Logfile of random's system information tool 1.06 (written by random/random)
Run by viktor at 2010-03-01 17:24:41
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 40 GB (60%) free of 66 GB
Total RAM: 1022 MB (44% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:25:16, on 1.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer\Notebook Manager\almxptray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\viktor\Plocha\HijackThis.exe
C:\Documents and Settings\viktor\Plocha\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\viktor\Plocha\viktor.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sreality.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: winesm32.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4C3CEE0B-4F2F-44C3-9586-4368F3200143} (ICApki Class) - http://download.ica.cz/icapki.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.cz/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4339784882
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
--
End of file - 8806 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"=Alaunch []
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-01-27 335872]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-12-19 65024]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-09-23 88363]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2003-04-18 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2003-04-18 610304]
"LManager"=C:\Program Files\Launch Manager\QtZgAcer.EXE [2004-02-27 294912]
"AcerNotebookManager"=C:\Program Files\Acer\Notebook Manager\almxptray.exe [2003-12-11 509952]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-07-29 188416]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Corel File Shell Monitor"=C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [2008-01-15 16200]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2010-03-01 524632]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DownloadAccelerator"=C:\Program Files\DAP\DAP.EXE [2008-07-12 3065344]
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S []
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Documents and Settings\viktor\Nabídka Start\Programy\Po spuštění
winesm32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\Clear FTP 2006\clearftp.exe"="C:\Program Files\Clear FTP 2006\clearftp.exe:*:Enabled:clearftp"
"C:\Program Files\DAP\DAP.exe"="C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\WINDOWS\System32\dpvsetup.exe"="C:\WINDOWS\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\WINDOWS\System32\rundll32.exe"="C:\WINDOWS\System32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\OFFICE11\winword.exe"="C:\Program Files\Microsoft Office\OFFICE11\winword.exe:*:Disabled:Microsoft Office Word"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-03-01 17:24:40 ----D---- C:\rsit
2010-02-24 10:01:59 ----HD---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-10 11:25:59 ----HD---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 11:25:36 ----HD---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 11:19:40 ----HD---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 11:19:30 ----HD---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 11:19:17 ----HD---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 11:19:07 ----HD---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 11:18:57 ----HD---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 11:18:43 ----HD---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 11:18:12 ----HD---- C:\WINDOWS\$NtUninstallKB977165$
======List of files/folders modified in the last 1 months======
2010-03-01 16:11:04 ----A---- C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt
2010-03-01 14:23:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-24 10:02:12 ----A---- C:\WINDOWS\imsins.BAK
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R2 acernbm;acernbm; C:\WINDOWS\system32\drivers\acernbm.sys [2004-01-06 6501]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\System32\drivers\btserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\System32\drivers\btslbcsp.sys []
R2 irda;Protokol IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-14 88192]
R2 osadmi;osadmi; C:\WINDOWS\system32\drivers\osadmi.sys [2003-12-10 6714]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2003-09-23 1197740]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-11 391424]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-12-19 541548]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-01-27 669696]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2002-11-20 17983]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2008-04-14 28672]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [2004-03-22 6912]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2003-04-18 270288]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 w22n51;Intel(R) PRO/Wireless 2200 Adapter Driver; C:\WINDOWS\System32\DRIVERS\w22n51.sys [2004-03-08 1657344]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2003-04-16 13952]
S3 ASFWHide;ASFWHide; \??\C:\Documents and Settings\viktor\Local Settings\TEMP\ASFWHide []
S3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-02-13 29208]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-02-13 29208]
S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2003-10-16 113280]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 CONAN;CONAN; C:\WINDOWS\system32\drivers\o2mmb.sys [2004-01-07 190804]
S3 DrvFltIp;DrvFltIp; \??\C:\Documents and Settings\viktor\Local Settings\TEMP\DrvFltIp []
S3 MbxStby;MbxStby; C:\WINDOWS\system32\drivers\MbxStby.sys [2003-08-26 5817]
S3 O2SCBUS;O2Micro SmartCardBus Reader; C:\WINDOWS\System32\DRIVERS\ozscr.sys []
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2003-04-16 28160]
S3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-01-27 397312]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2003-07-29 135168]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-01 1029456]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:25:16, on 1.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer\Notebook Manager\almxptray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\viktor\Plocha\HijackThis.exe
C:\Documents and Settings\viktor\Plocha\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\viktor\Plocha\viktor.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sreality.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: winesm32.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4C3CEE0B-4F2F-44C3-9586-4368F3200143} (ICApki Class) - http://download.ica.cz/icapki.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.cz/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4339784882
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
--
End of file - 8806 bytes
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
avast! našel "VBS:Malware-gen" a PC je výrazně pomalé
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
frantisek.kalousek
- Návštěvník
- Příspěvky: 10
- Registrován: 01 bře 2010 17:28
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: avast! našel "VBS:Malware-gen" a PC je výrazně pomalé
Zdravím 
Na logu se pracuje, prosím o strpení.
