Prosím o pomoc s trojanem. Vyřešeno

[Damned]

A potom NTB normálně jde i při běžnám restartu?

Něco k té chybě:

Počítač s operačním systémem Microsoft Windows XP nebo novějším přestává při návratu z úsporného režimu reagovat a zobrazí se následující chybová zpráva Stop KERNEL_DATA_INPAGE_ERROR:
0x0000007a (e163a3e4,c000000e,bf8e9313,0697f860)
nebo
0x000000F4 (0x00000003, Parametr2, Parametr3, Parametr4)
Poznámka:Parametr2, Parametr3 a Parametr4 se v chybových zprávách Stop mohou lišit.

K těmto potížím dochází v počítači se systémem Windows XP nebo novějším nainstalovaným na pevném disku, který je nakonfigurovaný jako Slave, není-li ke stejnému kanálu řadiče IDE (primárnímu či sekundárnímu) připojené žádné jiné zařízení.
Zpět nahoru
PříčinaK tomuto chování může docházet při použití systému Windows XP nebo novějšího s n...K tomuto chování může docházet při použití systému Windows XP nebo novějšího s některými typy základních desek. Společnost Microsoft tento problém zkoumá, a jakmile budou k dispozici další informace, uvede je v tomto článku.
Zpět nahoru
ŘešeníChcete-li tento problém vyřešit, použijte jednu z následujících metod: U pevných...Chcete-li tento problém vyřešit, použijte jednu z následujících metod:
U pevných disků PATA (Parallel Advanced Technology Attachment) nakonfigurujte jednotku disku jako Master Only. U pevných disků SATA (Serial Advanced Technology Attachment) připojte kabel pevného disku ke kanálu Master konektoru SATA na základní desce.
Připojte další zařízení v režimu Master, např. jiný disk nebo jednotku CD-ROM či DVD.
Vyměňte kabel PATA nebo SATA, a to i v případě, že nevypadá jako opotřebený.
Nainstalujte systém Windows na nový pevný disk, protože je možné, že je pevný disk nebo instalace systému Windows poškozena.
Zpět nahoru
Další informaceKroky pro reprodukci tohoto chování U pevných disků PATA nastavte můstek pevného...Kroky pro reprodukci tohoto chování
U pevných disků PATA nastavte můstek pevného disku na režim Slave. U pevných disků SATA připojte kabel pevného disku ke kanálu Slave konektoru SATA na základní desce.
V části systému BIOS určené k nastavení řízení spotřeby nastavte režim S1 nebo S3 (STR).
Nainstalujte systém Windows XP Professional a aktualizaci Service Pack 1 nebo Service Pack 2.
Restartujte počítač.
Přepněte počítač do úsporného režimu.
Zkuste počítač probudit. Systém přestane reagovat.

[Reklama]

[drfira]

Notebook po resetu normálně naběhl, ale nevytvořil ten log. Jinak vše běží. Co ještě s tím dělat?

[Damned]

Stáhni si RSIT, klikni na "Continue" a nech ho provést sken.
Za chvíli se vygeneruje log se jménem log.txt (pokud nebude log vygenerován, najdeš jej v C:\rsit\log.txt); jeho obsah mi sem zkopíruj.

[drfira]

