Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Kontrola logu, nejde zapnout firewall, antivir, aktualizace
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Kontrola logu, nejde zapnout firewall, antivir, aktualizace
Ahoj, muzete me prosim zkontrolovat log z hijackthis?
Mel jsem BSOD, nicmene opravnou preinstalaci se ji podarilo vyresit
http://www.imghosting.cz/view-30Novo.jpg
Nejde se pripojit na sit, nejde zapnout firewall, aktualizace, antivir.
Kontrolu jsem si provedl pres web, zakazal 2 sluzby oznacene sice jako bezpecne, nicmene to stejne nepomohlo.
Dekuji predem.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:03:23, on 21.7.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\CS Software\CS Codec Solution\QT\QTSystem\qttask.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Admin\vkyxdaqi0g.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Admin\Plocha\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows.com/fileassoc/file ... 05&Ext=xls
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\CS Software\CS Codec Solution\QT\QTSystem\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [vkyxdaqi0g] C:\Documents and Settings\Admin\vkyxdaqi0g.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Canon LBP-800 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 5850 bytes
Mel jsem BSOD, nicmene opravnou preinstalaci se ji podarilo vyresit
http://www.imghosting.cz/view-30Novo.jpg
Nejde se pripojit na sit, nejde zapnout firewall, aktualizace, antivir.
Kontrolu jsem si provedl pres web, zakazal 2 sluzby oznacene sice jako bezpecne, nicmene to stejne nepomohlo.
Dekuji predem.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:03:23, on 21.7.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\CS Software\CS Codec Solution\QT\QTSystem\qttask.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Admin\vkyxdaqi0g.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Admin\Plocha\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows.com/fileassoc/file ... 05&Ext=xls
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\CS Software\CS Codec Solution\QT\QTSystem\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [vkyxdaqi0g] C:\Documents and Settings\Admin\vkyxdaqi0g.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Canon LBP-800 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 5850 bytes
Re: Kontrola logu, nejde zapnout firewall, antivir, aktualiz
Zdravim
Mate tam nejak preantivirovano. Vidim tam Aviru, ale taky nejake zbytky Avastu, MBAM, taky Ad-Aware.
Nicmene vas bobek, ktereho je treba dat pryc, je zde C:\Documents and Settings\Admin\vkyxdaqi0g.exe
Vic z HJT nevyctu. Jako uvodni skener pouzivame RSIT, uz pekne dlouho
Jestli se to podari, najedte do nouzoveho rezimu s praci v siti a v nem
Udelejte !!!uplnou!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce
Pokud to nepujde, napiste, pujdem na to jinak
Mate tam nejak preantivirovano. Vidim tam Aviru, ale taky nejake zbytky Avastu, MBAM, taky Ad-Aware.
Nicmene vas bobek, ktereho je treba dat pryc, je zde C:\Documents and Settings\Admin\vkyxdaqi0g.exe
Vic z HJT nevyctu. Jako uvodni skener pouzivame RSIT, uz pekne dlouho
Jestli se to podari, najedte do nouzoveho rezimu s praci v siti a v nem
Udelejte !!!uplnou!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce
Pokud to nepujde, napiste, pujdem na to jinak
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Kontrola logu, nejde zapnout firewall, antivir, aktualiz
Ano omlouvam se za ty antiviry, jsou to zbytky, pak procistim registry, ted tam mam aviru.
Pred pouzitim hijackthis jsem provedl kontrolu MBAM, ktery nic nenasel, pak jsem pouzil Hijackthis, provedl rucni kontrolu logu a ten 'bobek' pres hijack this smazal i pres to ze kontrola na webu ho oznacila jako nijak nebezpecny. Po to co to nepomohlo, jsem napsal sem. Nouzovy rezim jede, nicmene se pc chova uplne stejne.
Ale ted k logu z rsit.
Dekuji !
Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2012-07-21 14:41:04
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 42 GB (80%) free of 53 GB
Total RAM: 1917 MB (80% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\ttn2zzt5.default
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=C:\Program Files\Crawler\firefox\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.265 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=0.9.8a]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat
C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll
NPOFFICE.DLL
nppdf32.dll
C:\Program Files\Mozilla Firefox\searchplugins\
crawlersrch.xml
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\ctbr.dll [2008-12-03 1194496]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-10-05 8491008]
"nwiz"=nwiz.exe /install []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"pdfSaver3"= []
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"CAPON"=C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE [2000-04-20 22528]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-04-21 281768]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-10-05 81920]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-02-15 17146504]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe []
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Canon LBP-800 Status Window.LNK - C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ComPlusSetup]
C:\WINDOWS\system32\catsrvut.dll [2008-04-14 625664]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:Microsoft Office"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.FFDS"=ff_vfw.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.VP60"=vp6vfw.dll
"VIDC.VP61"=vp6vfw.dll
"VIDC.VP62"=vp6vfw.dll
"VIDC.VP70"=vp7vfw.dll
"VIDC.X264"=vp7vfw.dll
"vidc.i263"=i263_32.drv
"VIDC.HFYU"=huffyuv.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.ac3filter"=ac3filter.acm
"msacm.divxa32"=divxa32.acm
"msacm.l3codecp"=l3codecp.acm
"msacm.lameacm"=lameACM.acm
"msacm.vorbis"=vorbis.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
======List of files/folders created in the last 1 month======
2012-07-21 14:41:05 ----D---- C:\Program Files\trend micro
2012-07-21 14:41:04 ----D---- C:\rsit
2012-07-19 21:25:22 ----D---- C:\WINDOWS\Prefetch
2012-07-19 21:18:59 ----N---- C:\WINDOWS\system32\slserv.exe
2012-07-19 21:18:59 ----N---- C:\WINDOWS\system32\slrundll.exe
