Ahoj,
prosim o odstraneni bordelu,...
...tento PC byl v obehu a byl i pujcovany (a dochazelo k castemu pripojovanu ruznych flash-disku, bez toho, aniz by se vedelo co-je-co), je mozne, ze se do PC neco pritahlo.
Postizeny je program ''Free Registry Clener for Vista'' - ve sve podstate ho je mozne i odstranit (registrum slouzi Ccleaner, a myslim, ze tento RegCLener zase takova bomba neni, aby se dodacne pouzival - uz ani nevim, kde se tam vzal), ale pro-zatim se s tim nic nedelalo.
PC nejevi znamky problemu (zamrzani, zpomaleni,..) > zjisteno nahodnou dukladnejsi kontrolou.
/
/
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4201
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928
15/06/2010 22:52:59
mbam-log-2010-06-15 (22-52-59).txt
Scan type: Quick scan
Objects scanned: 118500
Time elapsed: 9 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner For Vista (Rogue.FreeRegistryCleanerForVista) -> No action taken.
C:\Program Files\Free Registry Cleaner For Vista (Rogue.FreeRegistryCleanerForVista) -> No action taken.
Files Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner For Vista\Free Registry Cleaner for Vista.lnk (Rogue.FreeRegistryCleanerForVista) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner For Vista\Uninstall Free Registry Cleaner for Vista.lnk (Rogue.FreeRegistryCleanerForVista) -> No action taken.
C:\Program Files\Free Registry Cleaner For Vista\RegCleanerForVista.exe (Rogue.FreeRegistryCleanerForVista) -> No action taken.
C:\Program Files\Free Registry Cleaner For Vista\unins000.dat (Rogue.FreeRegistryCleanerForVista) -> No action taken.
C:\Program Files\Free Registry Cleaner For Vista\unins000.exe (Rogue.FreeRegistryCleanerForVista) -> No action taken.
/
/
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:55:25, on 15/06/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Windows\V0250Mon.exe
C:\Windows\sttray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: ÿþ127.0.0.1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0250Mon.exe] C:\Windows\V0250Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: QuickSet.lnk = ?
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\BurnAware Free\nmsaccessu.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 5923 bytes
MBAM - nalez Vyřešeno
Re: MBAM - nalez
Ahoj,
otestuj na http://www.virustotal.com
C:\Program Files\Free Registry Cleaner For Vista\RegCleanerForVista.exe
-Do okénka zkopíruj cestu k souboru , pokud napíše, že soubor byl už testován, dej otestovat znovu.
-Sem vlož link s výsledky.
****************
Stahni Rsit http://images.malwareremoval.com/random/RSIT.exe
-spusť, klikni na tlačítko Continue
-po skenu na tebe vyběhne log.txt,obsah vlož zde
*************
Zapoj aspon flešky co máš po ruce
Stáhni na plochu UsbFix
- Před stažením vypni rezidentní štít antiviru, má na Usbfix falešnou detekci
-spusť
-klikni na volbu deletion , potvrď enter
- po skenu sem vlož log , pokud na Vás nevyskočí, najdi ho C:\UsbFix.txt
otestuj na http://www.virustotal.com
C:\Program Files\Free Registry Cleaner For Vista\RegCleanerForVista.exe
-Do okénka zkopíruj cestu k souboru , pokud napíše, že soubor byl už testován, dej otestovat znovu.
-Sem vlož link s výsledky.
****************
Stahni Rsit http://images.malwareremoval.com/random/RSIT.exe
-spusť, klikni na tlačítko Continue
-po skenu na tebe vyběhne log.txt,obsah vlož zde
*************
Zapoj aspon flešky co máš po ruce
Stáhni na plochu UsbFix
- Před stažením vypni rezidentní štít antiviru, má na Usbfix falešnou detekci
-spusť
-klikni na volbu deletion , potvrď enter
- po skenu sem vlož log , pokud na Vás nevyskočí, najdi ho C:\UsbFix.txt
-
peacoq
- Pohlaví:
Re: MBAM - nalez
Ok, koukam, ze jsi tady (asi) nova jako radce, a valis jeste o pul-noci, tak dik 
/
http://www.virustotal.com/analisis/c877 ... 1276636904
/
UsbFix bezel bez problemu, napichnuty vsechny USB (mys, webkamera, flashka, husi krk-lampicka), AV Avira vypnuta.
- pri 80ti procentech; Cracs, Keygens, Serials, zapipal 3krat jako pri detekci viru Avirou (nic takoveho tam ale neni (nejake ty srada-cracky, apod.), a asi je to jen pruvodni prvek. Po skonce vyskocil log, a jest 2krat to stejne tak zapipalo.
/
RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Dell at 2010-06-15 23:56:49
Microsoft® Windows Vista™ Business Service Pack 2
System drive C: has 17 GB (30%) free of 55 GB
Total RAM: 893 MB (31% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:57:32, on 15/06/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\totalcmd\TOTALCMD.EXE
C:\Users\Dell\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Dell.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
O1 - Hosts: ÿþ127.0.0.1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0250Mon.exe] C:\Windows\V0250Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: QuickSet.lnk = ?