Tady je ten log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-07-31 19:13:09
Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (14%) free of 56 GB
Total RAM: 1021 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:13:34, on 31.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Fujitsu\Remote Control Manager\IRRCManager.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\DVR5\SchSvr.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\DirectX Extensions\DXDebugService.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Tata\RSIT.exe
c:\Tata\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IRRCManager] C:\Program Files\Fujitsu\Remote Control Manager\IRRCManager.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\DVR5\SchSvr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.computers.us.fujitsu.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {AE4CEC9D-C836-4579-829B-4C345101B3B9} (GVista Terrain Renderer) - http://www.dilas.ch/plugin/gvista/gvista2709.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://atlas.lsu.edu/acgm/acgm.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C96EBD5F-8397-4B9F-A3F2-6297FACFDD45}: NameServer = 84.16.105.1,84.16.96.2
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: PEVSystemStart - Unknown owner - cmd /k start /i "/dC:" "C:\ComboFix\HIDEC.exe" "C:\WINDOWS\system32\CF12958.exe" /c RD /S/Q \$RECYCLE.bin \RECYCLER \RECYCLED (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 10774 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-13 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-09-24 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-18 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-22 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-26 1008896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-22 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-22 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-26 1008896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2004-07-06 106496]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-07 88363]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2004-07-02 163840]
"IndicatorUtility"=C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [2004-08-05 81920]
"LoadFujitsuQuickTouch"=C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [2004-08-11 242688]
"LoadBtnHnd"=C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe [2004-08-11 61440]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\point32.exe [2004-06-03 204800]
"IRRCManager"=C:\Program Files\Fujitsu\Remote Control Manager\IRRCManager.exe [2004-09-08 1773568]
"FJUPDNV_Chitose"=C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe [2003-12-11 167936]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-28 1948440]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-23 116040]
"AtiPTA"=C:\WINDOWS\system32\atiptaxx.exe [2006-02-22 344064]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-09-24 185896]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-15 565008]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-15 2407184]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"=C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE [2003-11-21 143360]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
InterVideo Scheduler server.lnk - C:\Program Files\InterVideo\DVR5\SchSvr.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-05 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-06-28 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-20 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoSMHelp"=01000000
"NoLogoff"=0
"NoSMMyDocs"=01000000
"NoSMMyPictures"=01000000
"NoNetworkConnections"=01000000
"NoUserNameInStartMenu"=01000000
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoWelcomeScreen"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Valve\Steam\Steam.exe"="C:\Program Files\Valve\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Far\Far.exe"="C:\Program Files\Far\Far.exe:*:Enabled:File and archive manager"
"C:\Program Files\eDonkey2000\edonkey2000.exe"="C:\Program Files\eDonkey2000\edonkey2000.exe:*:Enabled:edonkey2000"
"C:\Program Files\support.com\bin\tgcmd.exe"="C:\Program Files\support.com\bin\tgcmd.exe:*:Disabled:Support.com Scheduler and Command Dispatcher"
"C:\Program Files\BitTorrent\btdownloadgui.exe"="C:\Program Files\BitTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\Trillian\trillian.exe"="C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian"
"C:\Program Files\Quake III Arena\quake3.exe"="C:\Program Files\Quake III Arena\quake3.exe:*:Disabled:quake3"
"C:\Program Files\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing"
