-11-03 17:45:16 ----D---- C:\WINDOWS\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2009-11-03 17:28:54 ----D---- C:\BDS
2009-11-01 09:35:58 ----D---- C:\Program Files\QIP Infium
2009-10-27 15:53:56 ----D---- C:\Program Files\NCSoft
2009-10-27 15:52:42 ----D---- C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\GetRightToGo
2009-10-24 11:34:25 ----D---- C:\torrent
2009-10-20 23:03:48 ----D---- C:\Program Files\Top Gun
2009-10-17 20:27:35 ----D---- C:\Program Files\Lineage II
2009-10-10 06:03:32 ----D---- C:\Program Files\ShoppingReport
2009-10-09 20:35:34 ----A---- C:\WINDOWS\system32\msvcr90.dll
2009-10-09 20:35:26 ----D---- C:\Program Files\Miranda IM KP v5.0.8.5
2009-10-08 21:36:34 ----D---- C:\Program Files\Common Files\INCA Shared
2009-10-08 14:21:54 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2009-10-08 14:21:53 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2009-10-08 14:21:53 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2009-10-08 14:21:53 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2009-10-08 14:21:52 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2009-10-08 14:21:52 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2009-10-08 14:21:52 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2009-10-08 14:21:51 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-10-08 14:21:51 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-10-08 14:21:51 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-10-08 14:21:50 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-10-08 14:21:50 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-10-08 14:21:50 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-10-08 14:21:50 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-10-07 21:47:06 ----D---- C:\Program Files\DNA
2009-10-07 21:47:06 ----D---- C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\DNA

======List of files/folders modified in the last 1 months======

2009-11-06 09:29:27 ----D---- C:\WINDOWS\Prefetch
2009-11-06 09:23:59 ----D---- C:\Program Files\Mozilla Firefox
2009-11-06 08:49:45 ----A---- C:\WINDOWS\ntbtlog.txt
2009-11-06 08:25:51 ----D---- C:\WINDOWS\Temp
2009-11-06 00:00:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-06 00:00:55 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-06 00:00:01 ----D---- C:\Program Files\SpeedFan
2009-11-05 20:10:16 ----D---- C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\Hamachi
2009-11-05 18:00:08 ----D---- C:\WINDOWS\system32\drivers
2009-11-04 22:19:35 ----D---- C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\ShoppingReport
2009-11-04 17:00:15 ----D---- C:\WINDOWS
2009-11-03 17:46:50 ----D---- C:\WINDOWS\system32\DirectX
2009-11-03 17:46:48 ----D---- C:\WINDOWS\system32
2009-11-03 17:46:47 ----HD---- C:\WINDOWS\inf
2009-11-03 17:46:14 ----RSD---- C:\WINDOWS\assembly
2009-11-03 17:45:25 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-11-03 17:45:20 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-03 17:45:19 ----RSH---- C:\boot.ini
2009-11-03 17:45:17 ----SHD---- C:\WINDOWS\Installer
2009-11-03 17:45:09 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-11-03 17:45:02 ----D---- C:\Config.Msi
2009-11-03 17:45:01 ----D---- C:\WINDOWS\WinSxS
2009-11-03 17:39:49 ----D---- C:\Program Files\HD Tune
2009-11-03 17:29:55 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-02 23:02:30 ----D---- C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\uTorrent
2009-11-01 10:34:40 ----D---- C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\Skype
2009-11-01 09:45:13 ----D---- C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\skypePM
2009-11-01 09:35:58 ----RD---- C:\Program Files
2009-10-27 15:54:14 ----SD---- C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\Microsoft
2009-10-25 08:19:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-25 08:15:17 ----SD---- C:\WINDOWS\Tasks
2009-10-24 14:15:38 ----D---- C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\Desktopicon
2009-10-10 09:58:58 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-10 08:15:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-10 08:13:06 ----D---- C:\WINDOWS\system32\cs-CZ
2009-10-10 08:10:52 ----D---- C:\WINDOWS\system32\XPSViewer
2009-10-10 08:10:49 ----D---- C:\WINDOWS\system32\en-us
2009-10-10 08:10:43 ----RSD---- C:\WINDOWS\Fonts
2009-10-08 21:36:34 ----D---- C:\Program Files\Common Files
2009-10-08 16:53:32 ----D---- C:\WINDOWS\Help
2009-10-08 16:52:36 ----D---- C:\WINDOWS\nview