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\BurnAware Free\nmsaccessu.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 5255 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-25 41760]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-15 815104]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2007-03-21 1548288]
"AVFX Engine"=C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe [2006-06-09 24576]
"V0250Mon.exe"=C:\Windows\V0250Mon.exe [2006-06-08 32768]
"SigmatelSysTrayApp"=C:\Windows\sttray.exe [2006-11-22 303104]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-21 61440]
"New Value #1"= []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-11-22 1037192]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Creative Live! Cam Manager"=C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe [2006-05-31 143360]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-11 548352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=145
"NoDriveTypeAutoRun"=145
"HonorAutoRunSetting"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 3 months======
2010-06-15 23:53:13 ----RASHD---- C:\autorun.inf
2010-06-15 23:48:18 ----A---- C:\UsbFix.txt
2010-06-15 23:43:50 ----D---- C:\UsbFix
2010-06-12 13:06:31 ----A---- C:\Windows\system32\mshtml.dll
2010-06-12 13:06:30 ----A---- C:\Windows\system32\ieframe.dll
2010-06-12 13:06:28 ----A---- C:\Windows\system32\wininet.dll
2010-06-12 13:06:28 ----A---- C:\Windows\system32\urlmon.dll
2010-06-12 13:06:28 ----A---- C:\Windows\system32\iertutil.dll
2010-06-12 13:06:27 ----A---- C:\Windows\system32\occache.dll
2010-06-12 13:06:27 ----A---- C:\Windows\system32\mstime.dll
2010-06-12 13:06:27 ----A---- C:\Windows\system32\msfeeds.dll
2010-06-12 13:06:27 ----A---- C:\Windows\system32\iedkcs32.dll
2010-06-12 13:06:25 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-06-12 13:06:25 ----A---- C:\Windows\system32\ieUnatt.exe
2010-06-12 13:06:25 ----A---- C:\Windows\system32\ieui.dll
2010-06-12 13:06:25 ----A---- C:\Windows\system32\iesysprep.dll
2010-06-12 13:06:25 ----A---- C:\Windows\system32\iepeers.dll
2010-06-12 13:06:24 ----A---- C:\Windows\system32\msfeedssync.exe
2010-06-12 13:06:24 ----A---- C:\Windows\system32\jsproxy.dll
2010-06-12 13:06:24 ----A---- C:\Windows\system32\iesetup.dll
2010-06-12 13:06:24 ----A---- C:\Windows\system32\iernonce.dll
2010-06-12 13:06:24 ----A---- C:\Windows\system32\ie4uinit.exe
2010-06-12 13:05:37 ----A---- C:\Windows\system32\atmfd.dll
2010-06-12 13:05:36 ----A---- C:\Windows\system32\atmlib.dll
2010-06-12 13:04:50 ----A---- C:\Windows\system32\asycfilt.dll
2010-06-04 10:05:33 ----SHD---- C:\Windows\system32\%APPDATA%
2010-05-26 11:36:43 ----A---- C:\Windows\system32\tzres.dll
2010-05-12 11:07:12 ----A---- C:\Windows\system32\inetcomm.dll
2010-05-11 18:26:29 ----D---- C:\Windows\system32\QuickTime
2010-05-04 11:54:29 ----D---- C:\ProgramData\DivX
2010-05-02 13:23:24 ----D---- C:\ProgramData\TVU Networks
2010-05-02 13:21:18 ----D---- C:\Program Files\TVUPlayer
2010-05-02 12:49:43 ----D---- C:\Windows\system32\TVUAx
2010-04-25 13:25:26 ----D---- C:\Program Files\Common Files\Java
2010-04-25 13:24:32 ----A---- C:\Windows\system32\javaws.exe
2010-04-25 13:24:32 ----A---- C:\Windows\system32\javaw.exe
2010-04-25 13:24:32 ----A---- C:\Windows\system32\java.exe
2010-04-21 20:55:09 ----D---- C:\Program Files\Axon Data
2010-04-21 14:51:16 ----D---- C:\Users\Dell\AppData\Roaming\vlc
2010-04-19 12:42:42 ----A---- C:\Windows\system32\deployJava1.dll
2010-04-18 19:17:42 ----D---- C:\Program Files\Veetle
2010-04-14 09:50:54 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-04-14 09:50:54 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-04-14 09:50:45 ----A---- C:\Windows\system32\iphlpsvc.dll
2010-04-14 09:50:27 ----A---- C:\Windows\system32\vbscript.dll
2010-04-14 09:50:19 ----A---- C:\Windows\system32\wintrust.dll
2010-04-14 09:47:59 ----A---- C:\Windows\system32\cabview.dll
2010-04-12 15:40:28 ----D---- C:\Users\Dell\AppData\Roaming\Apple Computer
2010-04-11 13:56:56 ----D---- C:\Program Files\Microsoft Silverlight
2010-04-04 02:07:41 ----D---- C:\ProgramData\Apple Computer
2010-04-04 02:07:41 ----D---- C:\Program Files\QuickTime
2010-04-02 18:23:51 ----AD---- C:\Windows\rundll16.exe
2010-04-02 18:23:51 ----AD---- C:\Windows\logo1_.exe
2010-03-25 22:20:03 ----D---- C:\Users\Dell\AppData\Roaming\Avira
2010-03-25 22:14:11 ----D---- C:\ProgramData\Avira
2010-03-25 22:14:11 ----D---- C:\Program Files\Avira
2010-03-24 20:43:07 ----A---- C:\Windows\system32\browserchoice.exe
2010-03-17 21:21:32 ----D---- C:\Program Files\McAfee Security Scan
