HJT - modra obrazovka Vyřešeno
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: HJT - modra obrazovka
Za zkoušku nic nedáš
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: HJT - modra obrazovka
vypadalo to že to pomohlo ale pak najednou přišli další pády, je to strašně nepříjemný, prosím pomozte
--------------------------------------------------------------------------------
Welcome to WhoCrashed (HOME EDITION) v 3.04
--------------------------------------------------------------------------------
This program checks for drivers which have been crashing your computer. If your computer has displayed a blue screen of death, suddenly rebooted or shut down then this program will help you find the root cause and possibly a solution.
Whenever a computer suddenly reboots without displaying any notice or blue screen of death, the first thing that is often thought about is a hardware failure. In reality, on Windows most crashes are caused by malfunctioning device drivers and kernel modules. In case of a kernel error, many computers do not show a blue screen unless they are configured for this. Instead these systems suddenly reboot without any notice.
This program will analyze your crash dumps with the single click of a button. It will tell you what drivers are likely to be responsible for crashing your computer. If will report a conclusion which offers suggestions on how to proceed in any situation while the analysis report will display internet links which will help you further troubleshoot any detected problems.
To obtain technical support visit www.resplendence.com/support
Click here to check if you have the latest version or if an update is available.
Just click the Analyze button for a comprehensible report ...
--------------------------------------------------------------------------------
Home Edition Notice
--------------------------------------------------------------------------------
This version of WhoCrashed is free for use at home only. If you would like to use this software at work or in a commercial environment you should get the professional edition of WhoCrashed which also allows analysis of crashdumps on remote drives and computers on the network and offers a range of additional features.
Click here for more information on the professional edition.
Click here to buy the the professional edition of WhoCrashed.
--------------------------------------------------------------------------------
System Information (local)
--------------------------------------------------------------------------------
computer name: JENIK
windows version: Windows XP Service Pack 3, 5.1, build: 2600
windows dir: C:\WINDOWS
CPU: GenuineIntel Intel(R) Pentium(R) CPU G620 @ 2.60GHz Intel586, level: 6
2 logical processors, active mask: 3
RAM: 3749031936 total
VM: 2147352576, free: 2052890624
--------------------------------------------------------------------------------
Crash Dump Analysis
--------------------------------------------------------------------------------
Crash dump directory: C:\WINDOWS\Minidump
Crash dumps are enabled on your computer.
On Tue 13.3.2012 20:22:49 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini031312-05.dmp
This was probably caused by the following module: aswsp.sys (aswSP+0x15556)
Bugcheck code: 0x6 (0x0, 0x0, 0x0, 0x0)
Error: INVALID_PROCESS_DETACH_ATTEMPT
file path: C:\WINDOWS\system32\drivers\aswsp.sys
product: avast! Antivirus System
company: AVAST Software
description: avast! self protection module
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswsp.sys (avast! self protection module, AVAST Software).
Google query: aswsp.sys AVAST Software INVALID_PROCESS_DETACH_ATTEMPT
On Tue 13.3.2012 20:17:58 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini031312-04.dmp
This was probably caused by the following module: aswsp.sys (aswSP+0x14A73)
Bugcheck code: 0x6 (0x0, 0x0, 0x0, 0x0)
Error: INVALID_PROCESS_DETACH_ATTEMPT
file path: C:\WINDOWS\system32\drivers\aswsp.sys
product: avast! Antivirus System
company: AVAST Software
description: avast! self protection module
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswsp.sys (avast! self protection module, AVAST Software).
Google query: aswsp.sys AVAST Software INVALID_PROCESS_DETACH_ATTEMPT
On Tue 13.3.2012 17:29:21 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini031312-03.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x22F1E)
Bugcheck code: 0x6 (0x0, 0x0, 0x0, 0x0)
Error: INVALID_PROCESS_DETACH_ATTEMPT
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Operační systém Microsoft® Windows®
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.
On Tue 13.3.2012 17:15:10 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini031312-02.dmp
This was probably caused by the following module: aswsp.sys (aswSP+0x12499)
Bugcheck code: 0x6 (0x0, 0x0, 0x0, 0x0)
Error: INVALID_PROCESS_DETACH_ATTEMPT
file path: C:\WINDOWS\system32\drivers\aswsp.sys
product: avast! Antivirus System
company: AVAST Software
description: avast! self protection module
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswsp.sys (avast! self protection module, AVAST Software).
Google query: aswsp.sys AVAST Software INVALID_PROCESS_DETACH_ATTEMPT
On Tue 13.3.2012 15:57:37 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini031312-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x22F1E)
Bugcheck code: 0x6 (0x0, 0x0, 0x0, 0x0)
Error: INVALID_PROCESS_DETACH_ATTEMPT
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Operační systém Microsoft® Windows®
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.
On Mon 12.3.2012 13:17:01 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini031212-02.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x22F1E)
Bugcheck code: 0x6 (0x0, 0x0, 0x0, 0x0)
Error: INVALID_PROCESS_DETACH_ATTEMPT
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Operační systém Microsoft® Windows®
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.
On Mon 12.3.2012 11:59:29 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini031212-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x22F1E)
Bugcheck code: 0x6 (0x0, 0x0, 0x0, 0x0)
Error: INVALID_PROCESS_DETACH_ATTEMPT
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Operační systém Microsoft® Windows®
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.
On Sun 11.3.2012 22:19:35 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini031112-01.dmp
This was probably caused by the following module: aswsp.sys (aswSP+0x12499)
Bugcheck code: 0x6 (0x0, 0x0, 0x0, 0x0)
Error: INVALID_PROCESS_DETACH_ATTEMPT
file path: C:\WINDOWS\system32\drivers\aswsp.sys
product: avast! Antivirus System
company: AVAST Software
description: avast! self protection module
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswsp.sys (avast! self protection module, AVAST Software).
Google query: aswsp.sys AVAST Software INVALID_PROCESS_DETACH_ATTEMPT
--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------
8 crash dumps have been found and analyzed. A third party driver has been identified to be causing system crashes on your computer. It is strongly suggested that you check for updates for these drivers on their company websites. Click on the links below to search with Google for updates for these drivers:
aswsp.sys (avast! self protection module, AVAST Software)
If no updates for these drivers are available, try searching with Google on the names of these drivers in combination the errors that have been reported for these drivers and include the brand and model name of your computer as well in the query. This often yields interesting results from discussions from users who have been experiencing similar problems.
Read the topic general suggestions for troubleshooting system crashes for more information.
Note that it's not always possible to state with certainty whether a reported driver is actually responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.
--------------------------------------------------------------------------------
Welcome to WhoCrashed (HOME EDITION) v 3.04
--------------------------------------------------------------------------------
This program checks for drivers which have been crashing your computer. If your computer has displayed a blue screen of death, suddenly rebooted or shut down then this program will help you find the root cause and possibly a solution.
Whenever a computer suddenly reboots without displaying any notice or blue screen of death, the first thing that is often thought about is a hardware failure. In reality, on Windows most crashes are caused by malfunctioning device drivers and kernel modules. In case of a kernel error, many computers do not show a blue screen unless they are configured for this. Instead these systems suddenly reboot without any notice.
This program will analyze your crash dumps with the single click of a button. It will tell you what drivers are likely to be responsible for crashing your computer. If will report a conclusion which offers suggestions on how to proceed in any situation while the analysis report will display internet links which will help you further troubleshoot any detected problems.
To obtain technical support visit www.resplendence.com/support
Click here to check if you have the latest version or if an update is available.
Just click the Analyze button for a comprehensible report ...
--------------------------------------------------------------------------------
Home Edition Notice
--------------------------------------------------------------------------------
This version of WhoCrashed is free for use at home only. If you would like to use this software at work or in a commercial environment you should get the professional edition of WhoCrashed which also allows analysis of crashdumps on remote drives and computers on the network and offers a range of additional features.
Click here for more information on the professional edition.
Click here to buy the the professional edition of WhoCrashed.
--------------------------------------------------------------------------------
System Information (local)
--------------------------------------------------------------------------------
computer name: JENIK
windows version: Windows XP Service Pack 3, 5.1, build: 2600
windows dir: C:\WINDOWS
CPU: GenuineIntel Intel(R) Pentium(R) CPU G620 @ 2.60GHz Intel586, level: 6
2 logical processors, active mask: 3
RAM: 3749031936 total
VM: 2147352576, free: 2052890624
--------------------------------------------------------------------------------
Crash Dump Analysis
--------------------------------------------------------------------------------
Crash dump directory: C:\WINDOWS\Minidump
Crash dumps are enabled on your computer.
On Tue 13.3.2012 20:22:49 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini031312-05.dmp
This was probably caused by the following module: aswsp.sys (aswSP+0x15556)
Bugcheck code: 0x6 (0x0, 0x0, 0x0, 0x0)
Error: INVALID_PROCESS_DETACH_ATTEMPT
file path: C:\WINDOWS\system32\drivers\aswsp.sys
product: avast! Antivirus System
company: AVAST Software
description: avast! self protection module
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswsp.sys (avast! self protection module, AVAST Software).
Google query: aswsp.sys AVAST Software INVALID_PROCESS_DETACH_ATTEMPT
On Tue 13.3.2012 20:17:58 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini031312-04.dmp
This was probably caused by the following module: aswsp.sys (aswSP+0x14A73)
Bugcheck code: 0x6 (0x0, 0x0, 0x0, 0x0)
Error: INVALID_PROCESS_DETACH_ATTEMPT
file path: C:\WINDOWS\system32\drivers\aswsp.sys
product: avast! Antivirus System
company: AVAST Software
description: avast! self protection module
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswsp.sys (avast! self protection module, AVAST Software).
Google query: aswsp.sys AVAST Software INVALID_PROCESS_DETACH_ATTEMPT
On Tue 13.3.2012 17:29:21 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini031312-03.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x22F1E)
Bugcheck code: 0x6 (0x0, 0x0, 0x0, 0x0)
Error: INVALID_PROCESS_DETACH_ATTEMPT
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Operační systém Microsoft® Windows®
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.
On Tue 13.3.2012 17:15:10 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini031312-02.dmp
This was probably caused by the following module: aswsp.sys (aswSP+0x12499)
Bugcheck code: 0x6 (0x0, 0x0, 0x0, 0x0)
Error: INVALID_PROCESS_DETACH_ATTEMPT
file path: C:\WINDOWS\system32\drivers\aswsp.sys
product: avast! Antivirus System
company: AVAST Software
description: avast! self protection module
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswsp.sys (avast! self protection module, AVAST Software).
Google query: aswsp.sys AVAST Software INVALID_PROCESS_DETACH_ATTEMPT
On Tue 13.3.2012 15:57:37 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini031312-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x22F1E)
Bugcheck code: 0x6 (0x0, 0x0, 0x0, 0x0)
Error: INVALID_PROCESS_DETACH_ATTEMPT
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Operační systém Microsoft® Windows®
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.
On Mon 12.3.2012 13:17:01 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini031212-02.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x22F1E)
Bugcheck code: 0x6 (0x0, 0x0, 0x0, 0x0)
Error: INVALID_PROCESS_DETACH_ATTEMPT
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Operační systém Microsoft® Windows®
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.
On Mon 12.3.2012 11:59:29 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini031212-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x22F1E)
Bugcheck code: 0x6 (0x0, 0x0, 0x0, 0x0)
Error: INVALID_PROCESS_DETACH_ATTEMPT
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Operační systém Microsoft® Windows®
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.
