PC-HELP.CZ

České diskuzní fórum o počítačích
https://pc-help.cnews.cz/

Prosím o Kontrolku logu

https://pc-help.cnews.cz/viewtopic.php?f=70&t=35448

Stránka 1 z 3

Prosím o Kontrolku logu

Napsal: 10 led 2009 19:42
od RicoCZE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:38:41, on 10.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\qttask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\All Users\Data aplikací\SearchIn1Step\searchin1168.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SearchIn1Step\searchin1.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qip.ru
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\4652\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: speedapps Toolbar - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - C:\Program Files\speedapps\tbspee.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: speedapps Toolbar - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - C:\Program Files\speedapps\tbspee.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RocketDock] "D:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-682003330-1060284298-725345543-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-682003330-1060284298-725345543-1004\..\Run: [RocketDock] "D:\Program Files\RocketDock\RocketDock.exe" (User '?')
O4 - HKUS\S-1-5-21-682003330-1060284298-725345543-1004\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun (User '?')
O4 - HKUS\S-1-5-21-682003330-1060284298-725345543-1004\..\Run: [fsm] (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{52FB17E9-AF75-47A1-90B4-6C2C25A73E3E}: NameServer = 77.48.95.1,77.48.95.5
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SearchIn1Step Service - Unknown owner - C:\Documents and Settings\All Users\Data aplikací\SearchIn1Step\searchin1168.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 8752 bytes






doufám že tam nemam nic špatného

Re: Prosím o Kontrolku logu

Napsal: 11 led 2009 08:13
od jaro3
Odinstaluj: C:\Program Files\SearchIn1Step
Vypni rez. ochranu u Avastu.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Re: Prosím o Kontrolku logu

Napsal: 11 led 2009 10:19
od RicoCZE
Ok, ale já jsem už jednou ComboFix měl a mě to vymazalo internet, jako ICQ mi šlo ale nešel mi prohlizeč ani když jsem reinstaloval prohližeč, tak já to když tak znovu nastavím ale proč mi to smazalo ?

Re: Prosím o Kontrolku logu

Napsal: 11 led 2009 10:57
od jaro3
Těžko říct , nekdy se to stane, v tom případně budeš muset nastavit znovu.

Re: Prosím o Kontrolku logu

Napsal: 11 led 2009 20:49
od RicoCZE
Log z ComboFix :


ComboFix 09-01-10.03 - Rico 2009-01-11 20:42:28.5 - NTFSx86
Spuštěný z: c:\documents and settings\Rico\Plocha\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\msrdo20.dll
c:\windows\system32\rdocurs.dll
c:\windows\system32\sysmwwod.dll
D:\resycled

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-12-11 do 2009-01-11 )))))))))))))))))))))))))))))))
.

2009-01-11 20:27 . 2009-01-11 20:27 <DIR> d-------- c:\windows\LastGood
2009-01-11 20:26 . 2009-01-11 20:26 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Sony Ericsson
2009-01-10 15:16 . 2009-01-10 15:17 <DIR> d-------- C:\Downloads
2009-01-10 13:02 . 2009-01-10 13:03 <DIR> d-------- c:\program files\Native Instruments
2009-01-06 21:05 . 2009-01-06 21:05 <DIR> d-------- c:\program files\Smart WAV Converter
2009-01-06 20:52 . 2009-01-06 20:55 <DIR> d-------- c:\program files\ACE-HIGH MP3 WAV WMA OGG Converter
2009-01-06 20:52 . 2002-11-13 11:14 1,703,936 --a------ c:\windows\system32\NCTAudioFile.dll
2009-01-06 20:52 . 2002-11-06 15:12 360,448 --a------ c:\windows\system32\NCTWMAFile.dll
2009-01-06 20:52 . 2001-08-08 21:00 40,960 --a------ c:\windows\system32\DGPNorm.ocx
2009-01-06 15:45 . 2009-01-06 15:45 <DIR> d-------- c:\documents and settings\LocalService\Plocha
2009-01-04 18:05 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2009-01-04 18:05 . 2009-01-04 18:05 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-01-04 18:05 . 2009-01-04 18:05 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-01-04 17:57 . 2009-01-04 17:57 1,107,296 --a------ c:\windows\system32\WdfCoInstaller01007.dll
2009-01-04 17:57 . 2009-01-04 17:57 22,368 --a------ c:\windows\system32\drivers\ggsemc.sys
2009-01-04 17:57 . 2009-01-04 17:57 10,976 --a------ c:\windows\system32\drivers\ggflt.sys
2009-01-03 16:47 . 2009-01-03 16:47 603,904 --a------ c:\windows\system32\TUProgSt.exe
2009-01-03 16:47 . 2009-01-03 16:47 360,192 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-01-03 16:47 . 2008-12-11 13:31 27,904 --a------ c:\windows\system32\uxtuneup.dll
2009-01-03 16:45 . 2009-01-03 16:51 <DIR> d-------- c:\program files\TuneUp Utilities 2009
2009-01-03 16:42 . 2009-01-03 16:42 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\TuneUp Software
2009-01-03 16:42 . 2009-01-03 16:42 <DIR> d--hs---- c:\documents and settings\All Users\Data aplikací\{55A29068-F2CE-456C-9148-C869879E2357}
2008-12-25 19:43 . 2008-12-30 15:53 <DIR> d-------- c:\documents and settings\Rico\Data aplikací\uTorrent
2008-12-23 12:10 . 2008-12-23 12:10 <DIR> d-------- c:\program files\ICQ6Toolbar
2008-12-23 12:10 . 2008-12-23 12:10 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ICQ
2008-12-22 14:23 . 2008-12-22 14:23 <DIR> d-------- c:\documents and settings\Rico\Data aplikací\Panasonic
2008-12-21 09:01 . 2008-12-21 09:01 <DIR> d-------- c:\program files\QTComponents
2008-12-21 08:56 . 2005-03-07 19:44 45,056 --a------ c:\windows\system32\PhDi2.sys
2008-12-21 08:55 . 2008-12-21 08:55 <DIR> d-------- c:\program files\Panasonic
2008-12-21 08:54 . 2008-12-21 08:54 <DIR> d-------- c:\program files\Common Files\ArcSoft
2008-12-21 08:54 . 2004-05-04 11:53 1,645,320 --a------ c:\windows\system32\gdiplus.dll
2008-12-21 08:54 . 2004-03-10 01:59 143,360 --a------ c:\windows\system32\PhotoBase Screen Saver.scr
2008-12-21 08:54 . 2003-09-19 16:45 21,248 --a------ c:\windows\system32\drivers\pfc.sys
2008-12-21 08:53 . 1995-07-31 12:44 212,480 --a------ c:\windows\PCDLIB32.DLL
2008-12-13 20:03 . 2008-12-13 20:03 12 --a------ c:\windows\FrieStrk3.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 19:30 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-11 09:47 --------- d-----w c:\documents and settings\Rico\Data aplikací\HLSW
2009-01-10 14:30 --------- d-----w c:\documents and settings\Rico\Data aplikací\ICQ
2009-01-03 12:00 --------- d-----w c:\documents and settings\Rico\Data aplikací\Hamachi
2009-01-02 17:39 --------- d-----w c:\program files\Ryso HandyLook
2008-12-23 11:09 --------- d-----w c:\program files\ICQ6
2008-12-21 08:01 --------- d-----w c:\program files\Plugins
2008-12-19 14:25 --------- d-----w c:\documents and settings\Rico\Data aplikací\FileZilla
2008-12-09 19:40 --------- d-----w c:\program files\WM Converter
2008-12-09 05:58 --------- d-----w c:\program files\Nokia
2008-12-01 11:48 --------- d-----w c:\documents and settings\Rico\Data aplikací\teamspeak2
2008-11-27 15:50 --------- d-----w c:\program files\FreeUndelete
2008-11-18 20:59 --------- d-----w c:\documents and settings\Ladislava\Data aplikací\PC Suite
2008-11-18 14:16 --------- d-----w c:\program files\AskBardis
2008-11-16 17:14 --------- d-----w c:\documents and settings\LocalService\Data aplikací\PC Suite
2008-11-16 17:12 --------- d-----w c:\program files\Common Files\PCSuite
2008-11-16 17:12 --------- d-----w c:\program files\Common Files\Nokia
2008-11-16 15:28 27,904 ----a-w c:\windows\system32\drivers\ndisprot.sys
2008-11-14 22:28 --------- d-----w c:\program files\Art-D
2008-11-14 22:11 16,094,505 ----a-w c:\windows\system32\Art-D Grafický ateliér Černý s. r. o._Book-Maker_uninstaller.exe
2008-11-14 21:49 --------- d-----w c:\program files\TiskProRadost
2008-11-14 21:43 10,127,591 ----a-w c:\windows\system32\TiskProRadost_AlbumMaker_uninstaller.exe
2008-11-11 19:56 --------- d-----w c:\program files\speedapps
2008-11-11 19:56 --------- d-----w c:\program files\Free DVD To MP3
2008-11-11 19:56 --------- d-----w c:\program files\Conduit
2008-03-10 18:42 1,729 ----a-w c:\program files\Adobe Reader 8.lnk
2008-03-10 18:38 23,454,528 ----a-w c:\program files\AdbeRdr812_en_US.exe
2006-09-01 16:26 562,760 ----a-w c:\program files\QTPlugin.ocx
2006-09-01 16:26 5,580,360 ----a-w c:\program files\QuickTimePlayer.exe
2006-09-01 15:46 712,704 ----a-w c:\program files\QTOControl.dll
2006-09-01 15:46 675,840 ----a-w c:\program files\QTOLibrary.dll
2006-09-01 15:46 598,016 ----a-w c:\program files\QTInfo.exe
2006-09-01 15:45 303,104 ----a-w c:\program files\QTUIPanelControl.dll
2006-09-01 15:16 483,328 ----a-w c:\program files\PictureViewer.exe
2006-09-01 14:57 282,624 ----a-w c:\program files\qttask.exe
2006-08-03 14:51 8,161 ----a-w c:\program files\QuickTime Read Me.htm
2005-09-27 11:13 55,622 ----a-w c:\program files\Sample.mov
2005-09-27 11:13 18,663 ----a-w c:\program files\Sample.qtif
.