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-09-15 27408]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2009-01-08 82380]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2006-12-16 8704]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-09-15 52368]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\WibuKey.sys [2006-11-22 72704]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-06 93952]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2006-05-09 13824]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-09-15 23152]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-09-27 7655872]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023k.sys [2002-08-12 11136]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
S3 agamolna;agamolna; C:\WINDOWS\system32\drivers\agamolna.sys []
S3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2006-12-16 13824]
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-04-03 15440]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-04-07 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-04-07 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-04-07 21456]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-09-15 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-09-15 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-08 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-09-06 70968]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-09-15 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-09-15 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-04-07 65795]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

franticek · #2 Příspěvek od **franticek** » 06 lis 2009 12:14

Ahoj.

Na logu se už pracuje.

MATRIXXXX · #3 Příspěvek od **MATRIXXXX** » 06 lis 2009 12:16

Diky velmi moc nečekal jsem až takovou rychlost jsem ohromen

franticek · #4 Příspěvek od **franticek** » 06 lis 2009 23:03

Ahoj.

Takže stáhni si OTMoveIt3 z mého podpisu a postupuj dle návodu.
Vlož tento skript:

Kód: Vybrat vše

:processes
explorer.exe

:files
C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
C:\Program Files\ShoppingReport
C:\WINDOWS\D56B0E274A3E46C9B5C1D93D580C099C.TMP
C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\ShoppingReport


:reg
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page"=""
"Default_Search_URL"=""
"Search Bar"=""
"Search Page"=
[HKLM\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"=""
[HKCU\Software\Microsoft\Internet Explorer\SearchURL]
"(Default)"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks)]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{95289393-33EA-4F8D-B952-483415B9C955}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PlayNC Launcher"=-

:commands
[emptytemp]
[start explorer]

Soubor C:\WINDOWS\system32\drivers\agamolna.sys ověř na VT.
Používáš nějakou virtuální mechaniku - daemon tool, alcohol apod?
Dále nainstalul MBAM a udělej QUICKSCAN.

MATRIXXXX · #5 Příspěvek od **MATRIXXXX** » 08 lis 2009 17:48

soubor nebyl nalezen udíž jsem ho nemohl otestovat

MATRIXXXX · #6 Příspěvek od **MATRIXXXX** » 08 lis 2009 18:13

ahoj udělal jsem vše jak jste říkal mnohokrít děkuji ano vrtuální mechaniku používám a měl bych ješte jeden dotaz :
před asi měsícem a trvá to až do ted jsem si chtěl přes utorrent (jako mnohokrát před tím) stáhnout nějaký soubor ale nedaří se mi stahovat utorrent odesílá ale nestahuje a vše je nastavené jako dřív dokonce jsem se v to i hrabal povolil co se dalo a pořád nic a nechal jsem stahovat i soubory které kamarád zrovna stahoval ale rychlost stahováni 0.000 nevíte co stím děkuji předem za odpověd

franticek · #7 Příspěvek od **franticek** » 08 lis 2009 19:10

Ahoj.

Zkusme nejprve pořešit otázku bezpečnosti, poté se můžeme případně zabývat zbytkem.
Mám pár otázek:
1. spustil jsi ten skript a udělal log z OTMoveIt3?
2. spustil jsi a udělal log z MBAM (jen log, nic nemazat)?
Pokud ano, tak zde vlož logy.

Díky.

