PC-HELP.CZ

České diskuzní fórum o počítačích
https://pc-help.cnews.cz/

PC - zpomalení, restarty, chyba 1073741819

https://pc-help.cnews.cz/viewtopic.php?f=70&t=45218

Stránka 1 z 1

PC - zpomalení, restarty, chyba 1073741819  Vyřešeno

Napsal: 30 zář 2009 09:04
od MartinR
Na PC nebyl chvíli (přesný čas bohužel nevím je to PC kolegyně ze Slovenska, ale typuju to na pár měsíců bez aktuální virové db) funkční antivirus ... vypršel AVG a teď je instalován ESET SmartSecurity 4, který našel přes 300 infekcí, které vyčistil, ale něco tam muselo zůstat. :(

Tuhle informaci jsem k tomu dostal
"Virus sa volá WIN32/Kryptik.ABX trójsky kôň. Je infiltrovaný v C:/WINDOWS/system32/DRIVERS/agp440.sys.
Počítač, keď sa reštartuje, vypisuje chybu číslo 1073741819"

Log HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:12:53, on 29. 9. 2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\system32\wuauclt.exe
E:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.72.9.218:3128
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HPAiODevice(hp officejet k series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Port pro program Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1029\OLFSNT40.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5327079479
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5339006828
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5114 bytes

Díky Martin

Re: PC - zpomalení, restarty, chyba 1073741819

Napsal: 30 zář 2009 12:54
od Damned
Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Re: PC - zpomalení, restarty, chyba 1073741819

Napsal: 30 zář 2009 15:09
od MartinR
tu je ... dík

Malwarebytes' Anti-Malware 1.41
Database version: 2876
Windows 5.1.2600 Service Pack 2

30. 9. 2009 14:42:45
mbam-log-2009-09-30 (14-42-14).txt

Scan type: Quick Scan
Objects scanned: 104334
Time elapsed: 8 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\acpi32 (SpamTool.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\amd64si (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fips32cup (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\i386si (SpamTool.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\netsik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nicsk32 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\port135sik (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\securentm (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Systemntmi (SpamTool.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ws2_32sik (Rootkit.Agent) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\EVKA\Application Data\wiaserva.log (Malware.Trace) -> No action taken.
C:\Documents and Settings\EVKA\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.

Re: PC - zpomalení, restarty, chyba 1073741819

Napsal: 30 zář 2009 15:15
od Damned
Takže spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Re: PC - zpomalení, restarty, chyba 1073741819

Napsal: 02 říj 2009 09:23
od MartinR
Trošku hektické dny ... ale log je zde a čekám na instrukce.

Martin

ComboFix 09-09-30.06 - EVKA . 10. 2009 17:48.1.1 - NTFSx86
Running from: c:\documents and settings\EVKA\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd

Infected copy of c:\windows\system32\drivers\AGP440.sys was found and disinfected
Restored copy from - c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\AGP440.SYS

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ACPI32
-------\Legacy_FIPS32CUP
-------\Legacy_I386SI
-------\Legacy_KSI32SK
-------\Legacy_NETSIK
-------\Legacy_NICSK32
-------\Legacy_PORT135SIK
-------\Legacy_SECURENTM
-------\Legacy_SYSTEMNTMI
-------\Legacy_WS2_32SIK


((((((((((((((((((((((((( Files Created from 2009-09-02 to 2009-10-02 )))))))))))))))))))))))))))))))
.

2009-10-01 06:20 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-09-30 12:53 . 2009-09-30 12:53 -------- d-----w- c:\program files\Trend Micro
2009-09-30 12:30 . 2009-09-30 12:30 -------- d-----w- c:\documents and settings\EVKA\Application Data\Malwarebytes
2009-09-30 12:30 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-30 12:30 . 2009-09-30 12:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-30 12:30 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-30 12:30 . 2009-09-30 13:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-25 14:32 . 2009-09-25 14:32 -------- d-----w- c:\documents and settings\EVKA\Local Settings\Application Data\ESET
2009-09-25 14:32 . 2009-09-25 14:32 -------- d-----w- c:\documents and settings\EVKA\Application Data\ESET
2009-09-25 14:31 . 2009-09-25 14:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-09-25 14:28 . 2009-09-25 14:28 -------- d-----w- c:\program files\ESET
2009-09-25 14:28 . 2009-09-25 14:28 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-09-11 05:26 . 2009-09-11 05:26 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2009-09-11 05:26 . 2009-09-11 05:26 135048 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-09-11 05:23 . 2009-09-11 05:23 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-09-11 05:17 . 2009-09-11 05:17 116008 ----a-w- c:\windows\system32\drivers\eamon.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-01 07:48 . 2008-07-08 09:07 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-09-25 07:19 . 2008-03-12 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-11 06:38 . 2008-03-12 16:26 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-08 09:03 . 2008-03-14 07:49 -------- d-----w- c:\program files\Intrastat
2009-08-24 06:20 . 2007-07-27 12:00 625824 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-08-05 09:11 . 2007-07-27 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2007-07-27 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2007-07-27 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
1999-04-07 16:39 . 1999-04-07 16:39 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 01:53 . 1998-12-09 01:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 01:53 . 1998-12-09 01:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 01:53 . 1998-12-09 01:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 01:53 . 1998-12-09 01:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 01:53 . 1998-12-09 01:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
.