((((((((((((((((((((((((((((( snapshot@2008-11-16_19.38.23.87 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-12 15:44:18 17,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\authuitu_x86.dll
+ 2008-11-20 15:28:16 163,584 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\DiskDoctor.exe
+ 2008-11-20 15:28:16 463,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\DiskExplorer.exe
+ 2008-11-20 15:28:18 221,952 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\DriveDefrag.exe
+ 2008-11-12 15:44:08 25,856 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\DseShExtx86.dll
+ 2008-11-20 15:28:48 155,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\MemOptimizer.exe
+ 2008-11-20 15:28:48 593,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\OneClick.exe
+ 2008-11-20 15:28:50 42,752 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\OneClickStarter.exe
+ 2008-11-20 15:28:50 38,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\PMLauncher.exe
+ 2008-11-20 15:28:52 397,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\ProcessManager.exe
+ 2008-11-20 15:28:12 272,952 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\ProductInfo.dat
+ 2008-11-20 15:28:54 504,576 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\RegistryCleaner.exe
+ 2008-11-20 15:28:54 160,000 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\RegistryDefrag.exe
+ 2008-11-20 15:28:56 16,640 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\RegistryDefragHelper.exe
+ 2008-11-20 15:28:56 327,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\RegistryEditor.exe
+ 2008-11-20 15:28:58 85,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\RegWiz.exe
+ 2008-11-20 15:29:00 166,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\RepairWizard.exe
+ 2008-11-20 15:29:00 197,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\RescueCenter.exe
+ 2008-11-12 15:44:20 27,392 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\SDShelEx86.dll
+ 2008-11-20 15:29:02 227,072 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\ShortcutCleaner.exe
+ 2008-11-20 15:29:14 173,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\Shredder.exe
+ 2008-11-20 15:30:12 921,344 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\SilentUpdater.exe
+ 2008-11-20 15:30:14 1,182,464 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\SpeedOptimizer.exe
+ 2008-11-20 15:30:28 352,000 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\StartUpManager.exe
+ 2008-11-20 15:30:28 129,280 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\SystemControl.exe
+ 2008-11-20 15:30:30 341,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\SystemInformation.exe
+ 2008-11-12 15:44:12 887,552 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\TUDefragService.dll
+ 2008-11-20 15:30:32 57,600 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\TUInstallHelper.exe
+ 2008-11-20 15:30:32 15,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\TUMessages.exe
+ 2008-11-20 15:30:34 11,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\tux64thk.exe
+ 2008-11-20 15:30:34 238,336 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\Undelete.exe
+ 2008-11-20 15:30:36 280,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\UninstallManager.exe
+ 2008-11-20 15:30:38 218,880 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\UpdateWizard.exe
+ 2008-11-12 15:44:18 27,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\uxtuneupx86.dll
+ 2008-11-20 15:30:38 915,712 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\WinStyler.exe
+ 2008-12-29 18:46:46 27,648 ----a-r c:\windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
- 2006-11-02 05:22:54 492,000 ------w c:\windows\system32\drivers\wdf01000.sys
+ 2008-03-27 15:27:46 503,008 ------w c:\windows\system32\drivers\wdf01000.sys
- 2006-11-02 05:22:52 32,224 ------w c:\windows\system32\drivers\wdfldr.sys
+ 2008-03-27 15:27:48 35,040 ------w c:\windows\system32\drivers\wdfldr.sys
+ 2009-01-04 16:57:13 10,976 -c--a-w c:\windows\system32\DRVSTORE\ggsemc_3D83DCD4F6D39C4001A5060AF4B3217F2FC34ECD\x86\ggflt.sys
+ 2009-01-04 16:57:13 22,368 -c--a-w c:\windows\system32\DRVSTORE\ggsemc_3D83DCD4F6D39C4001A5060AF4B3217F2FC34ECD\x86\ggsemc.sys
+ 2009-01-04 16:57:13 1,107,296 -c--a-w c:\windows\system32\DRVSTORE\ggsemc_3D83DCD4F6D39C4001A5060AF4B3217F2FC34ECD\x86\WdfCoInstaller01007.dll
+ 2007-04-03 12:57:42 83,336 -c--a-w c:\windows\system32\DRVSTORE\s116bus_4EC4340427E77E921C4CDCCEB4F12918959FBF57\i386\s116bus.sys
+ 2007-04-03 12:57:54 12,424 -c--a-w c:\windows\system32\DRVSTORE\s116bus_4EC4340427E77E921C4CDCCEB4F12918959FBF57\i386\s116whnt.sys
+ 2007-04-03 12:57:44 12,424 -c--a-w c:\windows\system32\DRVSTORE\s116mdm2_51810A994D48D04766082ED3F63ABF69BA02EBC5\i386\s116cmnt.sys
+ 2007-04-03 12:57:48 15,112 -c--a-w c:\windows\system32\DRVSTORE\s116mdm2_51810A994D48D04766082ED3F63ABF69BA02EBC5\i386\s116mdfl.sys
+ 2007-04-03 12:57:48 108,680 -c--a-w c:\windows\system32\DRVSTORE\s116mdm2_51810A994D48D04766082ED3F63ABF69BA02EBC5\i386\s116mdm.sys
+ 2007-04-03 12:57:50 22,792 -c--a-w c:\windows\system32\DRVSTORE\s116ndis_A53E3A4209E2289370AAD8AEB452D42DD0A9F77A\i386\s116nd3.sys
+ 2007-04-03 12:57:52 23,176 -c--a-w c:\windows\system32\DRVSTORE\s116ndis_A53E3A4209E2289370AAD8AEB452D42DD0A9F77A\i386\s116nd5.sys
+ 2007-04-03 12:57:44 12,424 -c--a-w c:\windows\system32\DRVSTORE\s116obx2_E29564B3927FF8E719B6E44AA79ED52B8739FB53\i386\s116cmnt.sys
+ 2007-04-03 12:57:52 98,696 -c--a-w c:\windows\system32\DRVSTORE\s116obx2_E29564B3927FF8E719B6E44AA79ED52B8739FB53\i386\s116obex.sys
+ 2007-04-03 12:57:44 12,424 -c--a-w c:\windows\system32\DRVSTORE\s116sdm2_527B4CB7627209888419E81981E1A7EBEB05F5F3\i386\s116cmnt.sys
+ 2007-04-03 12:57:50 100,488 -c--a-w c:\windows\system32\DRVSTORE\s116sdm2_527B4CB7627209888419E81981E1A7EBEB05F5F3\i386\s116mgmt.sys
