Prosím o kontrolu logů...

cyrano52 · Příspěvekod **cyrano52** » 02 čer 2010 16:12

Dobrý den, mohl by mi někdo zkontrolovat logy z ComboFixu a RSITu ? Zdá se mi, že se mi NB zpomalil.

Díky.

z Combofixu:
ComboFix 10-05-25.05 - uživatel 26.05.2010 16:52:58.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2043.1471 [GMT 2:00]
Spuštěný z: c:\documents and settings\uživatel\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-04-26 do 2010-05-26 )))))))))))))))))))))))))))))))
.

2010-05-26 13:23 . 2010-05-26 13:23 -------- d-----w- c:\windows\LastGood
2010-05-21 12:13 . 2010-05-26 14:47 -------- d-----w- c:\program files\Valve
2010-05-02 16:00 . 2008-04-14 05:59 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-05-02 16:00 . 2008-04-14 05:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-05-02 15:59 . 2005-04-12 17:09 159744 ----a-w- c:\windows\system32\WmJoyFrc.dll
2010-05-02 15:59 . 2010-05-02 15:59 -------- d-----w- c:\program files\Common Files\Logitech
2010-05-02 15:59 . 2005-04-12 17:21 22240 ----a-w- c:\windows\system32\drivers\WmFilter.sys
2010-05-02 15:59 . 2005-04-12 17:21 17632 ----a-w- c:\windows\system32\drivers\WmHidLo.sys
2010-05-02 15:59 . 2005-04-12 17:21 5600 ----a-w- c:\windows\system32\drivers\WmVirHid.sys
2010-05-02 15:59 . 2005-04-12 17:21 10144 ----a-w- c:\windows\system32\drivers\WmBEnum.sys
2010-05-02 15:59 . 2005-04-12 17:21 45504 ----a-w- c:\windows\system32\drivers\WmXlCore.sys
2010-05-02 15:59 . 2010-05-02 15:59 -------- d-----w- c:\program files\Logitech

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-25 15:13 . 2008-11-20 06:52 12 ----a-w- c:\windows\bthservsdp.dat
2010-05-22 16:27 . 2009-05-20 12:48 -------- d-----w- c:\program files\trend micro
2010-05-22 15:05 . 2008-11-20 06:46 -------- d-----w- c:\program files\Google
2010-05-22 08:16 . 2008-12-30 18:11 -------- d-----w- c:\program files\CCleaner
2010-05-22 08:13 . 2008-12-30 18:11 -------- d-----w- c:\program files\Yahoo!
2010-05-22 08:12 . 2009-12-10 13:56 -------- d-----r- c:\program files\Skype
2010-05-22 08:12 . 2010-03-25 17:58 -------- d-----w- c:\program files\Opera
2010-05-22 08:10 . 2009-08-05 11:00 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-05-10 12:29 . 2008-09-08 17:48 83586 ----a-w- c:\windows\system32\perfc005.dat
2010-05-10 12:29 . 2008-09-08 17:48 439390 ----a-w- c:\windows\system32\perfh005.dat
2010-05-06 20:59 . 2008-11-20 05:08 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2008-11-20 05:08 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2008-11-20 05:08 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2008-11-20 05:08 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2008-11-20 05:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2008-11-20 05:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2008-11-20 05:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2008-11-20 05:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-02 15:59 . 2008-09-08 17:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-25 14:25 . 2010-04-25 14:25 -------- d-----w- c:\program files\Common Files\Skype
2010-04-19 13:57 . 2009-10-25 14:25 -------- d-----w- c:\program files\CENZURA
2010-04-18 15:32 . 2010-04-18 15:32 -------- d-----w- c:\program files\Conduit
2010-04-14 16:47 . 2008-11-20 05:08 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-11 12:36 . 2008-04-23 04:16 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:36 . 2010-01-19 14:42 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:36 . 2008-04-14 04:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:11 . 2008-05-09 10:56 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-09-17 18:17 . 2009-09-17 18:17 124448152 ----a-w- c:\program files\openofficeorg1.cab
2009-09-17 18:13 . 2009-09-17 18:13 1822848 ----a-w- c:\program files\instmsiw.exe
2009-09-17 18:13 . 2009-09-17 18:13 1709160 ----a-w- c:\program files\instmsia.exe
2009-09-17 18:12 . 2009-09-17 18:12 9795072 ----a-w- c:\program files\openofficeorg31.msi
2009-09-17 18:12 . 2009-09-17 18:12 336 ----a-w- c:\program files\setup.ini
2008-12-24 17:46 . 2008-12-24 17:46 7350192 ----a-w- c:\program files\Firefox Setup 3.0.5.exe
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2009-05-21 15:14 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2007-04-21 20480]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-18 53248]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-07-08 466944]
"Boot"="c:\program files\Acer\Empowering Technology\ePower\Boot.exe" [2007-12-25 579584]
"eRecoveryService"="c:\program files\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-09 870920]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-01 1800464]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer Empowering Technology.lnk - c:\program files\Acer\Empowering Technology\Framework.Launcher.exe [2008-11-20 45056]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-06 20:42 34040 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX8400 Series]
2007-04-12 06:00 182272 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICEE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-02-22 18:12 1032192 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\BackupSvc.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\SchedulerSvc.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\Client\\Agentsvc.exe"=
"d:\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Sacred\\Sacred.exe"=
"d:\\Sacred\\GameServer.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.11.2008 7:08 164048]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [8.12.2009 17:46 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [8.12.2009 17:46 25160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.11.2008 7:08 19024]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3.3.2008 13:11 16384]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [1.3.2009 14:17 222456]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [6.4.2008 22:42 50424]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [13.5.2008 21:49 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [12.6.2008 18:30 43608]
S2 gupdate1ca0914a89946b6;Google Update Service (gupdate1ca0914a89946b6);c:\program files\Google\Update\GoogleUpdate.exe [20.7.2009 10:32 133104]
S2 gupdate1cab7b5c23cf4be;Služba Google Update (gupdate1cab7b5c23cf4be);c:\program files\Google\Update\GoogleUpdate.exe [20.7.2009 10:32 133104]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [4.4.2008 3:03 131072]
S2 PHPGeekUtil;PHPGeekUtil;c:\apache\Apache.exe [25.1.2002 6:30 20480]
S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\drivers\TpChoice.sys [26.12.2007 7:23 17968]
.
Obsah adresáře 'Naplánované úlohy'