"C:\Program Files\Opera\Opera.exe"="C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\My Documents\My Downloads\DtaUpgrader_001410.exe"="C:\My Documents\My Downloads\DtaUpgrader_001410.exe:*:Enabled:DTA Firmware Upgrader"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent"
"C:\Program Files\World of Warcraft\WoW-1.4.0-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.4.0-enUS-downloader.exe:*:Disabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.2.3-patch-enUS-Downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.2.3-patch-enUS-Downloader.exe:*:Disabled:Blizzard Downloader"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\Direct Connect\Direct Connect.exe"="C:\Program Files\Direct Connect\Direct Connect.exe:*:Disabled:Direct Connect"
"C:\Program Files\Gnucleus\Gnucleus.exe"="C:\Program Files\Gnucleus\Gnucleus.exe:*:Disabled:Gnucleus"
"C:\Program Files\Valve\Steam\SteamApps\andrasbalogh\lostcoast\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\andrasbalogh\lostcoast\hl2.exe:*:Disabled:hl2"
"C:\Program Files\Valve\Steam\SteamApps\andrasbalogh\half-life 2\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\andrasbalogh\half-life 2\hl2.exe:*:Disabled:hl2"
"C:\Program Files\Valve\Steam\SteamApps\andrasbalogh\half-life 2 deathmatch\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\andrasbalogh\half-life 2 deathmatch\hl2.exe:*:Disabled:hl2"
"C:\Program Files\Valve\Steam\SteamApps\andrasbalogh\counter-strike source\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\andrasbalogh\counter-strike source\hl2.exe:*:Disabled:hl2"
"C:\Program Files\Kazaa Lite Resurrection\kazaalite.kpp"="C:\Program Files\Kazaa Lite Resurrection\kazaalite.kpp:*:Disabled:kazaalite"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\Program Files\Phex_2.0.0.76\Phex.exe"="C:\Program Files\Phex_2.0.0.76\Phex.exe:*:Disabled:Phex"
"C:\Program Files\Xolox\XoloxEXE.exe"="C:\Program Files\Xolox\XoloxEXE.exe:*:Disabled:Xolox"
"C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\289650C9E52C40FE91D947C6D0EB72DA\remotex.exe"="C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\289650C9E52C40FE91D947C6D0EB72DA\remotex.exe:*:Enabled:remotex.exe"
"C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\289650C9E52C40FE91D947C6D0EB72DA\rcviewer.exe"="C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\289650C9E52C40FE91D947C6D0EB72DA\rcviewer.exe:*:Enabled:rcviewer.exe"
"C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\289650C9E52C40FE91D947C6D0EB72DA\rcmgrsvc.exe"="C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\289650C9E52C40FE91D947C6D0EB72DA\rcmgrsvc.exe:*:Enabled:rcmgrsvc.exe"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-07-31 19:13:09 ----D---- C:\rsit
2009-07-31 18:15:39 ----D---- C:\Documents and Settings\Administrator\Application Data\Ahead
2009-07-31 18:13:30 ----A---- C:\WINDOWS\system32\TwnLib20.dll
2009-07-31 18:13:29 ----D---- C:\Program Files\Common Files\Ahead
2009-07-31 18:13:29 ----A---- C:\WINDOWS\system32\picn20.dll
2009-07-31 18:13:29 ----A---- C:\WINDOWS\system32\NeroCheck.exe
2009-07-31 18:13:29 ----A---- C:\WINDOWS\system32\ImagXpr5.dll
2009-07-31 18:13:29 ----A---- C:\WINDOWS\system32\imagx5.dll
2009-07-31 18:13:29 ----A---- C:\WINDOWS\system32\imagr5.dll
2009-07-31 18:13:25 ----D---- C:\Program Files\Ahead
2009-07-30 18:20:10 ----SD---- C:\ComboFix
2009-07-30 18:20:10 ----A---- C:\WINDOWS\system32\CF12958.exe
2009-07-29 18:45:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-29 18:07:06 ----A---- C:\WINDOWS\system32\WNASPI32.DLL
2009-07-29 18:05:12 ----D---- C:\adaptec XP32
2009-07-19 16:35:08 ----AD---- C:\WINDOWS\system32\runouce.exe
2009-07-19 16:31:22 ----A---- C:\WINDOWS\system32\msvcr80.dll
2009-07-19 16:31:20 ----A---- C:\WINDOWS\system32\msvcp80.dll
2009-07-19 16:31:19 ----A---- C:\WINDOWS\system32\eEmpty.exe
2009-07-19 16:31:16 ----A---- C:\WINDOWS\system32\T.COM
2009-07-19 16:31:16 ----A---- C:\WINDOWS\R.COM
2009-07-19 16:31:15 ----D---- C:\Program Files\Common Files\MicroWorld
2009-07-19 16:31:06 ----D---- C:\Documents and Settings\All Users\Application Data\MicroWorld
2009-07-14 20:31:39 ----A---- C:\Boot.bak
2009-07-14 20:31:31 ----RASHD---- C:\cmdcons
2009-07-14 20:28:48 ----A---- C:\WINDOWS\NIRCMD.exe
2009-07-14 20:28:47 ----A---- C:\WINDOWS\zip.exe
2009-07-14 20:28:47 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-07-14 20:28:47 ----A---- C:\WINDOWS\SWSC.exe
2009-07-14 20:28:47 ----A---- C:\WINDOWS\SWREG.exe
2009-07-14 20:28:47 ----A---- C:\WINDOWS\sed.exe
2009-07-14 20:28:47 ----A---- C:\WINDOWS\PEV.exe
2009-07-14 20:28:47 ----A---- C:\WINDOWS\grep.exe
2009-07-14 20:28:32 ----D---- C:\WINDOWS\ERDNT
2009-07-14 20:23:31 ----D---- C:\Qoobox
2009-07-14 18:30:56 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-07-14 18:30:49 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-14 18:06:27 ----A---- C:\Program Files\HijackThis.exe
2009-07-13 17:49:37 ----D---- C:\Program Files\CCleaner