MATRIXXXX · #8 Příspěvek od **MATRIXXXX** » 10 lis 2009 11:21

MATRIXXXX píše:1. spustil jsi ten skript a udělal log z OTMoveIt3?
2. spustil jsi a udělal log z MBAM (jen log, nic nemazat)?

první log mám ale druhýuž nepotřebuješ nebot jsem vše infikované smazalbyl jsem totiž rychlejší jak tvtoje odpoveď xD našestí jsem nesmazl nic duležitého
log je přiložen v příloze
děkuji za pomoc

franticek · #9 Příspěvek od **franticek** » 10 lis 2009 14:27

Ahoj.

Prosím udělej ještě jednou log z RSIT a ulož ho zde.

Díky.

MATRIXXXX · #10 Příspěvek od **MATRIXXXX** » 12 lis 2009 14:40

tady je ten log

Logfile of random's system information tool 1.06 (written by random/random)
Run by NEO at 2009-11-12 14:39:27
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 3 GB (16%) free of 22 GB
Total RAM: 2046 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:28, on 12.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\QIP Infium\infium.exe
C:\Program Files\ASUS\PC Probe II\Probe2.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\ASUS\AASP\1.00.81\aaCenter.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SoundSpectrum\G-Force\G-Force Toolbar.exe
C:\Program Files\Ventrilo\Ventrilo.exe
G:\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\NEO.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.seznam.cz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {95289393-33EA-4F8D-B952-483415B9C955} - (no file)
R3 - URLSearchHook: (no name) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PC Probe II V1.04.05.lnk = ?
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Startup: Zástupce - amd_dc_opt.lnk = C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 5931 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1231413370.job
C:\WINDOWS\tasks\SpyHunter Scanner.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-08 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-08 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\JMRaidSetup.exe [2006-11-16 1953792]
"WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2006-12-26 196608]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-09-15 81000]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-09-23 1657448]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SmartRAM"=C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe [2009-01-06 202064]
"Infium"=C:\Program Files\QIP Infium\infium.exe [2009-02-03 5136384]

C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Nabídka Start\Programy\Po spuštění
PC Probe II V1.04.05.lnk - C:\Program Files\ASUS\PC Probe II\Probe2.exe
Rainmeter.lnk - C:\Program Files\Rainmeter\Rainmeter.exe
Zástupce - amd_dc_opt.lnk - C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll [2008-07-22 210168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Graphisoft\ArchiCAD 11\ArchiCAD.exe"="C:\Program Files\Graphisoft\ArchiCAD 11\ArchiCAD.exe:*:Enabled:ArchiCAD 11.0.0 Component"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Průzkumník Windows"
"C:\Program Files\Graphisoft\ArchiCAD 12\ArchiCAD.exe"="C:\Program Files\Graphisoft\ArchiCAD 12\ArchiCAD.exe:*:Enabled:ArchiCAD 12.0.0 Component"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"E:\BURN OUT\BurnoutLauncher.exe"="E:\BURN OUT\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"E:\BURN OUT\BurnoutConfigTool.exe"="E:\BURN OUT\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"E:\BURN OUT\BurnoutParadise.exe"="E:\BURN OUT\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"G:\Warcraft III\war3.exe"="G:\Warcraft III\war3.exe:*:Enabled:Warcraft III"
"C:\Program Files\SoundSpectrum\G-Force\G-Force Standalone.exe"="C:\Program Files\SoundSpectrum\G-Force\G-Force Standalone.exe:*:Enabled:G-Force Standalone"
"G:\Program Files\Activision\Prototype\prototypef.exe"="G:\Program Files\Activision\Prototype\prototypef.exe:*:Enabled:Prototype(TM)"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"G:\Downloads\utorrent.exe"="G:\Downloads\utorrent.exe:*:Enabled:µTorrent"
"C:\torrent\utorrent.exe"="C:\torrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aee8665e-b03b-11de-be94-809fe75b34ad}]
shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd7c92b1-dcf9-11dd-8415-806d6172696f}]
shell\AutoRun\command - H:\pcworld.exe