On Sun 11.3.2012 22:19:35 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini031112-01.dmp
This was probably caused by the following module: aswsp.sys (aswSP+0x12499)
Bugcheck code: 0x6 (0x0, 0x0, 0x0, 0x0)
Error: INVALID_PROCESS_DETACH_ATTEMPT
file path: C:\WINDOWS\system32\drivers\aswsp.sys
product: avast! Antivirus System
company: AVAST Software
description: avast! self protection module
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswsp.sys (avast! self protection module, AVAST Software).
Google query: aswsp.sys AVAST Software INVALID_PROCESS_DETACH_ATTEMPT
--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------
8 crash dumps have been found and analyzed. A third party driver has been identified to be causing system crashes on your computer. It is strongly suggested that you check for updates for these drivers on their company websites. Click on the links below to search with Google for updates for these drivers:
aswsp.sys (avast! self protection module, AVAST Software)
If no updates for these drivers are available, try searching with Google on the names of these drivers in combination the errors that have been reported for these drivers and include the brand and model name of your computer as well in the query. This often yields interesting results from discussions from users who have been experiencing similar problems.
Read the topic general suggestions for troubleshooting system crashes for more information.
Note that it's not always possible to state with certainty whether a reported driver is actually responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.
Re: HJT - modra obrazovka
prohledal jsem net .. nejspíš to způsobuje sebeobranný mechanismus avastu.. a jestli jsem to tam dobře pochopil, mám si ten mechanismus vypnotu, dokud avast nevydá update, zkusím to, snad to bude Ok
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: HJT - modra obrazovka
Drží se Ti tam starý ovladač Avastu...
Ještě jednou , neodinstaluj Avast normálně v přidat/odebrat programy , ale:
Jak odinstalovat avast! za použití nástroje aswClear:
Stáhněte aswClear.exe
http://files.avast.com/files/eng/aswclear.exe
na vaší pracovní plochu
Spusťte jej
Pokud jste instalovali avast! do jiného než výchozího adresáře, nalistujte jej. (Poznámka: Buďte opatrní! Obsah adresáře, který vyberete, bude smazán!!!
Stiskněte SMAZAT
Restartujte počítač
Pak zkus nainstalovat Avast znovu.
Ještě jednou , neodinstaluj Avast normálně v přidat/odebrat programy , ale:
Jak odinstalovat avast! za použití nástroje aswClear:
Stáhněte aswClear.exe
http://files.avast.com/files/eng/aswclear.exe
na vaší pracovní plochu
Spusťte jej
Pokud jste instalovali avast! do jiného než výchozího adresáře, nalistujte jej. (Poznámka: Buďte opatrní! Obsah adresáře, který vyberete, bude smazán!!!
Stiskněte SMAZAT
Restartujte počítač
Pak zkus nainstalovat Avast znovu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: HJT - modra obrazovka
zkusil jsem to udělat, a stalo se mi, že ten program aswclear neodpovídá, a nejde ukončit ve správci úloh, ani proces nejde ukončit, ale pořád neodpovídá, nic nedělá
-
Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: HJT - modra obrazovka
Potom ho spusť v nouzovém režimu.
Láska hřeje, ale uhlí je uhlí. 
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
-
MiliNess
- člen BSOD týmu
-
Master Level 9.5
- Příspěvky: 9112
- Registrován: říjen 09
- Bydliště: Cheb
- Pohlaví:
- Stav:
Offline
Re: HJT - modra obrazovka
I ten poslední (INVALID_PROCESS_DETACH_ATTEMPT) vypadá na ovladač Avastu, konkrétně aswSP.sys (ovladač který chrání samotný Avast před útoky malwaru)
-každý má svou pravdu a ta se nemusí vždycky shodovat s tvou vlastní
-naše problémy jsou pouze v naší hlavě
-okolní svět není ani dobrý ani špatný, je mu zcela lhostejné, jestli existuješ
-nejdůležitější v životě je láska. Všechno ostatní jsou zbytečnosti
-naše problémy jsou pouze v naší hlavě
-okolní svět není ani dobrý ani špatný, je mu zcela lhostejné, jestli existuješ
-nejdůležitější v životě je láska. Všechno ostatní jsou zbytečnosti
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: HJT - modra obrazovka
Smažeme Avast v Combofixu.
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: HJT - modra obrazovka
ComboFix 12-03-14.01 - Honzik 14.03.2012 15:14:26.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3575.2812 [GMT 1:00]
Spuštěný z: c:\documents and settings\Honzik\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-14 do 2012-03-14 )))))))))))))))))))))))))))))))
.
.
2012-03-13 22:04 . 2012-03-13 22:04 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Google
2012-03-13 21:59 . 2012-03-13 22:01 -------- d-----w- c:\program files\Google
2012-03-13 21:59 . 2012-03-13 21:59 -------- d-----w- c:\documents and settings\Honzik\Local Settings\Data aplikací\Google
2012-03-13 21:59 . 2012-03-07 00:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-13 21:59 . 2012-03-07 00:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-13 21:59 . 2012-03-07 00:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-13 21:59 . 2012-03-07 00:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-13 21:59 . 2012-03-07 00:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-13 21:59 . 2012-03-07 00:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-13 21:59 . 2012-03-07 00:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-13 21:59 . 2012-03-06 23:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-13 21:59 . 2012-03-07 00:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-13 21:59 . 2012-03-13 21:59 -------- d-----w- c:\program files\AVAST Software
2012-03-12 20:29 . 2012-03-12 20:29 -------- d-----w- c:\documents and settings\Honzik\Local Settings\Data aplikací\Skyrim
2012-03-12 20:14 . 2012-03-12 20:35 -------- d-----w- c:\program files\The Elder Scrolls V Skyrim
2012-03-12 19:55 . 2012-03-12 19:55 -------- d-----w- c:\program files\Common Files\Steam
2012-03-12 19:55 . 2012-03-12 19:55 -------- d-----w- c:\documents and settings\All Users\Nabdka Start
2012-03-12 13:51 . 2012-03-13 20:26 -------- d-----w- c:\program files\WhoCrashed
2012-03-09 22:06 . 2012-03-09 22:06 -------- d-----w- c:\program files\NVIDIA Corporation
2012-03-09 22:03 . 2012-03-09 22:03 -------- d-----w- c:\documents and settings\Honzik\Local Settings\Data aplikací\2K Games
2012-03-09 21:48 . 2012-03-09 21:48 -------- d-----w- c:\program files\2K Games
2012-03-07 22:05 . 2012-03-13 22:19 -------- d-----w- c:\documents and settings\Honzik\Data aplikací\mIRC
2012-03-07 22:05 . 2012-03-13 22:09 -------- d-----w- c:\program files\mIRC
2012-02-29 14:07 . 2012-02-29 14:07 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-02-26 14:16 . 2012-02-26 14:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Ubisoft
2012-02-22 14:30 . 2012-02-22 14:30 -------- d-----w- c:\documents and settings\Honzik\Local Settings\Data aplikací\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-13 23:22 . 2007-08-20 12:41 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-03-13 23:21 . 2009-09-26 10:59 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-03-13 23:21 . 2007-08-20 12:41 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-03-07 00:15 . 2011-12-26 16:12 41184 ----a-w- c:\windows\avastSS.scr
2012-02-29 14:08 . 2011-12-12 12:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 17:20 . 2000-04-04 10:02 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-26 16:18 . 2008-12-04 20:28 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-26 16:18 . 2011-12-26 16:19 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-19 08:53 . 2000-04-04 10:02 668160 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:53 . 2000-04-04 10:02 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-12-19 08:53 . 2000-04-04 10:02 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:52 . 2000-04-04 10:02 370176 ----a-w- c:\windows\system32\html.iec
2012-02-19 13:17 . 2011-03-24 17:59 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"nwiz"="nwiz.exe" [2006-07-20 1519616]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater 3\nsu3ui_agent.exe" [2010-11-26 160048]
"RTHDCPL"="RTHDCPL.EXE" [2011-05-12 20053608]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-10-05 112152]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 98304]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
GamePark klient 2.lnk - c:\program files\GamePark2\gpcl.exe [2012-1-17 409088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GamePark\\GameparkClient.exe"=
"c:\\Program Files\\GamePark\\GamePark.url"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"c:\\Program Files\\Counter-Strike\\hl.exe"=
"c:\\Documents and Settings\\Honzik\\Dokumenty\\Aplikace\\různě hry\\bulanci.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\EA Games\\Battlefield 2\\BF2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\team fortress2\\hl2.exe"=
"c:\\Program Files\\EA SPORTS\\FIFA 07\\fifa07.exe"=
"c:\\Program Files\\EA SPORTS\\NHL07\\nhl2007.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold_Crusader_Extreme.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Activision\\Rome - Total War\\RomeTW.exe"=
"c:\\Documents and Settings\\Honzik\\Data aplikací\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Documents and Settings\\Honzik\\Dokumenty\\Aplikace\\Divoke Kmeny\\DK-LAN-CZ\\DK Lan CZ BETA\\apache\\bin\\apache.exe"=
"c:\\Documents and Settings\\Honzik\\Dokumenty\\Aplikace\\Divoke Kmeny\\DK-LAN-CZ\\DK Lan CZ BETA\\mysql\\bin\\mysqld.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LogMeIn Hamachi\\hamachi-2-ui.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26000:TCP"= 26000:TCP:Gamepark
"26000:UDP"= 26000:UDP:Gamepark
"29999:TCP"= 29999:TCP:Gamepark
"29999:UDP"= 29999:UDP:Gamepark
.
R0 psdrv02;CD Guard Environment Driver (v2);c:\windows\system32\drivers\psdrv02.sys [11.9.2006 13:01 67960]
R0 pssync05;CD Guard Synchronization Driver (v5);c:\windows\system32\drivers\pssync05.sys [3.11.2006 9:24 61312]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.12.2006 19:17 639224]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [1.1.2010 2:12 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [13.3.2012 22:59 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13.3.2012 22:59 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.3.2012 22:59 20696]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [28.2.2012 17:38 1373576]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [18.1.2012 15:09 12184]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [1.1.2010 2:13 2655768]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13.3.2012 22:59 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1.1.2010 2:12 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13.3.2012 22:59 136176]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [1.1.2010 2:18 24944]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [1.1.2010 2:12 41088]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [17.1.2011 13:13 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [17.1.2011 13:13 8576]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [1.11.2011 21:06 155344]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-13 21:59]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-13 21:59]
.
.
------- Doplňkový sken -------
.
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
TCP: DhcpNameServer = 8.8.8.8 192.168.1.1
TCP: Interfaces\{48C3E7D4-42F5-491A-9FF0-BDC622AFD4C2}: NameServer = 8.8.8.8
TCP: Interfaces\{645A233A-9386-4466-8F2B-A73774C6CB09}: NameServer = 8.8.8.8
TCP: Interfaces\{B24B0124-61EE-4332-84B3-732C45BE057C}: NameServer = 8.8.8.8
FF - ProfilePath - c:\documents and settings\Honzik\Data aplikací\Mozilla\Firefox\Profiles\52184y9o.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-14 15:18
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
c:\program files\Internet Explorer\iexplore.exe [2232] 0x89774448
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\avast! sandbox
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A2540AE
\Driver\atapi -> 0x8a253f76
IoDeviceObjectType -> ParseProcedure -> 0x8a25320c
\Device\Harddisk0\DR0 -> ParseProcedure -> 0x8a25320c
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4169299674-1468450816-3153339792-1006\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Documents and Settings\\Honzik\\Dokumenty\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Documents and Settings\\Honzik\\Dokumenty\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Documents and Settings\\Honzik\\Dokumenty\\Sports Interactive\\Football Manager 2010\\"
"HistoryDir"="c:\\Documents and Settings\\Honzik\\Plocha\\FM Genie Scout 10\\History Points"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000058
"GraphStep"=dword:00000001
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009fe8
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000000
"Version"=dword:00000074
"UniqueID"="36-AEB0-E2FF"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(820)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2012-03-14 15:20:11
ComboFix-quarantined-files.txt 2012-03-14 14:20
ComboFix2.txt 2011-12-26 22:28
.