2012-07-19 21:18:59 ----N---- C:\WINDOWS\system32\slgen.dll
2012-07-19 21:18:59 ----N---- C:\WINDOWS\system32\slextspk.dll
2012-07-19 21:18:59 ----N---- C:\WINDOWS\system32\slcoinst.dll
2012-07-19 21:18:59 ----N---- C:\WINDOWS\system32\s3gnb.dll
2012-07-19 21:18:59 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2012-07-19 21:18:59 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2012-07-19 21:18:59 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2012-07-19 21:18:59 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2012-07-19 21:18:59 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2012-07-19 21:18:59 ----N---- C:\WINDOWS\system32\ati3duag.dll
2012-07-19 21:18:59 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2012-07-19 21:18:59 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2012-07-19 21:18:59 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2012-07-19 21:18:59 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2012-07-19 21:18:59 ----N---- C:\WINDOWS\slrundll.exe
2012-07-19 21:18:59 ----D---- C:\WINDOWS\system32\bits
2012-07-19 21:17:16 ----D---- C:\WINDOWS\ServicePackFiles
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\atinraxx.sys
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\atinpdxx.sys
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\atinmdxx.sys
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\atinbtxx.sys
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\ati2mtag.sys
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\ati1snxx.sys
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\ati1raxx.sys
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\ati1btxx.sys
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\adv11nt5.dll
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\adv09nt5.dll
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\adv08nt5.dll
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\adv07nt5.dll
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\adv05nt5.dll
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\adv02nt5.dll
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\adv01nt5.dll
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\mtxparhm.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\mtlstrm.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\hidir.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\hidbth.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\bthusb.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\bthprint.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\bthpan.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\bthmodem.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\bthenum.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\atv10nt5.dll
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\atv06nt5.dll
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\atv04nt5.dll
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\atv02nt5.dll
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\atv01nt5.dll
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\atinxsxx.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\atinxbxx.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\atintuxx.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\atinttxx.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\atinsnxx.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\atinrvxx.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\watv10nt.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\watv06nt.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\wadv11nt.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\wadv09nt.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\wadv08nt.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\wadv07nt.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\wacompen.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\vchnt5.dll
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\usbvideo.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\usb8023x.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\smbali.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\slwdmsup.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\slnthal.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\slntamr.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\slnt7554.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\siint5.dll
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\s3gnbm.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\rndismpx.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\rfcomm.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\recagent.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\mutohpen.sys
2012-07-19 21:16:51 ----A---- C:\WINDOWS\000001_.tmp
2012-07-19 21:16:45 ----D---- C:\WINDOWS\EHome
2012-07-19 20:36:49 ----A---- C:\WINDOWS\system32\nvunrm.exe
2012-07-19 20:30:48 ----A---- C:\WINDOWS\system32\nvconrm.dll
2012-07-19 20:30:48 ----A---- C:\WINDOWS\system32\drivers\nvnrm.sys
2012-07-19 20:30:48 ----A---- C:\WINDOWS\system32\drivers\nvnetbus.sys
2012-07-19 20:30:48 ----A---- C:\WINDOWS\system32\drivers\NVENETFD.sys
2012-07-19 20:30:47 ----A---- C:\WINDOWS\system32\fdco1.dll
2012-07-19 20:30:47 ----A---- C:\WINDOWS\system32\bdco1.dll
2012-07-19 18:34:17 ----A---- C:\WINDOWS\ntbtlog.txt
2012-07-19 16:52:00 ----ASH---- C:\pagefile.sys
2012-07-19 15:59:18 ----D---- C:\WINDOWS\system32\NtmsData
2012-07-19 15:57:40 ----D---- C:\Documents and Settings\Admin\Data aplikací\Avira
2012-07-19 15:55:55 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2012-07-19 15:55:54 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2012-07-19 15:55:54 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys
2012-07-19 15:55:54 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2012-07-19 15:55:54 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys
2012-07-19 15:55:53 ----D---- C:\Program Files\Avira
2012-07-19 15:55:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\Avira
2012-07-19 15:49:15 ----D---- C:\Documents and Settings\Admin\Data aplikací\Malwarebytes