Příště nemusíte dávat log z HJT, je integrovaný v RSIT.
Na logu se pracuje, prosím o strpení.
Příště nemusíte dávat log z HJT, je integrovaný v RSIT.
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: avast! našel "VBS:Malware-gen" a PC je výrazně pomalé
Podle návodu http://www.viry.cz/forum/viewtopic.php?f=15&t=72743 aplikujte tento skript.
Kód: Vybrat vše
:files
C:\Documents and Settings\viktor\Nabídka Start\Programy\Po spuštění\winesm32.exe
:commands
[EmptyTemp]
[Reboot]
C:\Program Files\BitLord\BitLord.exe
P2P sítě a jejich klienti jsou potenciálním bezpečnostním rizikem, prakticky neustále jsou zdrojem virů, zbytečně se vystavujete riziku.
Tohle otestujte na http://www.virustotal.com/cs/ C:\WINDOWS\system32\drivers\acernbm.sys
(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem vložte.)
-
frantisek.kalousek
- Návštěvník
- Příspěvky: 10
- Registrován: 01 bře 2010 17:28
Re: avast! našel "VBS:Malware-gen" a PC je výrazně pomalé
BitLord jsem měl jen na zkoušku, stáhnul jsem s ním přítelkyni PacMana, Wolf3D a Princeho of Persia, už dávno je odinstalován, výpis je jen pozůstatek. Nyní jsem odstranil i složku ..BitLord/Downloads...
OTMoveld 3 výsledek zeleného okna:
All processes killed
========== FILES ==========
File move failed. C:\Documents and Settings\viktor\Nabídka Start\Programy\Po spuštění\winesm32.exe scheduled to be moved on reboot.
========== COMMANDS ==========
[EMPTYTEMP]
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: All Users
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33121 bytes
User: Administrator
->Temp folder emptied: 880 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: viktor
->Temp folder emptied: 2615310347 bytes
->Temporary Internet Files folder emptied: 77916373 bytes
->Java cache emptied: 54986312 bytes
->Opera cache emptied: 222585 bytes
->Flash cache emptied: 235621 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 102344 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4829420 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10447822 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33728 bytes
RecycleBin emptied: 109759 bytes
Total Files Cleaned = 2 636,00 mb
OTM by OldTimer - Version 3.1.10.0 log created on 03012010_175756
Files moved on Reboot...
C:\Documents and Settings\viktor\Nabídka Start\Programy\Po spuštění\winesm32.exe moved successfully.
C:\Documents and Settings\viktor\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File C:\Documents and Settings\viktor\Local Settings\Temporary Internet Files\Content.IE5\IAQOFS42\eset-online-skener[1].htm not found!
File C:\Documents and Settings\viktor\Local Settings\Temporary Internet Files\Content.IE5\FFLOVI1T\afr[1].htm not found!
File C:\Documents and Settings\viktor\Local Settings\Temporary Internet Files\Content.IE5\E67XVX7A\viewtopic[2].htm not found!