======List of files/folders created in the last 1 months======

2009-11-12 14:38:58 ----D---- C:\rsit
2009-11-10 10:53:17 ----D---- C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\Download Manager
2009-11-08 17:52:19 ----D---- C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\Malwarebytes
2009-11-08 17:52:14 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2009-11-08 17:52:13 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-07 10:32:46 ----D---- C:\Program Files\Hamachi
2009-11-03 17:28:54 ----D---- C:\BDS
2009-11-01 09:35:58 ----D---- C:\Program Files\QIP Infium
2009-10-27 15:53:56 ----D---- C:\Program Files\NCSoft
2009-10-27 15:52:42 ----D---- C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\GetRightToGo
2009-10-24 11:34:25 ----D---- C:\torrent
2009-10-20 23:03:48 ----D---- C:\Program Files\Top Gun
2009-10-17 20:27:35 ----D---- C:\Program Files\Lineage II

======List of files/folders modified in the last 1 months======

2009-11-12 14:39:06 ----D---- C:\WINDOWS\Prefetch
2009-11-12 13:10:05 ----A---- C:\WINDOWS\ntbtlog.txt
2009-11-12 13:06:29 ----D---- C:\WINDOWS\Temp
2009-11-12 12:41:42 ----D---- C:\Program Files\Mozilla Firefox
2009-11-11 22:58:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-11 18:00:16 ----D---- C:\WINDOWS\system32\drivers
2009-11-10 18:55:13 ----SHD---- C:\WINDOWS\Installer
2009-11-10 18:55:13 ----D---- C:\Config.Msi
2009-11-10 10:57:37 ----D---- C:\WINDOWS
2009-11-10 10:37:48 ----D---- C:\WINDOWS\system32
2009-11-08 18:40:51 ----D---- C:\Program Files\SpeedFan
2009-11-08 18:09:18 ----RD---- C:\Program Files
2009-11-07 23:29:17 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-07 10:31:23 ----D---- C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\Hamachi
2009-11-03 17:46:50 ----D---- C:\WINDOWS\system32\DirectX
2009-11-03 17:46:47 ----HD---- C:\WINDOWS\inf
2009-11-03 17:46:14 ----RSD---- C:\WINDOWS\assembly
2009-11-03 17:45:25 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-11-03 17:45:20 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-03 17:45:19 ----RSH---- C:\boot.ini
2009-11-03 17:45:09 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-11-03 17:45:01 ----D---- C:\WINDOWS\WinSxS
2009-11-03 17:39:49 ----D---- C:\Program Files\HD Tune
2009-11-03 17:29:55 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-02 23:02:30 ----D---- C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\uTorrent
2009-11-01 10:34:40 ----D---- C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\Skype
2009-11-01 09:45:13 ----D---- C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\skypePM
2009-10-27 15:54:14 ----SD---- C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\Microsoft
2009-10-25 08:19:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-25 08:15:17 ----SD---- C:\WINDOWS\Tasks
2009-10-24 14:15:38 ----D---- C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\Desktopicon
2009-10-20 23:11:56 ----D---- C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\DNA
2009-10-20 15:44:59 ----D---- C:\Program Files\DNA

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-09-15 27408]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2009-01-08 82380]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2006-12-16 8704]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-09-15 52368]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\WibuKey.sys [2006-11-22 72704]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-06 93952]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2006-05-09 13824]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-09-15 23152]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-09-27 7655872]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023k.sys [2002-08-12 11136]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
S3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2006-12-16 13824]
S3 aue353gv;aue353gv; C:\WINDOWS\system32\drivers\aue353gv.sys []
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-11-07 10345]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-04-07 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-04-07 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-04-07 21456]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-09-15 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-09-15 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-08 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-09-06 70968]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-09-15 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-09-15 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-04-07 65795]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

franticek · #11 Příspěvek od **franticek** » 13 lis 2009 01:16

Ahoj.

