worm/autorun

Zpráva

Aneta87 · #1 Příspěvek od **Aneta87** » 05 bře 2010 09:45

Logfile of random's system information tool 1.06 (written by random/random)
Run by Stanislav Hruška at 2010-03-05 09:31:10
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 139 GB (91%) free of 153 GB
Total RAM: 1015 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:27, on 5.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Software602\Print2PDF\Print2PDF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\DkLog.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\dkcktkn.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Stanislav Hruška\Local Settings\Temporary Internet Files\Content.IE5\OCTDBPYB\RSIT[1].exe
C:\Program Files\trend micro\Stanislav Hruška.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DkAutoReg.exe] C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkAutoReg.exe
O4 - HKLM\..\Run: [DkStartup] C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkStartup.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Print2PDF Print Monitor] "C:\Program Files\Software602\Print2PDF\Print2PDF.exe" /server
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: McAfee Security Scan.lnk = ?
O9 - Extra button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\Program Files\Software602\Print2PDF\Print602.dll
O9 - Extra 'Tools' menuitem: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\Program Files\Software602\Print2PDF\Print602.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C3CEE0B-4F2F-44C3-9586-4368F3200143} (ICApki Class) - https://s.ica.cz/icapki.cab
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... b?3,14,8,0
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Datakey's Log Service (DkLogger) - Datakey, Inc. - C:\WINDOWS\System32\DkLog.exe
O23 - Service: Datakey's Token Service (DkTknSrv) - Datakey, Inc. - C:\WINDOWS\System32\dkcktkn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

--
End of file - 8140 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Úklid 1. kliknutím.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-11 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-03 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-14 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-14 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-04-16 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-04-16 155648]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-04-16 131072]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-10 16126464]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"DkAutoReg.exe"=C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkAutoReg.exe [2002-07-24 241664]
"DkStartup"=C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkStartup.exe [2002-07-24 217088]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-11 2043160]
"Print2PDF Print Monitor"=C:\Program Files\Software602\Print2PDF\Print2PDF.exe [2009-02-25 77824]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
McAfee Security Scan.lnk - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-31 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-04-16 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e9a706f-0b14-11df-ba6a-00e04d4355c3}]
shell\AutoRun\command - SVETEJEBLO///zeljko.exe
shell\explore\command - SVETEJEBLO///zeljko.exe
shell\open\command - SVETEJEBLO///zeljko.exe

======List of files/folders created in the last 1 months======

2010-03-05 09:31:11 ----D---- C:\Program Files\trend micro
2010-03-05 09:31:10 ----D---- C:\rsit
2010-02-24 12:00:19 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-23 12:01:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-02-23 12:01:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-02-23 12:00:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-02-22 14:23:35 ----A---- C:\WINDOWS\OEWABLog.txt
2010-02-22 14:22:24 ----D---- C:\WINDOWS\Prefetch
2010-02-22 14:20:29 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-22 14:20:21 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-22 14:20:11 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-22 14:20:04 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-22 14:19:53 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-22 14:19:42 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-22 14:19:34 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-22 14:19:27 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-02-22 14:19:20 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-02-22 14:19:13 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-02-22 14:19:01 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-02-22 14:18:54 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-02-22 14:18:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-02-22 14:18:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-02-22 14:18:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-02-22 14:18:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-02-22 14:18:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-02-22 14:18:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-02-22 14:17:58 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-02-22 14:17:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-02-22 14:17:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-02-22 14:17:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2010-02-22 14:17:27 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-02-22 14:17:18 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-02-22 14:17:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-22 14:17:02 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-02-22 14:16:54 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-02-22 14:16:46 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-02-22 14:16:36 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-02-22 14:16:29 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2010-02-22 14:16:20 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-02-22 14:16:08 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-02-22 14:16:00 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-02-22 14:15:53 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2010-02-22 14:15:46 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2010-02-22 14:15:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-02-22 14:15:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-02-22 14:15:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-02-22 14:15:15 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-02-22 14:15:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2010-02-22 14:15:00 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2010-02-22 14:14:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-02-22 14:14:45 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-02-22 14:14:38 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2010-02-22 14:14:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-02-22 14:14:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2010-02-22 14:14:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-02-22 14:14:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-02-22 14:13:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-02-22 14:13:40 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-02-22 14:13:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2010-02-22 14:13:25 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-02-22 14:13:17 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_1$
2010-02-22 14:13:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2010-02-22 14:13:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2010-02-22 14:12:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-02-22 14:12:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-02-22 14:12:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-02-22 14:12:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-02-22 14:12:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2010-02-22 14:12:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-02-22 14:12:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2010-02-22 14:11:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-02-22 14:11:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-02-22 14:11:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-02-22 14:11:36 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-02-22 14:11:30 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2010-02-22 14:11:22 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-02-22 14:08:25 ----A---- C:\WINDOWS\setuplog.txt
2010-02-22 14:07:07 ----D---- C:\WINDOWS\system32\cs
2010-02-22 14:07:07 ----D---- C:\WINDOWS\system32\bits
2010-02-22 14:07:07 ----D---- C:\WINDOWS\l2schemas
2010-02-22 13:59:12 ----A---- C:\WINDOWS\imsins.BAK
2010-02-22 13:55:53 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-02-22 13:36:06 ----D---- C:\WINDOWS\system32\appmgmt
2010-02-22 13:26:01 ----D---- C:\Program Files\Adobe
2010-02-10 12:04:07 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 12:04:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971468_0$
2010-02-10 12:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978037_0$
2010-02-10 12:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB975713_0$
2010-02-10 12:01:58 ----HDC---- C:\WINDOWS\$NtUninstallKB978251_0$
2010-02-10 12:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB975560_0$
2010-02-10 12:01:37 ----HDC---- C:\WINDOWS\$NtUninstallKB977914_0$
2010-02-10 12:01:22 ----HDC---- C:\WINDOWS\$NtUninstallKB978706_0$
2010-02-10 12:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB977165_0$