+ 2007-04-03 12:57:46 11,016 -c--a-w c:\windows\system32\DRVSTORE\s116unic_A53E3A4209E2289370AAD8AEB452D42DD0A9F77A\i386\s116crnt.sys
+ 2007-04-03 12:57:54 99,080 -c--a-w c:\windows\system32\DRVSTORE\s116unic_A53E3A4209E2289370AAD8AEB452D42DD0A9F77A\i386\s116unic.sys
+ 2007-04-03 12:57:54 12,424 -c--a-w c:\windows\system32\DRVSTORE\s116unic_A53E3A4209E2289370AAD8AEB452D42DD0A9F77A\i386\s116whnt.sys
+ 2007-04-03 12:59:30 83,208 -c--a-w c:\windows\system32\DRVSTORE\s616bus_373776A749479F4EBED57CEEEDA21B8E4DD2C13F\i386\s616bus.sys
+ 2007-04-03 12:59:44 12,424 -c--a-w c:\windows\system32\DRVSTORE\s616bus_373776A749479F4EBED57CEEEDA21B8E4DD2C13F\i386\s616whnt.sys
+ 2007-04-03 12:59:32 12,424 -c--a-w c:\windows\system32\DRVSTORE\s616mdm2_D8C823689DB302D84B2F410C9E1EE27D15660A8B\i386\s616cmnt.sys
+ 2007-04-03 12:59:36 15,112 -c--a-w c:\windows\system32\DRVSTORE\s616mdm2_D8C823689DB302D84B2F410C9E1EE27D15660A8B\i386\s616mdfl.sys
+ 2007-04-03 12:59:38 108,680 -c--a-w c:\windows\system32\DRVSTORE\s616mdm2_D8C823689DB302D84B2F410C9E1EE27D15660A8B\i386\s616mdm.sys
+ 2007-04-03 12:59:40 22,792 -c--a-w c:\windows\system32\DRVSTORE\s616ndis_BC0951E0329684A71CAD29F53BF2A61D61BA8A9C\i386\s616nd3.sys
+ 2007-04-03 12:59:42 23,176 -c--a-w c:\windows\system32\DRVSTORE\s616ndis_BC0951E0329684A71CAD29F53BF2A61D61BA8A9C\i386\s616nd5.sys
+ 2007-04-03 12:59:32 12,424 -c--a-w c:\windows\system32\DRVSTORE\s616obx2_7858FB467BABAD2EFCC4D10C5CE195423B8A7C6F\i386\s616cmnt.sys
+ 2007-04-03 12:59:42 98,568 -c--a-w c:\windows\system32\DRVSTORE\s616obx2_7858FB467BABAD2EFCC4D10C5CE195423B8A7C6F\i386\s616obex.sys
+ 2007-04-03 12:59:32 12,424 -c--a-w c:\windows\system32\DRVSTORE\s616sdm2_CE2DBFB2FC3031E70B49CF54804115A97F8FAB5E\i386\s616cmnt.sys
+ 2007-04-03 12:59:40 100,360 -c--a-w c:\windows\system32\DRVSTORE\s616sdm2_CE2DBFB2FC3031E70B49CF54804115A97F8FAB5E\i386\s616mgmt.sys
+ 2007-04-03 12:59:36 11,016 -c--a-w c:\windows\system32\DRVSTORE\s616unic_BC0951E0329684A71CAD29F53BF2A61D61BA8A9C\i386\s616crnt.sys
+ 2007-04-03 12:59:42 99,080 -c--a-w c:\windows\system32\DRVSTORE\s616unic_BC0951E0329684A71CAD29F53BF2A61D61BA8A9C\i386\s616unic.sys
+ 2007-04-03 12:59:44 12,424 -c--a-w c:\windows\system32\DRVSTORE\s616unic_BC0951E0329684A71CAD29F53BF2A61D61BA8A9C\i386\s616whnt.sys
+ 2007-04-04 11:43:20 83,208 -c--a-w c:\windows\system32\DRVSTORE\s716bus_570F0922FA56183024CD2E3A2E7263DED544A027\i386\s716bus.sys
+ 2007-04-04 11:43:38 12,424 -c--a-w c:\windows\system32\DRVSTORE\s716bus_570F0922FA56183024CD2E3A2E7263DED544A027\i386\s716whnt.sys
+ 2007-04-04 11:43:22 12,424 -c--a-w c:\windows\system32\DRVSTORE\s716mdm2_34EAFBD3F6E58B88672FA05A8FAFC348FBE181C1\i386\s716cmnt.sys
+ 2007-04-04 11:43:32 15,112 -c--a-w c:\windows\system32\DRVSTORE\s716mdm2_34EAFBD3F6E58B88672FA05A8FAFC348FBE181C1\i386\s716mdfl.sys
+ 2007-04-04 11:43:34 108,552 -c--a-w c:\windows\system32\DRVSTORE\s716mdm2_34EAFBD3F6E58B88672FA05A8FAFC348FBE181C1\i386\s716mdm.sys
+ 2007-04-04 11:43:34 22,792 -c--a-w c:\windows\system32\DRVSTORE\s716ndis_DFBBF0C093A3E74C62E36E25E809DFAB4E562E6C\i386\s716nd3.sys
+ 2007-04-04 11:43:36 23,176 -c--a-w c:\windows\system32\DRVSTORE\s716ndis_DFBBF0C093A3E74C62E36E25E809DFAB4E562E6C\i386\s716nd5.sys
+ 2007-04-04 11:43:22 12,424 -c--a-w c:\windows\system32\DRVSTORE\s716obx2_DAB4BAF8D8CE324995EA588248D84BF89F1571AA\i386\s716cmnt.sys
+ 2007-04-04 11:43:36 98,568 -c--a-w c:\windows\system32\DRVSTORE\s716obx2_DAB4BAF8D8CE324995EA588248D84BF89F1571AA\i386\s716obex.sys
+ 2007-04-04 11:43:22 12,424 -c--a-w c:\windows\system32\DRVSTORE\s716sdm2_80BA2D1EBDD2C1ADC291BAAF1445FB2BD1C23FB6\i386\s716cmnt.sys
+ 2007-04-04 11:43:34 100,360 -c--a-w c:\windows\system32\DRVSTORE\s716sdm2_80BA2D1EBDD2C1ADC291BAAF1445FB2BD1C23FB6\i386\s716mgmt.sys
+ 2007-04-04 11:43:32 11,016 -c--a-w c:\windows\system32\DRVSTORE\s716unic_DFBBF0C093A3E74C62E36E25E809DFAB4E562E6C\i386\s716crnt.sys
+ 2007-04-04 11:43:38 98,952 -c--a-w c:\windows\system32\DRVSTORE\s716unic_DFBBF0C093A3E74C62E36E25E809DFAB4E562E6C\i386\s716unic.sys
+ 2007-04-04 11:43:38 12,424 -c--a-w c:\windows\system32\DRVSTORE\s716unic_DFBBF0C093A3E74C62E36E25E809DFAB4E562E6C\i386\s716whnt.sys
+ 2007-06-19 08:51:16 81,832 -c--a-w c:\windows\system32\DRVSTORE\s816bus_CBE0CF0DBEF102A4EA8AD658FD4064660751AAF0\i386\s816bus.sys
+ 2007-06-19 08:51:18 11,176 -c--a-w c:\windows\system32\DRVSTORE\s816bus_CBE0CF0DBEF102A4EA8AD658FD4064660751AAF0\i386\s816whnt.sys
+ 2007-06-19 08:51:16 11,176 -c--a-w c:\windows\system32\DRVSTORE\s816mdm2_804513129A6571549C6BC1C482A66F15416AB109\i386\s816cmnt.sys
+ 2007-06-19 08:51:18 13,864 -c--a-w c:\windows\system32\DRVSTORE\s816mdm2_804513129A6571549C6BC1C482A66F15416AB109\i386\s816mdfl.sys
+ 2007-06-19 08:51:20 107,304 -c--a-w c:\windows\system32\DRVSTORE\s816mdm2_804513129A6571549C6BC1C482A66F15416AB109\i386\s816mdm.sys
+ 2007-06-19 08:51:18 21,544 -c--a-w c:\windows\system32\DRVSTORE\s816ndis_D7CF9C3129229D02F512ADFE683E32F539015344\i386\s816nd3.sys
+ 2007-06-19 08:51:18 21,928 -c--a-w c:\windows\system32\DRVSTORE\s816ndis_D7CF9C3129229D02F512ADFE683E32F539015344\i386\s816nd5.sys
+ 2007-06-19 08:51:16 11,176 -c--a-w c:\windows\system32\DRVSTORE\s816obx2_72A1419001FEBF4D2884EC67C9BA579159F66753\i386\s816cmnt.sys
+ 2007-06-19 08:51:18 97,320 -c--a-w c:\windows\system32\DRVSTORE\s816obx2_72A1419001FEBF4D2884EC67C9BA579159F66753\i386\s816obex.sys
+ 2007-06-19 08:51:16 11,176 -c--a-w c:\windows\system32\DRVSTORE\s816sdm2_B604D7F519354D27B76AA9347F0F7D8F7B2101BD\i386\s816cmnt.sys
+ 2007-06-19 08:51:18 99,112 -c--a-w c:\windows\system32\DRVSTORE\s816sdm2_B604D7F519354D27B76AA9347F0F7D8F7B2101BD\i386\s816mgmt.sys
+ 2007-06-19 08:51:08 9,768 -c--a-w c:\windows\system32\DRVSTORE\s816unic_D7CF9C3129229D02F512ADFE683E32F539015344\i386\s816crnt.sys