Vypadá to dobře, ale ještě pár detailů doděláme.

Ještě jeden OTMoveIt3 skript:

Kód: Vybrat vše

:processes
explorer.exe

:reg
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=""
[HKCU\Software\Microsoft\Internet Explorer\SearchURL]
"(Default)"=""
[HKCU\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"=""
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{95289393-33EA-4F8D-B952-483415B9C955}"=-
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

:commands
[emptytemp]
[start explorer]

Postni log z OTMoveIt3 a ještě jeden RSIT nakonec, ať máme jistotu.

MATRIXXXX · #12 Příspěvek od **MATRIXXXX** » 14 lis 2009 19:57

takže tady je ten RSIT LOG a v příloze je ten druhý

Logfile of random's system information tool 1.06 (written by random/random)
Run by NEO at 2009-11-14 19:55:06
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 4 GB (16%) free of 22 GB
Total RAM: 2046 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:55:10, on 14.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\QIP Infium\infium.exe
C:\Program Files\ASUS\PC Probe II\Probe2.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\ASUS\AASP\1.00.81\aaCenter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\NEO.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PC Probe II V1.04.05.lnk = ?
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Startup: Zástupce - amd_dc_opt.lnk = C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 5380 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1231413370.job
C:\WINDOWS\tasks\SpyHunter Scanner.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-08 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-08 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\JMRaidSetup.exe [2006-11-16 1953792]
"WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2006-12-26 196608]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-09-15 81000]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-09-23 1657448]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SmartRAM"=C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe [2009-01-06 202064]
"Infium"=C:\Program Files\QIP Infium\infium.exe [2009-02-03 5136384]

C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Nabídka Start\Programy\Po spuštění
PC Probe II V1.04.05.lnk - C:\Program Files\ASUS\PC Probe II\Probe2.exe
Rainmeter.lnk - C:\Program Files\Rainmeter\Rainmeter.exe
Zástupce - amd_dc_opt.lnk - C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll [2008-07-22 210168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Graphisoft\ArchiCAD 11\ArchiCAD.exe"="C:\Program Files\Graphisoft\ArchiCAD 11\ArchiCAD.exe:*:Enabled:ArchiCAD 11.0.0 Component"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Průzkumník Windows"
"C:\Program Files\Graphisoft\ArchiCAD 12\ArchiCAD.exe"="C:\Program Files\Graphisoft\ArchiCAD 12\ArchiCAD.exe:*:Enabled:ArchiCAD 12.0.0 Component"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"E:\BURN OUT\BurnoutLauncher.exe"="E:\BURN OUT\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"E:\BURN OUT\BurnoutConfigTool.exe"="E:\BURN OUT\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"E:\BURN OUT\BurnoutParadise.exe"="E:\BURN OUT\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"G:\Warcraft III\war3.exe"="G:\Warcraft III\war3.exe:*:Enabled:Warcraft III"
"C:\Program Files\SoundSpectrum\G-Force\G-Force Standalone.exe"="C:\Program Files\SoundSpectrum\G-Force\G-Force Standalone.exe:*:Enabled:G-Force Standalone"
"G:\Program Files\Activision\Prototype\prototypef.exe"="G:\Program Files\Activision\Prototype\prototypef.exe:*:Enabled:Prototype(TM)"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"G:\Downloads\utorrent.exe"="G:\Downloads\utorrent.exe:*:Enabled:µTorrent"
"C:\torrent\utorrent.exe"="C:\torrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-11-14 07:39:30 ----D---- C:\Program Files\The KMPlayer
2009-11-12 14:38:58 ----D---- C:\rsit
2009-11-10 10:53:17 ----D---- C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\Download Manager
2009-11-08 17:52:19 ----D---- C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\Malwarebytes
2009-11-08 17:52:14 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2009-11-08 17:52:13 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-07 10:32:46 ----D---- C:\Program Files\Hamachi
2009-11-03 17:28:54 ----D---- C:\BDS
2009-11-01 09:35:58 ----D---- C:\Program Files\QIP Infium
2009-10-27 15:53:56 ----D---- C:\Program Files\NCSoft
2009-10-27 15:52:42 ----D---- C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\GetRightToGo
2009-10-24 11:34:25 ----D---- C:\torrent
2009-10-20 23:03:48 ----D---- C:\Program Files\Top Gun
2009-10-17 20:27:35 ----D---- C:\Program Files\Lineage II