======List of files/folders modified in the last 1 months======

2010-03-05 09:31:12 ----D---- C:\WINDOWS\Temp
2010-03-05 09:31:11 ----RD---- C:\Program Files
2010-03-05 09:01:03 ----HD---- C:\$AVG8.VAULT$
2010-03-05 08:20:14 ----D---- C:\WINDOWS\system32
2010-03-04 15:06:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-04 13:08:54 ----SHD---- C:\WINDOWS\Installer
2010-03-01 15:07:58 ----HD---- C:\WINDOWS\inf
2010-03-01 15:07:45 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-25 08:10:25 ----D---- C:\WINDOWS
2010-02-23 12:02:19 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-23 12:01:45 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-23 12:00:43 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-22 14:24:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-22 14:23:35 ----D---- C:\WINDOWS\Debug
2010-02-22 14:22:04 ----D---- C:\WINDOWS\AppPatch
2010-02-22 14:22:03 ----D---- C:\WINDOWS\system32\wbem
2010-02-22 14:22:03 ----D---- C:\WINDOWS\system32\Setup
2010-02-22 14:22:02 ----RSD---- C:\WINDOWS\Fonts
2010-02-22 14:21:56 ----D---- C:\WINDOWS\system32\drivers
2010-02-22 14:18:09 ----D---- C:\Program Files\Outlook Express
2010-02-22 14:11:38 ----D---- C:\Program Files\Messenger
2010-02-22 14:11:06 ----D---- C:\WINDOWS\security
2010-02-22 14:07:48 ----D---- C:\WINDOWS\WinSxS
2010-02-22 14:07:40 ----D---- C:\Program Files\Windows Media Player
2010-02-22 14:07:38 ----D---- C:\WINDOWS\Help
2010-02-22 14:07:25 ----D---- C:\WINDOWS\ehome
2010-02-22 14:07:23 ----D---- C:\WINDOWS\system32\inetsrv
2010-02-22 14:07:23 ----D---- C:\WINDOWS\network diagnostic
2010-02-22 14:07:23 ----D---- C:\WINDOWS\ime
2010-02-22 14:07:08 ----D---- C:\WINDOWS\system32\usmt
2010-02-22 14:07:08 ----D---- C:\WINDOWS\system32\cs-cz
2010-02-22 14:07:07 ----D---- C:\WINDOWS\PeerNet
2010-02-22 14:07:06 ----D---- C:\Program Files\Movie Maker
2010-02-22 14:03:36 ----D---- C:\WINDOWS\ServicePackFiles
2010-02-22 14:03:23 ----D---- C:\WINDOWS\system32\Restore
2010-02-22 14:03:23 ----D---- C:\WINDOWS\system32\npp
2010-02-22 14:03:22 ----D---- C:\WINDOWS\msagent
2010-02-22 14:03:20 ----D---- C:\WINDOWS\srchasst
2010-02-22 14:03:19 ----D---- C:\Program Files\NetMeeting
2010-02-22 14:03:18 ----D---- C:\WINDOWS\system32\Com
2010-02-22 14:03:14 ----D---- C:\Program Files\Windows NT
2010-02-22 14:03:10 ----D---- C:\Program Files\Common Files\System
2010-02-22 14:02:46 ----D---- C:\WINDOWS\system32\oobe
2010-02-22 14:02:44 ----D---- C:\WINDOWS\system
2010-02-22 13:59:10 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-02-22 13:39:09 ----SD---- C:\Documents and Settings\Stanislav Hruška\Data aplikací\Microsoft
2010-02-22 13:39:09 ----D---- C:\Program Files\justtarif
2010-02-22 13:33:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-02-22 13:26:28 ----D---- C:\Program Files\Common Files\Adobe
2010-02-16 11:56:05 ----SHD---- C:\RECYCLER