======List of files/folders modified in the last 3 months======
2010-06-15 23:57:01 ----D---- C:\Windows\Prefetch
2010-06-15 23:56:53 ----D---- C:\Windows\Temp
2010-06-15 23:51:22 ----SHD---- C:\$Recycle.Bin
2010-06-15 23:49:17 ----D---- C:\Windows\Internet Logs
2010-06-15 23:45:14 ----D---- C:\Windows\System32
2010-06-15 23:45:14 ----D---- C:\Windows\inf
2010-06-15 23:45:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-06-15 23:24:49 ----SHD---- C:\System Volume Information
2010-06-15 22:42:12 ----D---- C:\Users\Dell\AppData\Roaming\Skype
2010-06-15 22:20:12 ----D---- C:\Users\Dell\AppData\Roaming\skypePM
2010-06-14 21:44:50 ----D---- C:\Windows\Debug
2010-06-14 21:44:50 ----D---- C:\Windows
2010-06-12 14:59:28 ----D---- C:\Windows\winsxs
2010-06-12 14:46:06 ----D---- C:\Windows\system32\migration
2010-06-12 14:46:06 ----D---- C:\Program Files\Internet Explorer
2010-06-12 14:36:04 ----D---- C:\Windows\Microsoft.NET
2010-06-12 14:35:57 ----RSD---- C:\Windows\assembly
2010-06-12 14:34:11 ----D---- C:\Windows\system32\catroot
2010-06-12 14:27:34 ----D---- C:\Program Files\Windows Mail
2010-06-12 13:09:45 ----D---- C:\Windows\system32\wbem
2010-06-12 13:03:43 ----D---- C:\Windows\system32\catroot2
2010-06-04 10:06:32 ----SHD---- C:\Windows\Installer
2010-06-04 10:06:32 ----SD---- C:\ProgramData\Microsoft
2010-06-04 10:06:15 ----HD---- C:\Config.Msi
2010-05-31 12:39:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-31 12:39:38 ----D---- C:\Windows\system32\drivers
2010-05-30 18:33:58 ----D---- C:\Program Files\CCleaner
2010-05-30 18:32:58 ----D---- C:\Program Files\Mozilla Firefox
2010-05-28 21:37:34 ----A---- C:\Windows\system32\mrt.exe
2010-05-26 23:05:13 ----D---- C:\Users\Dell\AppData\Roaming\ICQ
2010-05-26 11:50:20 ----D---- C:\Windows\rescache
2010-05-26 11:38:19 ----D---- C:\Windows\system32\en-US
2010-05-25 14:09:31 ----D---- C:\Users\Dell\AppData\Roaming\gtk-2.0
2010-05-25 03:28:41 ----D---- C:\Users\Dell\AppData\Roaming\uTorrent
2010-05-12 11:21:16 ----N---- C:\Windows\system32\MpSigStub.exe
2010-05-04 16:17:03 ----D---- C:\Program Files\SopCast
2010-05-04 14:48:10 ----RD---- C:\Program Files
2010-05-04 14:39:25 ----D---- C:\Program Files\Common Files
2010-05-04 12:12:38 ----D---- C:\Users\Dell\AppData\Roaming\DivX
2010-05-04 11:54:29 ----HD---- C:\ProgramData
2010-04-27 23:42:57 ----RSD---- C:\Windows\Fonts
2010-04-19 12:42:20 ----D---- C:\Program Files\Java
2010-04-15 20:36:39 ----D---- C:\Ccleaner_BackUp
2010-04-15 14:27:29 ----D---- C:\Program Files\SUPERAntiSpyware
2010-04-11 13:50:28 ----D---- C:\Program Files\TVAnts
2010-04-06 21:36:19 ----D---- C:\Program Files\Real Alternative
2010-03-17 21:25:00 ----D---- C:\ProgramData\NOS
2010-03-17 21:20:46 ----D---- C:\Program Files\NOS
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2009-04-10 351744]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-22 12872]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2010-02-22 66632]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2009-11-22 446664]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 cpuz132;cpuz132; \??\C:\Windows\system32\drivers\cpuz132_x32.sys [2009-03-27 12672]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-21 4450816]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-03-21 534016]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-10-18 206848]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-10 89088]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2006-11-22 647680]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-15 179256]
R3 V0250Dev;Live! Cam Notebook Pro; C:\Windows\system32\DRIVERS\V0250Dev.sys [2007-08-30 169696]
R3 V0250Vfx;V0250Vfx; C:\Windows\system32\DRIVERS\V0250Vfx.sys [2006-03-24 6272]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-03-21 534016]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-21 4450816]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2010-02-22 12872]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 vsdatant7;vsdatant7; C:\Windows\System32\drivers\vsdatant.win7.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-19 267432]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2009-07-21 733184]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 NMSAccessU;NMSAccessU; C:\Program Files\BurnAware Free\nmsaccessu.exe [2008-05-03 71096]
R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe [2006-11-22 90112]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2009-11-22 2384240]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2007-03-21 24064]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-19 523776]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-04-10 918528]