======List of files/folders modified in the last 1 months======

2009-11-14 19:54:45 ----D---- C:\Program Files\Mozilla Firefox
2009-11-14 19:54:10 ----A---- C:\WINDOWS\ntbtlog.txt
2009-11-14 19:53:22 ----D---- C:\WINDOWS\Temp
2009-11-14 19:51:02 ----D---- C:\WINDOWS\Prefetch
2009-11-14 07:40:00 ----D---- C:\WINDOWS\system32\config
2009-11-14 07:39:43 ----D---- C:\WINDOWS\system32\wbem
2009-11-14 07:39:42 ----D---- C:\WINDOWS\Registration
2009-11-14 07:39:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-13 22:21:00 ----RD---- C:\Program Files
2009-11-13 22:11:13 ----D---- C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\Skype
2009-11-13 19:05:52 ----D---- C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\skypePM
2009-11-13 18:01:02 ----D---- C:\WINDOWS\system32\drivers
2009-11-10 18:55:13 ----SHD---- C:\WINDOWS\Installer
2009-11-10 18:55:13 ----D---- C:\Config.Msi
2009-11-10 10:57:37 ----D---- C:\WINDOWS
2009-11-10 10:37:48 ----D---- C:\WINDOWS\system32
2009-11-08 18:40:51 ----D---- C:\Program Files\SpeedFan
2009-11-07 23:29:17 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-07 10:31:23 ----D---- C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\Hamachi
2009-11-03 17:46:50 ----D---- C:\WINDOWS\system32\DirectX
2009-11-03 17:46:47 ----HD---- C:\WINDOWS\inf
2009-11-03 17:46:14 ----RSD---- C:\WINDOWS\assembly
2009-11-03 17:45:25 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-11-03 17:45:20 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-03 17:45:19 ----RSH---- C:\boot.ini
2009-11-03 17:45:09 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-11-03 17:45:01 ----D---- C:\WINDOWS\WinSxS
2009-11-03 17:39:49 ----D---- C:\Program Files\HD Tune
2009-11-03 17:29:55 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-02 23:02:30 ----D---- C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\uTorrent
2009-10-27 15:54:14 ----SD---- C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\Microsoft
2009-10-25 08:19:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-25 08:15:17 ----SD---- C:\WINDOWS\Tasks
2009-10-24 14:15:38 ----D---- C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\Desktopicon
2009-10-20 23:11:56 ----D---- C:\Documents and Settings\NEO.NEO-D89MWJKX4G7\Data aplikací\DNA
2009-10-20 15:44:59 ----D---- C:\Program Files\DNA

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-09-15 27408]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2009-01-08 82380]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2006-12-16 8704]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-09-15 52368]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\WibuKey.sys [2006-11-22 72704]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-06 93952]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2006-05-09 13824]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-09-15 23152]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-09-27 7655872]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023k.sys [2002-08-12 11136]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
S3 aen7yncr;aen7yncr; C:\WINDOWS\system32\drivers\aen7yncr.sys []
S3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2006-12-16 13824]
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-11-07 10345]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-04-07 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-04-07 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-04-07 21456]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-09-15 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-09-15 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-08 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-09-06 70968]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-09-15 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-09-15 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-04-07 65795]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