2010-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 08:32]

2010-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 08:32]

2010-05-26 c:\windows\Tasks\User_Feed_Synchronization-{0B7D00A6-798F-4FF7-A1C1-E39533791E0A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 16:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT1750559
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5630
uInternet Connection Wizard,ShellNext = iexplore
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\68g3wf9a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 1750559&q=
FF - component: c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\68g3wf9a.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\68g3wf9a.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- Asociace souborů -------
.
txtfile="d:\pspad editor\PSPad.exe" "%1"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
MSConfigStartUp-UniblueSpeedUpMyPC - c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(952)
c:\windows\system32\btmmhook.dll
c:\program files\Windows Media Player\wmpband.dll
c:\program files\Acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-05-26 16:57:59
ComboFix-quarantined-files.txt 2010-05-26 14:57

Před spuštěním: Volných bajtů: 109 161 046 016
Po spuštění: Volných bajtů: 109 122 170 880

- - End Of File - - 96F0635D0F4B862B2D97812339E5A212

a z RSITu:
Logfile of random's system information tool 1.06 (written by random/random)
Run by uživatel at 2010-05-26 16:58:45
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 104 GB (71%) free of 148 GB
Total RAM: 2043 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:58:47, on 26.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\ComboFix\CF12281.cfxxe
C:\ComboFix\mbr.cfxxe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\uživatel\Plocha\RSIT.exe
C:\Program Files\trend micro\uživatel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5630
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Program Files\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2028279812
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Update Service (gupdate1ca0914a89946b6) (gupdate1ca0914a89946b6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdate1cab7b5c23cf4be) (gupdate1cab7b5c23cf4be) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE

--
End of file - 8501 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{0B7D00A6-798F-4FF7-A1C1-E39533791E0A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
Ask Search Assistant BHO - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [2009-05-21 66912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
Ask Toolbar BHO - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2009-05-21 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Ask Toolbar - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2009-05-21 262144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"preload"=C:\Windows\RUNXMLPL.exe [2007-04-21 20480]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-05-07 178712]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"PLFSetL"=C:\WINDOWS\PLFSetL.exe [2007-07-05 94208]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-16 16862720]
"AzMixerSel"=C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe [2006-07-18 53248]
"ePower_DMC"=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-07-08 466944]
"Boot"=C:\Program Files\Acer\Empowering Technology\ePower\Boot.exe [2007-12-25 579584]
"eRecoveryService"=C:\Program Files\Acer\Empowering Technology\eRecovery\eRAgent.exe [2007-07-11 421888]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-06-10 870920]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-02-01 1800464]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-05-06 2815192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-06 34040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX8400 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE [2007-04-12 182272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-02-22 1032192]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Acer Empowering Technology.lnk - C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-07-09 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-06-11 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:*:Enabled:BackupSvc.exe"
"C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:*:Enabled:SchedulerSvc.exe"
"C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:*:Enabled:AgentSvc.exe"
"D:\ICQ6.5\ICQ.exe"="D:\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"D:\Sacred\Sacred.exe"="D:\Sacred\Sacred.exe:*:Enabled:Sacred"
"D:\Sacred\GameServer.exe"="D:\Sacred\GameServer.exe:*:Enabled:Sacred Gameserver"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.txt - open - "D:\PSPad editor\PSPad.exe" "%1"