======List of files/folders modified in the last 1 months======

2009-07-31 19:13:22 ----D---- C:\Program Files\Mozilla Firefox
2009-07-31 19:13:17 ----D---- C:\Tata
2009-07-31 19:10:53 ----A---- C:\WINDOWS\wincmd.ini
2009-07-31 18:56:52 ----D---- C:\WINDOWS\Temp
2009-07-31 18:13:50 ----D---- C:\WINDOWS\system32\drivers
2009-07-31 18:13:30 ----AD---- C:\WINDOWS\system32
2009-07-31 18:13:29 ----D---- C:\Program Files\Common Files
2009-07-31 18:13:25 ----AD---- C:\Program Files
2009-07-31 18:09:46 ----D---- C:\WINDOWS\Prefetch
2009-07-31 18:09:46 ----D---- C:\Program Files\Astonsoft
2009-07-31 18:03:30 ----A---- C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt
2009-07-31 17:22:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-31 17:21:41 ----D---- C:\Documents and Settings\Administrator\Application Data\Skype
2009-07-31 15:22:14 ----D---- C:\Documents and Settings\Administrator\Application Data\skypePM
2009-07-30 18:31:18 ----N---- C:\WINDOWS\system.ini
2009-07-30 18:31:18 ----AD---- C:\WINDOWS
2009-07-30 18:26:19 ----RSD---- C:\WINDOWS\Fonts
2009-07-30 18:25:23 ----D---- C:\WINDOWS\AppPatch
2009-07-30 18:21:06 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-30 18:18:47 ----D---- C:\totalcmd
2009-07-30 15:07:03 ----A---- C:\WINDOWS\win.ini
2009-07-29 18:16:36 ----D---- C:\Program Files\Logitech
2009-07-28 17:03:27 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-28 15:52:03 ----SHD---- C:\WINDOWS\Installer
2009-07-28 15:52:02 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-07-28 15:25:33 ----RD---- C:\My Documents
2009-07-28 14:16:37 ----HD---- C:\$AVG8.VAULT$
2009-07-19 18:37:55 ----A---- C:\WINDOWS\winamp.ini
2009-07-19 17:43:19 ----D---- C:\Program Files\Java
2009-07-16 17:39:41 ----HD---- C:\WINDOWS\inf
2009-07-16 17:39:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-14 20:31:39 ----RASH---- C:\boot.ini
2009-07-14 20:28:46 ----SHD---- C:\System Volume Information
2009-07-14 20:28:46 ----D---- C:\WINDOWS\system32\Restore
2009-07-14 19:07:07 ----D---- C:\WINDOWS\Minidump
2009-07-14 19:07:07 ----D---- C:\WINDOWS\Debug
2009-07-13 17:26:37 ----D---- C:\Documents and Settings\Administrator\Application Data\Mozilla