File C:\Documents and Settings\viktor\Local Settings\Temporary Internet Files\Content.IE5\LOFI7K6A\posting[1].htm not found!
File C:\Documents and Settings\viktor\Local Settings\Temporary Internet Files\Content.IE5\LOFI7K6A\afr[1].htm not found!
Registry entries deleted on Reboot...
Restart POČÍTAČE
Ad-Aware odinstalováno...
VirusTotal: Soubor acernbm.sys přijatý 2010.03.01 17:16:54 (UTC)
Výsledek: 0/42 (0%)
OTMoveld 3 výsledek zeleného okna:
All processes killed
========== FILES ==========
File move failed. C:\Documents and Settings\viktor\Nabídka Start\Programy\Po spuštění\winesm32.exe scheduled to be moved on reboot.
========== COMMANDS ==========
[EMPTYTEMP]
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: All Users
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33121 bytes
User: Administrator
->Temp folder emptied: 880 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: viktor
->Temp folder emptied: 2615310347 bytes
->Temporary Internet Files folder emptied: 77916373 bytes
->Java cache emptied: 54986312 bytes
->Opera cache emptied: 222585 bytes
->Flash cache emptied: 235621 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 102344 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4829420 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10447822 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33728 bytes
RecycleBin emptied: 109759 bytes
Total Files Cleaned = 2 636,00 mb
OTM by OldTimer - Version 3.1.10.0 log created on 03012010_175756
Files moved on Reboot...
C:\Documents and Settings\viktor\Nabídka Start\Programy\Po spuštění\winesm32.exe moved successfully.
C:\Documents and Settings\viktor\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File C:\Documents and Settings\viktor\Local Settings\Temporary Internet Files\Content.IE5\IAQOFS42\eset-online-skener[1].htm not found!
File C:\Documents and Settings\viktor\Local Settings\Temporary Internet Files\Content.IE5\FFLOVI1T\afr[1].htm not found!
File C:\Documents and Settings\viktor\Local Settings\Temporary Internet Files\Content.IE5\E67XVX7A\viewtopic[2].htm not found!
File C:\Documents and Settings\viktor\Local Settings\Temporary Internet Files\Content.IE5\LOFI7K6A\posting[1].htm not found!
File C:\Documents and Settings\viktor\Local Settings\Temporary Internet Files\Content.IE5\LOFI7K6A\afr[1].htm not found!
Registry entries deleted on Reboot...
Restart POČÍTAČE
Ad-Aware odinstalováno...
VirusTotal: Soubor acernbm.sys přijatý 2010.03.01 17:16:54 (UTC)
Výsledek: 0/42 (0%)
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
-
frantisek.kalousek
- Návštěvník
- Příspěvky: 10
- Registrován: 01 bře 2010 17:28
Re: avast! našel "VBS:Malware-gen" a PC je výrazně pomalé
Vážený pane Čároprde111, Okna se otevírají bleskově, že ani nestačím posouvat kurzorem... Děkuji Vám! Znamená to, že nyní není počítač ohrožen? Měl bych si nainstalovat Firewall. Doporučíte mi nějaký bezúdržbový freeware ze Stahuj.cz, prosím, nebo něco jiného?
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: avast! našel "VBS:Malware-gen" a PC je výrazně pomalé
Po firewallech se poohlédněte zde: http://www.viry.cz/forum/viewtopic.php?f=41&t=6523 Osobně doporučuji Zone Alarm. Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe
- Spusťte.
- Klikněte na "CleanUp!". Potvrďte hlášky stiskem "Yes" (Bude následovat restart)
- Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478
- Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.
Záložka Čistič - Dejte analyzovat, po dokončení dejte Spustit Ccleaner.
Záložka Registry - Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
OK Zavřít
Doporučuji aktualizovat Adobe Reader http://www.stahuj.centrum.cz/podnikani_ ... batreader/Jinak je to v pořádku.