======List of files/folders created in the last 1 months======

2010-05-26 16:58:00 ----A---- C:\ComboFix.txt
2010-05-26 16:51:49 ----A---- C:\WINDOWS\zip.exe
2010-05-26 16:51:49 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-05-26 16:51:49 ----A---- C:\WINDOWS\SWSC.exe
2010-05-26 16:51:49 ----A---- C:\WINDOWS\SWREG.exe
2010-05-26 16:51:49 ----A---- C:\WINDOWS\sed.exe
2010-05-26 16:51:49 ----A---- C:\WINDOWS\PEV.exe
2010-05-26 16:51:49 ----A---- C:\WINDOWS\NIRCMD.exe
2010-05-26 16:51:49 ----A---- C:\WINDOWS\grep.exe
2010-05-26 16:51:44 ----D---- C:\WINDOWS\ERDNT
2010-05-26 16:51:43 ----D---- C:\ComboFix
2010-05-26 16:51:36 ----D---- C:\Qoobox
2010-05-26 15:23:51 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-05-26 15:23:50 ----D---- C:\WINDOWS\LastGood
2010-05-21 14:13:21 ----D---- C:\Program Files\Valve
2010-05-12 15:21:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-05-02 17:59:27 ----A---- C:\WINDOWS\system32\WmJoyFrc.dll
2010-05-02 17:59:26 ----D---- C:\Program Files\Common Files\Logitech
2010-05-02 17:59:18 ----D---- C:\Program Files\Logitech

======List of files/folders modified in the last 1 months======

2010-05-26 16:58:46 ----D---- C:\Program Files\trend micro
2010-05-26 16:58:10 ----D---- C:\WINDOWS\Prefetch
2010-05-26 16:57:35 ----D---- C:\WINDOWS\temp
2010-05-26 16:56:54 ----D---- C:\WINDOWS
2010-05-26 16:56:54 ----A---- C:\WINDOWS\system.ini
2010-05-26 16:54:58 ----D---- C:\WINDOWS\system32\drivers
2010-05-26 16:54:58 ----D---- C:\WINDOWS\system32
2010-05-26 16:54:58 ----D---- C:\WINDOWS\AppPatch
2010-05-26 16:54:56 ----D---- C:\Program Files\Common Files
2010-05-26 16:54:38 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-26 16:51:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-26 15:23:56 ----HD---- C:\WINDOWS\inf
2010-05-26 15:21:01 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2010-05-24 14:06:03 ----D---- C:\Documents and Settings\uživatel\Data aplikací\Skype
2010-05-24 14:04:06 ----D---- C:\Documents and Settings\uživatel\Data aplikací\skypePM
2010-05-22 17:05:25 ----D---- C:\Program Files\Google
2010-05-22 10:16:07 ----D---- C:\Program Files\CCleaner
2010-05-22 10:13:02 ----D---- C:\Program Files\Yahoo!
2010-05-22 10:12:37 ----SHD---- C:\WINDOWS\Installer
2010-05-22 10:12:36 ----RD---- C:\Program Files\Skype
2010-05-22 10:12:16 ----D---- C:\Program Files\Opera
2010-05-22 10:11:32 ----RD---- C:\Program Files
2010-05-22 10:11:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2010-05-22 10:10:52 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-05-19 10:26:43 ----D---- C:\WINDOWS\Debug
2010-05-17 13:11:22 ----D---- C:\Documents and Settings\uživatel\Data aplikací\ICQ
2010-05-12 15:21:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-12 15:21:40 ----D---- C:\Program Files\Outlook Express
2010-05-12 15:07:11 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-10 14:29:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-06 22:59:36 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-05-02 18:00:38 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-05-02 17:59:15 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-30 20:51:06 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-05-06 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-05-06 164048]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-05-06 46672]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-02-03 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2010-02-01 25160]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-05-06 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-05-06 100432]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-12-24 271360]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-12-24 18048]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-05-06 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-07-09 3231744]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-21 93696]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-03-23 539072]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-03-23 37424]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-03-31 876384]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2006-01-20 17408]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-12-22 988800]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-12-22 209664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-21 4800000]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2008-01-31 13952]
R3 O2MDRDR;O2MDRDR; C:\WINDOWS\system32\DRIVERS\o2media.sys [2008-05-13 51288]
R3 O2SDRDR;O2SDRDR; C:\WINDOWS\system32\DRIVERS\o2sd.sys [2008-06-12 43608]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-10-01 1769984]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-02-22 222400]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-12-22 730112]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2005-04-12 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2005-04-12 45504]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2008-03-19 175104]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-03-23 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-03-31 55352]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2007-03-23 37280]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-23 67960]
S3 catchme;catchme; \??\C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-01-20 25280]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-06-11 6021184]
S3 mbr;mbr; \??\C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NETw5x32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-04-28 3626112]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 npkcrypt;npkcrypt; \??\D:\Lineage 2 Interlude 1\system\npkcrypt.sys []
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 TpChoice;Touch Pad Detection Filter driver; C:\WINDOWS\system32\DRIVERS\TpChoice.sys [2007-12-26 17968]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2005-04-12 22240]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2005-04-12 17632]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2005-04-12 5600]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-07-09 561152]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-02-01 723632]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-05-07 354840]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [2007-02-13 65536]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 gupdate1ca0914a89946b6;Google Update Service (gupdate1ca0914a89946b6); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-20 133104]
S2 gupdate1cab7b5c23cf4be;Služba Google Update (gupdate1cab7b5c23cf4be); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-20 133104]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S2 PHPGeekUtil;PHPGeekUtil; c:\apache\APACHE.EXE [2002-01-25 20480]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-14 87840]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Reklama