Před spuštěním: Volných bajtů: 32 501 788 672
Po spuštění: Volných bajtů: 32 922 636 288
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - A4E1B7AD79654FC0C65EB822D792DFDE
a jinak mmchdm.. všera jsem nakonec tan aswcleaner spustil a našel jsem v pc starou složku s avastem 4, tak jsem ji taky smazal, myslel jsem že je vyhráno, ale dneska pustim počítač a zas spadnul, tak už nevím, snad pomůže ten combofix
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3575.2812 [GMT 1:00]
Spuštěný z: c:\documents and settings\Honzik\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-14 do 2012-03-14 )))))))))))))))))))))))))))))))
.
.
2012-03-13 22:04 . 2012-03-13 22:04 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Google
2012-03-13 21:59 . 2012-03-13 22:01 -------- d-----w- c:\program files\Google
2012-03-13 21:59 . 2012-03-13 21:59 -------- d-----w- c:\documents and settings\Honzik\Local Settings\Data aplikací\Google
2012-03-13 21:59 . 2012-03-07 00:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-13 21:59 . 2012-03-07 00:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-13 21:59 . 2012-03-07 00:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-13 21:59 . 2012-03-07 00:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-13 21:59 . 2012-03-07 00:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-13 21:59 . 2012-03-07 00:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-13 21:59 . 2012-03-07 00:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-13 21:59 . 2012-03-06 23:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-13 21:59 . 2012-03-07 00:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-13 21:59 . 2012-03-13 21:59 -------- d-----w- c:\program files\AVAST Software
2012-03-12 20:29 . 2012-03-12 20:29 -------- d-----w- c:\documents and settings\Honzik\Local Settings\Data aplikací\Skyrim
2012-03-12 20:14 . 2012-03-12 20:35 -------- d-----w- c:\program files\The Elder Scrolls V Skyrim
2012-03-12 19:55 . 2012-03-12 19:55 -------- d-----w- c:\program files\Common Files\Steam
2012-03-12 19:55 . 2012-03-12 19:55 -------- d-----w- c:\documents and settings\All Users\Nabdka Start
2012-03-12 13:51 . 2012-03-13 20:26 -------- d-----w- c:\program files\WhoCrashed
2012-03-09 22:06 . 2012-03-09 22:06 -------- d-----w- c:\program files\NVIDIA Corporation
2012-03-09 22:03 . 2012-03-09 22:03 -------- d-----w- c:\documents and settings\Honzik\Local Settings\Data aplikací\2K Games
2012-03-09 21:48 . 2012-03-09 21:48 -------- d-----w- c:\program files\2K Games
2012-03-07 22:05 . 2012-03-13 22:19 -------- d-----w- c:\documents and settings\Honzik\Data aplikací\mIRC
2012-03-07 22:05 . 2012-03-13 22:09 -------- d-----w- c:\program files\mIRC
2012-02-29 14:07 . 2012-02-29 14:07 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-02-26 14:16 . 2012-02-26 14:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Ubisoft
2012-02-22 14:30 . 2012-02-22 14:30 -------- d-----w- c:\documents and settings\Honzik\Local Settings\Data aplikací\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-13 23:22 . 2007-08-20 12:41 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-03-13 23:21 . 2009-09-26 10:59 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-03-13 23:21 . 2007-08-20 12:41 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-03-07 00:15 . 2011-12-26 16:12 41184 ----a-w- c:\windows\avastSS.scr
2012-02-29 14:08 . 2011-12-12 12:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 17:20 . 2000-04-04 10:02 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-26 16:18 . 2008-12-04 20:28 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-26 16:18 . 2011-12-26 16:19 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-19 08:53 . 2000-04-04 10:02 668160 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:53 . 2000-04-04 10:02 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-12-19 08:53 . 2000-04-04 10:02 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:52 . 2000-04-04 10:02 370176 ----a-w- c:\windows\system32\html.iec
2012-02-19 13:17 . 2011-03-24 17:59 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"nwiz"="nwiz.exe" [2006-07-20 1519616]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater 3\nsu3ui_agent.exe" [2010-11-26 160048]
"RTHDCPL"="RTHDCPL.EXE" [2011-05-12 20053608]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-10-05 112152]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 98304]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
GamePark klient 2.lnk - c:\program files\GamePark2\gpcl.exe [2012-1-17 409088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GamePark\\GameparkClient.exe"=
"c:\\Program Files\\GamePark\\GamePark.url"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"c:\\Program Files\\Counter-Strike\\hl.exe"=
"c:\\Documents and Settings\\Honzik\\Dokumenty\\Aplikace\\různě hry\\bulanci.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\EA Games\\Battlefield 2\\BF2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\team fortress2\\hl2.exe"=
"c:\\Program Files\\EA SPORTS\\FIFA 07\\fifa07.exe"=
"c:\\Program Files\\EA SPORTS\\NHL07\\nhl2007.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold_Crusader_Extreme.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Activision\\Rome - Total War\\RomeTW.exe"=
"c:\\Documents and Settings\\Honzik\\Data aplikací\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Documents and Settings\\Honzik\\Dokumenty\\Aplikace\\Divoke Kmeny\\DK-LAN-CZ\\DK Lan CZ BETA\\apache\\bin\\apache.exe"=
"c:\\Documents and Settings\\Honzik\\Dokumenty\\Aplikace\\Divoke Kmeny\\DK-LAN-CZ\\DK Lan CZ BETA\\mysql\\bin\\mysqld.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LogMeIn Hamachi\\hamachi-2-ui.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26000:TCP"= 26000:TCP:Gamepark
"26000:UDP"= 26000:UDP:Gamepark
"29999:TCP"= 29999:TCP:Gamepark
"29999:UDP"= 29999:UDP:Gamepark
.
R0 psdrv02;CD Guard Environment Driver (v2);c:\windows\system32\drivers\psdrv02.sys [11.9.2006 13:01 67960]
R0 pssync05;CD Guard Synchronization Driver (v5);c:\windows\system32\drivers\pssync05.sys [3.11.2006 9:24 61312]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.12.2006 19:17 639224]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [1.1.2010 2:12 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [13.3.2012 22:59 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13.3.2012 22:59 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.3.2012 22:59 20696]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [28.2.2012 17:38 1373576]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [18.1.2012 15:09 12184]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [1.1.2010 2:13 2655768]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13.3.2012 22:59 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1.1.2010 2:12 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13.3.2012 22:59 136176]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [1.1.2010 2:18 24944]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [1.1.2010 2:12 41088]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [17.1.2011 13:13 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [17.1.2011 13:13 8576]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [1.11.2011 21:06 155344]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-13 21:59]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-13 21:59]
.
.
------- Doplňkový sken -------
.
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
TCP: DhcpNameServer = 8.8.8.8 192.168.1.1
TCP: Interfaces\{48C3E7D4-42F5-491A-9FF0-BDC622AFD4C2}: NameServer = 8.8.8.8
TCP: Interfaces\{645A233A-9386-4466-8F2B-A73774C6CB09}: NameServer = 8.8.8.8
TCP: Interfaces\{B24B0124-61EE-4332-84B3-732C45BE057C}: NameServer = 8.8.8.8
FF - ProfilePath - c:\documents and settings\Honzik\Data aplikací\Mozilla\Firefox\Profiles\52184y9o.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-14 15:18
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
c:\program files\Internet Explorer\iexplore.exe [2232] 0x89774448
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\avast! sandbox
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A2540AE
\Driver\atapi -> 0x8a253f76
IoDeviceObjectType -> ParseProcedure -> 0x8a25320c
\Device\Harddisk0\DR0 -> ParseProcedure -> 0x8a25320c
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4169299674-1468450816-3153339792-1006\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Documents and Settings\\Honzik\\Dokumenty\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Documents and Settings\\Honzik\\Dokumenty\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Documents and Settings\\Honzik\\Dokumenty\\Sports Interactive\\Football Manager 2010\\"
"HistoryDir"="c:\\Documents and Settings\\Honzik\\Plocha\\FM Genie Scout 10\\History Points"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000058
"GraphStep"=dword:00000001
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009fe8
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000000
"Version"=dword:00000074
"UniqueID"="36-AEB0-E2FF"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(820)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2012-03-14 15:20:11
ComboFix-quarantined-files.txt 2012-03-14 14:20
ComboFix2.txt 2011-12-26 22:28
.
Před spuštěním: Volných bajtů: 32 501 788 672
Po spuštění: Volných bajtů: 32 922 636 288
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - A4E1B7AD79654FC0C65EB822D792DFDE
a jinak mmchdm.. všera jsem nakonec tan aswcleaner spustil a našel jsem v pc starou složku s avastem 4, tak jsem ji taky smazal, myslel jsem že je vyhráno, ale dneska pustim počítač a zas spadnul, tak už nevím, snad pomůže ten combofix
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: HJT - modra obrazovka
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Stáhni si aswMBR na svojí plochu.
Poklepej na aswMBR.exe. Klikni na Scan.
Po skenu klikni na aswASW.log a ulož si ho na plochu, vlož sem celý obsah toho logu.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
SecCenter::
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
File::
c:\windows\system32\drivers\aswSP.sys
c:\windows\system32\drivers\aswFsBlk.sys
c:\windows\system32\drivers\aswRdr.sys
c:\windows\system32\drivers\aswTdi.sys
c:\windows\system32\drivers\aswSnx.sys
c:\windows\system32\drivers\aswmon2.sys
c:\windows\system32\drivers\aswmon.sys
c:\windows\system32\drivers\aavmker4.sys
c:\windows\system32\aswBoot.exe
c:\windows\avastSS.scr
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
Folder::
c:\program files\AVAST Software
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
[-HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"=-
Driver::
aswSnx
aswSP
aswFsBlk
AppleChargerSrv
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Stáhni si aswMBR na svojí plochu.
Poklepej na aswMBR.exe. Klikni na Scan.