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-06 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-28 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-09 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16512]
R2 BtnHnd;BtnHnd; \??\C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys []
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-07 1267724]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-07-05 103391]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2004-07-23 392320]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-05 2782208]
R3 b57w2k;Broadcom NetLink (TM) Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-08-05 121344]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 FUJ02B1;Fujitsu FUJ02B1 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys [2001-08-01 5248]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-01-29 16168]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2008-09-02 28352]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-08-25 10240]
R3 Px64Mc;PIX-MPEG/USB2.0 MCE; C:\WINDOWS\system32\DRIVERS\Px64Mc.sys [2004-08-04 239360]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2004-06-15 263760]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2004-05-26 67584]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 ADVNTDRV;ADVNTDRV; C:\WINDOWS\System32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-11-24 130352]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2008-07-26 23832]
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
S3 LVUVC;Logitech QuickCam E3500(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2008-07-26 4658584]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-11-24 178672]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2004-06-03 20352]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMREDRV;SYMREDRV; \??\C:\WINDOWS\system32\Drivers\SYMREDRV.SYS []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB RS-232 Emulation Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-23 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-05 495616]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-06 907032]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-28 298776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 DXDebug;DirectX Debug Service; C:\Program Files\Common Files\Microsoft Shared\DirectX Extensions\DXDebugService.exe [2005-09-29 88784]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-22 152984]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-03-19 335872]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-29 593920]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 PEVSystemStart;PEVSystemStart; cmd /k start /i /dC: C:\ComboFix\HIDEC.exe C:\WINDOWS\system32\CF12958.exe /c RD /S/Q \$RECYCLE.bin \RECYCLER \RECYCLED []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-05 206552]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

[Damned]

Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

Stáhni si T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš

(pozn.Pokud máš AVG, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, následně T-Cleaner smaž
a zapni si AVG.)

Potom si stáhni nový ComboFix a zkus ho znovu spustit.

[drfira]

Vše provedeno, jak jsi uvedl, Combofix proběhl, pak restartoval notebook a napsal nespouštět žádný program dokud neskončí Combofix a po několika vteřinách modrá smrt stejně, jak jsem uvedl již předešle. Po resetu notebook normálně naběhl a na ploše se objevila další ikono IE. Firefox nebyl po spuštění označen jako primární prohlížeč. Domnívám se, že problémy způsobuje právě IE. Dík za pomoc!

[Damned]

IE je výchozí systémový, proto ComboFix dal ikonu na Plochu, protože defaultní je IE. ComboFix nastavuje některá nastavení do výchozího. Pokud tam máš dvě ikony IE, jednu mohl napadnout šmejd.

Stáhni si :Dr. Web CureIt
dej update , po aktualizaci dej provést úplný sken.
Tlačítky dole můzeš soubor léčit, smazat, přesunout nebo přejmenovat. Dej mi sem potom zprávu.

[drfira]

Dr.Web nic nezjistil, ale Mwav stále hlásí toto:
Objekt "Cydoor Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstranìno!.
Objekt "CoolWebSearch parasite variant Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstranìno!.
Objekt "Delfin_Promulgate Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstranìno!.
Objekt "Delfin_Promulgate Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstranìno!.
Objekt "Backdoor (IRCBot) Trojans Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstranìno!.
Objekt "Spyware.ExpressKeylog Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstranìno!.
Objekt "AntiSpyware Pro XP Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstranìno!.
Objekt "Spyware.KeyProwler Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstranìno!.

Co stím? Díky, že jsi se mnou vydržel!

[jaro3]

Jern vsuvka, MWAV nenašel nic nebezpečného , to jsou jen zbytky po odstraněných nákazách.

[Damned]

Jak říká jaro3, jsou to jen neplatné zápisy v registru. Můžeme je odstranit, když sem přiložíš MWAV.log (zabal ho do archívu a přilož)
Spusť ComboFix a podle návodu u dělej log.

[drfira]

Pomocí kamaráda bylo vše odstraněno a notebook je OK. Pouze při spuštění po naběhnutí systému se zobrazí následující hláška i když byl ComboFix regulérně odinstalován. Jinak děkuji za účinnou pomoc!

[Damned]

Vlož mi sem ještě log z HJT.
*****************************************************************************************************************************************
Start-spustit-napiš: notepad a dej OK. Do něho vlož tento celý (bledě zelený) text:

Kód: Vybrat vše

dir \HIDEC.exe /a h /s > File.txt

uložit na plochu s názvem: find.bat (typ souboru- všechny soubory)
Najdi ho na ploše, poklepej na něj a počkej až se okno zavře a objeví se soubor.txt
Vlož sem potom celý text z tohoto souboru.