bledulka · Příspěvekod **bledulka** » 02 čer 2010 19:59

Ahoj
Můžu vědět, kdo Ti doporučil combofix? To není program na běžné použití, nedoporučuje se používat ho bez dozoru rádce. Občas má nějaký bug a může poškodit systém, případně při silné nákaze ho zruší uplně.
Taky maže stopy po infekci, takže Rsit bude nejspíš čistý.

Změnilo se něco po použití combofixu?

bledulka · Příspěvekod **bledulka** » 02 čer 2010 22:00

Ještě proveď

Combofix přesuň na plochu
-otevři si Poznámkový blok
-Do něj zkopíruj text z tohoto okénka

Kód: Vybrat vše

Folder::
c:\program files\AskSBar
c:\program files\DAEMON Tools Toolbar
c:\program files\Conduit

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

Driver::
npkcrypt

Extra::

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT1750559
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5630

Firefox::
FF - ProfilePath - c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\68g3wf9a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 1750559&q=

-vytvořený TXT soubor ulož jako CFScript.txt na plochu a levým myšítkem přesuň nad ikonu Combofixu, kde ho upustíš

-Po proběhnutí skenu a ukončení combofixu by se měl objevit log, vlož ho zde.

Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

cyrano52 · Příspěvekod **cyrano52** » 03 čer 2010 15:25

Už jsem měl nejednou problémy s "pomalostí" NB, tak jsem se obrátil na fórum avastu, kde po mě vždy chtěli logy s ComboFixu a RSITu. Vždy to pomohlo, ale i po fixnutí se to celkem zadrhává...

Máte ještě nějaké nápady na zrychlení ?
Díky.

PS: přikládám log z ComboFixu...

ComboFix 10-05-25.05 - uživatel 03.06.2010 15:16:40.6.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2043.1501 [GMT 2:00]
Spuštěný z: c:\documents and settings\uživatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\uživatel\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskSBar
c:\program files\AskSBar\bar\1.bin\A2FFXTBR.JAR
c:\program files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST
c:\program files\AskSBar\bar\1.bin\A2HIGHIN.EXE
c:\program files\AskSBar\bar\1.bin\A2NTSTBR.JAR
c:\program files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST
c:\program files\AskSBar\bar\1.bin\A2PLUGIN.DLL
c:\program files\AskSBar\bar\1.bin\ASKSBAR.DLL
c:\program files\AskSBar\bar\1.bin\NPASKSBR.DLL
c:\program files\AskSBar\bar\Cache\000DBA57.bin
c:\program files\AskSBar\bar\Cache\000DBBDE.bin
c:\program files\AskSBar\bar\Cache\000DBD55.bin
c:\program files\AskSBar\bar\Cache\000DBF39.bin
c:\program files\AskSBar\bar\Cache\000DC082.bin
c:\program files\AskSBar\bar\Cache\000DC1F9.bin
c:\program files\AskSBar\bar\Cache\000DC321.bin
c:\program files\AskSBar\bar\Cache\000DC45A.bin
c:\program files\AskSBar\bar\Cache\000DC5E1.bin
c:\program files\AskSBar\bar\Cache\00316591
c:\program files\AskSBar\bar\Cache\files.ini
c:\program files\AskSBar\bar\History\search2
c:\program files\AskSBar\bar\Settings\prevcfg2.htm
c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
c:\program files\Conduit
c:\program files\Conduit\Community Alerts\Alert.dll
c:\program files\DAEMON Tools Toolbar
c:\program files\DAEMON Tools Toolbar\_DTLite.xml

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-03 do 2010-06-03 )))))))))))))))))))))))))))))))
.