------- Sigcheck -------

[-] 2009-08-24 06:20 . 818784B5388C098EE88F5E5C154F86D3 . 625824 . . [------] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2009-08-24 06:20 . 818784B5388C098EE88F5E5C154F86D3 . 625824 . . [------] . . c:\windows\system32\drivers\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntfs.sys
[7] 2007-07-27 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys
[7] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11. 9. 2009 7:23 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11. 9. 2009 7:24 735960]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\EVKA\Application Data\Mozilla\Firefox\Profiles\8aztkiav.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.sk/

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-02 08:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5420)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-10-02 8:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-02 06:37

Pre-Run: 28 884 353 024 bytes free
Post-Run: 29 523 972 096 bytes free

120 --- E O F --- 2009-09-10 13:47

Re: PC - zpomalení, restarty, chyba 1073741819

Napsal: 02 říj 2009 11:26
od Damned
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\drivers\amd64si.sys

Folder::
c:\documents and settings\All Users\Application Data\avg8

Driver::
amd64si
catchme




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
Obrázek

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

Re: PC - zpomalení, restarty, chyba 1073741819

Napsal: 02 říj 2009 14:50
od MartinR
Tak zde jsou:

ComboFix 09-09-30.06 - EVKA . 10. 2009 13:59.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1023.692 [GMT 2:00]
Running from: c:\documents and settings\EVKA\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\EVKA\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\system32\drivers\amd64si.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\avg8
c:\documents and settings\All Users\Application Data\avg8\AvgAm\avgam.lck
c:\documents and settings\All Users\Application Data\avg8\Cfg\krnl.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\mail.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\scan.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\sched.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\update.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\user.cfg
c:\documents and settings\All Users\Application Data\avg8\cfgall\changecfgreg.cfg
c:\documents and settings\All Users\Application Data\avg8\cfgall\updateall.cfg
c:\documents and settings\All Users\Application Data\avg8\emc\Log\emc.log
c:\documents and settings\All Users\Application Data\avg8\emc\Queue\TEMP\2475FBC8.emc
c:\documents and settings\All Users\Application Data\avg8\emc\Queue\TEMP\2570F315A.in
c:\documents and settings\All Users\Application Data\avg8\Log\avgam.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgam.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.10
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.11
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.12
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.13
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.14
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.15
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.16
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.17
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.18
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.19
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.20
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.10
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgldr.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgldr.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.10
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.10
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.10
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.10
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgsrm.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgsrm.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgui.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgui.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgupd.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgupd.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgupd.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgupd.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.10
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgwdsvc.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgwdsvc.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgwdsvc.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avildr.log
c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log
c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\fixcfg.log
c:\documents and settings\All Users\Application Data\avg8\Log\fixcfg.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\history.xml
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000005.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000006.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000007.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000008.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000009.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000010.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000011.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000012.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000013.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000014.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000015.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000016.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000017.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000018.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000019.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000020.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000021.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000022.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000023.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000024.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000025.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000026.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000027.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000028.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000029.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000030.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000031.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000032.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000033.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000034.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000035.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000036.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000037.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000038.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000039.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000040.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000041.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000042.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000043.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000044.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000045.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000046.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000047.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000048.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000049.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000050.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000051.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000052.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000053.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000054.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000055.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000056.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000057.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000058.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000059.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000060.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000061.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000062.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000063.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000064.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000065.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000066.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000067.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000068.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000069.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000070.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000071.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000072.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000073.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000074.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000075.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000076.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000077.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000078.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000079.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000080.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000081.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000082.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000083.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000084.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000085.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000086.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000087.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000088.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000089.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000090.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000091.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000092.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000093.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000094.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000095.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000096.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000097.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000098.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000099.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000100.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000101.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000102.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000103.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000104.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000105.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000106.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000107.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000108.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000109.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000110.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000111.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000112.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000113.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000114.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000115.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000116.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000117.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000118.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000119.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000120.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000121.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000122.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000123.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000124.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000125.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000126.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000127.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000128.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000129.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000130.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000131.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000132.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000133.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000134.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000135.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000136.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000137.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000138.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000139.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000140.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000141.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000142.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000143.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000144.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000145.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000146.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000147.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000148.