-----------------EOF-----------------
/
/
Usb Fix
############################## | UsbFix V6.059 |
User : Dell (Administrators) # DELL-PC
Update on 01/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 23:48:24 | 15/06/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Turion(tm) 64 X2 Mobile Technology TL-50
Microsoft® Windows Vista™ Business (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18928
Windows Firewall Status : Disabled
C:\ -> Local Fixed Disk # 53.71 Go (16.21 Go free) # NTFS
D:\ -> Local Fixed Disk # 58.08 Go (18 Go free) # NTFS
E:\ -> CD-ROM Disc
F:\ -> Removable Disk # 960.45 Mo (275.34 Mo free) # FAT
############################## | Active processes |
C:\Windows\System32\smss.exe 412
C:\Windows\system32\csrss.exe 544
C:\Windows\system32\wininit.exe 608
C:\Windows\system32\csrss.exe 616
C:\Windows\system32\services.exe 652
C:\Windows\system32\lsass.exe 664
C:\Windows\system32\lsm.exe 672
C:\Windows\system32\winlogon.exe 728
C:\Windows\system32\svchost.exe 872
C:\Windows\system32\svchost.exe 952
C:\Windows\System32\svchost.exe 1004
C:\Windows\system32\Ati2evxx.exe 1080
C:\Windows\System32\svchost.exe 1096
C:\Windows\System32\svchost.exe 1152
C:\Windows\system32\svchost.exe 1180
C:\Windows\system32\svchost.exe 1304
C:\Windows\system32\SLsvc.exe 1324
C:\Windows\system32\svchost.exe 1388
C:\Windows\system32\svchost.exe 1520
C:\Windows\System32\ZoneLabs\vsmon.exe 1632
C:\Windows\system32\Ati2evxx.exe 1684
C:\Windows\system32\Dwm.exe 260
C:\Windows\Explorer.EXE 324
C:\Windows\System32\WLTRYSVC.EXE 548
C:\Windows\System32\bcmwltry.exe 620
C:\Windows\System32\spoolsv.exe 1364
C:\Program Files\Avira\AntiVir Desktop\sched.exe 1612
C:\Windows\system32\svchost.exe 1680
C:\Windows\system32\taskeng.exe 936
C:\Windows\system32\taskeng.exe 2152
C:\Program Files\Avira\AntiVir Desktop\avguard.exe 2248
C:\Program Files\BurnAware Free\nmsaccessu.exe 2288
C:\Windows\system32\svchost.exe 2336
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe 2392
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 2476
C:\Windows\system32\svchost.exe 2512
C:\Windows\System32\svchost.exe 2540
C:\Windows\system32\SearchIndexer.exe 2596
C:\Windows\system32\DRIVERS\xaudio.exe 2616
C:\Windows\system32\WUDFHost.exe 2744
C:\Windows\system32\runonce.exe 3200
C:\Windows\system32\conime.exe 3292
C:\Windows\system32\PresentationSettings.exe 3340
C:\Windows\system32\wbem\wmiprvse.exe 3472
################## | Files # Infected Folders |
################## | Spyware.OnlineGames |
################## | Registry # Infected Keys |
################## | Registry # Mountpoints2 |
################## | Listing of the present files |
[10/04/2009 23:36|-rahs----|333257] C:\bootmgr
[02/08/2009 05:43|-ra-s----|8192] C:\BOOTSECT.BAK
[?|?|?] C:\hiberfil.sys
[21/06/2008 16:24|-rahs----|0] C:\IO.SYS
[21/06/2008 16:24|-rahs----|0] C:\MSDOS.SYS
[?|?|?] C:\pagefile.sys
[15/06/2010 23:53|--a------|2989] C:\UsbFix.txt
[24/12/2009 16:15|--a------|1079160] D:\altan.swf
[06/06/2010 10:31|--a------|2561835] D:\bookmarks1.html
[27/03/2009 19:41|--a------|1074540] D:\jude - kipur.swf
[15/06/2010 10:31|---h-----|15329] D:\treeinfo.wc
[16/06/2008 16:36|--a------|296] F:\WMPInfo.xml
[14/12/2009 06:07|--a------|718245888] F:\Le Mans 1971.avi
[14/12/2009 06:13|--a------|33849] F:\Le Mans 1971.srt
################## | Vaccination |
# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
# F:\autorun.inf -> Folder created by UsbFix.
################## | Cracks / Keygens / Serials |
################## | ! End of report # UsbFix V6.059 ! |
/
http://www.virustotal.com/analisis/c877 ... 1276636904
/
UsbFix bezel bez problemu, napichnuty vsechny USB (mys, webkamera, flashka, husi krk-lampicka), AV Avira vypnuta.
- pri 80ti procentech; Cracs, Keygens, Serials, zapipal 3krat jako pri detekci viru Avirou (nic takoveho tam ale neni (nejake ty srada-cracky, apod.), a asi je to jen pruvodni prvek. Po skonce vyskocil log, a jest 2krat to stejne tak zapipalo.
/
RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Dell at 2010-06-15 23:56:49
Microsoft® Windows Vista™ Business Service Pack 2
System drive C: has 17 GB (30%) free of 55 GB
Total RAM: 893 MB (31% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:57:32, on 15/06/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\totalcmd\TOTALCMD.EXE
C:\Users\Dell\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Dell.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
O1 - Hosts: ÿþ127.0.0.1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0250Mon.exe] C:\Windows\V0250Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: QuickSet.lnk = ?