+ 2007-06-19 08:51:18 97,704 -c--a-w c:\windows\system32\DRVSTORE\s816unic_D7CF9C3129229D02F512ADFE683E32F539015344\i386\s816unic.sys
+ 2007-06-19 08:51:18 11,176 -c--a-w c:\windows\system32\DRVSTORE\s816unic_D7CF9C3129229D02F512ADFE683E32F539015344\i386\s816whnt.sys
+ 2007-04-10 14:14:02 83,080 -c--a-w c:\windows\system32\DRVSTORE\se3ebus_278301E0E0E3254933BAAF4F06701023D35DABD9\i386\se3ebus.sys
+ 2007-04-10 14:14:26 12,424 -c--a-w c:\windows\system32\DRVSTORE\se3ebus_278301E0E0E3254933BAAF4F06701023D35DABD9\i386\se3ewhnt.sys
+ 2007-04-10 14:14:08 12,424 -c--a-w c:\windows\system32\DRVSTORE\se3emdm2_B9A80A4AD6A3087EAEC451F69738F8F9B8EAC7FD\i386\se3ecmnt.sys
+ 2007-04-10 14:14:14 15,112 -c--a-w c:\windows\system32\DRVSTORE\se3emdm2_B9A80A4AD6A3087EAEC451F69738F8F9B8EAC7FD\i386\se3emdfl.sys
+ 2007-04-10 14:14:14 108,552 -c--a-w c:\windows\system32\DRVSTORE\se3emdm2_B9A80A4AD6A3087EAEC451F69738F8F9B8EAC7FD\i386\se3emdm.sys
+ 2007-04-10 14:14:08 12,424 -c--a-w c:\windows\system32\DRVSTORE\se3eobx2_4D2AF8EAA7B19E8748780FA6098D3AACC5D8D9F9\i386\se3ecmnt.sys
+ 2007-04-10 14:14:18 98,568 -c--a-w c:\windows\system32\DRVSTORE\se3eobx2_4D2AF8EAA7B19E8748780FA6098D3AACC5D8D9F9\i386\se3eobex.sys
+ 2007-04-10 14:14:08 12,424 -c--a-w c:\windows\system32\DRVSTORE\se3esdm2_9764AEB0AF92C101555E353C0F0D3CF5C63F33FA\i386\se3ecmnt.sys
+ 2007-04-10 14:14:16 100,360 -c--a-w c:\windows\system32\DRVSTORE\se3esdm2_9764AEB0AF92C101555E353C0F0D3CF5C63F33FA\i386\se3emgmt.sys
+ 2009-01-04 16:57:23 28,672 -c--a-w c:\windows\system32\DRVSTORE\semis06_DA67AFFFF2AEF16AC891730C125C417DD219A214\semis06.sys
+ 2009-01-04 16:57:18 83,200 -c--a-w c:\windows\system32\DRVSTORE\zebrbus_36ECD4F36FFD1C8D7775CBB1D3C4EDC32416D158\i386\zebrbus.sys
+ 2009-01-04 16:57:19 12,160 -c--a-w c:\windows\system32\DRVSTORE\zebrbus_36ECD4F36FFD1C8D7775CBB1D3C4EDC32416D158\i386\zebrwhnt.sys
+ 2009-01-04 16:57:18 63,360 -c--a-w c:\windows\system32\DRVSTORE\zebrceb_5D3759B0FA9680671ED8714BBB53A24D3DD6D83E\i386\zebrceb.sys
+ 2009-01-04 16:57:19 12,160 -c--a-w c:\windows\system32\DRVSTORE\zebrceb_5D3759B0FA9680671ED8714BBB53A24D3DD6D83E\i386\zebrwhnt.sys
+ 2009-01-04 16:57:18 12,160 -c--a-w c:\windows\system32\DRVSTORE\zebrfse2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrcmnt.sys
+ 2009-01-04 16:57:18 109,568 -c--a-w c:\windows\system32\DRVSTORE\zebrfse2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrmdm.sys
+ 2009-01-04 16:57:18 12,160 -c--a-w c:\windows\system32\DRVSTORE\zebrmdm2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrcmnt.sys
+ 2009-01-04 16:57:18 14,848 -c--a-w c:\windows\system32\DRVSTORE\zebrmdm2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrmdfl.sys
+ 2009-01-04 16:57:18 109,568 -c--a-w c:\windows\system32\DRVSTORE\zebrmdm2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrmdm.sys
+ 2009-01-04 16:57:18 12,160 -c--a-w c:\windows\system32\DRVSTORE\zebrmsc2_42356B4F0BD79AC6F18744A1833E5FF4F32976BD\i386\zebrcmnt.sys
+ 2009-01-04 16:57:18 109,568 -c--a-w c:\windows\system32\DRVSTORE\zebrmsc2_42356B4F0BD79AC6F18744A1833E5FF4F32976BD\i386\zebrmdmc.sys
+ 2009-01-04 16:57:18 12,160 -c--a-w c:\windows\system32\DRVSTORE\zebrobx2_5EC96C36227E872B2B260D203965ADA2987E0B39\i386\zebrcmnt.sys
+ 2009-01-04 16:57:18 99,712 -c--a-w c:\windows\system32\DRVSTORE\zebrobx2_5EC96C36227E872B2B260D203965ADA2987E0B39\i386\zebrobex.sys
+ 2009-01-04 16:57:18 12,160 -c--a-w c:\windows\system32\DRVSTORE\zebrscep_43CE4CE9917F4AB857191C8AF519514326FED3EB\i386\zebrcmnt.sys
+ 2009-01-04 16:57:18 91,264 -c--a-w c:\windows\system32\DRVSTORE\zebrscep_43CE4CE9917F4AB857191C8AF519514326FED3EB\i386\zebrsce.sys
+ 2009-01-04 16:57:18 12,160 -c--a-w c:\windows\system32\DRVSTORE\zebrser2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrcmnt.sys
+ 2009-01-04 16:57:18 109,568 -c--a-w c:\windows\system32\DRVSTORE\zebrser2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrmdm.sys
+ 2004-03-03 05:10:00 65,536 ----a-w c:\windows\system32\EPPicMgr.dll
+ 2004-03-03 05:10:00 26,154 ----a-w c:\windows\system32\EPPICPattern1.dat
+ 2004-03-03 05:10:00 27,417 ----a-w c:\windows\system32\EPPICPattern121.dat
+ 2004-03-03 05:10:00 31,053 ----a-w c:\windows\system32\EPPICPattern131.dat
+ 2004-03-03 05:10:00 20,148 ----a-w c:\windows\system32\EPPICPattern2.dat
+ 2004-03-03 05:10:00 24,903 ----a-w c:\windows\system32\EPPICPattern3.dat
+ 2004-03-03 05:10:00 11,811 ----a-w c:\windows\system32\EPPICPattern4.dat
+ 2004-03-03 05:10:00 21,390 ----a-w c:\windows\system32\EPPICPattern5.dat
+ 2004-03-03 05:10:00 4,943 ----a-w c:\windows\system32\EPPICPattern6.dat
+ 2005-05-31 23:20:00 111,932 ----a-w c:\windows\system32\EPPICPrinterDB.dat
+ 2004-03-03 05:10:00 114,688 ----a-w c:\windows\system32\EpPicPrt.dll
- 2008-11-07 08:33:09 1,485,256 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-01-01 07:02:25 1,494,192 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2002-09-06 10:36:16 233,472 ----a-w c:\windows\system32\lame_enc.dll
+ 2005-06-01 02:10:00 77,824 ----a-w c:\windows\system32\PICEntry.dll
+ 2005-05-31 23:10:00 73,728 ----a-w c:\windows\system32\PICSDK.dll
+ 2005-06-01 03:10:00 495,616 ----a-w c:\windows\system32\PICSDK2.dll
- 2006-10-08 19:51:14 23,856 ----a-w c:\windows\system32\spupdsvc.exe
+ 2008-03-21 12:57:18 23,856 ----a-w c:\windows\system32\spupdsvc.exe
+ 2009-01-10 11:37:03 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_734.dat
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}]
2008-08-20 23:03 1780248 --a------ c:\program files\speedapps\tbspee.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}"= "c:\program files\speedapps\tbspee.dll" [2008-08-20 1780248]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D9C9A8C9-460D-4343-888E-AE02BCC3CE57}"= "c:\program files\speedapps\tbspee.dll" [2008-08-20 1780248]