MATRIXXXX · #13 Příspěvek od **MATRIXXXX** » 16 lis 2009 19:26

ahoj chci se jen zeptat jestli ten poslední script co si mi posílal nemůže mít něco společného z vypadky netu nedostupnost na stránku www.eurobattle.net . nebot po nahráni scriptu v 19:55 jsem pak vypl pc a ráno to začlo blbnout předem děkuji za odpověď. (je to moje nejnavětěvovanější str. nebot přes batttle.net hraju a ted se nemuhu přihlásit,prosil bych odpovědět čím jak nejdříve ). diky moc

franticek · #14 Příspěvek od **franticek** » 17 lis 2009 22:05

Ahoj.

Na té stránce je tato zpráva:

Hello eurobattle users !
We are currently experiencing some difficulties concerning the server/forum.
Please have patience and do not open any threads related to the subject, we are aware of the situation.
Thank you for your patience and understanding

Provedený skript by s tímto neměl vůbec souviset.

Vše je čisté až na SearchURL, kde se stále cpe QIP.
Zkus se přihlásit do nouzového režimu a spustit přiložený soubor.
Po restartu se přihlaš běžných způsobem a udělej ještě jeden RSIT log.
Také dej vědět, zda-li máš stále problém s tou tvou stránkou.

MATRIXXXX · #15 Příspěvek od **MATRIXXXX** » 17 lis 2009 22:47

stránka z ničeho nic naskočila nevím čím to je ještě ráno nešla a pak naskočila , po celou dobu(kdy mi nefungovala byla stránkaf unkční nebot kamarádí na ní chodí pořád) takže toto jsem už vyřešil . ale vyskytl se další problém a to ten že po nějaké době spuštění počítače se jak by zasekl přestává reagovat a nejde vypnout ,některé plikace nefunkgují, po resetu na tvrdo ale funnguje zase vše jak má, netuším vůbec kde je chyba jinak jsem projel comp: Malwarebytes' Anti-Malware full testem našel 7 věcí které jsem smázl ,ale toto zasekavání compu bylo již před tím. vaši radu z nouzového režimu provedu až pozítří nebot nebudu doma

ps:vzpoměl jsem si ješte na jednu věc a to že po nainstalovaní war3 se mi jakby nenahodí do registrů a chce po mě cd i když ktomu nepotřebuji crack ani cd ale po petchnutí hry a jejím nahození do registru přes jeden soubor vše jede ,ale ijnak bych nevěl co stím nebát jednoho z mých přátel jinak před tím nebyl problém hru nainstalovata rozjet bez jakých koli potíží, comp se po choval jako by tam nebyla a po opakováném spuštění hru jak by neznal a pří pokusu nainstalovat datadisc mi napsal at nainstaluji zakl hru.Tento problém jsem sice obešel jak jsem psal výše ale pořád nevím proč to dělá,přemýšlím jestli by nebylo lepší přeinstalovat windows.

díky moc za vše a doufám že vyřešíme i tento problém s pozdravem MATRIX

VIRY.CZ

PROSÍM O KONTROLU LOGU

PROSÍM O KONTROLU LOGU

Re: PROSÍM O KONTROLU LOGU

Re: PROSÍM O KONTROLU LOGU

Re: PROSÍM O KONTROLU LOGU

Re: Soubor C:\WINDOWS\system32\drivers\agamolna.sys ověř na VT.

Re: PROSÍM O KONTROLU LOGU

Re: PROSÍM O KONTROLU LOGU

Re: PROSÍM O KONTROLU LOGU

Re: PROSÍM O KONTROLU LOGU

Re: PROSÍM O KONTROLU LOGU

Re: PROSÍM O KONTROLU LOGU

Re: PROSÍM O KONTROLU LOGU

Re: PROSÍM O KONTROLU LOGU

Re: PROSÍM O KONTROLU LOGU

Re: PROSÍM O KONTROLU LOGU