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\BurnAware Free\nmsaccessu.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 5255 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-25 41760]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-15 815104]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2007-03-21 1548288]
"AVFX Engine"=C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe [2006-06-09 24576]
"V0250Mon.exe"=C:\Windows\V0250Mon.exe [2006-06-08 32768]
"SigmatelSysTrayApp"=C:\Windows\sttray.exe [2006-11-22 303104]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-21 61440]
"New Value #1"= []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-11-22 1037192]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Creative Live! Cam Manager"=C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe [2006-05-31 143360]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-11 548352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=145
"NoDriveTypeAutoRun"=145
"HonorAutoRunSetting"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 3 months======
2010-06-15 23:53:13 ----RASHD---- C:\autorun.inf
2010-06-15 23:48:18 ----A---- C:\UsbFix.txt
2010-06-15 23:43:50 ----D---- C:\UsbFix
2010-06-12 13:06:31 ----A---- C:\Windows\system32\mshtml.dll
2010-06-12 13:06:30 ----A---- C:\Windows\system32\ieframe.dll
2010-06-12 13:06:28 ----A---- C:\Windows\system32\wininet.dll
2010-06-12 13:06:28 ----A---- C:\Windows\system32\urlmon.dll
2010-06-12 13:06:28 ----A---- C:\Windows\system32\iertutil.dll
2010-06-12 13:06:27 ----A---- C:\Windows\system32\occache.dll
2010-06-12 13:06:27 ----A---- C:\Windows\system32\mstime.dll
2010-06-12 13:06:27 ----A---- C:\Windows\system32\msfeeds.dll
2010-06-12 13:06:27 ----A---- C:\Windows\system32\iedkcs32.dll
2010-06-12 13:06:25 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-06-12 13:06:25 ----A---- C:\Windows\system32\ieUnatt.exe
2010-06-12 13:06:25 ----A---- C:\Windows\system32\ieui.dll
2010-06-12 13:06:25 ----A---- C:\Windows\system32\iesysprep.dll
2010-06-12 13:06:25 ----A---- C:\Windows\system32\iepeers.dll
2010-06-12 13:06:24 ----A---- C:\Windows\system32\msfeedssync.exe
2010-06-12 13:06:24 ----A---- C:\Windows\system32\jsproxy.dll
2010-06-12 13:06:24 ----A---- C:\Windows\system32\iesetup.dll
2010-06-12 13:06:24 ----A---- C:\Windows\system32\iernonce.dll
2010-06-12 13:06:24 ----A---- C:\Windows\system32\ie4uinit.exe
2010-06-12 13:05:37 ----A---- C:\Windows\system32\atmfd.dll
2010-06-12 13:05:36 ----A---- C:\Windows\system32\atmlib.dll
2010-06-12 13:04:50 ----A---- C:\Windows\system32\asycfilt.dll
2010-06-04 10:05:33 ----SHD---- C:\Windows\system32\%APPDATA%
2010-05-26 11:36:43 ----A---- C:\Windows\system32\tzres.dll
2010-05-12 11:07:12 ----A---- C:\Windows\system32\inetcomm.dll
2010-05-11 18:26:29 ----D---- C:\Windows\system32\QuickTime
2010-05-04 11:54:29 ----D---- C:\ProgramData\DivX
2010-05-02 13:23:24 ----D---- C:\ProgramData\TVU Networks
2010-05-02 13:21:18 ----D---- C:\Program Files\TVUPlayer
2010-05-02 12:49:43 ----D---- C:\Windows\system32\TVUAx
2010-04-25 13:25:26 ----D---- C:\Program Files\Common Files\Java
2010-04-25 13:24:32 ----A---- C:\Windows\system32\javaws.exe
2010-04-25 13:24:32 ----A---- C:\Windows\system32\javaw.exe
2010-04-25 13:24:32 ----A---- C:\Windows\system32\java.exe
2010-04-21 20:55:09 ----D---- C:\Program Files\Axon Data
2010-04-21 14:51:16 ----D---- C:\Users\Dell\AppData\Roaming\vlc
2010-04-19 12:42:42 ----A---- C:\Windows\system32\deployJava1.dll
2010-04-18 19:17:42 ----D---- C:\Program Files\Veetle
2010-04-14 09:50:54 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-04-14 09:50:54 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-04-14 09:50:45 ----A---- C:\Windows\system32\iphlpsvc.dll
2010-04-14 09:50:27 ----A---- C:\Windows\system32\vbscript.dll
2010-04-14 09:50:19 ----A---- C:\Windows\system32\wintrust.dll
2010-04-14 09:47:59 ----A---- C:\Windows\system32\cabview.dll
2010-04-12 15:40:28 ----D---- C:\Users\Dell\AppData\Roaming\Apple Computer
2010-04-11 13:56:56 ----D---- C:\Program Files\Microsoft Silverlight
2010-04-04 02:07:41 ----D---- C:\ProgramData\Apple Computer
2010-04-04 02:07:41 ----D---- C:\Program Files\QuickTime
2010-04-02 18:23:51 ----AD---- C:\Windows\rundll16.exe
2010-04-02 18:23:51 ----AD---- C:\Windows\logo1_.exe
2010-03-25 22:20:03 ----D---- C:\Users\Dell\AppData\Roaming\Avira
2010-03-25 22:14:11 ----D---- C:\ProgramData\Avira
2010-03-25 22:14:11 ----D---- C:\Program Files\Avira
2010-03-24 20:43:07 ----A---- C:\Windows\system32\browserchoice.exe
2010-03-17 21:21:32 ----D---- C:\Program Files\McAfee Security Scan
======List of files/folders modified in the last 3 months======
2010-06-15 23:57:01 ----D---- C:\Windows\Prefetch
2010-06-15 23:56:53 ----D---- C:\Windows\Temp
2010-06-15 23:51:22 ----SHD---- C:\$Recycle.Bin
2010-06-15 23:49:17 ----D---- C:\Windows\Internet Logs
2010-06-15 23:45:14 ----D---- C:\Windows\System32
2010-06-15 23:45:14 ----D---- C:\Windows\inf
2010-06-15 23:45:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-06-15 23:24:49 ----SHD---- C:\System Volume Information
2010-06-15 22:42:12 ----D---- C:\Users\Dell\AppData\Roaming\Skype
2010-06-15 22:20:12 ----D---- C:\Users\Dell\AppData\Roaming\skypePM
2010-06-14 21:44:50 ----D---- C:\Windows\Debug