Po skenu klikni na aswASW.log a ulož si ho na plochu, vlož sem celý obsah toho logu.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: HJT - modra obrazovka
ComboFix 12-03-14.01 - Honzik 14.03.2012 20:30:05.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3575.2722 [GMT 1:00]
Spuštěný z: c:\documents and settings\Honzik\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Honzik\Plocha\CFScript.txt
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
FILE ::
"c:\windows\avastSS.scr"
"c:\windows\system32\aswBoot.exe"
"c:\windows\system32\drivers\aavmker4.sys"
"c:\windows\system32\drivers\aswFsBlk.sys"
"c:\windows\system32\drivers\aswmon.sys"
"c:\windows\system32\drivers\aswmon2.sys"
"c:\windows\system32\drivers\aswRdr.sys"
"c:\windows\system32\drivers\aswSnx.sys"
"c:\windows\system32\drivers\aswSP.sys"
"c:\windows\system32\drivers\aswTdi.sys"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AVAST Software
c:\program files\AVAST Software\Avast\1029\aswClnTg.htm
c:\program files\AVAST Software\Avast\1029\aswClnTg.txt
c:\program files\AVAST Software\Avast\1029\aswInfTg.htm
c:\program files\AVAST Software\Avast\1029\aswInfTg.txt
c:\program files\AVAST Software\Avast\1029\Avast5_1029.chm
c:\program files\AVAST Software\Avast\1029\Base.dll
c:\program files\AVAST Software\Avast\1029\Boot.dll
c:\program files\AVAST Software\Avast\1029\uiLangRes.dll
c:\program files\AVAST Software\Avast\Aavm4h.dll
c:\program files\AVAST Software\Avast\AavmRpch.dll
c:\program files\AVAST Software\Avast\AhAScr.dll
c:\program files\AVAST Software\Avast\AhResBhv.dll
c:\program files\AVAST Software\Avast\AhResJs.dll
c:\program files\AVAST Software\Avast\AhResMai.dll
c:\program files\AVAST Software\Avast\AhResMes.dll
c:\program files\AVAST Software\Avast\AhResNS.dll
c:\program files\AVAST Software\Avast\AhResP2P.dll
c:\program files\AVAST Software\Avast\AhResStd.dll
c:\program files\AVAST Software\Avast\AhResWS.dll
c:\program files\AVAST Software\Avast\ashBase.dll
c:\program files\AVAST Software\Avast\ashMaiSv.dll
c:\program files\AVAST Software\Avast\ashQuick.exe
c:\program files\AVAST Software\Avast\ashServ.dll
c:\program files\AVAST Software\Avast\ashShell.dll
c:\program files\AVAST Software\Avast\ashTask.dll
c:\program files\AVAST Software\Avast\ashTaskEx.dll
c:\program files\AVAST Software\Avast\ashUpd.exe
c:\program files\AVAST Software\Avast\ashWebSv.dll
c:\program files\AVAST Software\Avast\ashWsFtr.dll
c:\program files\AVAST Software\Avast\asOutExt.dll
c:\program files\AVAST Software\Avast\asOutExt64.dll
c:\program files\AVAST Software\Avast\aswAra.dll
c:\program files\AVAST Software\Avast\aswAux.dll
c:\program files\AVAST Software\Avast\aswCmnBS.dll
c:\program files\AVAST Software\Avast\aswCmnIS.dll
c:\program files\AVAST Software\Avast\aswCmnOS.dll
c:\program files\AVAST Software\Avast\aswData.dll
c:\program files\AVAST Software\Avast\aswDld.dll
c:\program files\AVAST Software\Avast\aswEngLdr.dll
c:\program files\AVAST Software\Avast\aswChLic.exe
c:\program files\AVAST Software\Avast\aswIdle.dll
c:\program files\AVAST Software\Avast\aswJsFlt.dll
c:\program files\AVAST Software\Avast\aswLog.dll
c:\program files\AVAST Software\Avast\aswMonDS.sys
c:\program files\AVAST Software\Avast\aswMonVD.dll
c:\program files\AVAST Software\Avast\aswOtl.dll
c:\program files\AVAST Software\Avast\aswOtl64.dll
c:\program files\AVAST Software\Avast\aswProperty.dll
c:\program files\AVAST Software\Avast\aswRegSvr.exe
c:\program files\AVAST Software\Avast\aswRunDll.exe
c:\program files\AVAST Software\Avast\aswSqLt.dll
c:\program files\AVAST Software\Avast\aswStrm.dll
c:\program files\AVAST Software\Avast\aswUtil.dll
c:\program files\AVAST Software\Avast\aswWebRepIE.dll
c:\program files\AVAST Software\Avast\avastSS.dll
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\AVAST Software\Avast\AvastUI.exe
c:\program files\AVAST Software\Avast\AvSSHook.dll
c:\program files\AVAST Software\Avast\CommonRes.dll
c:\program files\AVAST Software\Avast\defs\12031401\acshort.map
c:\program files\AVAST Software\Avast\defs\12031401\algo.dll
c:\program files\AVAST Software\Avast\defs\12031401\ArPot.dll
c:\program files\AVAST Software\Avast\defs\12031401\aswAR.dll
c:\program files\AVAST Software\Avast\defs\12031401\aswBoot.dll
c:\program files\AVAST Software\Avast\defs\12031401\aswCleanerDLL.dll
c:\program files\AVAST Software\Avast\defs\12031401\aswCmnBS.dll
c:\program files\AVAST Software\Avast\defs\12031401\aswCmnIS.dll
c:\program files\AVAST Software\Avast\defs\12031401\aswCmnOS.dll
c:\program files\AVAST Software\Avast\defs\12031401\aswEngin.dll
c:\program files\AVAST Software\Avast\defs\12031401\aswFiDb.dll
c:\program files\AVAST Software\Avast\defs\12031401\aswRawFS.dll
c:\program files\AVAST Software\Avast\defs\12031401\aswRep.dll
c:\program files\AVAST Software\Avast\defs\12031401\aswScan.dll
c:\program files\AVAST Software\Avast\defs\12031401\certs.map
c:\program files\AVAST Software\Avast\defs\12031401\db_dex.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_dex.map
c:\program files\AVAST Software\Avast\defs\12031401\db_dyna.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_dyna.map
c:\program files\AVAST Software\Avast\defs\12031401\db_el.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_elf.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_elf.map
c:\program files\AVAST Software\Avast\defs\12031401\db_elfa.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_elfa.map
c:\program files\AVAST Software\Avast\defs\12031401\db_java.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_java.map
c:\program files\AVAST Software\Avast\defs\12031401\db_js.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_js.map
c:\program files\AVAST Software\Avast\defs\12031401\db_mx4.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_mx4.map
c:\program files\AVAST Software\Avast\defs\12031401\db_mx95.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_mx95.map
c:\program files\AVAST Software\Avast\defs\12031401\db_o7.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_o7.map
c:\program files\AVAST Software\Avast\defs\12031401\db_ob.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_pe2.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_pe3.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_swf.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_swf.map
c:\program files\AVAST Software\Avast\defs\12031401\db_tx.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_u.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_w6.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_w6.map
c:\program files\AVAST Software\Avast\defs\12031401\db_wh2.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_xtn.map
c:\program files\AVAST Software\Avast\defs\12031401\def.ini
c:\program files\AVAST Software\Avast\defs\12031401\dllcc.dat
c:\program files\AVAST Software\Avast\defs\12031401\exts.dll
c:\program files\AVAST Software\Avast\defs\12031401\fwAux.dll
c:\program files\AVAST Software\Avast\defs\12031401\l_idx.map
c:\program files\AVAST Software\Avast\defs\12031401\l_nmp.map
c:\program files\AVAST Software\Avast\defs\12031401\list_d.txt
c:\program files\AVAST Software\Avast\defs\12031401\list_i.txt
c:\program files\AVAST Software\Avast\defs\12031401\lshe3.map
c:\program files\AVAST Software\Avast\defs\12031401\s_idx.map
c:\program files\AVAST Software\Avast\defs\12031401\s_nmp.map
c:\program files\AVAST Software\Avast\defs\12031401\Sf.bin
c:\program files\AVAST Software\Avast\defs\12031401\Sf1.bin
c:\program files\AVAST Software\Avast\defs\12031401\sl_idx.map
c:\program files\AVAST Software\Avast\defs\12031401\sl_nmp.map
c:\program files\AVAST Software\Avast\defs\12031401\uiext.dll
c:\program files\AVAST Software\Avast\defs\12031401\whitelist.db
c:\program files\AVAST Software\Avast\defs\12031401_stream\pkg1203140100000000.bin
c:\program files\AVAST Software\Avast\defs\12031401_stream\pkg1203140100000001.bin
c:\program files\AVAST Software\Avast\defs\aswdefs.ini
c:\program files\AVAST Software\Avast\flash\amcharts_key.txt
c:\program files\AVAST Software\Avast\flash\amline.swf
c:\program files\AVAST Software\Avast\flash\ammap\ammap.swf
c:\program files\AVAST Software\Avast\flash\ammap\ammap_key.txt
c:\program files\AVAST Software\Avast\flash\ammap\ammap_settings_summary.xml
c:\program files\AVAST Software\Avast\flash\ammap\ammap_settings_tracert.xml
c:\program files\AVAST Software\Avast\flash\ammap\empty_map.xml
c:\program files\AVAST Software\Avast\flash\ammap\icons\arrow.swf
c:\program files\AVAST Software\Avast\flash\ammap\icons\bubble.swf
c:\program files\AVAST Software\Avast\flash\ammap\icons\cross.swf
c:\program files\AVAST Software\Avast\flash\ammap\icons\flag.swf
c:\program files\AVAST Software\Avast\flash\ammap\icons\pin.swf
c:\program files\AVAST Software\Avast\flash\ammap\icons\zoom_out.swf
c:\program files\AVAST Software\Avast\flash\ammap\maps\world.swf
c:\program files\AVAST Software\Avast\License\EULA_Avast_Free.txt
c:\program files\AVAST Software\Avast\screenhooks32.dll
c:\program files\AVAST Software\Avast\Setup\ais_core-49a.vpx
c:\program files\AVAST Software\Avast\Setup\ais_dll_cze-4c6.vpx
c:\program files\AVAST Software\Avast\Setup\ais_res-3e0.vpx
c:\program files\AVAST Software\Avast\Setup\Components.ini
c:\program files\AVAST Software\Avast\Setup\history.ini
c:\program files\AVAST Software\Avast\Setup\chrome-2.vpx
c:\program files\AVAST Software\Avast\Setup\INF\Aavmker4.sys
c:\program files\AVAST Software\Avast\Setup\INF\aswFsBlk.sys
c:\program files\AVAST Software\Avast\Setup\INF\aswKbd.sys
c:\program files\AVAST Software\Avast\Setup\INF\aswMon.sys
c:\program files\AVAST Software\Avast\Setup\INF\aswMon2.sys
c:\program files\AVAST Software\Avast\Setup\INF\aswMonFlt.sys
c:\program files\AVAST Software\Avast\Setup\INF\AswRdr.sys
c:\program files\AVAST Software\Avast\Setup\INF\AswRdr2.sys
c:\program files\AVAST Software\Avast\Setup\INF\aswSnx.sys
c:\program files\AVAST Software\Avast\Setup\INF\aswSP.sys
c:\program files\AVAST Software\Avast\Setup\INF\AswTdi.sys
c:\program files\AVAST Software\Avast\Setup\jrog-a7.vpx
c:\program files\AVAST Software\Avast\Setup\jrog2-460.vpx
c:\program files\AVAST Software\Avast\Setup\part-jrog-a7.vpx
c:\program files\AVAST Software\Avast\Setup\part-jrog2-460.vpx
c:\program files\AVAST Software\Avast\Setup\part-prg_ais-592.vpx
c:\program files\AVAST Software\Avast\Setup\part-setup_ais-592.vpx
c:\program files\AVAST Software\Avast\Setup\part-vps_win32-12031401.vpx
c:\program files\AVAST Software\Avast\Setup\prod-ais.vpx
c:\program files\AVAST Software\Avast\Setup\servers.def
c:\program files\AVAST Software\Avast\Setup\servers.def.lkg
c:\program files\AVAST Software\Avast\Setup\servers.def.vpx
c:\program files\AVAST Software\Avast\Setup\setif_ais-592.vpx
c:\program files\AVAST Software\Avast\Setup\setiface.dll
c:\program files\AVAST Software\Avast\Setup\setiface.ovr
c:\program files\AVAST Software\Avast\Setup\settings.ori
c:\program files\AVAST Software\Avast\Setup\setup.ini
c:\program files\AVAST Software\Avast\Setup\setup.log
c:\program files\AVAST Software\Avast\Setup\setup.ovr
c:\program files\AVAST Software\Avast\Setup\setup_ais-592.vpx
c:\program files\AVAST Software\Avast\Setup\Sfx\avast.setup
c:\program files\AVAST Software\Avast\Setup\summary.txt
c:\program files\AVAST Software\Avast\Setup\vps_32-74f.vpx
c:\program files\AVAST Software\Avast\Setup\vps_win32-763.vpx
c:\program files\AVAST Software\Avast\Setup\winsys-5.vpx
c:\program files\AVAST Software\Avast\sched.exe
c:\program files\AVAST Software\Avast\snxhk.dll
c:\program files\AVAST Software\Avast\VisthAux.exe
c:\program files\AVAST Software\Avast\WebRep\FF\content\about.xul
c:\program files\AVAST Software\Avast\WebRep\FF\content\dateFormat.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\install.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\log.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\overlay.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\overlay.xul
c:\program files\AVAST Software\Avast\WebRep\FF\content\pbj.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\protobuf.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\query.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\ratings.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\rules.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\wrc_gpb.js
c:\program files\AVAST Software\Avast\WebRep\FF\defaults\preferences\pref.js
c:\program files\AVAST Software\Avast\WebRep\FF\dump.html
c:\program files\AVAST Software\Avast\WebRep\FF\chrome.manifest
c:\program files\AVAST Software\Avast\WebRep\FF\install.rdf
c:\program files\AVAST Software\Avast\WebRep\FF\locale\ar-SA\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\ar-SA\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\be-BY\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\be-BY\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\bg-BG\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\bg-BG\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\ca-ES\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\ca-ES\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\cs-CZ\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\cs-CZ\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\da-DK\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\da-DK\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\de-DE\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\de-DE\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\el-GR\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\el-GR\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\en-GB\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\en-GB\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\en-US\about.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\en-US\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\en-US\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\es-ES\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\es-ES\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\et-EE\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\et-EE\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\fi-FI\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\fi-FI\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\fr-FR\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\fr-FR\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\he-IL\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\he-IL\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\hr-HR\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\hr-HR\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\hu-HU\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\hu-HU\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\id-ID\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\id-ID\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\it-IT\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\it-IT\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\ja-JP\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\ja-JP\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\ko-KR\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\ko-KR\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\nb-NO\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\nb-NO\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\nl-NL\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\nl-NL\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\pl-PL\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\pl-PL\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\pt-BR\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\pt-BR\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\pt-PT\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\pt-PT\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\ro-RO\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\ro-RO\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\ru-RU\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\ru-RU\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\sk-SK\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\sk-SK\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\sl-SI\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\sl-SI\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\sv-SE\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\sv-SE\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\th-TH\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\th-TH\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\tr-TR\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\tr-TR\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\uk-UA\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\uk-UA\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\ur-PK\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\ur-PK\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\vi-VN\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\vi-VN\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\zh-CN\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\zh-CN\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\zh-TW\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\zh-TW\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\skin\background-body.jpg