[HKEY_CLASSES_ROOT\clsid\{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]
"QuickTime Task"="c:\program files\qttask.exe" [2006-09-01 282624]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"RocketDock"="d:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"QuickTime Task"="c:\program files\qttask.exe" [2006-09-01 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"nwiz"="nwiz.exe" [2006-06-01 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"d:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"d:\\Program Files\\Valve\\hl.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"d:\\totalcmd\\TOTALCMD.EXE"=
"d:\\Program Files\\Hamachi\\hamachi.exe"=
"d:\\Program Files\\HLSW\\hlsw.exe"=
"d:\\zaloha\\Rico\\Moje Album\\Test server\\samp-server.exe"=
"d:\\Soldat\\Soldat.exe"=
"d:\\zaloha\\Rico\\Moje Album\\HLSW\\hlsw.exe"=
"d:\\zaloha\\Rico\\Moje Album\\pawno\\server\\samp-server.exe"=
"d:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Program Files\\uTorrent\\utorrent.exe"=
"d:\\zaloha\\Rico\\Moje Album\\Valve\\Steam\\steamapps\\ricocze\\counter-strike\\hl.exe"=
"d:\\zaloha\\Rico\\Moje Album\\Valve\\Steam\\steamapps\\ricocze\\condition zero\\hl.exe"=
"d:\\zaloha\\Rico\\Moje Album\\Valve\\Steam\\Steam.exe"=
"d:\\zaloha\\Rico\\Moje Album\\Valve\\Steam\\steamapps\\ricocze\\counter-strike beta\\hl.exe"=
"d:\\zaloha\\Rico\\Moje Album\\Valve\\Steam\\steamapps\\ricocze\\dedicated server\\hlds.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9139:TCP"= 9139:TCP:BitComet 9139 TCP
"9139:UDP"= 9139:UDP:BitComet 9139 UDP