2012-07-19 15:49:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2012-07-19 15:49:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-07-19 15:49:05 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2012-07-19 15:33:08 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2012-07-19 15:23:52 ----D---- C:\WINDOWS\system32\ReinstallBackups
2012-07-19 15:08:43 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2012-07-19 15:05:40 ----A---- C:\WINDOWS\pnplog.txt
2012-07-19 15:00:04 ----A---- C:\WINDOWS\system32\spxcoins.dll
2012-07-19 15:00:04 ----A---- C:\WINDOWS\system32\irclass.dll
2012-07-19 14:59:54 ----RA---- C:\WINDOWS\SET120.tmp
2012-07-19 14:59:51 ----RA---- C:\WINDOWS\SET114.tmp
2012-07-19 14:59:49 ----RA---- C:\WINDOWS\SET111.tmp
2012-07-15 16:47:01 ----A---- C:\WINDOWS\system32\win32k.sys
2012-07-15 16:18:12 ----A---- C:\WINDOWS\system32\drivers\ea1cbc1c447d9247.sys
======List of files/folders modified in the last 1 month======
2012-07-21 14:41:05 ----RD---- C:\Program Files
2012-07-21 14:29:26 ----D---- C:\WINDOWS\system32
2012-07-21 14:29:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-07-21 14:27:00 ----D---- C:\WINDOWS\system32\CatRoot2
2012-07-21 14:26:57 ----D---- C:\Documents and Settings\Admin\Data aplikací\Skype
2012-07-21 14:26:56 ----D---- C:\WINDOWS\Temp
2012-07-21 14:20:27 ----D---- C:\Program Files\Crawler
2012-07-21 14:15:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-07-21 14:14:55 ----A---- C:\WINDOWS\wincmd.ini
2012-07-21 13:33:15 ----HD---- C:\WINDOWS\inf
2012-07-19 21:25:45 ----A---- C:\WINDOWS\OEWABLog.txt
2012-07-19 21:25:38 ----D---- C:\WINDOWS
2012-07-19 21:25:27 ----A---- C:\WINDOWS\setuplog.txt
2012-07-19 21:24:24 ----D---- C:\WINDOWS\security
2012-07-19 21:19:29 ----D---- C:\WINDOWS\system32\drivers
2012-07-19 21:19:03 ----D---- C:\WINDOWS\WinSxS
2012-07-19 21:19:02 ----D---- C:\Program Files\Messenger
2012-07-19 21:19:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-07-19 21:19:00 ----D---- C:\WINDOWS\Help
2012-07-19 21:19:00 ----D---- C:\Program Files\Windows Media Player
2012-07-19 21:17:13 ----D---- C:\WINDOWS\system32\CatRoot
2012-07-19 21:14:08 ----D---- C:\WINDOWS\Debug
2012-07-19 19:27:05 ----D---- C:\WINDOWS\nview
2012-07-19 18:34:34 ----D---- C:\Documents and Settings
2012-07-19 16:57:58 ----RASH---- C:\boot.ini
2012-07-19 16:57:28 ----D---- C:\WINDOWS\system32\Setup
2012-07-19 16:57:28 ----D---- C:\WINDOWS\system
2012-07-19 16:57:21 ----D---- C:\WINDOWS\system32\usmt
2012-07-19 16:57:21 ----D---- C:\WINDOWS\L2Schemas
2012-07-19 16:57:11 ----D---- C:\WINDOWS\AppPatch
2012-07-19 16:57:10 ----D---- C:\WINDOWS\ime
2012-07-19 16:57:08 ----RSD---- C:\WINDOWS\Fonts
2012-07-19 16:57:08 ----D---- C:\WINDOWS\Network Diagnostic
2012-07-19 16:57:08 ----D---- C:\WINDOWS\Media
2012-07-19 16:57:06 ----D---- C:\WINDOWS\system32\cs-cz
2012-07-19 16:56:57 ----D---- C:\WINDOWS\PeerNet
2012-07-19 16:56:46 ----D---- C:\WINDOWS\system32\npp
2012-07-19 16:56:40 ----D---- C:\WINDOWS\msagent
2012-07-19 16:56:37 ----D---- C:\WINDOWS\system32\cs
2012-07-19 16:54:07 ----D---- C:\WINDOWS\system32\1029
2012-07-19 16:53:56 ----D---- C:\WINDOWS\twain_32
2012-07-19 16:53:18 ----D---- C:\WINDOWS\system32\icsxml
2012-07-19 16:52:54 ----D---- C:\WINDOWS\system32\ias
2012-07-19 16:52:47 ----D---- C:\WINDOWS\system32\1033
2012-07-19 16:52:00 ----D---- C:\WINDOWS\Driver Cache
2012-07-19 15:59:12 ----D---- C:\WINDOWS\Registration
2012-07-19 15:33:35 ----SHD---- C:\WINDOWS\Installer
2012-07-19 15:33:08 ----D---- C:\Program Files\Common Files
2012-07-19 15:31:58 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-07-19 15:20:22 ----D---- C:\Program Files\Mozilla Firefox
2012-07-19 15:15:56 ----SHD---- C:\System Volume Information
2012-07-19 15:15:56 ----D---- C:\WINDOWS\system32\Restore
2012-07-19 15:15:06 ----D---- C:\WINDOWS\system32\config
2012-07-19 15:10:58 ----A---- C:\WINDOWS\ODBCINST.INI
2012-07-19 15:10:45 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2012-07-19 15:10:19 ----RD---- C:\WINDOWS\Web
2012-07-19 15:10:12 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2012-07-19 15:10:02 ----A---- C:\WINDOWS\win.ini
2012-07-19 15:09:56 ----D---- C:\Program Files\Movie Maker
2012-07-19 15:09:54 ----D---- C:\WINDOWS\system32\oobe
2012-07-19 15:09:54 ----D---- C:\Program Files\Outlook Express
2012-07-19 15:09:38 ----D---- C:\WINDOWS\system32\Com
2012-07-19 15:08:41 ----D---- C:\WINDOWS\system32\wbem
2012-07-19 15:00:12 ----A---- C:\WINDOWS\system.ini
2012-07-19 15:00:00 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2012-07-15 16:47:03 ----HD---- C:\WINDOWS\$hf_mig$
2012-07-15 16:46:58 ----A---- C:\WINDOWS\imsins.BAK
2012-07-15 16:45:44 ----A---- C:\WINDOWS\system32\MRT.exe
2012-07-15 16:32:31 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-07-15 16:32:29 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe
2012-07-11 12:57:10 ----D---- C:\WINDOWS\system32\drivers\etc
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 RapidPort;RapidPort; \??\C:\WINDOWS\system32\Drivers\CAPLPTN.SYS []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-10-13 4879360]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-10-05 6854464]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-09-20 53632]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys [2007-11-10 29728]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-09-20 22016]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
S1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-07-20 137656]
S1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
S2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-07-20 61960]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-10-05 155716]
S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-07-20 269480]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-02-15 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 250056]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe []
S4 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe /service []
S4 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe /service []
-----------------EOF-----------------
Pred pouzitim hijackthis jsem provedl kontrolu MBAM, ktery nic nenasel, pak jsem pouzil Hijackthis, provedl rucni kontrolu logu a ten 'bobek' pres hijack this smazal i pres to ze kontrola na webu ho oznacila jako nijak nebezpecny. Po to co to nepomohlo, jsem napsal sem. Nouzovy rezim jede, nicmene se pc chova uplne stejne.
Ale ted k logu z rsit.
Dekuji !
Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2012-07-21 14:41:04
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 42 GB (80%) free of 53 GB
Total RAM: 1917 MB (80% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\ttn2zzt5.default
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=C:\Program Files\Crawler\firefox\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.265 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=0.9.8a]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat
C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll
NPOFFICE.DLL
nppdf32.dll
C:\Program Files\Mozilla Firefox\searchplugins\
crawlersrch.xml
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\ctbr.dll [2008-12-03 1194496]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-10-05 8491008]
"nwiz"=nwiz.exe /install []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"pdfSaver3"= []
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"CAPON"=C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE [2000-04-20 22528]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-04-21 281768]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-10-05 81920]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-02-15 17146504]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe []
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Canon LBP-800 Status Window.LNK - C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ComPlusSetup]
C:\WINDOWS\system32\catsrvut.dll [2008-04-14 625664]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:Microsoft Office"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.FFDS"=ff_vfw.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.VP60"=vp6vfw.dll
"VIDC.VP61"=vp6vfw.dll
"VIDC.VP62"=vp6vfw.dll
"VIDC.VP70"=vp7vfw.dll
"VIDC.X264"=vp7vfw.dll
"vidc.i263"=i263_32.drv
"VIDC.HFYU"=huffyuv.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.ac3filter"=ac3filter.acm
"msacm.divxa32"=divxa32.acm
"msacm.l3codecp"=l3codecp.acm
"msacm.lameacm"=lameACM.acm
"msacm.vorbis"=vorbis.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
======List of files/folders created in the last 1 month======
2012-07-21 14:41:05 ----D---- C:\Program Files\trend micro
2012-07-21 14:41:04 ----D---- C:\rsit
2012-07-19 21:25:22 ----D---- C:\WINDOWS\Prefetch
2012-07-19 21:18:59 ----N---- C:\WINDOWS\system32\slserv.exe
2012-07-19 21:18:59 ----N---- C:\WINDOWS\system32\slrundll.exe
2012-07-19 21:18:59 ----N---- C:\WINDOWS\system32\slgen.dll
2012-07-19 21:18:59 ----N---- C:\WINDOWS\system32\slextspk.dll
2012-07-19 21:18:59 ----N---- C:\WINDOWS\system32\slcoinst.dll
2012-07-19 21:18:59 ----N---- C:\WINDOWS\system32\s3gnb.dll
2012-07-19 21:18:59 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2012-07-19 21:18:59 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2012-07-19 21:18:59 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2012-07-19 21:18:59 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2012-07-19 21:18:59 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2012-07-19 21:18:59 ----N---- C:\WINDOWS\system32\ati3duag.dll
2012-07-19 21:18:59 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2012-07-19 21:18:59 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2012-07-19 21:18:59 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2012-07-19 21:18:59 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2012-07-19 21:18:59 ----N---- C:\WINDOWS\slrundll.exe
2012-07-19 21:18:59 ----D---- C:\WINDOWS\system32\bits
2012-07-19 21:17:16 ----D---- C:\WINDOWS\ServicePackFiles
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\atinraxx.sys
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\atinpdxx.sys
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\atinmdxx.sys
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\atinbtxx.sys
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\ati2mtag.sys
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\ati1snxx.sys
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\ati1raxx.sys
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\ati1btxx.sys
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\adv11nt5.dll
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\adv09nt5.dll
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\adv08nt5.dll
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\adv07nt5.dll
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\adv05nt5.dll
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\adv02nt5.dll
2012-07-19 21:17:15 ----N---- C:\WINDOWS\system32\drivers\adv01nt5.dll
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\mtxparhm.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\mtlstrm.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\hidir.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\hidbth.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\bthusb.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\bthprint.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\bthpan.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\bthmodem.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\bthenum.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\atv10nt5.dll
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\atv06nt5.dll
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\atv04nt5.dll
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\atv02nt5.dll
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\atv01nt5.dll
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\atinxsxx.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\atinxbxx.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\atintuxx.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\atinttxx.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\atinsnxx.sys
2012-07-19 21:17:14 ----N---- C:\WINDOWS\system32\drivers\atinrvxx.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\watv10nt.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\watv06nt.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\wadv11nt.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\wadv09nt.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\wadv08nt.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\wadv07nt.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\wacompen.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\vchnt5.dll
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\usbvideo.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\usb8023x.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\smbali.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\slwdmsup.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\slnthal.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\slntamr.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\slnt7554.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\siint5.dll
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\s3gnbm.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\rndismpx.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\rfcomm.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\recagent.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2012-07-19 21:17:13 ----N---- C:\WINDOWS\system32\drivers\mutohpen.sys
2012-07-19 21:16:51 ----A---- C:\WINDOWS\000001_.tmp
2012-07-19 21:16:45 ----D---- C:\WINDOWS\EHome
2012-07-19 20:36:49 ----A---- C:\WINDOWS\system32\nvunrm.exe
2012-07-19 20:30:48 ----A---- C:\WINDOWS\system32\nvconrm.dll
2012-07-19 20:30:48 ----A---- C:\WINDOWS\system32\drivers\nvnrm.sys
2012-07-19 20:30:48 ----A---- C:\WINDOWS\system32\drivers\nvnetbus.sys
2012-07-19 20:30:48 ----A---- C:\WINDOWS\system32\drivers\NVENETFD.sys
2012-07-19 20:30:47 ----A---- C:\WINDOWS\system32\fdco1.dll
2012-07-19 20:30:47 ----A---- C:\WINDOWS\system32\bdco1.dll
2012-07-19 18:34:17 ----A---- C:\WINDOWS\ntbtlog.txt
2012-07-19 16:52:00 ----ASH---- C:\pagefile.sys
2012-07-19 15:59:18 ----D---- C:\WINDOWS\system32\NtmsData
2012-07-19 15:57:40 ----D---- C:\Documents and Settings\Admin\Data aplikací\Avira
2012-07-19 15:55:55 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2012-07-19 15:55:54 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2012-07-19 15:55:54 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys
2012-07-19 15:55:54 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2012-07-19 15:55:54 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys
2012-07-19 15:55:53 ----D---- C:\Program Files\Avira
2012-07-19 15:55:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\Avira
2012-07-19 15:49:15 ----D---- C:\Documents and Settings\Admin\Data aplikací\Malwarebytes
2012-07-19 15:49:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2012-07-19 15:49:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-07-19 15:49:05 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2012-07-19 15:33:08 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2012-07-19 15:23:52 ----D---- C:\WINDOWS\system32\ReinstallBackups
2012-07-19 15:08:43 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2012-07-19 15:05:40 ----A---- C:\WINDOWS\pnplog.txt
2012-07-19 15:00:04 ----A---- C:\WINDOWS\system32\spxcoins.dll
2012-07-19 15:00:04 ----A---- C:\WINDOWS\system32\irclass.dll
2012-07-19 14:59:54 ----RA---- C:\WINDOWS\SET120.tmp
2012-07-19 14:59:51 ----RA---- C:\WINDOWS\SET114.tmp
2012-07-19 14:59:49 ----RA---- C:\WINDOWS\SET111.tmp
2012-07-15 16:47:01 ----A---- C:\WINDOWS\system32\win32k.sys
2012-07-15 16:18:12 ----A---- C:\WINDOWS\system32\drivers\ea1cbc1c447d9247.sys
======List of files/folders modified in the last 1 month======
2012-07-21 14:41:05 ----RD---- C:\Program Files
2012-07-21 14:29:26 ----D---- C:\WINDOWS\system32
2012-07-21 14:29:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-07-21 14:27:00 ----D---- C:\WINDOWS\system32\CatRoot2
2012-07-21 14:26:57 ----D---- C:\Documents and Settings\Admin\Data aplikací\Skype
2012-07-21 14:26:56 ----D---- C:\WINDOWS\Temp
2012-07-21 14:20:27 ----D---- C:\Program Files\Crawler
2012-07-21 14:15:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-07-21 14:14:55 ----A---- C:\WINDOWS\wincmd.ini
2012-07-21 13:33:15 ----HD---- C:\WINDOWS\inf
2012-07-19 21:25:45 ----A---- C:\WINDOWS\OEWABLog.txt
2012-07-19 21:25:38 ----D---- C:\WINDOWS
2012-07-19 21:25:27 ----A---- C:\WINDOWS\setuplog.txt
2012-07-19 21:24:24 ----D---- C:\WINDOWS\security
2012-07-19 21:19:29 ----D---- C:\WINDOWS\system32\drivers
2012-07-19 21:19:03 ----D---- C:\WINDOWS\WinSxS
2012-07-19 21:19:02 ----D---- C:\Program Files\Messenger
2012-07-19 21:19:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-07-19 21:19:00 ----D---- C:\WINDOWS\Help
2012-07-19 21:19:00 ----D---- C:\Program Files\Windows Media Player
2012-07-19 21:17:13 ----D---- C:\WINDOWS\system32\CatRoot
2012-07-19 21:14:08 ----D---- C:\WINDOWS\Debug
2012-07-19 19:27:05 ----D---- C:\WINDOWS\nview
2012-07-19 18:34:34 ----D---- C:\Documents and Settings
2012-07-19 16:57:58 ----RASH---- C:\boot.ini
2012-07-19 16:57:28 ----D---- C:\WINDOWS\system32\Setup
2012-07-19 16:57:28 ----D---- C:\WINDOWS\system
2012-07-19 16:57:21 ----D---- C:\WINDOWS\system32\usmt
2012-07-19 16:57:21 ----D---- C:\WINDOWS\L2Schemas
2012-07-19 16:57:11 ----D---- C:\WINDOWS\AppPatch
2012-07-19 16:57:10 ----D---- C:\WINDOWS\ime
2012-07-19 16:57:08 ----RSD---- C:\WINDOWS\Fonts
2012-07-19 16:57:08 ----D---- C:\WINDOWS\Network Diagnostic
2012-07-19 16:57:08 ----D---- C:\WINDOWS\Media
2012-07-19 16:57:06 ----D---- C:\WINDOWS\system32\cs-cz
2012-07-19 16:56:57 ----D---- C:\WINDOWS\PeerNet
2012-07-19 16:56:46 ----D---- C:\WINDOWS\system32\npp
2012-07-19 16:56:40 ----D---- C:\WINDOWS\msagent
2012-07-19 16:56:37 ----D---- C:\WINDOWS\system32\cs
2012-07-19 16:54:07 ----D---- C:\WINDOWS\system32\1029
2012-07-19 16:53:56 ----D---- C:\WINDOWS\twain_32
2012-07-19 16:53:18 ----D---- C:\WINDOWS\system32\icsxml
2012-07-19 16:52:54 ----D---- C:\WINDOWS\system32\ias
2012-07-19 16:52:47 ----D---- C:\WINDOWS\system32\1033
2012-07-19 16:52:00 ----D---- C:\WINDOWS\Driver Cache
2012-07-19 15:59:12 ----D---- C:\WINDOWS\Registration
2012-07-19 15:33:35 ----SHD---- C:\WINDOWS\Installer
2012-07-19 15:33:08 ----D---- C:\Program Files\Common Files
2012-07-19 15:31:58 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-07-19 15:20:22 ----D---- C:\Program Files\Mozilla Firefox
2012-07-19 15:15:56 ----SHD---- C:\System Volume Information
2012-07-19 15:15:56 ----D---- C:\WINDOWS\system32\Restore
2012-07-19 15:15:06 ----D---- C:\WINDOWS\system32\config
2012-07-19 15:10:58 ----A---- C:\WINDOWS\ODBCINST.INI
2012-07-19 15:10:45 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2012-07-19 15:10:19 ----RD---- C:\WINDOWS\Web
2012-07-19 15:10:12 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2012-07-19 15:10:02 ----A---- C:\WINDOWS\win.ini
2012-07-19 15:09:56 ----D---- C:\Program Files\Movie Maker
2012-07-19 15:09:54 ----D---- C:\WINDOWS\system32\oobe
2012-07-19 15:09:54 ----D---- C:\Program Files\Outlook Express
2012-07-19 15:09:38 ----D---- C:\WINDOWS\system32\Com
2012-07-19 15:08:41 ----D---- C:\WINDOWS\system32\wbem
2012-07-19 15:00:12 ----A---- C:\WINDOWS\system.ini
2012-07-19 15:00:00 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2012-07-15 16:47:03 ----HD---- C:\WINDOWS\$hf_mig$
2012-07-15 16:46:58 ----A---- C:\WINDOWS\imsins.BAK
2012-07-15 16:45:44 ----A---- C:\WINDOWS\system32\MRT.exe
2012-07-15 16:32:31 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-07-15 16:32:29 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe
2012-07-11 12:57:10 ----D---- C:\WINDOWS\system32\drivers\etc
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 RapidPort;RapidPort; \??\C:\WINDOWS\system32\Drivers\CAPLPTN.SYS []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-10-13 4879360]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-10-05 6854464]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-09-20 53632]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys [2007-11-10 29728]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-09-20 22016]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
S1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-07-20 137656]
S1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
S2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-07-20 61960]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-10-05 155716]
S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-07-20 269480]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-02-15 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 250056]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe []
S4 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe /service []
S4 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe /service []
-----------------EOF-----------------
Re: Kontrola logu, nejde zapnout firewall, antivir, aktualiz
Jak dlouho problem trva? Pamatujete si, jake dve sluzby jste to vlastne odstranil?
Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe , ulozte nejlepe na plochu a spustte.
Do leveho okna zkopirujte tento skript (vcetne te dvojtecky pred slovem commands)
Kliknete na MoveIt a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu sem dejte log, ktery na vas vyskoci, nebo bude zde C:\_OTM\MovedFiles\xxxxxxxx_xxxxxx (misto tech x budou cisla, predstavujici datum a cas spusteni)
Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe , ulozte nejlepe na plochu a spustte.
Do leveho okna zkopirujte tento skript (vcetne te dvojtecky pred slovem commands)
Kód: Vybrat vše
:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]
:services
Aavmker4
aswMon2
aswRdr
SkypeUpdate
AdobeFlashPlayerUpdateSvc
avast! Antivirus
avast! Mail Scanner
avast! Web Scanner
:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
C:\WINDOWS\system32\drivers\ea1cbc1c447d9247.sys
C:\Documents and Settings\Admin\vkyxdaqi0g.exe
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"pdfSaver3"=-
"NeroCheck"=-
"NvMediaCenter"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=-
"Skype"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
Po restartu sem dejte log, ktery na vas vyskoci, nebo bude zde C:\_OTM\MovedFiles\xxxxxxxx_xxxxxx (misto tech x budou cisla, predstavujici datum a cas spusteni)
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Kontrola logu, nejde zapnout firewall, antivir, aktualiz
Byly to tyto:
C:\Program Files\CS Software\CS Codec Solution\QT\QTSystem\qttask.exe
C:\Documents and Settings\Admin\vkyxdaqi0g.exe
Nicmene problem trva, tak jsem se ozval sem.