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000149.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000150.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000151.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000152.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000153.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000154.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000155.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000156.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000157.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000158.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000159.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000160.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000161.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000162.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000163.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000164.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000165.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000166.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000167.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000168.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000169.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000170.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000171.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000172.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000173.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000174.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000175.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000176.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000177.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000178.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000179.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000180.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000181.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000182.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000183.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000184.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000185.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000186.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000187.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000188.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000189.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000190.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000191.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000192.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000193.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000194.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000195.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000196.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000197.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000198.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000199.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000200.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000201.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000202.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000203.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000204.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000205.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000206.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000207.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000208.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000209.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000210.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000211.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000212.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000213.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000214.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000215.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000216.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000217.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000218.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000219.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000220.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000221.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000222.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000223.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000224.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000225.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000226.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000227.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000228.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000229.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000230.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000231.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000232.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000233.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000234.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000235.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000236.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000237.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000238.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000239.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000240.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000241.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000242.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000243.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000244.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000245.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000246.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000247.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000248.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000249.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000250.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000251.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000252.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000253.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000254.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000255.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000256.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000257.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000258.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000259.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000260.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000261.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000262.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000263.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000264.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000265.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000266.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000267.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000268.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000269.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000270.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000271.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000272.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000273.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000274.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000275.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000276.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000277.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000278.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000279.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000280.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000281.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000282.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000283.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000284.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000285.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000286.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000287.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000288.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000289.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000290.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000291.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000292.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000293.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000294.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000295.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000296.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000297.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000298.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000299.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000300.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000301.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000302.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000303.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000304.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000305.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000306.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000307.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000308.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000309.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000310.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000311.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000312.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000313.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000314.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000315.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000316.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000317.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000318.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000319.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000320.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000321.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000322.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000323.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000324.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000325.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000326.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000327.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000328.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000329.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000330.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000331.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000332.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000333.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000334.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\srm.idx
c:\documents and settings\All Users\Application Data\avg8\temp\12d4e226-bbcd-47e3-b31a-519aa1d784fe-7f0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg8\temp\1bf8a390-ed99-48a6-af09-498ab89050e3-314-oopp.tmp
c:\documents and settings\All Users\Application Data\avg8\temp\21b93759-d2b8-4749-a22b-438ea7605b69-118-oopp.tmp
c:\documents and settings\All Users\Application Data\avg8\temp\44997d96-a946-4ff4-860e-6f514a70fbd2-f8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg8\temp\6192f615-46b6-40f2-aec5-094ebf5f97db-7e8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg8\temp\71c09d9b-0fd7-4227-b934-de81e5433628-10c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg8\temp\7295face-fc63-4a71-99b9-7df3fd8d068e-b0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg8\temp\8a9476ff-4d55-424d-b6da-83bce9882bf1-fc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg8\temp\bf5af31f-232d-4b3e-9f6f-1af63b940085-e8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg8\temp\c5972ff5-e676-4f18-af49-8ef6043310ee-f4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg8\temp\da4e9c9f-ff12-4f05-ad27-581ef36ebb84-a8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg8\temp\de340068-385a-402c-b1ea-557d382301b9-980-oopp.tmp
c:\documents and settings\All Users\Application Data\avg8\temp\df937eda-dd41-4e79-a150-3e386f0776b8-d8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg8\temp\e9a20c3f-c09b-4fc6-a925-f2bc3fbf18b4-f0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg8\temp\ui.msg
c:\documents and settings\All Users\Application Data\avg8\update\backup\incavi.avm
c:\documents and settings\All Users\Application Data\avg8\update\backup\sb.dat
c:\documents and settings\All Users\Application Data\avg8\update\backup\sb2.dat
c:\documents and settings\All Users\Application Data\avg8\update\backup\sc.dat
c:\documents and settings\All Users\Application Data\avg8\update\prepare\incavi.avm
c:\documents and settings\All Users\Application Data\avg8\update\prepare\sb.dat.prepare
c:\documents and settings\All Users\Application Data\avg8\update\prepare\sc.dat.prepare

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AMD64SI
-------\Legacy_CATCHME
-------\Service_catchme


((((((((((((((((((((((((( Files Created from 2009-09-02 to 2009-10-02 )))))))))))))))))))))))))))))))
.