2010-06-14 21:44:50 ----D---- C:\Windows
2010-06-12 14:59:28 ----D---- C:\Windows\winsxs
2010-06-12 14:46:06 ----D---- C:\Windows\system32\migration
2010-06-12 14:46:06 ----D---- C:\Program Files\Internet Explorer
2010-06-12 14:36:04 ----D---- C:\Windows\Microsoft.NET
2010-06-12 14:35:57 ----RSD---- C:\Windows\assembly
2010-06-12 14:34:11 ----D---- C:\Windows\system32\catroot
2010-06-12 14:27:34 ----D---- C:\Program Files\Windows Mail
2010-06-12 13:09:45 ----D---- C:\Windows\system32\wbem
2010-06-12 13:03:43 ----D---- C:\Windows\system32\catroot2
2010-06-04 10:06:32 ----SHD---- C:\Windows\Installer
2010-06-04 10:06:32 ----SD---- C:\ProgramData\Microsoft
2010-06-04 10:06:15 ----HD---- C:\Config.Msi
2010-05-31 12:39:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-31 12:39:38 ----D---- C:\Windows\system32\drivers
2010-05-30 18:33:58 ----D---- C:\Program Files\CCleaner
2010-05-30 18:32:58 ----D---- C:\Program Files\Mozilla Firefox
2010-05-28 21:37:34 ----A---- C:\Windows\system32\mrt.exe
2010-05-26 23:05:13 ----D---- C:\Users\Dell\AppData\Roaming\ICQ
2010-05-26 11:50:20 ----D---- C:\Windows\rescache
2010-05-26 11:38:19 ----D---- C:\Windows\system32\en-US
2010-05-25 14:09:31 ----D---- C:\Users\Dell\AppData\Roaming\gtk-2.0
2010-05-25 03:28:41 ----D---- C:\Users\Dell\AppData\Roaming\uTorrent
2010-05-12 11:21:16 ----N---- C:\Windows\system32\MpSigStub.exe
2010-05-04 16:17:03 ----D---- C:\Program Files\SopCast
2010-05-04 14:48:10 ----RD---- C:\Program Files
2010-05-04 14:39:25 ----D---- C:\Program Files\Common Files
2010-05-04 12:12:38 ----D---- C:\Users\Dell\AppData\Roaming\DivX
2010-05-04 11:54:29 ----HD---- C:\ProgramData
2010-04-27 23:42:57 ----RSD---- C:\Windows\Fonts
2010-04-19 12:42:20 ----D---- C:\Program Files\Java
2010-04-15 20:36:39 ----D---- C:\Ccleaner_BackUp
2010-04-15 14:27:29 ----D---- C:\Program Files\SUPERAntiSpyware
2010-04-11 13:50:28 ----D---- C:\Program Files\TVAnts
2010-04-06 21:36:19 ----D---- C:\Program Files\Real Alternative
2010-03-17 21:25:00 ----D---- C:\ProgramData\NOS
2010-03-17 21:20:46 ----D---- C:\Program Files\NOS
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2009-04-10 351744]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-22 12872]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2010-02-22 66632]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2009-11-22 446664]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 cpuz132;cpuz132; \??\C:\Windows\system32\drivers\cpuz132_x32.sys [2009-03-27 12672]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-21 4450816]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-03-21 534016]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-10-18 206848]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-10 89088]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2006-11-22 647680]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-15 179256]
R3 V0250Dev;Live! Cam Notebook Pro; C:\Windows\system32\DRIVERS\V0250Dev.sys [2007-08-30 169696]
R3 V0250Vfx;V0250Vfx; C:\Windows\system32\DRIVERS\V0250Vfx.sys [2006-03-24 6272]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-03-21 534016]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-21 4450816]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2010-02-22 12872]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 vsdatant7;vsdatant7; C:\Windows\System32\drivers\vsdatant.win7.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-19 267432]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2009-07-21 733184]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 NMSAccessU;NMSAccessU; C:\Program Files\BurnAware Free\nmsaccessu.exe [2008-05-03 71096]
R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe [2006-11-22 90112]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2009-11-22 2384240]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2007-03-21 24064]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-19 523776]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-04-10 918528]
-----------------EOF-----------------
/
/
Usb Fix
############################## | UsbFix V6.059 |
User : Dell (Administrators) # DELL-PC
Update on 01/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 23:48:24 | 15/06/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Turion(tm) 64 X2 Mobile Technology TL-50
Microsoft® Windows Vista™ Business (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18928
Windows Firewall Status : Disabled
C:\ -> Local Fixed Disk # 53.71 Go (16.21 Go free) # NTFS
D:\ -> Local Fixed Disk # 58.08 Go (18 Go free) # NTFS
E:\ -> CD-ROM Disc
F:\ -> Removable Disk # 960.45 Mo (275.34 Mo free) # FAT
############################## | Active processes |
C:\Windows\System32\smss.exe 412
C:\Windows\system32\csrss.exe 544
C:\Windows\system32\wininit.exe 608
C:\Windows\system32\csrss.exe 616
C:\Windows\system32\services.exe 652
C:\Windows\system32\lsass.exe 664
C:\Windows\system32\lsm.exe 672
C:\Windows\system32\winlogon.exe 728
C:\Windows\system32\svchost.exe 872
C:\Windows\system32\svchost.exe 952
C:\Windows\System32\svchost.exe 1004
C:\Windows\system32\Ati2evxx.exe 1080
C:\Windows\System32\svchost.exe 1096
C:\Windows\System32\svchost.exe 1152
C:\Windows\system32\svchost.exe 1180
C:\Windows\system32\svchost.exe 1304
C:\Windows\system32\SLsvc.exe 1324