Problem trva od te doby co se pred bootem windows objevila BSOD kterou jsem dal do prvniho prispevku. Po opravne instalaci windows bootuji, nicmene pada explorer.exe (nutno obcas killnout a znova spustit) a problemy s firewallem, vypnutymi aktualizacemi, a vypnutym rezidentnim stitem aviry. Pri pokusu zapnout firewall, napise win, ze se spusteni nezdarilo.
Zkusim to co radite.
Diky.
C:\Program Files\CS Software\CS Codec Solution\QT\QTSystem\qttask.exe
C:\Documents and Settings\Admin\vkyxdaqi0g.exe
Nicmene problem trva, tak jsem se ozval sem.
Problem trva od te doby co se pred bootem windows objevila BSOD kterou jsem dal do prvniho prispevku. Po opravne instalaci windows bootuji, nicmene pada explorer.exe (nutno obcas killnout a znova spustit) a problemy s firewallem, vypnutymi aktualizacemi, a vypnutym rezidentnim stitem aviry. Pri pokusu zapnout firewall, napise win, ze se spusteni nezdarilo.
Zkusim to co radite.
Diky.
Re: Kontrola logu, nejde zapnout firewall, antivir, aktualiz
OK. Doufam, ze mate zalohovana data, mozna je naboreny system.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Kontrola logu, nejde zapnout firewall, antivir, aktualiz
Zde je:
All processes killed
========== COMMANDS ==========
[EMPTYTEMP]
User: Admin
->Temp folder emptied: 146643384 bytes
->Temporary Internet Files folder emptied: 1567373110 bytes
->FireFox cache emptied: 101637612 bytes
->Flash cache emptied: 42224 bytes
User: Administrator
->Temp folder emptied: 9183707 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 3423428 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4723033 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1213201 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1 749,00 mb
[EMPTYFLASH]
User: Admin
->Flash cache emptied: 0 bytes
User: Administrator
User: All Users
User: Default User
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
========== SERVICES/DRIVERS ==========
Service Aavmker4 stopped successfully!
Service Aavmker4 deleted successfully!
Service aswMon2 stopped successfully!
Service aswMon2 deleted successfully!
Service aswRdr stopped successfully!
Service aswRdr deleted successfully!
Service SkypeUpdate stopped successfully!
Service SkypeUpdate deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Error: No service named avast! Antivirus was found to stop!
Service\Driver key avast! Antivirus not found.
Error: No service named avast! Mail Scanner was found to stop!
Service\Driver key avast! Mail Scanner not found.
Error: No service named avast! Web Scanner was found to stop!
Service\Driver key avast! Web Scanner not found.
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml moved successfully.
File move failed. C:\WINDOWS\system32\drivers\ea1cbc1c447d9247.sys scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Admin\vkyxdaqi0g.exe scheduled to be moved on reboot.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pdfSaver3 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NvMediaCenter deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSMSGS deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Skype deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator\ deleted successfully.
OTM by OldTimer - Version 3.1.21.0 log created on 07212012_162244
Ano zalohu mam provedenou. Mozna by jeste pomohlo preinstalovat SP3, ktery by mohl opravit chyby v systemu.
Dekuji.
All processes killed
========== COMMANDS ==========
[EMPTYTEMP]
User: Admin
->Temp folder emptied: 146643384 bytes
->Temporary Internet Files folder emptied: 1567373110 bytes
->FireFox cache emptied: 101637612 bytes
->Flash cache emptied: 42224 bytes
User: Administrator
->Temp folder emptied: 9183707 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 3423428 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4723033 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1213201 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1 749,00 mb
[EMPTYFLASH]
User: Admin
->Flash cache emptied: 0 bytes
User: Administrator
User: All Users
User: Default User
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
========== SERVICES/DRIVERS ==========
Service Aavmker4 stopped successfully!
Service Aavmker4 deleted successfully!
Service aswMon2 stopped successfully!
Service aswMon2 deleted successfully!
Service aswRdr stopped successfully!
Service aswRdr deleted successfully!
Service SkypeUpdate stopped successfully!
Service SkypeUpdate deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Error: No service named avast! Antivirus was found to stop!
Service\Driver key avast! Antivirus not found.
Error: No service named avast! Mail Scanner was found to stop!
Service\Driver key avast! Mail Scanner not found.
Error: No service named avast! Web Scanner was found to stop!
Service\Driver key avast! Web Scanner not found.
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml moved successfully.
File move failed. C:\WINDOWS\system32\drivers\ea1cbc1c447d9247.sys scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Admin\vkyxdaqi0g.exe scheduled to be moved on reboot.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pdfSaver3 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NvMediaCenter deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSMSGS deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Skype deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator\ deleted successfully.
OTM by OldTimer - Version 3.1.21.0 log created on 07212012_162244
Ano zalohu mam provedenou. Mozna by jeste pomohlo preinstalovat SP3, ktery by mohl opravit chyby v systemu.
Dekuji.
Re: Kontrola logu, nejde zapnout firewall, antivir, aktualiz
Mozna, ale nejdriv by to chtelo odstrelit havet.
Takze pritvrdime.
Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!
Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte ComboFix
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Takze pritvrdime.
Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!
Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte ComboFix
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Kontrola logu, nejde zapnout firewall, antivir, aktualiz
Takze firewall jde zapnout, aktualizace tez, avira jde aktualizovat, net funguje. Diky moc.
Je me jasne, ze to zpusobovalo toto:c:\documents and settings\Admin\vkyxdaqi0g.exe
ale normalni cestou nesel smazat
pripadne toto:
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\ea1cbc1c447d9247.sys
Jen dotaz, to combofix nasel sam, nebo jsi ho upravoval aby vymazal ten balast?
log zde:
ComboFix 12-07-21.01 - Admin 21.07.2012 17:00:49.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1917.1476 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! antivirus 4.8.1351 [VPS 101113-0] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\vkyxdaqi0g.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\ea1cbc1c447d9247.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ea1cbc1c447d9247
-------\Service_ea1cbc1c447d9247
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-21 do 2012-07-21 )))))))))))))))))))))))))))))))
.