-
frantisek.kalousek
- Návštěvník
- Příspěvky: 10
- Registrován: 01 bře 2010 17:28
Re: avast! našel "VBS:Malware-gen" a PC je výrazně pomalé
Pro veliký úspech a viditelné zplpšení performancí počítče jsem provedl stejnou akci i na záložním PC:
CCleaner: čistič + registry, OTC, odinstaloval jsem AdAware a BitLord a spustil skript OTMoveit
:files
C:\Documents and Settings\Myška\Nabídka Start\Programy\Po spuštění\winesm32.exe
:commands
[EmptyTemp]
[Reboot]
Dovoluji si Vám zaslat logfilezmíněného stroje:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Myška at 2010-03-01 19:50:31
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 22 GB (57%) free of 38 GB
Total RAM: 1280 MB (58% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50:43, on 1.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Myška\Plocha\RSIT.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\trend micro\Myška.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7164522640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8131213484
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7123 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2003-07-10 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2003-07-10 114688]
"DownloadAccelerator"=C:\Program Files\DAP\DAP.EXE [2007-08-16 4376328]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-05-20 98304]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-02-11 2756488]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-16 981384]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-05-15 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-07-10 319488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\DAP\DAP.exe"="C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe"="C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe:*:Enabled:sqlservr.exe"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe"="C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe:*:Enabled:sqlbrowser.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-03-01 19:50:31 ----D---- C:\rsit
2010-03-01 19:44:44 ----D---- C:\_OTM
2010-03-01 19:23:17 ----D---- C:\Program Files\CCleaner
2010-03-01 19:10:01 ----A---- C:\WINDOWS\system32\vsregexp.dll
2010-03-01 19:09:55 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2010-03-01 19:09:55 ----A---- C:\WINDOWS\system32\zlcomm.dll
2010-03-01 19:09:38 ----A---- C:\WINDOWS\system32\vswmi.dll
2010-03-01 19:09:30 ----A---- C:\WINDOWS\system32\zpeng25.dll
2010-03-01 19:09:30 ----A---- C:\WINDOWS\system32\vsxml.dll
2010-03-01 19:09:29 ----D---- C:\Program Files\Zone Labs
2010-03-01 19:09:28 ----A---- C:\WINDOWS\system32\vspubapi.dll
2010-03-01 19:09:28 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2010-03-01 19:08:33 ----A---- C:\WINDOWS\system32\vsutil.dll
2010-03-01 19:08:33 ----A---- C:\WINDOWS\system32\vsinit.dll
2010-03-01 19:08:33 ----A---- C:\WINDOWS\system32\vsdata.dll
2010-03-01 19:01:37 ----D---- C:\Program Files\trend micro
2010-02-27 11:08:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-02-25 12:08:01 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-23 17:04:29 ----D---- C:\Program Files\The KMPlayer
2010-02-16 19:39:18 ----D---- C:\WINDOWS\SQLTools9_KB970892_ENU
2010-02-16 19:36:21 ----D---- C:\WINDOWS\SQL9_KB970892_ENU
2010-02-14 19:26:32 ----A---- C:\WINDOWS\system32\acXMLParser.dll
2010-02-14 19:26:30 ----A---- C:\WINDOWS\system32\cdintf300.dll
2010-02-14 19:24:14 ----D---- C:\Program Files\Mamut
2010-02-14 19:12:13 ----D---- C:\Program Files\MSXML 6.0
2010-02-14 19:08:10 ----D---- C:\Program Files\Microsoft SQL Server
2010-02-11 17:10:31 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-11 17:09:29 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-11 17:06:52 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-11 17:06:35 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-11 17:06:18 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-11 17:06:03 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-11 17:05:41 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-11 17:04:09 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
======List of files/folders modified in the last 1 months======
2010-03-01 19:49:16 ----D---- C:\WINDOWS\Temp
2010-03-01 19:48:38 ----D---- C:\WINDOWS
2010-03-01 19:47:43 ----D---- C:\WINDOWS\Prefetch
2010-03-01 19:47:06 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-01 19:47:02 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-03-01 19:45:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-01 19:44:51 ----D---- C:\WINDOWS\system32