C:\Windows\system32\svchost.exe 1388
C:\Windows\system32\svchost.exe 1520
C:\Windows\System32\ZoneLabs\vsmon.exe 1632
C:\Windows\system32\Ati2evxx.exe 1684
C:\Windows\system32\Dwm.exe 260
C:\Windows\Explorer.EXE 324
C:\Windows\System32\WLTRYSVC.EXE 548
C:\Windows\System32\bcmwltry.exe 620
C:\Windows\System32\spoolsv.exe 1364
C:\Program Files\Avira\AntiVir Desktop\sched.exe 1612
C:\Windows\system32\svchost.exe 1680
C:\Windows\system32\taskeng.exe 936
C:\Windows\system32\taskeng.exe 2152
C:\Program Files\Avira\AntiVir Desktop\avguard.exe 2248
C:\Program Files\BurnAware Free\nmsaccessu.exe 2288
C:\Windows\system32\svchost.exe 2336
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe 2392
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 2476
C:\Windows\system32\svchost.exe 2512
C:\Windows\System32\svchost.exe 2540
C:\Windows\system32\SearchIndexer.exe 2596
C:\Windows\system32\DRIVERS\xaudio.exe 2616
C:\Windows\system32\WUDFHost.exe 2744
C:\Windows\system32\runonce.exe 3200
C:\Windows\system32\conime.exe 3292
C:\Windows\system32\PresentationSettings.exe 3340
C:\Windows\system32\wbem\wmiprvse.exe 3472
################## | Files # Infected Folders |
################## | Spyware.OnlineGames |
################## | Registry # Infected Keys |
################## | Registry # Mountpoints2 |
################## | Listing of the present files |
[10/04/2009 23:36|-rahs----|333257] C:\bootmgr
[02/08/2009 05:43|-ra-s----|8192] C:\BOOTSECT.BAK
[?|?|?] C:\hiberfil.sys
[21/06/2008 16:24|-rahs----|0] C:\IO.SYS
[21/06/2008 16:24|-rahs----|0] C:\MSDOS.SYS
[?|?|?] C:\pagefile.sys
[15/06/2010 23:53|--a------|2989] C:\UsbFix.txt
[24/12/2009 16:15|--a------|1079160] D:\altan.swf
[06/06/2010 10:31|--a------|2561835] D:\bookmarks1.html
[27/03/2009 19:41|--a------|1074540] D:\jude - kipur.swf
[15/06/2010 10:31|---h-----|15329] D:\treeinfo.wc
[16/06/2008 16:36|--a------|296] F:\WMPInfo.xml
[14/12/2009 06:07|--a------|718245888] F:\Le Mans 1971.avi
[14/12/2009 06:13|--a------|33849] F:\Le Mans 1971.srt
################## | Vaccination |
# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
# F:\autorun.inf -> Folder created by UsbFix.
################## | Cracks / Keygens / Serials |
################## | ! End of report # UsbFix V6.059 ! |
Re: MBAM - nalez
Občas tu klukům vypomůžu 
Tak nevím, vypadá to na falešnou detekci mbamu, ale stejně se mi ten program moc nezdá. Pokud chceš, tak ho raději odinstaluj.
USBfix také nic nenašel. Takže přes flešky se do pc nic nenatahalo.
Spusť ještě USBfix a klikni na Uninstall, odinstaluje se
***********************
Otevři si Poznámkový blok a zkopíruj do něj text
-ulož jako smazani.reg, typ: všechny soubory
-klikni na uložit, pak na soubor standardně 2X klikni a potvrď dialogové okno.
-ty červeně označené řádky jsou programy, které se Ti zbytečně spouští po startu a tímto je omezíme. Pokud je chceš po startu nechat, tak to ze skriptu vymaž.
**********************************
Vypnula jsem Ti pár zbytečných programů spouštějících se po startu, mezi nimi i Javu Update. Tento program stačí spouštět třeba 2x týdně ručně, nebo si stahni prográmek na vyhledávání všech aktualizací, jmenuje se Update checker
Stáhni FileHippo.com UpdateChecker http://www.filehippo.com/updatechecker/FHSetup.exe
-nainstaluj
-spusť ho
-Vyhledá v počítači programy, u kterých je ke stažení nová aktualizace. Aktualizaci také nabídne ke stažení do počítače
-program doporučuji používat 1- 2x týdně
********************************
Stahni OTC
http://oldtimer.geekstogo.com/OTC.exe
-spusť
-počítač se restartuje
-tímto programem se vyčistí tempy a zbytky po programech
-po použití ho můžeš vymazat
*****************************
Máš s počítačem nějaké konkrétní problémy?
Tak nevím, vypadá to na falešnou detekci mbamu, ale stejně se mi ten program moc nezdá. Pokud chceš, tak ho raději odinstaluj.
USBfix také nic nenašel. Takže přes flešky se do pc nic nenatahalo.
Spusť ještě USBfix a klikni na Uninstall, odinstaluje se
***********************
Otevři si Poznámkový blok a zkopíruj do něj text
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"New Value #1"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"QuickTime Task"=-
"SunJavaUpdateSched"=-
-ulož jako smazani.reg, typ: všechny soubory
-klikni na uložit, pak na soubor standardně 2X klikni a potvrď dialogové okno.
-ty červeně označené řádky jsou programy, které se Ti zbytečně spouští po startu a tímto je omezíme. Pokud je chceš po startu nechat, tak to ze skriptu vymaž.
**********************************
Vypnula jsem Ti pár zbytečných programů spouštějících se po startu, mezi nimi i Javu Update. Tento program stačí spouštět třeba 2x týdně ručně, nebo si stahni prográmek na vyhledávání všech aktualizací, jmenuje se Update checker
Stáhni FileHippo.com UpdateChecker http://www.filehippo.com/updatechecker/FHSetup.exe
-nainstaluj
-spusť ho
-Vyhledá v počítači programy, u kterých je ke stažení nová aktualizace. Aktualizaci také nabídne ke stažení do počítače
-program doporučuji používat 1- 2x týdně
********************************
Stahni OTC
http://oldtimer.geekstogo.com/OTC.exe
-spusť
-počítač se restartuje
-tímto programem se vyčistí tempy a zbytky po programech
-po použití ho můžeš vymazat
*****************************
Máš s počítačem nějaké konkrétní problémy?