c:\program files\AVAST Software\Avast\WebRep\FF\skin\close.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 16x16px\green1-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 16x16px\green2-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 16x16px\green3-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 16x16px\grey0-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 16x16px\grey3-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 16x16px\orange1-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 16x16px\orange2-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 16x16px\orange3-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 16x16px\red1-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 16x16px\red2-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 16x16px\red3-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 16x16px\yellow1-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 16x16px\yellow2-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 16x16px\yellow3-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 24x24px\green1-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 24x24px\green2-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 24x24px\green3-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 24x24px\grey0-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 24x24px\grey3-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 24x24px\orange1-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 24x24px\orange2-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 24x24px\orange3-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 24x24px\red1-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 24x24px\red2-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 24x24px\red3-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 24x24px\yellow1-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 24x24px\yellow2-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 24x24px\yellow3-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\close.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\green1.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\green2.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\green3.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\grey.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\check-priority.jp
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\check-priority.jpg
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\orange1.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\orange2.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\orange3.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\red1.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\red2.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\red3.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\shop-icon-big.jp
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\shop-icon-big.jpg
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\shop-icon-small.jp
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\shop-icon-small.jpg
c:\program files\AVAST Software\Avast\WebRep\FF\skin\logo.jpg
c:\program files\AVAST Software\Avast\WebRep\FF\skin\overlay.css
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\background-body.jpg
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\background-body.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\background-header.jpg
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\background-right-bottom.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\background-right-top.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\background-right.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\bg-window.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\Button-1.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\button-middle.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\close-hover.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\close.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\corner-left-bottom.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\corner-left-top.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\corner-right-bottom.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\corner-right-top.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\corporate-small-disable.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\corporate-small-selected.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\corporate.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\drugs-small-disable.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\drugs-small-selected.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\drugs.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\gambling-small-disable.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\gambling-small-selected.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\gambling.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\green-1.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\green-2.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\green-3.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\green-hover.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\green-selected.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\green.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\green1-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\green1-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\green1-small.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\green2-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\green2-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\green2-small.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\green3-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\green3-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\green3-small.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\grey-0.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\grey-3.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\grey-small.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\grey0-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\grey0-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\grey3-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\grey3-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\horizontal-line-white.jpg
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\horizontal-line.jpg
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\icon_incorrect.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\illegal-small-disable.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\illegal-small-selected.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\illegal.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\it-small-disable.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\it-small-selected.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\it.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\kenny.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\limet-hover.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\limet-selected.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\limet.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\line-dark-horizontal.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\line-light-horizontal.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\logo.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\news-small-disable.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\news-small-selected.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\news.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\orange-hover.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\orange-selected.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\orange.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\pornography-small-disable.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\pornography-small-selected.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\pornography.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\red-1-108.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\red-1.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\red-2.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\red-3.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\red-hover.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\red-selected.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\red.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\red1-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\red1-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\red1-small.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\red2-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\red2-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\red2-small.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\red3-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\red3-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\red3-small.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\shopping-small-disable.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\shopping-small-selected.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\shopping.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\social-small-disable.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\social-small-selected.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\social.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\vertical-line.jpg
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\violence-small-disable.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\violence-small-selected.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\violence.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\Warning.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\window-wrc.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\yellow-1.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\yellow-2.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\yellow-3.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\yellow-hover.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\yellow-selected.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\yellow.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\yellow1-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\yellow1-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\yellow1-small.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\yellow2-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\yellow2-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\yellow2-small.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\yellow3-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\yellow3-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\yellow3-small.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\wrc ico 16x16px a 24x24px.zip
c:\program files\AVAST Software\Avast\WebRep\FF\test.html
c:\program files\AVAST Software\Avast\WebRep\Chrome\AswWebRepChrome.crx
c:\program files\AVAST Software\Avast\WebRep\Chrome\AswWebRepChrome.ver
c:\program files\AVAST Software\Avast\WebRep\Safari\wrc.safariextz
c:\windows\avastSS.scr
c:\windows\system32\aswBoot.exe
c:\windows\system32\drivers\aavmker4.sys
c:\windows\system32\drivers\aswFsBlk.sys
c:\windows\system32\drivers\aswmon.sys
c:\windows\system32\drivers\aswmon2.sys
c:\windows\system32\drivers\aswRdr.sys
c:\windows\system32\drivers\aswSnx.sys
c:\windows\system32\drivers\aswSP.sys
c:\windows\system32\drivers\aswTdi.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ASWFSBLK
-------\Legacy_ASWSNX
-------\Legacy_ASWSP
-------\Service_AppleChargerSrv
-------\Service_aswFsBlk
-------\Service_aswSnx
-------\Service_aswSP
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-14 do 2012-03-14 )))))))))))))))))))))))))))))))
.
.
2012-03-14 14:06 . 2012-03-14 14:06 -------- d-----w- C:\avast! sandbox
2012-03-13 22:04 . 2012-03-13 22:04 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Google
2012-03-13 21:59 . 2012-03-13 22:01 -------- d-----w- c:\program files\Google
2012-03-13 21:59 . 2012-03-13 21:59 -------- d-----w- c:\documents and settings\Honzik\Local Settings\Data aplikací\Google
2012-03-12 20:29 . 2012-03-12 20:29 -------- d-----w- c:\documents and settings\Honzik\Local Settings\Data aplikací\Skyrim
2012-03-12 20:14 . 2012-03-12 20:35 -------- d-----w- c:\program files\The Elder Scrolls V Skyrim
2012-03-12 19:55 . 2012-03-12 19:55 -------- d-----w- c:\program files\Common Files\Steam
2012-03-12 19:55 . 2012-03-12 19:55 -------- d-----w- c:\documents and settings\All Users\Nabdka Start
2012-03-12 13:51 . 2012-03-14 14:57 -------- d-----w- c:\program files\WhoCrashed
2012-03-09 22:06 . 2012-03-09 22:06 -------- d-----w- c:\program files\NVIDIA Corporation
2012-03-09 22:03 . 2012-03-09 22:03 -------- d-----w- c:\documents and settings\Honzik\Local Settings\Data aplikací\2K Games
2012-03-09 21:48 . 2012-03-09 21:48 -------- d-----w- c:\program files\2K Games
2012-03-07 22:05 . 2012-03-13 22:19 -------- d-----w- c:\documents and settings\Honzik\Data aplikací\mIRC
2012-03-07 22:05 . 2012-03-13 22:09 -------- d-----w- c:\program files\mIRC
2012-02-29 14:07 . 2012-02-29 14:07 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-02-26 14:16 . 2012-02-26 14:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Ubisoft
2012-02-22 14:30 . 2012-02-22 14:30 -------- d-----w- c:\documents and settings\Honzik\Local Settings\Data aplikací\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 17:48 . 2007-08-20 12:41 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-03-14 17:47 . 2009-09-26 10:59 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-03-14 17:47 . 2007-08-20 12:41 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-02-29 14:08 . 2011-12-12 12:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 17:20 . 2000-04-04 10:02 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-26 16:18 . 2008-12-04 20:28 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-26 16:18 . 2011-12-26 16:19 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-19 08:53 . 2000-04-04 10:02 668160 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:53 . 2000-04-04 10:02 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-12-19 08:53 . 2000-04-04 10:02 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:52 . 2000-04-04 10:02 370176 ----a-w- c:\windows\system32\html.iec
2012-02-19 13:17 . 2011-03-24 17:59 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-14_14.18.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-03 16:59 . 2012-03-14 19:38 65536 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-03-11 22:19 . 2012-03-14 19:38 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2012-03-11 22:19 . 2012-03-14 14:18 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-03-14 14:57 . 2012-03-14 19:40 1294336 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"nwiz"="nwiz.exe" [2006-07-20 1519616]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater 3\nsu3ui_agent.exe" [2010-11-26 160048]
"RTHDCPL"="RTHDCPL.EXE" [2011-05-12 20053608]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-10-05 112152]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 98304]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
GamePark klient 2.lnk - c:\program files\GamePark2\gpcl.exe [2012-1-17 409088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GamePark\\GameparkClient.exe"=
"c:\\Program Files\\GamePark\\GamePark.url"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"c:\\Program Files\\Counter-Strike\\hl.exe"=
"c:\\Documents and Settings\\Honzik\\Dokumenty\\Aplikace\\různě hry\\bulanci.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\EA Games\\Battlefield 2\\BF2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\team fortress2\\hl2.exe"=
"c:\\Program Files\\EA SPORTS\\FIFA 07\\fifa07.exe"=
"c:\\Program Files\\EA SPORTS\\NHL07\\nhl2007.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold_Crusader_Extreme.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Activision\\Rome - Total War\\RomeTW.exe"=
"c:\\Documents and Settings\\Honzik\\Data aplikací\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Documents and Settings\\Honzik\\Dokumenty\\Aplikace\\Divoke Kmeny\\DK-LAN-CZ\\DK Lan CZ BETA\\apache\\bin\\apache.exe"=
"c:\\Documents and Settings\\Honzik\\Dokumenty\\Aplikace\\Divoke Kmeny\\DK-LAN-CZ\\DK Lan CZ BETA\\mysql\\bin\\mysqld.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LogMeIn Hamachi\\hamachi-2-ui.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26000:TCP"= 26000:TCP:Gamepark
"26000:UDP"= 26000:UDP:Gamepark
"29999:TCP"= 29999:TCP:Gamepark
"29999:UDP"= 29999:UDP:Gamepark
.