2010-03-01 19:43:28 ----D---- C:\WINDOWS\Internet Logs
2010-03-01 19:36:27 ----D---- C:\WINDOWS\Debug
2010-03-01 19:28:28 ----SHD---- C:\WINDOWS\Installer
2010-03-01 19:28:27 ----D---- C:\Program Files\Lavasoft
2010-03-01 19:27:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2010-03-01 19:27:35 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-03-01 19:27:35 ----D---- C:\WINDOWS\system32\drivers
2010-03-01 19:24:21 ----SD---- C:\WINDOWS\Tasks
2010-03-01 19:23:17 ----RD---- C:\Program Files
2010-03-01 19:10:10 ----D---- C:\WINDOWS\system32\ZoneLabs
2010-03-01 19:08:32 ----D---- C:\WINDOWS\WinSxS
2010-03-01 18:59:46 ----D---- C:\Program Files\BitLord
2010-02-27 11:54:26 ----HD---- C:\WINDOWS\inf
2010-02-27 11:19:44 ----D---- C:\Program Files\Alwil Software
2010-02-27 11:12:23 ----D---- C:\Program Files\Google
2010-02-27 11:10:03 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-25 12:10:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-25 12:10:18 ----D---- C:\WINDOWS\ie8updates
2010-02-25 12:08:40 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-16 19:39:32 ----D---- C:\WINDOWS\Registration
2010-02-16 19:38:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-16 12:45:19 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-16 12:45:18 ----RSD---- C:\WINDOWS\assembly
2010-02-14 19:44:09 ----D---- C:\Program Files\Common Files
2010-02-14 19:43:22 ----A---- C:\WINDOWS\ODBC.INI
2010-02-14 19:30:29 ----SD---- C:\Documents and Settings\Myška\Data aplikací\Microsoft
2010-02-14 19:27:42 ----A---- C:\WINDOWS\ODBCINST.INI
2010-02-14 19:24:46 ----RSD---- C:\WINDOWS\Fonts
2010-02-14 19:16:00 ----D---- C:\Program Files\Microsoft.NET
2010-02-11 19:53:36 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-02-11 16:45:08 ----D---- C:\WINDOWS\system32\wbem
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-02-11 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-02-11 162512]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-02-11 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-16 353672]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-02-11 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-02-11 100432]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-02-11 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-05-15 4069888]
R3 BCM43XX;Ovladač síťového adaptéru ASUS 802.11; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2006-10-12 604928]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-08-03 120094]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-08-03 96858]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\System32\ASNDIS5.SYS []
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2009-04-01 93184]
S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\BRGSp50.sys [2006-11-27 20608]
S3 Bridge;Most MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;Miniport mostu MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2003-08-03 91419]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-08-13 65280]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2006-11-27 17664]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-05-15 602112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 MSSQL$MAMUT;SQL Server (MAMUT); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-16 2402184]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-23 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe []
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
CCleaner: čistič + registry, OTC, odinstaloval jsem AdAware a BitLord a spustil skript OTMoveit
:files
C:\Documents and Settings\Myška\Nabídka Start\Programy\Po spuštění\winesm32.exe
:commands
[EmptyTemp]
[Reboot]
Dovoluji si Vám zaslat logfilezmíněného stroje:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Myška at 2010-03-01 19:50:31
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 22 GB (57%) free of 38 GB
Total RAM: 1280 MB (58% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50:43, on 1.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Myška\Plocha\RSIT.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\trend micro\Myška.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7164522640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8131213484
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7123 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2003-07-10 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2003-07-10 114688]