-
peacoq
- Pohlaví:
Re: MBAM - nalez
* Ulevu od zbytecnych procesu kompl jiste uvita, diky.
* Updater/y instalovat nechci (vyhledal by treba i; - ovladac na grafiku, jedu pod verzi ATI Legacy (tj. vyhovujivi verze, nikoli posledni), - ovladac na Mozillu, mam 3.5, nikoli posledni 3,6 (protoze jeden doplnek pro on-line prenos pod 3,6 nefunguje), apod.)
* Java se pohlida, neni problem.
* Free Rge Cleaner for Vista > odinstalovan > nasledny MBAM nic nenasel, a tak prestoze hlasil ROGUE - Rogue.FreeRegistryCleanerForVista, coz je samostatna kategorie smejdu, tak je mozne, ze to udelala aktualizace MBAM, ktera program uz takto automaticky vyhodnotila.
(- predtim (asi 2 mesice zpatky) pry zadny nalez nebyl)
* OTC > provedl vycisteni, smazal RSIT i sebe (asi vedel co dela).
* PC zadne problemy nema. Zitra necham projet Anti-vir, esi se snad neco nekam nepremistilo a neobjevi s eto jako vir (kdyz snad).
Mas-li tedy poznatek o tom, ze MBAM muze tento program mylny detekovat > tak PC zadny jiny problem nema,
> dekuji za radu a pomoc
a ja si jdu zalezt 
.
* Updater/y instalovat nechci (vyhledal by treba i; - ovladac na grafiku, jedu pod verzi ATI Legacy (tj. vyhovujivi verze, nikoli posledni), - ovladac na Mozillu, mam 3.5, nikoli posledni 3,6 (protoze jeden doplnek pro on-line prenos pod 3,6 nefunguje), apod.)
* Java se pohlida, neni problem.
* Free Rge Cleaner for Vista > odinstalovan > nasledny MBAM nic nenasel, a tak prestoze hlasil ROGUE - Rogue.FreeRegistryCleanerForVista, coz je samostatna kategorie smejdu, tak je mozne, ze to udelala aktualizace MBAM, ktera program uz takto automaticky vyhodnotila.
(- predtim (asi 2 mesice zpatky) pry zadny nalez nebyl)
* OTC > provedl vycisteni, smazal RSIT i sebe (asi vedel co dela).
* PC zadne problemy nema. Zitra necham projet Anti-vir, esi se snad neco nekam nepremistilo a neobjevi s eto jako vir (kdyz snad).
Mas-li tedy poznatek o tom, ze MBAM muze tento program mylny detekovat > tak PC zadny jiny problem nema,
> dekuji za radu a pomoc
a ja si jdu zalezt .Re: MBAM - nalez
Free Rge Cleaner for Vista neznám, na netu je běžně ke stažení, takže by měl být v pořádku. Na virustotalu byl také čistý. jak dlouho jsi ho měl nainstalovaný? Pokud už delší dobu, pravděpodobně se jednalo o mylnou detekci mbamu. Těch mívá mbam hodně.
OTC má za úkol smazat zbytky po různých utilitkách na odvirování, takže věděl co dělá.
U update checkeru se nemusíš bát toho, že by Ti něco stahnul bez Tvého vědomí do počítače, danou akci musíš potvrdit, on pouze aktualizace vyhledá a nabídne Ti je ke stažení.
Není zač, kdyby se Ti ještě něco nezdálo, ozvi se
OTC má za úkol smazat zbytky po různých utilitkách na odvirování, takže věděl co dělá.
U update checkeru se nemusíš bát toho, že by Ti něco stahnul bez Tvého vědomí do počítače, danou akci musíš potvrdit, on pouze aktualizace vyhledá a nabídne Ti je ke stažení.
Není zač, kdyby se Ti ještě něco nezdálo, ozvi se
-
peacoq
- Pohlaví:
Re: MBAM - nalez Vyřešeno
FRegC for Vista - od kdy je instalovany nevim, ale podstatne je, ze nikdy toto oznameni MBAM neudelal > takze jsem to odeslal na podporu, at si s tim poradi oni. Kdyz nevim - radeji se poradim. Ale jak vidis, vlastne byl cely FRCfV infekcni, vse co k programu prinalezi > takze mozna divne, ale asi jen spojene s kombinaci a aktualizaci MBAM.
(- a v teto veci: me MBAM jeste nikdy nic mylne nedekoval)
Ja to odinstalovat, beztak je tam na prd - Ccleaner staci (ja uz ani nevim, ze tam je - kompl casto koluje, pujcuji ho, a na plose jsou ikonky jen dulezitych veci jako Ccleaner, ATF, AV, defrag - takove-ty, ktere se museji spoustet i pro pripad, ze PC nedrzim zrovna ja).
AV projel - OK, MBAM take > tak je to pro slona. Diky
(- a v teto veci: me MBAM jeste nikdy nic mylne nedekoval)
Ja to odinstalovat, beztak je tam na prd - Ccleaner staci (ja uz ani nevim, ze tam je - kompl casto koluje, pujcuji ho, a na plose jsou ikonky jen dulezitych veci jako Ccleaner, ATF, AV, defrag - takove-ty, ktere se museji spoustet i pro pripad, ze PC nedrzim zrovna ja).
AV projel - OK, MBAM take > tak je to pro slona. Diky
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 81 hostů