.
2012-07-21 14:34 . 2006-12-28 22:31 19569 ----a-w- c:\windows\000001_.tmp
2012-07-21 14:22 . 2012-07-21 14:22 -------- d-----w- C:\_OTM
2012-07-21 12:41 . 2012-07-21 12:41 -------- d-----w- c:\program files\trend micro
2012-07-21 12:41 . 2012-07-21 12:41 -------- d-----w- C:\rsit
2012-07-19 19:17 . 2012-07-19 19:17 -------- d-----w- c:\windows\ServicePackFiles
2012-07-19 19:16 . 2012-07-21 14:34 -------- d-----w- c:\windows\EHome
2012-07-19 18:36 . 2007-09-15 01:19 356352 ----a-w- c:\windows\system32\nvunrm.exe
2012-07-19 18:36 . 2007-05-27 12:57 1732 ----a-w- c:\windows\system32\drivers\nvphy.bin
2012-07-19 18:30 . 2007-09-20 10:07 22016 ----a-w- c:\windows\system32\drivers\nvnetbus.sys
2012-07-19 18:30 . 2007-09-20 10:07 53632 ----a-w- c:\windows\system32\drivers\NVENETFD.sys
2012-07-19 18:30 . 2007-09-20 10:07 888064 ----a-w- c:\windows\system32\drivers\nvnrm.sys
2012-07-19 18:30 . 2007-09-15 01:19 37376 ----a-w- c:\windows\system32\nvconrm.dll
2012-07-19 18:30 . 2007-09-20 10:07 195072 ----a-w- c:\windows\system32\fdco1.dll
2012-07-19 18:30 . 2007-09-20 10:06 9216 ----a-w- c:\windows\system32\bdco1.dll
2012-07-19 16:34 . 2012-07-19 16:34 -------- d-----w- c:\documents and settings\Administrator
2012-07-19 13:59 . 2012-07-19 13:59 -------- d-----w- c:\windows\system32\NtmsData
2012-07-19 13:57 . 2012-07-19 13:57 -------- d-----w- c:\documents and settings\Admin\Data aplikací\Avira
2012-07-19 13:55 . 2011-07-20 09:30 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-19 13:55 . 2011-07-20 09:30 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-19 13:55 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2012-07-19 13:55 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2012-07-19 13:55 . 2012-07-19 13:55 -------- d-----w- c:\program files\Avira
2012-07-19 13:55 . 2012-07-19 13:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Avira
2012-07-19 13:49 . 2012-07-19 13:49 -------- d-----w- c:\documents and settings\Admin\Data aplikací\Malwarebytes
2012-07-19 13:49 . 2012-07-19 13:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-07-19 13:49 . 2012-07-19 13:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-19 13:49 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-19 13:33 . 2012-07-19 13:33 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-07-19 13:12 . 2008-04-14 12:00 119808 -c--a-w- c:\windows\system32\dllcache\mtstocom.exe
2012-07-19 13:11 . 2008-04-14 12:00 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe
2012-07-19 13:08 . 2008-04-14 12:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-19 13:00 . 2008-04-14 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-07-19 13:00 . 2008-04-14 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-07-19 13:00 . 2008-04-14 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-07-19 13:00 . 2008-04-14 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2012-07-15 14:47 . 2012-05-15 13:55 1863168 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-15 14:32 . 2012-04-25 21:11 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-15 14:32 . 2012-04-25 21:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-15 14:32 . 2012-05-07 06:29 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-06-02 13:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-10-16 13:08 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-10-16 13:07 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-05 8491008]
"nwiz"="nwiz.exe" [2007-10-05 1626112]
"CAPON"="c:\windows\system32\Spool\Drivers\w32x86\3\CAPONN.EXE" [2000-04-19 22528]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Canon LBP-800 Status Window.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAPPSWK.EXE [2009-2-14 112640]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0lsdelete
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [19.7.2012 15:55 136360]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19.7.2012 15:49 655944]
R2 RapidPort;RapidPort;c:\windows\system32\drivers\CAPLPTN.SYS [14.2.2009 13:07 23008]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19.7.2012 15:49 22344]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\system32\drivers\nvhda32.sys [10.11.2007 4:20 29728]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\Admin\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\Admin\LOCALS~1\Temp\CFcatchme.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - AVGIO
*NewlyCreated* - AVIPBB
*NewlyCreated* - SSMDRV
*NewlyCreated* - WS2IFSL
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://shell.windows.com/fileassoc/fileassoc.asp?LangID=0405&Ext=xls
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.18.17.250
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\ttn2zzt5.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Vzory dokumentu - E:\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-21 17:05
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\CAPRPCSK.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\msdtc.exe
.
**************************************************************************
.
Celkový čas: 2012-07-21 17:07:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-21 15:07
.
Před spuštěním: Volných bajtů: 45 572 644 864
Po spuštění: Volných bajtů: 45 418 967 040
.
- - End Of File - - BF8177DF3E4A73AC2B2CA1211BE688CE
Je me jasne, ze to zpusobovalo toto:c:\documents and settings\Admin\vkyxdaqi0g.exe
ale normalni cestou nesel smazat
pripadne toto:
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\ea1cbc1c447d9247.sys
Jen dotaz, to combofix nasel sam, nebo jsi ho upravoval aby vymazal ten balast?
log zde:
ComboFix 12-07-21.01 - Admin 21.07.2012 17:00:49.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1917.1476 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! antivirus 4.8.1351 [VPS 101113-0] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\vkyxdaqi0g.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\ea1cbc1c447d9247.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ea1cbc1c447d9247
-------\Service_ea1cbc1c447d9247
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-21 do 2012-07-21 )))))))))))))))))))))))))))))))
.
.