R0 psdrv02;CD Guard Environment Driver (v2);c:\windows\system32\drivers\psdrv02.sys [11.9.2006 13:01 67960]
R0 pssync05;CD Guard Synchronization Driver (v5);c:\windows\system32\drivers\pssync05.sys [3.11.2006 9:24 61312]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.12.2006 19:17 639224]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [1.1.2010 2:12 18544]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [28.2.2012 17:38 1373576]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [18.1.2012 15:09 12184]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [1.1.2010 2:13 2655768]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13.3.2012 22:59 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1.1.2010 2:12 1691480]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13.3.2012 22:59 136176]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [1.1.2010 2:18 24944]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [1.1.2010 2:12 41088]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [17.1.2011 13:13 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [17.1.2011 13:13 8576]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [1.11.2011 21:06 155344]
.
.
------- Doplňkový sken -------
.
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
TCP: DhcpNameServer = 8.8.8.8 192.168.1.1
TCP: Interfaces\{48C3E7D4-42F5-491A-9FF0-BDC622AFD4C2}: NameServer = 8.8.8.8
TCP: Interfaces\{645A233A-9386-4466-8F2B-A73774C6CB09}: NameServer = 8.8.8.8
TCP: Interfaces\{B24B0124-61EE-4332-84B3-732C45BE057C}: NameServer = 8.8.8.8
FF - ProfilePath - c:\documents and settings\Honzik\Data aplikací\Mozilla\Firefox\Profiles\52184y9o.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-avast - c:\program files\AVAST Software\Avast\aswRunDll.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-14 20:38
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
c:\program files\Internet Explorer\iexplore.exe [3960] 0x8AE72DA0
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8B1420AE
\Driver\atapi -> 0x8b141f76
IoDeviceObjectType -> ParseProcedure -> 0x8b14120c
\Device\Harddisk0\DR0 -> ParseProcedure -> 0x8b14120c
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4169299674-1468450816-3153339792-1006\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Documents and Settings\\Honzik\\Dokumenty\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Documents and Settings\\Honzik\\Dokumenty\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Documents and Settings\\Honzik\\Dokumenty\\Sports Interactive\\Football Manager 2010\\"
"HistoryDir"="c:\\Documents and Settings\\Honzik\\Plocha\\FM Genie Scout 10\\History Points"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000058
"GraphStep"=dword:00000001
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009fe8
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000000
"Version"=dword:00000074
"UniqueID"="36-AEB0-E2FF"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(2232)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2012-03-14 20:42:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-14 19:42
ComboFix2.txt 2012-03-14 14:20
ComboFix3.txt 2011-12-26 22:28
.
Před spuštěním: Volných bajtů: 32 612 495 360
Po spuštění: Volných bajtů: 32 616 181 760
.
- - End Of File - - DA819B4E54513552BF095796AFE10D91
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-14 20:44:21
-----------------------------
20:44:21.734 OS Version: Windows 5.1.2600 Service Pack 3
20:44:21.734 Number of processors: 2 586 0x2A07
20:44:21.734 ComputerName: JENIK UserName:
20:44:23.015 Initialize success
20:44:35.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:44:35.093 Disk 0 Vendor: Size: 0MB BusType: 0
20:44:35.109 Device \Driver\atapi -> DriverStartIo 8b1420ae
20:44:35.125 Disk 0 MBR read successfully
20:44:35.125 Disk 0 MBR scan
20:44:35.125 Disk 0 unknown MBR code
20:44:35.125 Disk 0 MBR hidden
20:44:35.140 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305242 MB offset 63
20:44:35.187 Disk 0 scanning C:\WINDOWS\system32\drivers
20:44:42.562 Service scanning
20:44:51.875 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
20:44:54.031 Modules scanning
20:44:59.718 Disk 0 trace - called modules:
20:44:59.718 ntkrnlpa.exe >>UNKNOWN [0x8b141a2e]<<
20:45:00.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b4b1ab8]
20:45:00.062 \Driver\Disk[0x8b560ae0] -> IRP_MJ_READ -> 0x8b141a2e
20:45:00.078 Scan finished successfully
20:45:18.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Honzik\Plocha\MBR.dat"
20:45:18.671 The log file has been saved successfully to "C:\Documents and Settings\Honzik\Plocha\aswMBR.txt"
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3575.2722 [GMT 1:00]
Spuštěný z: c:\documents and settings\Honzik\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Honzik\Plocha\CFScript.txt
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
FILE ::
"c:\windows\avastSS.scr"
"c:\windows\system32\aswBoot.exe"
"c:\windows\system32\drivers\aavmker4.sys"
"c:\windows\system32\drivers\aswFsBlk.sys"
"c:\windows\system32\drivers\aswmon.sys"
"c:\windows\system32\drivers\aswmon2.sys"
"c:\windows\system32\drivers\aswRdr.sys"
"c:\windows\system32\drivers\aswSnx.sys"
"c:\windows\system32\drivers\aswSP.sys"
"c:\windows\system32\drivers\aswTdi.sys"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AVAST Software
c:\program files\AVAST Software\Avast\1029\aswClnTg.htm
c:\program files\AVAST Software\Avast\1029\aswClnTg.txt
c:\program files\AVAST Software\Avast\1029\aswInfTg.htm
c:\program files\AVAST Software\Avast\1029\aswInfTg.txt
c:\program files\AVAST Software\Avast\1029\Avast5_1029.chm
c:\program files\AVAST Software\Avast\1029\Base.dll
c:\program files\AVAST Software\Avast\1029\Boot.dll
c:\program files\AVAST Software\Avast\1029\uiLangRes.dll
c:\program files\AVAST Software\Avast\Aavm4h.dll
c:\program files\AVAST Software\Avast\AavmRpch.dll
c:\program files\AVAST Software\Avast\AhAScr.dll
c:\program files\AVAST Software\Avast\AhResBhv.dll
c:\program files\AVAST Software\Avast\AhResJs.dll
c:\program files\AVAST Software\Avast\AhResMai.dll
c:\program files\AVAST Software\Avast\AhResMes.dll
c:\program files\AVAST Software\Avast\AhResNS.dll
c:\program files\AVAST Software\Avast\AhResP2P.dll
c:\program files\AVAST Software\Avast\AhResStd.dll
c:\program files\AVAST Software\Avast\AhResWS.dll
c:\program files\AVAST Software\Avast\ashBase.dll
c:\program files\AVAST Software\Avast\ashMaiSv.dll
c:\program files\AVAST Software\Avast\ashQuick.exe
c:\program files\AVAST Software\Avast\ashServ.dll
c:\program files\AVAST Software\Avast\ashShell.dll
c:\program files\AVAST Software\Avast\ashTask.dll
c:\program files\AVAST Software\Avast\ashTaskEx.dll
c:\program files\AVAST Software\Avast\ashUpd.exe
c:\program files\AVAST Software\Avast\ashWebSv.dll
c:\program files\AVAST Software\Avast\ashWsFtr.dll
c:\program files\AVAST Software\Avast\asOutExt.dll
c:\program files\AVAST Software\Avast\asOutExt64.dll
c:\program files\AVAST Software\Avast\aswAra.dll
c:\program files\AVAST Software\Avast\aswAux.dll
c:\program files\AVAST Software\Avast\aswCmnBS.dll
c:\program files\AVAST Software\Avast\aswCmnIS.dll
c:\program files\AVAST Software\Avast\aswCmnOS.dll
c:\program files\AVAST Software\Avast\aswData.dll
c:\program files\AVAST Software\Avast\aswDld.dll
c:\program files\AVAST Software\Avast\aswEngLdr.dll
c:\program files\AVAST Software\Avast\aswChLic.exe
c:\program files\AVAST Software\Avast\aswIdle.dll
c:\program files\AVAST Software\Avast\aswJsFlt.dll
c:\program files\AVAST Software\Avast\aswLog.dll
c:\program files\AVAST Software\Avast\aswMonDS.sys
c:\program files\AVAST Software\Avast\aswMonVD.dll
c:\program files\AVAST Software\Avast\aswOtl.dll
c:\program files\AVAST Software\Avast\aswOtl64.dll
c:\program files\AVAST Software\Avast\aswProperty.dll
c:\program files\AVAST Software\Avast\aswRegSvr.exe
c:\program files\AVAST Software\Avast\aswRunDll.exe
c:\program files\AVAST Software\Avast\aswSqLt.dll
c:\program files\AVAST Software\Avast\aswStrm.dll
c:\program files\AVAST Software\Avast\aswUtil.dll
c:\program files\AVAST Software\Avast\aswWebRepIE.dll
c:\program files\AVAST Software\Avast\avastSS.dll
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\AVAST Software\Avast\AvastUI.exe
c:\program files\AVAST Software\Avast\AvSSHook.dll
c:\program files\AVAST Software\Avast\CommonRes.dll
c:\program files\AVAST Software\Avast\defs\12031401\acshort.map
c:\program files\AVAST Software\Avast\defs\12031401\algo.dll
c:\program files\AVAST Software\Avast\defs\12031401\ArPot.dll
c:\program files\AVAST Software\Avast\defs\12031401\aswAR.dll
c:\program files\AVAST Software\Avast\defs\12031401\aswBoot.dll
c:\program files\AVAST Software\Avast\defs\12031401\aswCleanerDLL.dll
c:\program files\AVAST Software\Avast\defs\12031401\aswCmnBS.dll
c:\program files\AVAST Software\Avast\defs\12031401\aswCmnIS.dll
c:\program files\AVAST Software\Avast\defs\12031401\aswCmnOS.dll
c:\program files\AVAST Software\Avast\defs\12031401\aswEngin.dll
c:\program files\AVAST Software\Avast\defs\12031401\aswFiDb.dll
c:\program files\AVAST Software\Avast\defs\12031401\aswRawFS.dll
c:\program files\AVAST Software\Avast\defs\12031401\aswRep.dll
c:\program files\AVAST Software\Avast\defs\12031401\aswScan.dll
c:\program files\AVAST Software\Avast\defs\12031401\certs.map
c:\program files\AVAST Software\Avast\defs\12031401\db_dex.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_dex.map
c:\program files\AVAST Software\Avast\defs\12031401\db_dyna.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_dyna.map
c:\program files\AVAST Software\Avast\defs\12031401\db_el.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_elf.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_elf.map
c:\program files\AVAST Software\Avast\defs\12031401\db_elfa.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_elfa.map
c:\program files\AVAST Software\Avast\defs\12031401\db_java.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_java.map
c:\program files\AVAST Software\Avast\defs\12031401\db_js.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_js.map
c:\program files\AVAST Software\Avast\defs\12031401\db_mx4.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_mx4.map
c:\program files\AVAST Software\Avast\defs\12031401\db_mx95.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_mx95.map
c:\program files\AVAST Software\Avast\defs\12031401\db_o7.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_o7.map
c:\program files\AVAST Software\Avast\defs\12031401\db_ob.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_pe2.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_pe3.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_swf.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_swf.map
c:\program files\AVAST Software\Avast\defs\12031401\db_tx.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_u.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_w6.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_w6.map
c:\program files\AVAST Software\Avast\defs\12031401\db_wh2.dat
c:\program files\AVAST Software\Avast\defs\12031401\db_xtn.map
c:\program files\AVAST Software\Avast\defs\12031401\def.ini
c:\program files\AVAST Software\Avast\defs\12031401\dllcc.dat
c:\program files\AVAST Software\Avast\defs\12031401\exts.dll
c:\program files\AVAST Software\Avast\defs\12031401\fwAux.dll
c:\program files\AVAST Software\Avast\defs\12031401\l_idx.map
c:\program files\AVAST Software\Avast\defs\12031401\l_nmp.map
c:\program files\AVAST Software\Avast\defs\12031401\list_d.txt
c:\program files\AVAST Software\Avast\defs\12031401\list_i.txt
c:\program files\AVAST Software\Avast\defs\12031401\lshe3.map
c:\program files\AVAST Software\Avast\defs\12031401\s_idx.map
c:\program files\AVAST Software\Avast\defs\12031401\s_nmp.map
c:\program files\AVAST Software\Avast\defs\12031401\Sf.bin
c:\program files\AVAST Software\Avast\defs\12031401\Sf1.bin
c:\program files\AVAST Software\Avast\defs\12031401\sl_idx.map
c:\program files\AVAST Software\Avast\defs\12031401\sl_nmp.map
c:\program files\AVAST Software\Avast\defs\12031401\uiext.dll
c:\program files\AVAST Software\Avast\defs\12031401\whitelist.db
c:\program files\AVAST Software\Avast\defs\12031401_stream\pkg1203140100000000.bin
c:\program files\AVAST Software\Avast\defs\12031401_stream\pkg1203140100000001.bin
c:\program files\AVAST Software\Avast\defs\aswdefs.ini
c:\program files\AVAST Software\Avast\flash\amcharts_key.txt
c:\program files\AVAST Software\Avast\flash\amline.swf
c:\program files\AVAST Software\Avast\flash\ammap\ammap.swf
c:\program files\AVAST Software\Avast\flash\ammap\ammap_key.txt
c:\program files\AVAST Software\Avast\flash\ammap\ammap_settings_summary.xml
c:\program files\AVAST Software\Avast\flash\ammap\ammap_settings_tracert.xml
c:\program files\AVAST Software\Avast\flash\ammap\empty_map.xml
c:\program files\AVAST Software\Avast\flash\ammap\icons\arrow.swf
c:\program files\AVAST Software\Avast\flash\ammap\icons\bubble.swf
c:\program files\AVAST Software\Avast\flash\ammap\icons\cross.swf
c:\program files\AVAST Software\Avast\flash\ammap\icons\flag.swf
c:\program files\AVAST Software\Avast\flash\ammap\icons\pin.swf
c:\program files\AVAST Software\Avast\flash\ammap\icons\zoom_out.swf
c:\program files\AVAST Software\Avast\flash\ammap\maps\world.swf
c:\program files\AVAST Software\Avast\License\EULA_Avast_Free.txt
c:\program files\AVAST Software\Avast\screenhooks32.dll
c:\program files\AVAST Software\Avast\Setup\ais_core-49a.vpx
c:\program files\AVAST Software\Avast\Setup\ais_dll_cze-4c6.vpx
c:\program files\AVAST Software\Avast\Setup\ais_res-3e0.vpx
c:\program files\AVAST Software\Avast\Setup\Components.ini
c:\program files\AVAST Software\Avast\Setup\history.ini
c:\program files\AVAST Software\Avast\Setup\chrome-2.vpx
c:\program files\AVAST Software\Avast\Setup\INF\Aavmker4.sys
c:\program files\AVAST Software\Avast\Setup\INF\aswFsBlk.sys
c:\program files\AVAST Software\Avast\Setup\INF\aswKbd.sys
c:\program files\AVAST Software\Avast\Setup\INF\aswMon.sys
c:\program files\AVAST Software\Avast\Setup\INF\aswMon2.sys
c:\program files\AVAST Software\Avast\Setup\INF\aswMonFlt.sys
c:\program files\AVAST Software\Avast\Setup\INF\AswRdr.sys
c:\program files\AVAST Software\Avast\Setup\INF\AswRdr2.sys
c:\program files\AVAST Software\Avast\Setup\INF\aswSnx.sys
c:\program files\AVAST Software\Avast\Setup\INF\aswSP.sys
c:\program files\AVAST Software\Avast\Setup\INF\AswTdi.sys
c:\program files\AVAST Software\Avast\Setup\jrog-a7.vpx
c:\program files\AVAST Software\Avast\Setup\jrog2-460.vpx
c:\program files\AVAST Software\Avast\Setup\part-jrog-a7.vpx
c:\program files\AVAST Software\Avast\Setup\part-jrog2-460.vpx
c:\program files\AVAST Software\Avast\Setup\part-prg_ais-592.vpx
c:\program files\AVAST Software\Avast\Setup\part-setup_ais-592.vpx
c:\program files\AVAST Software\Avast\Setup\part-vps_win32-12031401.vpx
c:\program files\AVAST Software\Avast\Setup\prod-ais.vpx
c:\program files\AVAST Software\Avast\Setup\servers.def
c:\program files\AVAST Software\Avast\Setup\servers.def.lkg
c:\program files\AVAST Software\Avast\Setup\servers.def.vpx
c:\program files\AVAST Software\Avast\Setup\setif_ais-592.vpx
c:\program files\AVAST Software\Avast\Setup\setiface.dll
c:\program files\AVAST Software\Avast\Setup\setiface.ovr
c:\program files\AVAST Software\Avast\Setup\settings.ori
c:\program files\AVAST Software\Avast\Setup\setup.ini
c:\program files\AVAST Software\Avast\Setup\setup.log
c:\program files\AVAST Software\Avast\Setup\setup.ovr
c:\program files\AVAST Software\Avast\Setup\setup_ais-592.vpx
c:\program files\AVAST Software\Avast\Setup\Sfx\avast.setup
c:\program files\AVAST Software\Avast\Setup\summary.txt
c:\program files\AVAST Software\Avast\Setup\vps_32-74f.vpx
c:\program files\AVAST Software\Avast\Setup\vps_win32-763.vpx
c:\program files\AVAST Software\Avast\Setup\winsys-5.vpx
c:\program files\AVAST Software\Avast\sched.exe
c:\program files\AVAST Software\Avast\snxhk.dll
c:\program files\AVAST Software\Avast\VisthAux.exe
c:\program files\AVAST Software\Avast\WebRep\FF\content\about.xul
c:\program files\AVAST Software\Avast\WebRep\FF\content\dateFormat.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\install.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\log.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\overlay.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\overlay.xul
c:\program files\AVAST Software\Avast\WebRep\FF\content\pbj.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\protobuf.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\query.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\ratings.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\rules.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\wrc_gpb.js