"DownloadAccelerator"=C:\Program Files\DAP\DAP.EXE [2007-08-16 4376328]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-05-20 98304]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-02-11 2756488]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-16 981384]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-05-15 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-07-10 319488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\DAP\DAP.exe"="C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe"="C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe:*:Enabled:sqlservr.exe"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe"="C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe:*:Enabled:sqlbrowser.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-03-01 19:50:31 ----D---- C:\rsit
2010-03-01 19:44:44 ----D---- C:\_OTM
2010-03-01 19:23:17 ----D---- C:\Program Files\CCleaner
2010-03-01 19:10:01 ----A---- C:\WINDOWS\system32\vsregexp.dll
2010-03-01 19:09:55 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2010-03-01 19:09:55 ----A---- C:\WINDOWS\system32\zlcomm.dll
2010-03-01 19:09:38 ----A---- C:\WINDOWS\system32\vswmi.dll
2010-03-01 19:09:30 ----A---- C:\WINDOWS\system32\zpeng25.dll
2010-03-01 19:09:30 ----A---- C:\WINDOWS\system32\vsxml.dll
2010-03-01 19:09:29 ----D---- C:\Program Files\Zone Labs
2010-03-01 19:09:28 ----A---- C:\WINDOWS\system32\vspubapi.dll
2010-03-01 19:09:28 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2010-03-01 19:08:33 ----A---- C:\WINDOWS\system32\vsutil.dll
2010-03-01 19:08:33 ----A---- C:\WINDOWS\system32\vsinit.dll
2010-03-01 19:08:33 ----A---- C:\WINDOWS\system32\vsdata.dll
2010-03-01 19:01:37 ----D---- C:\Program Files\trend micro
2010-02-27 11:08:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-02-25 12:08:01 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-23 17:04:29 ----D---- C:\Program Files\The KMPlayer
2010-02-16 19:39:18 ----D---- C:\WINDOWS\SQLTools9_KB970892_ENU
2010-02-16 19:36:21 ----D---- C:\WINDOWS\SQL9_KB970892_ENU
2010-02-14 19:26:32 ----A---- C:\WINDOWS\system32\acXMLParser.dll
2010-02-14 19:26:30 ----A---- C:\WINDOWS\system32\cdintf300.dll
2010-02-14 19:24:14 ----D---- C:\Program Files\Mamut
2010-02-14 19:12:13 ----D---- C:\Program Files\MSXML 6.0
2010-02-14 19:08:10 ----D---- C:\Program Files\Microsoft SQL Server
2010-02-11 17:10:31 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-11 17:09:29 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-11 17:06:52 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-11 17:06:35 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-11 17:06:18 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-11 17:06:03 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-11 17:05:41 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-11 17:04:09 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
======List of files/folders modified in the last 1 months======
2010-03-01 19:49:16 ----D---- C:\WINDOWS\Temp
2010-03-01 19:48:38 ----D---- C:\WINDOWS
2010-03-01 19:47:43 ----D---- C:\WINDOWS\Prefetch
2010-03-01 19:47:06 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-01 19:47:02 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-03-01 19:45:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-01 19:44:51 ----D---- C:\WINDOWS\system32
2010-03-01 19:43:28 ----D---- C:\WINDOWS\Internet Logs
2010-03-01 19:36:27 ----D---- C:\WINDOWS\Debug
2010-03-01 19:28:28 ----SHD---- C:\WINDOWS\Installer
2010-03-01 19:28:27 ----D---- C:\Program Files\Lavasoft
2010-03-01 19:27:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2010-03-01 19:27:35 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-03-01 19:27:35 ----D---- C:\WINDOWS\system32\drivers
2010-03-01 19:24:21 ----SD---- C:\WINDOWS\Tasks
2010-03-01 19:23:17 ----RD---- C:\Program Files
2010-03-01 19:10:10 ----D---- C:\WINDOWS\system32\ZoneLabs
2010-03-01 19:08:32 ----D---- C:\WINDOWS\WinSxS
2010-03-01 18:59:46 ----D---- C:\Program Files\BitLord
2010-02-27 11:54:26 ----HD---- C:\WINDOWS\inf
2010-02-27 11:19:44 ----D---- C:\Program Files\Alwil Software
2010-02-27 11:12:23 ----D---- C:\Program Files\Google
2010-02-27 11:10:03 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-25 12:10:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-25 12:10:18 ----D---- C:\WINDOWS\ie8updates
2010-02-25 12:08:40 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-16 19:39:32 ----D---- C:\WINDOWS\Registration
2010-02-16 19:38:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-16 12:45:19 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-16 12:45:18 ----RSD---- C:\WINDOWS\assembly
2010-02-14 19:44:09 ----D---- C:\Program Files\Common Files
2010-02-14 19:43:22 ----A---- C:\WINDOWS\ODBC.INI