2012-07-21 14:34 . 2006-12-28 22:31 19569 ----a-w- c:\windows\000001_.tmp
2012-07-21 14:22 . 2012-07-21 14:22 -------- d-----w- C:\_OTM
2012-07-21 12:41 . 2012-07-21 12:41 -------- d-----w- c:\program files\trend micro
2012-07-21 12:41 . 2012-07-21 12:41 -------- d-----w- C:\rsit
2012-07-19 19:17 . 2012-07-19 19:17 -------- d-----w- c:\windows\ServicePackFiles
2012-07-19 19:16 . 2012-07-21 14:34 -------- d-----w- c:\windows\EHome
2012-07-19 18:36 . 2007-09-15 01:19 356352 ----a-w- c:\windows\system32\nvunrm.exe
2012-07-19 18:36 . 2007-05-27 12:57 1732 ----a-w- c:\windows\system32\drivers\nvphy.bin
2012-07-19 18:30 . 2007-09-20 10:07 22016 ----a-w- c:\windows\system32\drivers\nvnetbus.sys
2012-07-19 18:30 . 2007-09-20 10:07 53632 ----a-w- c:\windows\system32\drivers\NVENETFD.sys
2012-07-19 18:30 . 2007-09-20 10:07 888064 ----a-w- c:\windows\system32\drivers\nvnrm.sys
2012-07-19 18:30 . 2007-09-15 01:19 37376 ----a-w- c:\windows\system32\nvconrm.dll
2012-07-19 18:30 . 2007-09-20 10:07 195072 ----a-w- c:\windows\system32\fdco1.dll
2012-07-19 18:30 . 2007-09-20 10:06 9216 ----a-w- c:\windows\system32\bdco1.dll
2012-07-19 16:34 . 2012-07-19 16:34 -------- d-----w- c:\documents and settings\Administrator
2012-07-19 13:59 . 2012-07-19 13:59 -------- d-----w- c:\windows\system32\NtmsData
2012-07-19 13:57 . 2012-07-19 13:57 -------- d-----w- c:\documents and settings\Admin\Data aplikací\Avira
2012-07-19 13:55 . 2011-07-20 09:30 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-19 13:55 . 2011-07-20 09:30 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-19 13:55 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2012-07-19 13:55 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2012-07-19 13:55 . 2012-07-19 13:55 -------- d-----w- c:\program files\Avira
2012-07-19 13:55 . 2012-07-19 13:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Avira
2012-07-19 13:49 . 2012-07-19 13:49 -------- d-----w- c:\documents and settings\Admin\Data aplikací\Malwarebytes
2012-07-19 13:49 . 2012-07-19 13:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-07-19 13:49 . 2012-07-19 13:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-19 13:49 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-19 13:33 . 2012-07-19 13:33 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-07-19 13:12 . 2008-04-14 12:00 119808 -c--a-w- c:\windows\system32\dllcache\mtstocom.exe
2012-07-19 13:11 . 2008-04-14 12:00 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe
2012-07-19 13:08 . 2008-04-14 12:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-19 13:00 . 2008-04-14 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-07-19 13:00 . 2008-04-14 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-07-19 13:00 . 2008-04-14 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-07-19 13:00 . 2008-04-14 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2012-07-15 14:47 . 2012-05-15 13:55 1863168 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-15 14:32 . 2012-04-25 21:11 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-15 14:32 . 2012-04-25 21:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-15 14:32 . 2012-05-07 06:29 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-06-02 13:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-10-16 13:08 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-10-16 13:07 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-05 8491008]
"nwiz"="nwiz.exe" [2007-10-05 1626112]
"CAPON"="c:\windows\system32\Spool\Drivers\w32x86\3\CAPONN.EXE" [2000-04-19 22528]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Canon LBP-800 Status Window.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAPPSWK.EXE [2009-2-14 112640]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0lsdelete
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [19.7.2012 15:55 136360]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19.7.2012 15:49 655944]
R2 RapidPort;RapidPort;c:\windows\system32\drivers\CAPLPTN.SYS [14.2.2009 13:07 23008]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19.7.2012 15:49 22344]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\system32\drivers\nvhda32.sys [10.11.2007 4:20 29728]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\Admin\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\Admin\LOCALS~1\Temp\CFcatchme.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - AVGIO
*NewlyCreated* - AVIPBB
*NewlyCreated* - SSMDRV
*NewlyCreated* - WS2IFSL
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://shell.windows.com/fileassoc/fileassoc.asp?LangID=0405&Ext=xls
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.18.17.250
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\ttn2zzt5.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Vzory dokumentu - E:\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-21 17:05
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\CAPRPCSK.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\msdtc.exe
.
**************************************************************************
.
Celkový čas: 2012-07-21 17:07:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-21 15:07
.
Před spuštěním: Volných bajtů: 45 572 644 864
Po spuštění: Volných bajtů: 45 418 967 040
.
- - End Of File - - BF8177DF3E4A73AC2B2CA1211BE688CE
Re: Kontrola logu, nejde zapnout firewall, antivir, aktualiz
Ano, byly to predevsim tyto dve veci.
c:\documents and settings\Admin\vkyxdaqi0g.exe
c:\windows\system32\drivers\ea1cbc1c447d9247.sys
OTM si s tim neporadilo, mrchy se branily, ale CF uz zabral.
Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.
Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustte
Kliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat
Stahnete Ccleaner http://www.stahuj.centrum.cz/utility_a_ ... /ccleaner/ a spustte.
Pri instalaci pozor na toolbar, jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
Defragmentujte disk
Stahnete napriklad program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci
A pokud nebudou problemy, melo by to byt vse
c:\documents and settings\Admin\vkyxdaqi0g.exe
c:\windows\system32\drivers\ea1cbc1c447d9247.sys
OTM si s tim neporadilo, mrchy se branily, ale CF uz zabral.
Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.
Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.vyosek píše: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
- Stahnete a spustte
- Pro potvrzeni volby mackejte A, Enter
- Po pouziti utilitu smazte
- Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.
Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustte
Kliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat
Stahnete Ccleaner http://www.stahuj.centrum.cz/utility_a_ ... /ccleaner/ a spustte.
Pri instalaci pozor na toolbar, jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
Defragmentujte disk
Stahnete napriklad program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci
A pokud nebudou problemy, melo by to byt vse
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Kontrola logu, nejde zapnout firewall, antivir, aktualiz
Takze jeste jednou dekuji, registry procisteny, Avast nesel odstranit, porad mel spusteny rezidentni stit. Stahl jsem utilitu primo od Avastu na uninstall a ta zabrala. Chtel bych to umet jako Vy Napriklad to OTM ci scripty pro ComboFix.
Re: Kontrola logu, nejde zapnout firewall, antivir, aktualiz
Jo jo, Avastu se nekdy ven vubec nechce Vlastne skoro zadnemu antiviru se nechce
Nemate zac, mejte se
To se da zvladnout, ovsem chce to cas a trpelivost a par dalsich veci http://forum.viry.cz/viewtopic.php?f=12&t=116819Chtel bych to umet jako Vy Napriklad to OTM ci scripty pro ComboFix.
Nemate zac, mejte se
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).