c:\program files\AVAST Software\Avast\WebRep\FF\defaults\preferences\pref.js
c:\program files\AVAST Software\Avast\WebRep\FF\dump.html
c:\program files\AVAST Software\Avast\WebRep\FF\chrome.manifest
c:\program files\AVAST Software\Avast\WebRep\FF\install.rdf
c:\program files\AVAST Software\Avast\WebRep\FF\locale\ar-SA\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\ar-SA\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\be-BY\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\be-BY\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\bg-BG\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\bg-BG\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\ca-ES\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\ca-ES\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\cs-CZ\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\cs-CZ\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\da-DK\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\da-DK\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\de-DE\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\de-DE\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\el-GR\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\el-GR\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\en-GB\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\en-GB\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\en-US\about.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\en-US\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\en-US\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\es-ES\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\es-ES\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\et-EE\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\et-EE\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\fi-FI\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\fi-FI\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\fr-FR\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\fr-FR\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\he-IL\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\he-IL\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\hr-HR\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\hr-HR\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\hu-HU\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\hu-HU\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\id-ID\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\id-ID\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\it-IT\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\it-IT\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\ja-JP\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\ja-JP\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\ko-KR\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\ko-KR\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\nb-NO\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\nb-NO\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\nl-NL\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\nl-NL\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\pl-PL\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\pl-PL\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\pt-BR\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\pt-BR\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\pt-PT\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\pt-PT\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\ro-RO\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\ro-RO\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\ru-RU\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\ru-RU\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\sk-SK\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\sk-SK\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\sl-SI\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\sl-SI\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\sv-SE\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\sv-SE\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\th-TH\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\th-TH\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\tr-TR\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\tr-TR\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\uk-UA\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\uk-UA\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\ur-PK\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\ur-PK\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\vi-VN\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\vi-VN\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\zh-CN\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\zh-CN\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\locale\zh-TW\wrc.dtd
c:\program files\AVAST Software\Avast\WebRep\FF\locale\zh-TW\wrc.properties
c:\program files\AVAST Software\Avast\WebRep\FF\skin\background-body.jpg
c:\program files\AVAST Software\Avast\WebRep\FF\skin\close.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 16x16px\green1-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 16x16px\green2-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 16x16px\green3-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 16x16px\grey0-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 16x16px\grey3-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 16x16px\orange1-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 16x16px\orange2-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 16x16px\orange3-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 16x16px\red1-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 16x16px\red2-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 16x16px\red3-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 16x16px\yellow1-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 16x16px\yellow2-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 16x16px\yellow3-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 24x24px\green1-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 24x24px\green2-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 24x24px\green3-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 24x24px\grey0-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 24x24px\grey3-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 24x24px\orange1-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 24x24px\orange2-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 24x24px\orange3-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 24x24px\red1-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 24x24px\red2-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 24x24px\red3-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 24x24px\yellow1-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 24x24px\yellow2-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\ico 24x24px\yellow3-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\close.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\green1.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\green2.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\green3.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\grey.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\check-priority.jp
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\check-priority.jpg
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\orange1.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\orange2.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\orange3.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\red1.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\red2.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\red3.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\shop-icon-big.jp
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\shop-icon-big.jpg
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\shop-icon-small.jp
c:\program files\AVAST Software\Avast\WebRep\FF\skin\icons\shop-icon-small.jpg
c:\program files\AVAST Software\Avast\WebRep\FF\skin\logo.jpg
c:\program files\AVAST Software\Avast\WebRep\FF\skin\overlay.css
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\background-body.jpg
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\background-body.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\background-header.jpg
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\background-right-bottom.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\background-right-top.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\background-right.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\bg-window.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\Button-1.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\button-middle.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\close-hover.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\close.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\corner-left-bottom.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\corner-left-top.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\corner-right-bottom.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\corner-right-top.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\corporate-small-disable.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\corporate-small-selected.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\corporate.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\drugs-small-disable.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\drugs-small-selected.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\drugs.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\gambling-small-disable.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\gambling-small-selected.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\gambling.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\green-1.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\green-2.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\green-3.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\green-hover.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\green-selected.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\green.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\green1-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\green1-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\green1-small.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\green2-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\green2-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\green2-small.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\green3-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\green3-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\green3-small.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\grey-0.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\grey-3.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\grey-small.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\grey0-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\grey0-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\grey3-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\grey3-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\horizontal-line-white.jpg
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\horizontal-line.jpg
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\icon_incorrect.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\illegal-small-disable.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\illegal-small-selected.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\illegal.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\it-small-disable.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\it-small-selected.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\it.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\kenny.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\limet-hover.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\limet-selected.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\limet.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\line-dark-horizontal.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\line-light-horizontal.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\logo.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\news-small-disable.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\news-small-selected.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\news.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\orange-hover.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\orange-selected.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\orange.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\pornography-small-disable.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\pornography-small-selected.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\pornography.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\red-1-108.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\red-1.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\red-2.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\red-3.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\red-hover.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\red-selected.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\red.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\red1-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\red1-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\red1-small.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\red2-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\red2-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\red2-small.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\red3-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\red3-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\red3-small.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\shopping-small-disable.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\shopping-small-selected.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\shopping.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\social-small-disable.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\social-small-selected.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\social.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\vertical-line.jpg
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\violence-small-disable.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\violence-small-selected.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\violence.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\Warning.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\window-wrc.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\yellow-1.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\yellow-2.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\yellow-3.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\yellow-hover.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\yellow-selected.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\yellow.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\yellow1-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\yellow1-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\yellow1-small.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\yellow2-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\yellow2-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\yellow2-small.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\yellow3-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\yellow3-24.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\png\yellow3-small.png
c:\program files\AVAST Software\Avast\WebRep\FF\skin\wrc ico 16x16px a 24x24px.zip
c:\program files\AVAST Software\Avast\WebRep\FF\test.html
c:\program files\AVAST Software\Avast\WebRep\Chrome\AswWebRepChrome.crx
c:\program files\AVAST Software\Avast\WebRep\Chrome\AswWebRepChrome.ver
c:\program files\AVAST Software\Avast\WebRep\Safari\wrc.safariextz
c:\windows\avastSS.scr
c:\windows\system32\aswBoot.exe
c:\windows\system32\drivers\aavmker4.sys
c:\windows\system32\drivers\aswFsBlk.sys
c:\windows\system32\drivers\aswmon.sys
c:\windows\system32\drivers\aswmon2.sys
c:\windows\system32\drivers\aswRdr.sys
c:\windows\system32\drivers\aswSnx.sys
c:\windows\system32\drivers\aswSP.sys
c:\windows\system32\drivers\aswTdi.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ASWFSBLK
-------\Legacy_ASWSNX
-------\Legacy_ASWSP
-------\Service_AppleChargerSrv
-------\Service_aswFsBlk
-------\Service_aswSnx
-------\Service_aswSP
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-14 do 2012-03-14 )))))))))))))))))))))))))))))))
.