2009-10-01 06:20 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-09-30 12:53 . 2009-09-30 12:53 -------- d-----w- c:\program files\Trend Micro
2009-09-30 12:30 . 2009-09-30 12:30 -------- d-----w- c:\documents and settings\EVKA\Application Data\Malwarebytes
2009-09-30 12:30 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-30 12:30 . 2009-09-30 12:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-30 12:30 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-30 12:30 . 2009-09-30 13:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-25 14:32 . 2009-09-25 14:32 -------- d-----w- c:\documents and settings\EVKA\Local Settings\Application Data\ESET
2009-09-25 14:32 . 2009-09-25 14:32 -------- d-----w- c:\documents and settings\EVKA\Application Data\ESET
2009-09-25 14:31 . 2009-09-25 14:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-09-25 14:28 . 2009-09-25 14:28 -------- d-----w- c:\program files\ESET
2009-09-25 14:28 . 2009-09-25 14:28 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-09-11 05:26 . 2009-09-11 05:26 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2009-09-11 05:26 . 2009-09-11 05:26 135048 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-09-11 05:23 . 2009-09-11 05:23 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-09-11 05:17 . 2009-09-11 05:17 116008 ----a-w- c:\windows\system32\drivers\eamon.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-01 07:48 . 2008-07-08 09:07 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-09-11 06:38 . 2008-03-12 16:26 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-08 09:03 . 2008-03-14 07:49 -------- d-----w- c:\program files\Intrastat
2009-08-24 06:20 . 2007-07-27 12:00 625824 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-08-05 09:11 . 2007-07-27 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2007-07-27 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2007-07-27 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
1999-04-07 16:39 . 1999-04-07 16:39 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 01:53 . 1998-12-09 01:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 01:53 . 1998-12-09 01:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 01:53 . 1998-12-09 01:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 01:53 . 1998-12-09 01:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 01:53 . 1998-12-09 01:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
.

------- Sigcheck -------

[-] 2009-08-24 06:20 . 818784B5388C098EE88F5E5C154F86D3 . 625824 . . [------] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2009-08-24 06:20 . 818784B5388C098EE88F5E5C154F86D3 . 625824 . . [------] . . c:\windows\system32\drivers\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntfs.sys
[7] 2007-07-27 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys
[7] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11. 9. 2009 7:23 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11. 9. 2009 7:24 735960]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\EVKA\Application Data\Mozilla\Firefox\Profiles\8aztkiav.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.sk/

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-02 14:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5320)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
.
**************************************************************************
.
Completion time: 2009-10-02 14:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-02 12:35
ComboFix2.txt 2009-10-02 06:37

Pre-Run: 29 525 995 520 bytes free
Post-Run: 29 496 696 832 bytes free

598 --- E O F --- 2009-09-10 13:47

------------------------------------
xxxxxxxxxxxxxxxxxxxxxxxxxx

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:15, on 2. 10. 2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 1563 bytes

Re: PC - zpomalení, restarty, chyba 1073741819

Napsal: 02 říj 2009 15:12
od Damned
Co PC? V logách už nevidím nic špatného.


Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

C:\WINDOWS\system32\lsass.exe

Re: PC - zpomalení, restarty, chyba 1073741819

Napsal: 02 říj 2009 16:38
od MartinR
http://www.virustotal.com/cs/analisis/7 ... 1254491296

takže když je nový antivir i virová db, tak to zas můžem připojit do internetu?

jinak prý se už chová normálně :) ... bohužel je to PC v Banské Bystrici a já jsem v Praze a dost vytížen
kdybych tam byl, tak bych to cestou nejmenšího odporu zformátoval a nainstaloval znova

Díky za pomoc
Martin

PS: takže to můžu zaškrtnout jako hotovo

Re: PC - zpomalení, restarty, chyba 1073741819

Napsal: 02 říj 2009 16:45
od Damned
Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš

(pozn.Pokud máš AVG, avast! nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, avast! i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG,avast!, Aviru.)


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.

ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Kdyby něco, tak se zastav.
Označ topic za vyřešený (zelená fajfka) a měj se. :bigups:

Re: PC - zpomalení, restarty, chyba 1073741819

Napsal: 02 říj 2009 17:23
od MartinR
antivir je ESET Smart Security 4 ... AVG bylo předtím

díky moc ... ještěže je takovéhle fórum a lidi ochotní pomoct :)

Martin
Časové pásmo: UTC+02:00
Stránka 1 z 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/