2010-05-21 12:13 . 2010-06-02 18:07 -------- d-----w- c:\program files\Valve

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-02 18:15 . 2008-11-20 06:52 12 ----a-w- c:\windows\bthservsdp.dat
2010-05-26 14:58 . 2009-05-20 12:48 -------- d-----w- c:\program files\trend micro
2010-05-22 15:05 . 2008-11-20 06:46 -------- d-----w- c:\program files\Google
2010-05-22 08:16 . 2008-12-30 18:11 -------- d-----w- c:\program files\CCleaner
2010-05-22 08:13 . 2008-12-30 18:11 -------- d-----w- c:\program files\Yahoo!
2010-05-22 08:12 . 2009-12-10 13:56 -------- d-----r- c:\program files\Skype
2010-05-22 08:12 . 2010-03-25 17:58 -------- d-----w- c:\program files\Opera
2010-05-10 12:29 . 2008-09-08 17:48 83586 ----a-w- c:\windows\system32\perfc005.dat
2010-05-10 12:29 . 2008-09-08 17:48 439390 ----a-w- c:\windows\system32\perfh005.dat
2010-05-06 20:59 . 2008-11-20 05:08 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2008-11-20 05:08 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2008-11-20 05:08 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2008-11-20 05:08 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2008-11-20 05:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2008-11-20 05:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2008-11-20 05:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2008-11-20 05:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-02 15:59 . 2010-05-02 15:59 -------- d-----w- c:\program files\Common Files\Logitech
2010-05-02 15:59 . 2010-05-02 15:59 -------- d-----w- c:\program files\Logitech
2010-05-02 15:59 . 2008-09-08 17:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-25 14:25 . 2010-04-25 14:25 -------- d-----w- c:\program files\Common Files\Skype
2010-04-19 13:57 . 2009-10-25 14:25 -------- d-----w- c:\program files\CENZURA
2010-04-14 16:47 . 2008-11-20 05:08 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-11 12:36 . 2008-04-23 04:16 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:36 . 2010-01-19 14:42 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:36 . 2008-04-14 04:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:11 . 2008-05-09 10:56 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-09-17 18:17 . 2009-09-17 18:17 124448152 ----a-w- c:\program files\openofficeorg1.cab
2009-09-17 18:13 . 2009-09-17 18:13 1822848 ----a-w- c:\program files\instmsiw.exe
2009-09-17 18:13 . 2009-09-17 18:13 1709160 ----a-w- c:\program files\instmsia.exe
2009-09-17 18:12 . 2009-09-17 18:12 9795072 ----a-w- c:\program files\openofficeorg31.msi
2009-09-17 18:12 . 2009-09-17 18:12 336 ----a-w- c:\program files\setup.ini
2008-12-24 17:46 . 2008-12-24 17:46 7350192 ----a-w- c:\program files\Firefox Setup 3.0.5.exe
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-05-26_14.56.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-03 13:10 . 2010-06-03 13:10 16384 c:\windows\temp\Perflib_Perfdata_c9c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2007-04-21 20480]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-18 53248]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-07-08 466944]
"Boot"="c:\program files\Acer\Empowering Technology\ePower\Boot.exe" [2007-12-25 579584]
"eRecoveryService"="c:\program files\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-09 870920]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-01 1800464]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer Empowering Technology.lnk - c:\program files\Acer\Empowering Technology\Framework.Launcher.exe [2008-11-20 45056]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-06 20:42 34040 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX8400 Series]
2007-04-12 06:00 182272 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICEE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-02-22 18:12 1032192 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\BackupSvc.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\SchedulerSvc.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\Client\\Agentsvc.exe"=
"d:\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Sacred\\Sacred.exe"=
"d:\\Sacred\\GameServer.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.11.2008 7:08 164048]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [8.12.2009 17:46 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [8.12.2009 17:46 25160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.11.2008 7:08 19024]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3.3.2008 13:11 16384]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [1.3.2009 14:17 222456]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [6.4.2008 22:42 50424]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [13.5.2008 21:49 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [12.6.2008 18:30 43608]
S2 gupdate1ca0914a89946b6;Google Update Service (gupdate1ca0914a89946b6);c:\program files\Google\Update\GoogleUpdate.exe [20.7.2009 10:32 133104]
S2 gupdate1cab7b5c23cf4be;Služba Google Update (gupdate1cab7b5c23cf4be);c:\program files\Google\Update\GoogleUpdate.exe [20.7.2009 10:32 133104]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [4.4.2008 3:03 131072]
S2 PHPGeekUtil;PHPGeekUtil;c:\apache\Apache.exe [25.1.2002 6:30 20480]
S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\drivers\TpChoice.sys [26.12.2007 7:23 17968]
.
Obsah adresáře 'Naplánované úlohy'

2010-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 08:32]

2010-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 08:32]

2010-06-03 c:\windows\Tasks\User_Feed_Synchronization-{0B7D00A6-798F-4FF7-A1C1-E39533791E0A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 16:36]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\68g3wf9a.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - component: c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\68g3wf9a.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\68g3wf9a.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- Asociace souborů -------
.
txtfile="d:\pspad editor\PSPad.exe" "%1"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-03 15:18
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-06-03 15:20:34
ComboFix-quarantined-files.txt 2010-06-03 13:20
ComboFix2.txt 2010-05-26 14:58

Před spuštěním: Volných bajtů: 108 435 169 280
Po spuštění: Volných bajtů: 108 394 840 064

- - End Of File - - 4612DE00A8E6A25A7B3599F306CC9912

bledulka · Příspěvekod **bledulka** » 03 čer 2010 18:40

Máš prošlý combofix, můžeš prosím stahnout nový?
Tento odinstaluj
přes Start - Spustit
- zkopíruj do okénka:

ComboFix /Uninstall

-stiskni Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.