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-01-04 10976]
R3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\Ndisprot.sys [2008-11-16 27904]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 TVICHW32;TVICHW32;c:\windows\system32\DRIVERS\TVICHW32.SYS [2008-10-10 23600]
S1 aswSP;avast! Self Protection; [x]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 33800]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-12 20560]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-01-03 603904]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2004-08-03 69120]


--- Other Services/Drivers In Memory ---

*Deregistered* - Aavmker4
*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - asuskbnt
*Deregistered* - aswFsBlk
*Deregistered* - aswMon2
*Deregistered* - aswRdr
*Deregistered* - aswSP
*Deregistered* - aswTdi
*Deregistered* - aswUpdSv
*Deregistered* - ATKKeyboardService
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - avast! Antivirus
*Deregistered* - avast! Mail Scanner
*Deregistered* - avast! Web Scanner
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - eamon
*Deregistered* - easdrv
*Deregistered* - EIO
*Deregistered* - epfwtdir
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - ForceWare Intelligent Application Manager (IAM)
*Deregistered* - ForcewareWebInterface
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - hamachi
*Deregistered* - helpsvc
*Deregistered* - HTTP
*Deregistered* - ICQ Service
*Deregistered* - ImapiService
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - nSvcIp
*Deregistered* - nSvcLog
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - NVSvc
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - ServiceLayer
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Schedule
*Deregistered* - Spooler
*Deregistered* - sptd
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - TuneUp.ProgramStatisticsSvc
*Deregistered* - Update
*Deregistered* - UxTuneUp
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - Wdf01000
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WS2IFSL
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-01-11 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]

2008-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21]

2009-01-11 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-Software Informer - c:\program files\Software Informer\softinfo.exe
HKCU-Run-fsm - (no file)
SafeBoot-Wdf01000.sys


.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.qip.ru
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
TCP: {52FB17E9-AF75-47A1-90B4-6C2C25A73E3E} = 77.48.95.1,77.48.95.5
FF - ProfilePath - c:\documents and settings\Rico\Data aplikací\Mozilla\Firefox\Profiles\fflcxhv4.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://rico.hu.cz/news.php
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\program files\Plugins\npqtplugin.dll
FF - plugin: c:\program files\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\Plugins\npqtplugin7.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 20:43:23
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(856)
c:\windows\system32\nvappfilter.dll
.
Celkový čas: 2009-01-11 20:44:38
ComboFix-quarantined-files.txt 2009-01-11 19:44:26
ComboFix2.txt 2008-11-17 11:26:14
ComboFix3.txt 2008-11-16 18:39:04

Před spuštěním: 3 660 771 328
Po spuštění: 3,857,743,872

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

501 --- E O F --- 2008-03-18 13:07:37

Re: Prosím o Kontrolku logu

Napsal: 12 led 2009 09:09
od jaro3
Toto otestuj na Virustotal
c:\windows\system32\spmsgXP_2k3.dll
c:\windows\FrieStrk3.ini
c:\program files\qttask.exe
c:\windows\system32\drivers\ndisprot.sys
Vlož sem pak výsledky.
Otevři tento počítač a poté disk C:
dej hledat: Ersvc.exe
Pokud najdeš , napiš kde se nachází.