.
2012-03-14 14:06 . 2012-03-14 14:06 -------- d-----w- C:\avast! sandbox
2012-03-13 22:04 . 2012-03-13 22:04 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Google
2012-03-13 21:59 . 2012-03-13 22:01 -------- d-----w- c:\program files\Google
2012-03-13 21:59 . 2012-03-13 21:59 -------- d-----w- c:\documents and settings\Honzik\Local Settings\Data aplikací\Google
2012-03-12 20:29 . 2012-03-12 20:29 -------- d-----w- c:\documents and settings\Honzik\Local Settings\Data aplikací\Skyrim
2012-03-12 20:14 . 2012-03-12 20:35 -------- d-----w- c:\program files\The Elder Scrolls V Skyrim
2012-03-12 19:55 . 2012-03-12 19:55 -------- d-----w- c:\program files\Common Files\Steam
2012-03-12 19:55 . 2012-03-12 19:55 -------- d-----w- c:\documents and settings\All Users\Nabdka Start
2012-03-12 13:51 . 2012-03-14 14:57 -------- d-----w- c:\program files\WhoCrashed
2012-03-09 22:06 . 2012-03-09 22:06 -------- d-----w- c:\program files\NVIDIA Corporation
2012-03-09 22:03 . 2012-03-09 22:03 -------- d-----w- c:\documents and settings\Honzik\Local Settings\Data aplikací\2K Games
2012-03-09 21:48 . 2012-03-09 21:48 -------- d-----w- c:\program files\2K Games
2012-03-07 22:05 . 2012-03-13 22:19 -------- d-----w- c:\documents and settings\Honzik\Data aplikací\mIRC
2012-03-07 22:05 . 2012-03-13 22:09 -------- d-----w- c:\program files\mIRC
2012-02-29 14:07 . 2012-02-29 14:07 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-02-26 14:16 . 2012-02-26 14:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Ubisoft
2012-02-22 14:30 . 2012-02-22 14:30 -------- d-----w- c:\documents and settings\Honzik\Local Settings\Data aplikací\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 17:48 . 2007-08-20 12:41 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-03-14 17:47 . 2009-09-26 10:59 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-03-14 17:47 . 2007-08-20 12:41 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-02-29 14:08 . 2011-12-12 12:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 17:20 . 2000-04-04 10:02 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-26 16:18 . 2008-12-04 20:28 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-26 16:18 . 2011-12-26 16:19 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-19 08:53 . 2000-04-04 10:02 668160 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:53 . 2000-04-04 10:02 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-12-19 08:53 . 2000-04-04 10:02 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:52 . 2000-04-04 10:02 370176 ----a-w- c:\windows\system32\html.iec
2012-02-19 13:17 . 2011-03-24 17:59 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-14_14.18.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-03 16:59 . 2012-03-14 19:38 65536 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-03-11 22:19 . 2012-03-14 19:38 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2012-03-11 22:19 . 2012-03-14 14:18 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-03-14 14:57 . 2012-03-14 19:40 1294336 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"nwiz"="nwiz.exe" [2006-07-20 1519616]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater 3\nsu3ui_agent.exe" [2010-11-26 160048]
"RTHDCPL"="RTHDCPL.EXE" [2011-05-12 20053608]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-10-05 112152]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 98304]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
GamePark klient 2.lnk - c:\program files\GamePark2\gpcl.exe [2012-1-17 409088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GamePark\\GameparkClient.exe"=
"c:\\Program Files\\GamePark\\GamePark.url"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"c:\\Program Files\\Counter-Strike\\hl.exe"=
"c:\\Documents and Settings\\Honzik\\Dokumenty\\Aplikace\\různě hry\\bulanci.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\EA Games\\Battlefield 2\\BF2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\team fortress2\\hl2.exe"=
"c:\\Program Files\\EA SPORTS\\FIFA 07\\fifa07.exe"=
"c:\\Program Files\\EA SPORTS\\NHL07\\nhl2007.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold_Crusader_Extreme.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Activision\\Rome - Total War\\RomeTW.exe"=
"c:\\Documents and Settings\\Honzik\\Data aplikací\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Documents and Settings\\Honzik\\Dokumenty\\Aplikace\\Divoke Kmeny\\DK-LAN-CZ\\DK Lan CZ BETA\\apache\\bin\\apache.exe"=
"c:\\Documents and Settings\\Honzik\\Dokumenty\\Aplikace\\Divoke Kmeny\\DK-LAN-CZ\\DK Lan CZ BETA\\mysql\\bin\\mysqld.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LogMeIn Hamachi\\hamachi-2-ui.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26000:TCP"= 26000:TCP:Gamepark
"26000:UDP"= 26000:UDP:Gamepark
"29999:TCP"= 29999:TCP:Gamepark
"29999:UDP"= 29999:UDP:Gamepark
.
R0 psdrv02;CD Guard Environment Driver (v2);c:\windows\system32\drivers\psdrv02.sys [11.9.2006 13:01 67960]
R0 pssync05;CD Guard Synchronization Driver (v5);c:\windows\system32\drivers\pssync05.sys [3.11.2006 9:24 61312]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.12.2006 19:17 639224]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [1.1.2010 2:12 18544]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [28.2.2012 17:38 1373576]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [18.1.2012 15:09 12184]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [1.1.2010 2:13 2655768]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13.3.2012 22:59 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1.1.2010 2:12 1691480]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13.3.2012 22:59 136176]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [1.1.2010 2:18 24944]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [1.1.2010 2:12 41088]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [17.1.2011 13:13 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [17.1.2011 13:13 8576]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [1.11.2011 21:06 155344]
.
.
------- Doplňkový sken -------
.
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
TCP: DhcpNameServer = 8.8.8.8 192.168.1.1
TCP: Interfaces\{48C3E7D4-42F5-491A-9FF0-BDC622AFD4C2}: NameServer = 8.8.8.8
TCP: Interfaces\{645A233A-9386-4466-8F2B-A73774C6CB09}: NameServer = 8.8.8.8
TCP: Interfaces\{B24B0124-61EE-4332-84B3-732C45BE057C}: NameServer = 8.8.8.8
FF - ProfilePath - c:\documents and settings\Honzik\Data aplikací\Mozilla\Firefox\Profiles\52184y9o.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-avast - c:\program files\AVAST Software\Avast\aswRunDll.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-14 20:38
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
c:\program files\Internet Explorer\iexplore.exe [3960] 0x8AE72DA0
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8B1420AE
\Driver\atapi -> 0x8b141f76
IoDeviceObjectType -> ParseProcedure -> 0x8b14120c
\Device\Harddisk0\DR0 -> ParseProcedure -> 0x8b14120c
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4169299674-1468450816-3153339792-1006\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Documents and Settings\\Honzik\\Dokumenty\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Documents and Settings\\Honzik\\Dokumenty\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Documents and Settings\\Honzik\\Dokumenty\\Sports Interactive\\Football Manager 2010\\"
"HistoryDir"="c:\\Documents and Settings\\Honzik\\Plocha\\FM Genie Scout 10\\History Points"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000058
"GraphStep"=dword:00000001
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009fe8
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000000
"Version"=dword:00000074
"UniqueID"="36-AEB0-E2FF"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(2232)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2012-03-14 20:42:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-14 19:42
ComboFix2.txt 2012-03-14 14:20
ComboFix3.txt 2011-12-26 22:28
.
Před spuštěním: Volných bajtů: 32 612 495 360
Po spuštění: Volných bajtů: 32 616 181 760
.
- - End Of File - - DA819B4E54513552BF095796AFE10D91
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-14 20:44:21
-----------------------------
20:44:21.734 OS Version: Windows 5.1.2600 Service Pack 3
20:44:21.734 Number of processors: 2 586 0x2A07
20:44:21.734 ComputerName: JENIK UserName:
20:44:23.015 Initialize success
20:44:35.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:44:35.093 Disk 0 Vendor: Size: 0MB BusType: 0
20:44:35.109 Device \Driver\atapi -> DriverStartIo 8b1420ae
20:44:35.125 Disk 0 MBR read successfully
20:44:35.125 Disk 0 MBR scan
20:44:35.125 Disk 0 unknown MBR code
20:44:35.125 Disk 0 MBR hidden
20:44:35.140 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305242 MB offset 63
20:44:35.187 Disk 0 scanning C:\WINDOWS\system32\drivers
20:44:42.562 Service scanning
20:44:51.875 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
20:44:54.031 Modules scanning
20:44:59.718 Disk 0 trace - called modules:
20:44:59.718 ntkrnlpa.exe >>UNKNOWN [0x8b141a2e]<<
20:45:00.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b4b1ab8]
20:45:00.062 \Driver\Disk[0x8b560ae0] -> IRP_MJ_READ -> 0x8b141a2e
20:45:00.078 Scan finished successfully
20:45:18.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Honzik\Plocha\MBR.dat"
20:45:18.671 The log file has been saved successfully to "C:\Documents and Settings\Honzik\Plocha\aswMBR.txt"
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: HJT - modra obrazovka
Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 117 hostů