Defragmentaci disku jsi ted někdy dělal?

Stahni Mbam http://download.cnet.com/3001-8022_4-10 ... l-10804572
-nainstaluj, aktualizuj
-udělej uplný sken a vlož sem log

cyrano52 · Příspěvekod **cyrano52** » 06 čer 2010 14:14

A po stáhnutí nového CF mám udělat nový sken ?

Defragmentaci dělám zhruba co měsíc na obou discích.

Přikládám log z MBAM:

Kód: Vybrat vše

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4172

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6.6.2010 14:12:23
mbam-log-2010-06-06 (14-12-23).txt

Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 216996
Uplynulý čas: 27 minuta(y), 27 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

bledulka · Příspěvekod **bledulka** » 06 čer 2010 18:31

Ano, udělej nový sken a vlož sem log

cyrano52 · Příspěvekod **cyrano52** » 06 čer 2010 20:23

Tak jsem odinstaloval starý ComboFix a ještě jsem to projel T-cleanrem, který odstraňuje zbytky po CF a stáhnul jsem nový.

přikládám log:

Kód: Vybrat vše

ComboFix 10-06-05.03 - uživatel 06.06.2010  20:15:59.7.2 - x86
Systém Microsoft Windows XP Professional  5.1.2600.3.1250.420.1029.18.2043.1413 [GMT 2:00]
Spuštěný z: c:\documents and settings\uživatel\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

(((((((((((((((((((((((((   Soubory vytvořené od 2010-05-06 do 2010-06-06  )))))))))))))))))))))))))))))))
.

2010-06-06 11:34 . 2010-04-29 13:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-06 11:34 . 2010-04-29 13:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-06-06 11:34 . 2010-06-06 11:35   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-05-21 12:13 . 2010-06-06 14:09   --------   d-----w-   c:\program files\Valve

.
((((((((((((((((((((((((((((((((((((((((   Find3M výpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-06 14:10 . 2008-11-20 06:52   12   ----a-w-   c:\windows\bthservsdp.dat
2010-06-06 13:36 . 2009-05-20 12:48   --------   d-----w-   c:\program files\trend micro
2010-05-22 15:05 . 2008-11-20 06:46   --------   d-----w-   c:\program files\Google
2010-05-22 08:16 . 2008-12-30 18:11   --------   d-----w-   c:\program files\CCleaner
2010-05-22 08:13 . 2008-12-30 18:11   --------   d-----w-   c:\program files\Yahoo!
2010-05-22 08:12 . 2009-12-10 13:56   --------   d-----r-   c:\program files\Skype
2010-05-22 08:12 . 2010-03-25 17:58   --------   d-----w-   c:\program files\Opera
2010-05-10 12:29 . 2008-09-08 17:48   83586   ----a-w-   c:\windows\system32\perfc005.dat
2010-05-10 12:29 . 2008-09-08 17:48   439390   ----a-w-   c:\windows\system32\perfh005.dat
2010-05-06 20:59 . 2008-11-20 05:08   165032   ----a-w-   c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2008-11-20 05:08   46672   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2008-11-20 05:08   164048   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2008-11-20 05:08   23376   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2008-11-20 05:08   100432   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2008-11-20 05:08   94800   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2008-11-20 05:08   19024   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2008-11-20 05:08   28880   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2010-05-02 15:59 . 2010-05-02 15:59   --------   d-----w-   c:\program files\Common Files\Logitech
2010-05-02 15:59 . 2010-05-02 15:59   --------   d-----w-   c:\program files\Logitech
2010-05-02 15:59 . 2008-09-08 17:27   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-04-25 14:25 . 2010-04-25 14:25   --------   d-----w-   c:\program files\Common Files\Skype
2010-04-19 13:57 . 2009-10-25 14:25   --------   d-----w-   c:\program files\CENZURA
2010-04-14 16:47 . 2008-11-20 05:08   38848   ----a-w-   c:\windows\system32\avastSS.scr
2010-03-11 12:36 . 2008-04-23 04:16   832512   ----a-w-   c:\windows\system32\wininet.dll
2010-03-11 12:36 . 2010-01-19 14:42   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-03-11 12:36 . 2008-04-14 04:00   17408   ----a-w-   c:\windows\system32\corpol.dll
2010-03-09 11:11 . 2008-05-09 10:56   430080   ----a-w-   c:\windows\system32\vbscript.dll
2009-09-17 18:17 . 2009-09-17 18:17   124448152   ----a-w-   c:\program files\openofficeorg1.cab
2009-09-17 18:13 . 2009-09-17 18:13   1822848   ----a-w-   c:\program files\instmsiw.exe
2009-09-17 18:13 . 2009-09-17 18:13   1709160   ----a-w-   c:\program files\instmsia.exe
2009-09-17 18:12 . 2009-09-17 18:12   9795072   ----a-w-   c:\program files\openofficeorg31.msi
2009-09-17 18:12 . 2009-09-17 18:12   336   ----a-w-   c:\program files\setup.ini
2008-12-24 17:46 . 2008-12-24 17:46   7350192   ----a-w-   c:\program files\Firefox Setup 3.0.5.exe
2009-01-27 01:34 . 2009-01-27 01:34   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((   Spouštěcí body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2007-04-21 20480]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-18 53248]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-07-08 466944]
"Boot"="c:\program files\Acer\Empowering Technology\ePower\Boot.exe" [2007-12-25 579584]
"eRecoveryService"="c:\program files\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-09 870920]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-01 1800464]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer Empowering Technology.lnk - c:\program files\Acer\Empowering Technology\Framework.Launcher.exe [2008-11-20 45056]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-06 20:42   34040   ----a-w-   c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51   691656   ----a-w-   c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX8400 Series]
2007-04-12 06:00   182272   ----a-w-   c:\windows\system32\spool\drivers\w32x86\3\E_FATICEE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-02-22 18:12   1032192   ----a-w-   c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\BackupSvc.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\SchedulerSvc.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\Client\\Agentsvc.exe"=
"d:\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Sacred\\Sacred.exe"=
"d:\\Sacred\\GameServer.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.11.2008 7:08 164048]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [8.12.2009 17:46 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [8.12.2009 17:46 25160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.11.2008 7:08 19024]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3.3.2008 13:11 16384]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [1.3.2009 14:17 222456]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [6.4.2008 22:42 50424]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [13.5.2008 21:49 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [12.6.2008 18:30 43608]
S2 gupdate1ca0914a89946b6;Google Update Service (gupdate1ca0914a89946b6);c:\program files\Google\Update\GoogleUpdate.exe [20.7.2009 10:32 133104]
S2 gupdate1cab7b5c23cf4be;Služba Google Update (gupdate1cab7b5c23cf4be);c:\program files\Google\Update\GoogleUpdate.exe [20.7.2009 10:32 133104]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [4.4.2008 3:03 131072]
S2 PHPGeekUtil;PHPGeekUtil;c:\apache\Apache.exe [25.1.2002 6:30 20480]
S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\drivers\TpChoice.sys [26.12.2007 7:23 17968]
.
Obsah adresáře 'Naplánované úlohy'