Re: Prosím o Kontrolku logu

Napsal: 12 led 2009 12:56
od RicoCZE
c:\windows\system32\spmsgXP_2k3.dll:

Soubor spmsgXP_2k3.dll přijatý 2009.01.12 12:40:55 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/37 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: ___.
Odhadovaný čas začátku mezi ___ a ___ .
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.73 2009.01.12 -
AhnLab-V3 2009.1.10.0 2009.01.12 -
AntiVir 7.9.0.54 2009.01.12 -
Authentium 5.1.0.4 2009.01.10 -
Avast 4.8.1281.0 2009.01.11 -
AVG 8.0.0.229 2009.01.12 -
BitDefender 7.2 2009.01.12 -
CAT-QuickHeal 10.00 2009.01.12 -
ClamAV 0.94.1 2009.01.12 -
Comodo 919 2009.01.12 -
DrWeb 4.44.0.09170 2009.01.12 -
eSafe 7.0.17.0 2009.01.11 -
eTrust-Vet 31.6.6304 2009.01.12 -
F-Prot 4.4.4.56 2009.01.12 -
F-Secure 8.0.14470.0 2009.01.12 -
Fortinet 3.117.0.0 2009.01.11 -
GData 19 2009.01.12 -
Ikarus T3.1.1.45.0 2009.01.12 -
K7AntiVirus 7.10.584 2009.01.09 -
Kaspersky 7.0.0.125 2009.01.12 -
McAfee 5492 2009.01.11 -
McAfee+Artemis 5492 2009.01.11 -
Microsoft 1.4205 2009.01.12 -
NOD32 3758 2009.01.12 -
Norman 5.93.01 2009.01.09 -
Panda 9.4.3.3 2009.01.11 -
PCTools 4.4.2.0 2009.01.11 -
Prevx1 V2 2009.01.12 -
Rising 21.12.02.00 2009.01.12 -
SecureWeb-Gateway 6.7.6 2009.01.12 -
Sophos 4.37.0 2009.01.12 -
Sunbelt 3.2.1831.2 2009.01.09 -
Symantec 10 2009.01.12 -
TheHacker 6.3.1.4.218 2009.01.11 -
TrendMicro 8.700.0.1004 2009.01.12 -
ViRobot 2009.1.12.1554 2009.01.12 -
VirusBuster 4.5.11.0 2009.01.11 -




c:\windows\FrieStrk3.ini:

Soubor FrieStrk3.ini přijatý 2009.01.12 12:45:42 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/38 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 3.
Odhadovaný čas začátku mezi 54 a 77 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.73 2009.01.12 -
AhnLab-V3 2009.1.10.0 2009.01.12 -
AntiVir 7.9.0.54 2009.01.12 -
Authentium 5.1.0.4 2009.01.10 -
Avast 4.8.1281.0 2009.01.11 -
AVG 8.0.0.229 2009.01.12 -
BitDefender 7.2 2009.01.12 -
CAT-QuickHeal 10.00 2009.01.12 -
ClamAV 0.94.1 2009.01.12 -
Comodo 919 2009.01.12 -
DrWeb 4.44.0.09170 2009.01.12 -
eSafe 7.0.17.0 2009.01.11 -
eTrust-Vet 31.6.6304 2009.01.12 -
F-Prot 4.4.4.56 2009.01.12 -
F-Secure 8.0.14470.0 2009.01.12 -
Fortinet 3.117.0.0 2009.01.11 -
GData 19 2009.01.12 -
Ikarus T3.1.1.45.0 2009.01.12 -
K7AntiVirus 7.10.584 2009.01.09 -
Kaspersky 7.0.0.125 2009.01.12 -
McAfee 5492 2009.01.11 -
McAfee+Artemis 5492 2009.01.11 -
Microsoft 1.4205 2009.01.12 -
NOD32 3758 2009.01.12 -
Norman 5.93.01 2009.01.09 -
Panda 9.4.3.3 2009.01.11 -
PCTools 4.4.2.0 2009.01.11 -
Prevx1 V2 2009.01.12 -
Rising 21.12.02.00 2009.01.12 -
SecureWeb-Gateway 6.7.6 2009.01.12 -
Sophos 4.37.0 2009.01.12 -
Sunbelt 3.2.1831.2 2009.01.09 -
Symantec 10 2009.01.12 -
TheHacker 6.3.1.4.218 2009.01.11 -
TrendMicro 8.700.0.1004 2009.01.12 -
VBA32 3.12.8.10 2009.01.10 -
ViRobot 2009.1.12.1554 2009.01.12 -
VirusBuster 4.5.11.0 2009.01.11 -


c:\program files\qttask.exe:

Soubor qttask.exe přijatý 2009.01.12 12:48:38 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/38 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 38 a 55 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.73 2009.01.12 -
AhnLab-V3 2009.1.10.0 2009.01.12 -
AntiVir 7.9.0.54 2009.01.12 -
Authentium 5.1.0.4 2009.01.10 -
Avast 4.8.1281.0 2009.01.11 -
AVG 8.0.0.229 2009.01.12 -
BitDefender 7.2 2009.01.12 -
CAT-QuickHeal 10.00 2009.01.12 -
ClamAV 0.94.1 2009.01.12 -
Comodo 919 2009.01.12 -
DrWeb 4.44.0.09170 2009.01.12 -
eSafe 7.0.17.0 2009.01.11 -
eTrust-Vet 31.6.6301 2009.01.10 -
F-Prot 4.4.4.56 2009.01.12 -
F-Secure 8.0.14470.0 2009.01.12 -
Fortinet 3.117.0.0 2009.01.11 -
GData 19 2009.01.12 -
Ikarus T3.1.1.45.0 2009.01.12 -
K7AntiVirus 7.10.584 2009.01.09 -
Kaspersky 7.0.0.125 2009.01.12 -
McAfee 5492 2009.01.11 -
McAfee+Artemis 5492 2009.01.11 -
Microsoft 1.4205 2009.01.12 -
NOD32 3758 2009.01.12 -
Norman 5.93.01 2009.01.09 -
Panda 9.4.3.3 2009.01.11 -
PCTools 4.4.2.0 2009.01.11 -
Prevx1 V2 2009.01.12 -
Rising 21.12.02.00 2009.01.12 -
SecureWeb-Gateway 6.7.6 2009.01.12 -
Sophos 4.37.0 2009.01.12 -
Sunbelt 3.2.1831.2 2009.01.09 -
Symantec 10 2009.01.12 -
TheHacker 6.3.1.4.218 2009.01.11 -
TrendMicro 8.700.0.1004 2009.01.12 -
VBA32 3.12.8.10 2009.01.10 -
ViRobot 2009.1.12.1554 2009.01.12 -
VirusBuster 4.5.11.0 2009.01.11 -


c:\windows\system32\drivers\ndisprot.sys:

Soubor ndisprot.sys přijatý 2009.01.12 12:52:47 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/38 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 2.
Odhadovaný čas začátku mezi 46 a 66 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.73 2009.01.12 -
AhnLab-V3 2009.1.10.0 2009.01.12 -
AntiVir 7.9.0.54 2009.01.12 -
Authentium 5.1.0.4 2009.01.10 -
Avast 4.8.1281.0 2009.01.11 -
AVG 8.0.0.229 2009.01.12 -
BitDefender 7.2 2009.01.12 -
CAT-QuickHeal 10.00 2009.01.12 -
ClamAV 0.94.1 2009.01.12 -
Comodo 919 2009.01.12 -
DrWeb 4.44.0.09170 2009.01.12 -
eSafe 7.0.17.0 2009.01.11 -
eTrust-Vet 31.6.6304 2009.01.12 -
F-Prot 4.4.4.56 2009.01.12 -
F-Secure 8.0.14470.0 2009.01.12 -
Fortinet 3.117.0.0 2009.01.11 -
GData 19 2009.01.12 -
Ikarus T3.1.1.45.0 2009.01.12 -
K7AntiVirus 7.10.584 2009.01.09 -
Kaspersky 7.0.0.125 2009.01.12 -
McAfee 5492 2009.01.11 -
McAfee+Artemis 5492 2009.01.11 -
Microsoft 1.4205 2009.01.12 -
NOD32 3758 2009.01.12 -
Norman 5.93.01 2009.01.09 -
Panda 9.4.3.3 2009.01.11 -
PCTools 4.4.2.0 2009.01.11 -
Prevx1 V2 2009.01.12 -
Rising 21.12.02.00 2009.01.12 -
SecureWeb-Gateway 6.7.6 2009.01.12 -
Sophos 4.37.0 2009.01.12 -
Sunbelt 3.2.1831.2 2009.01.09 -
Symantec 10 2009.01.12 -
TheHacker 6.3.1.4.218 2009.01.11 -
TrendMicro 8.700.0.1004 2009.01.12 -
VBA32 3.12.8.10 2009.01.10 -
ViRobot 2009.1.12.1554 2009.01.12 -
VirusBuster 4.5.11.0 2009.01.11 -



A soubor C:\windows\system32\Ersvc.exe to nenašlo

Re: Prosím o Kontrolku logu

Napsal: 12 led 2009 15:17
od jaro3
Pošli ještě nový log z HJT.

Re: Prosím o Kontrolku logu

Napsal: 12 led 2009 16:10
od RicoCZE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:07:44, on 12.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\RocketDock\RocketDock.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\4652\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: speedapps Toolbar - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - C:\Program Files\speedapps\tbspee.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: speedapps Toolbar - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - C:\Program Files\speedapps\tbspee.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RocketDock] "D:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-21-682003330-1060284298-725345543-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-682003330-1060284298-725345543-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-682003330-1060284298-725345543-1003\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - HKUS\S-1-5-21-682003330-1060284298-725345543-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-682003330-1060284298-725345543-1003\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-682003330-1060284298-725345543-1003\..\Run: [AnyDVD] D:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (User '?')
O4 - HKUS\S-1-5-21-682003330-1060284298-725345543-1003\..\Run: [Rainlendar2] D:\Rainlendar2\Rainlendar2.exe (User '?')
O4 - HKUS\S-1-5-21-682003330-1060284298-725345543-1003\..\Run: [IEPR] C:\DOCUME~1\antal\LOCALS~1\TempImages\IEPR.exe (User '?')
O4 - HKUS\S-1-5-21-682003330-1060284298-725345543-1003\..\Run: [RocketDock] "D:\Program Files\RocketDock\RocketDock.exe" (User '?')
O4 - HKUS\S-1-5-21-682003330-1060284298-725345543-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{52FB17E9-AF75-47A1-90B4-6C2C25A73E3E}: NameServer = 77.48.95.1,77.48.95.5
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 9202 bytes

Re: Prosím o Kontrolku logu

Napsal: 12 led 2009 16:55
od jaro3
Odinstaluj:
ICQToolBar
C:\Program Files\speedapps ( pokud nepůjde smaž celou tuto složku v nouzovém režimu).
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qip.ru
O2 - BHO: speedapps Toolbar - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - C:\Program Files\speedapps\tbspee.dll
O3 - Toolbar: speedapps Toolbar - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - C:\Program Files\speedapps\tbspee.dll
O3 - Toolbar: speedapps Toolbar - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - C:\Program Files\speedapps\tbspee.dll
O4 - HKLM\..\Run: [QuickTime Task] &quot;C:\Program Files\qttask.exe&quot; -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe


ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a RegCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Aktualizuj javu:
Java SE Runtime Environment 6u11
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u11-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.

Vše.

Re: Prosím o Kontrolku logu

Napsal: 12 led 2009 18:19
od RicoCZE
jak fixni ? to mam ty kody dat do poznamkové ho bloku a ten blok převest do ikony HJT ?

Re: Prosím o Kontrolku logu

Napsal: 12 led 2009 18:26
od RicoCZE
a už vím dik :wink: , ještě jen, ty soubory ktere ComboFix smazal ze systemu32 to nebylo k systemu ? nebo bylo ale nakažene ? bude mi PC spravně pracovat ?
Časové pásmo: UTC+02:00
Stránka 1 z 3
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/