2010-02-14 19:30:29 ----SD---- C:\Documents and Settings\Myška\Data aplikací\Microsoft
2010-02-14 19:27:42 ----A---- C:\WINDOWS\ODBCINST.INI
2010-02-14 19:24:46 ----RSD---- C:\WINDOWS\Fonts
2010-02-14 19:16:00 ----D---- C:\Program Files\Microsoft.NET
2010-02-11 19:53:36 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-02-11 16:45:08 ----D---- C:\WINDOWS\system32\wbem
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-02-11 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-02-11 162512]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-02-11 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-16 353672]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-02-11 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-02-11 100432]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-02-11 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-05-15 4069888]
R3 BCM43XX;Ovladač síťového adaptéru ASUS 802.11; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2006-10-12 604928]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-08-03 120094]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-08-03 96858]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\System32\ASNDIS5.SYS []
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2009-04-01 93184]
S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\BRGSp50.sys [2006-11-27 20608]
S3 Bridge;Most MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;Miniport mostu MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2003-08-03 91419]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-08-13 65280]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2006-11-27 17664]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-05-15 602112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 MSSQL$MAMUT;SQL Server (MAMUT); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-16 2402184]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-23 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe []
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
-
frantisek.kalousek
- Návštěvník
- Příspěvky: 10
- Registrován: 01 bře 2010 17:28
Re: avast! našel "VBS:Malware-gen" a PC je výrazně pomalé
All processes killed
========== FILES ==========
File/Folder C:\Documents and Settings\Myška\Nabídka Start\Programy\Po spuštění\winesm32.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Myška
->Temp folder emptied: 2454519 bytes
->Temporary Internet Files folder emptied: 136460 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 21035740 bytes
->Flash cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1138958 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16896 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 36785 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 24,00 mb
OTM by OldTimer - Version 3.1.10.0 log created on 03012010_194444
Files moved on Reboot...
C:\Documents and Settings\Myška\Local Settings\Temp\~DFDFD8.tmp moved successfully.
File C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_560.dat not found!
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\ZLT06ddc.TMP not found!
Registry entries deleted on Reboot...
========== FILES ==========
File/Folder C:\Documents and Settings\Myška\Nabídka Start\Programy\Po spuštění\winesm32.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Myška
->Temp folder emptied: 2454519 bytes
->Temporary Internet Files folder emptied: 136460 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 21035740 bytes
->Flash cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1138958 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16896 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 36785 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 24,00 mb
OTM by OldTimer - Version 3.1.10.0 log created on 03012010_194444
Files moved on Reboot...
C:\Documents and Settings\Myška\Local Settings\Temp\~DFDFD8.tmp moved successfully.
File C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_560.dat not found!
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\ZLT06ddc.TMP not found!
Registry entries deleted on Reboot...
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: avast! našel "VBS:Malware-gen" a PC je výrazně pomalé
PC2
Každý počítač se řeší individuálně, příště nepoužívejte postup napsaný pro jiné PC.
Znovu spusťte OTM, klikněte na CleanUp! Zvolte "Yes"
Log je v pořádku.
Každý počítač se řeší individuálně, příště nepoužívejte postup napsaný pro jiné PC.
Znovu spusťte OTM, klikněte na CleanUp! Zvolte "Yes" Log je v pořádku.
Přispějete na provoz fóra?