2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 08:32]

2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 08:32]

2010-06-06 c:\windows\Tasks\User_Feed_Synchronization-{0B7D00A6-798F-4FF7-A1C1-E39533791E0A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 16:36]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\68g3wf9a.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - component: c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\68g3wf9a.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\68g3wf9a.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- Asociace souborů -------
.
txtfile="d:\pspad editor\PSPad.exe" "%1"
.

**************************************************************************
skenování skrytých procesů ...  

skenování skrytých položek 'Po spuštění' ... 

skenování skrytých souborů ...  

sken byl úspešně dokončen
skryté soubory: 

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2932)
c:\windows\system32\btmmhook.dll
c:\program files\Windows Media Player\wmpband.dll
c:\program files\Acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-06-06  20:20:43
ComboFix-quarantined-files.txt  2010-06-06 18:20

Před spuštěním: Volných bajtů: 120 375 046 144
Po spuštění: Volných bajtů: 120 336 814 080

- - End Of File - - 068B448C8F2C731C8AE44A4F8E14BC22

bledulka · Příspěvekod **bledulka** » 06 čer 2010 22:00

Log vypadá v pořádku, ale pokud nejsi proti, ráda bych ještě udělala test na rootkity.

Stahni Gmer http://www.gmer.net/gmer.zip
-rozbal ho a spusť
-po prvním rychlém skenu klikni na tlačítko Save, uloží se log, který mi sem zkopíruješ.
-v pravém sloupci označ všechny položky fajfkou ve čtverečku a klikni na tlačítko scan
-až se sken dokončí, opět tlačítkem Save ulož log, který sem vložíš.

cyrano52 · Příspěvekod **cyrano52** » 07 čer 2010 08:08

Nejsem proti

přikládám log z prvního skenu:

Kód: Vybrat vše

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-06-07 07:45:07
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\kwryifod.sys


---- System - GMER 1.0.15 ----

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)  ZwCreateProcessEx [0x9F907AC6]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)  ObInsertObject
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)  ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                 aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                 aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                               cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                               aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                              cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                              aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                              cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                              aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                            cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                            aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

a z druhého skenu:

Kód: Vybrat vše

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-07 07:59:14
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\kwryifod.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                    ZwAdjustPrivilegesToken [0x9FAB4BDA]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwClose [0x9F8FAC7A]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                    ZwConnectPort [0x9FAB41B8]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                    ZwCreateFile [0x9FAB4840]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwCreateKey [0x9F8FAB36]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                    ZwCreatePort [0x9FAB409A]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                    ZwCreateSection [0x9FAB606A]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                    ZwCreateSymbolicLinkObject [0x9FAB6302]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                    ZwCreateThread [0x9FAB3C60]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwDeleteKey [0x9F8FB0EA]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwDeleteValueKey [0x9F8FB014]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwDuplicateObject [0x9F8FA70C]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                    ZwLoadDriver [0x9FAB5CEC]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                    ZwMakeTemporaryObject [0x9FAB443C]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                    ZwOpenFile [0x9FAB4A1C]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwOpenKey [0x9F8FAC10]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwOpenProcess [0x9F8FA64C]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                    ZwOpenSection [0x9FAB46CC]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwOpenThread [0x9F8FA6B0]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwQueryValueKey [0x9F8FAD30]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwRenameKey [0x9F8FB1B8]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                    ZwRequestWaitReplyPort [0x9FAB6648]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwRestoreKey [0x9F8FACF0]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                    ZwSecureConnectPort [0x9FAB5A88]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                    ZwSetSecurityObject [0x9FAB4DC0]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                    ZwSetSystemInformation [0x9FAB5E9A]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwSetValueKey [0x9F8FAE70]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                    ZwShutdownSystem [0x9FAB43D6]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                    ZwSystemDebugControl [0x9FAB45C0]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                    ZwTerminateProcess [0x9FAB3F64]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                    ZwTerminateThread [0x9FAB3E32]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwCreateProcessEx [0x9F907AC6]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ObInsertObject
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwCallbackReturn + 2CCC                                                                          80504568 4 Bytes  JMP 549F8FB0 
PAGE            ntkrnlpa.exe!ObMakeTemporaryObject                                                                            805BC502 5 Bytes  JMP 9F903536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE            ntkrnlpa.exe!ObInsertObject                                                                                   805C2F86 5 Bytes  JMP 9F904EC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE            ntkrnlpa.exe!ZwCreateProcessEx                                                                                805D1134 7 Bytes  JMP 9F907ACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.text           C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                                      section is writeable [0xAC7DA000, 0x19DE40, 0xE8000020]
.text           C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                        section is writeable [0x9AAE6300, 0x3ACC8, 0xE8000020]
.text           C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                        section is writeable [0xBA400300, 0x1B7E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[500] ntdll.dll!NtAllocateVirtualMemory               7C90CF6E 5 Bytes  JMP 0050E060 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text           C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1164] ntdll.dll!NtAllocateVirtualMemory         7C90CF6E 5 Bytes  JMP 0040FD50 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2076] ntdll.dll!LdrLoadDll                                       7C9163C3 5 Bytes  JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter]                                           [B9CD76E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter]                                            [B9CD77B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol]                                     [B9CD7780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol]                                       [B9CD7740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol]                                      [B9CD7740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter]                                           [B9CD77B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter]                                          [B9CD76E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol]                                    [B9CD7780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol]                                      [B9CD7780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol]                                        [B9CD7740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter]                                             [B9CD77B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter]                                            [B9CD76E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol]                                       [B9CD7740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol]                                     [B9CD7780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter]                                           [B9CD76E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter]                                            [B9CD77B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter]                                             [B9CD76E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter]                                              [B9CD77B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol]                                         [B9CD7740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol]                                      [B9CD7780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol]                                        [B9CD7740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter]                                             [B9CD77B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter]                                            [B9CD76E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol]                                       [B9CD7740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol]                                     [B9CD7780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter]                                           [B9CD76E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter]                                            [B9CD77B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\WINDOWS\system32\services.exe[852] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]  003E0002
IAT             C:\WINDOWS\system32\services.exe[852] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW]        003E0000

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                        aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                        aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                      cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                      aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                       SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                       SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                     cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                     aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                     cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                     aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                   cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                   aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe2fc0a3a                                   
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe2fc0a3a (not active ControlSet)               

---- EOF - GMER 1.0.15 ----

bledulka · Příspěvekod **bledulka** » 07 čer 2010 08:18

Gmer je ok, co počítač, jak to teď s ním vypadá?

cyrano52 · Příspěvekod **cyrano52** » 07 čer 2010 08:41

Celkem se zlepšil, není to sice úplně stejné, jak jsem ho prve zapínal :lol:

, ale hodně se k tomu přiblížil, takže bych Ti chtěl poděkovat za tvůj čas a ochotu ;-)

.

Prosím o kontrolu logů... Vyřešeno

Prosím o kontrolu logů...

Re: Prosím o kontrolu logů...

Re: Prosím o kontrolu logů...

Re: Prosím o kontrolu logů...

Re: Prosím o kontrolu logů...

Re: Prosím o kontrolu logů...

Re: Prosím o kontrolu logů...

Re: Prosím o kontrolu logů...

Re: Prosím o kontrolu logů...

Re: Prosím o kontrolu logů...

Re: Prosím o kontrolu logů...

Re: Prosím o kontrolu logů...

Kdo je online