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-31 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-31 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-04-27 108552]
R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-04-16 5760096]
R3 iKeyEnum;Rainbow iKey Enumerator; C:\WINDOWS\system32\DRIVERS\ikeyenum.sys [2002-04-15 11560]
R3 iKeyIFD;Rainbow iKey Virtual Reader; C:\WINDOWS\system32\DRIVERS\ikeyifd.sys [2002-04-15 17256]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-10 4397568]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 RnbToken;Rainbow iKey Token Service; C:\WINDOWS\system32\DRIVERS\rnbtoken.sys [2002-04-15 18056]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-31 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-31 297752]
R2 DkLogger;Datakey's Log Service; C:\WINDOWS\System32\DkLog.exe [2002-07-24 102400]
R2 DkTknSrv;Datakey's Token Service; C:\WINDOWS\System32\dkcktkn.exe [2002-12-17 376832]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-14 153376]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-17 138168]
S3 TUWinStylerThemeSvc;TuneUp WinStyler Theme Service; C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe [2004-08-05 117760]

-----------------EOF-----------------

Aneta87 · #2 Příspěvek od **Aneta87** » 05 bře 2010 10:10

Jedná se o disk F

Aneta87 · #3 Příspěvek od **Aneta87** » 05 bře 2010 10:30

stáhla jsem OTL dle vašich pokynů a dala skenovat, v custom scans/fixes to ale nyní zamrzlo u C: Windows/System32... a dál to nejede.. co s tím?

Aneta87 · #4 Příspěvek od **Aneta87** » 05 bře 2010 10:43

========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e9a706f-0b14-11df-ba6a-00e04d4355c3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e9a706f-0b14-11df-ba6a-00e04d4355c3}\ not found.
========== FILES ==========
File\Folder F:\zeljko.exe not found.
Folder F:\SVETEJEBLO not found.
File\Folder C:\SVETEJEBLO not found.
File\Folder C:\zeljko.exe not found.

OTL by OldTimer - Version 3.1.34.0 log created on 03052010_104220

Aneta87 · #5 Příspěvek od **Aneta87** » 05 bře 2010 10:48

Logfile of random's system information tool 1.06 (written by random/random)
Run by Stanislav Hruška at 2010-03-05 10:47:29
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 139 GB (91%) free of 153 GB
Total RAM: 1015 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:43, on 5.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Software602\Print2PDF\Print2PDF.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\DkLog.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\dkcktkn.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Stanislav Hruška\Plocha\RSIT.exe
C:\Program Files\trend micro\Stanislav Hruška.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DkAutoReg.exe] C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkAutoReg.exe
O4 - HKLM\..\Run: [DkStartup] C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkStartup.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Print2PDF Print Monitor] "C:\Program Files\Software602\Print2PDF\Print2PDF.exe" /server
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: McAfee Security Scan.lnk = ?
O9 - Extra button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\Program Files\Software602\Print2PDF\Print602.dll
O9 - Extra 'Tools' menuitem: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\Program Files\Software602\Print2PDF\Print602.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C3CEE0B-4F2F-44C3-9586-4368F3200143} (ICApki Class) - https://s.ica.cz/icapki.cab
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... b?3,14,8,0
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Datakey's Log Service (DkLogger) - Datakey, Inc. - C:\WINDOWS\System32\DkLog.exe
O23 - Service: Datakey's Token Service (DkTknSrv) - Datakey, Inc. - C:\WINDOWS\System32\dkcktkn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

--
End of file - 7964 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Úklid 1. kliknutím.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-11 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-03 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-14 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-14 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-04-16 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-04-16 155648]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-04-16 131072]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-10 16126464]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"DkAutoReg.exe"=C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkAutoReg.exe [2002-07-24 241664]
"DkStartup"=C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkStartup.exe [2002-07-24 217088]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-11 2043160]
"Print2PDF Print Monitor"=C:\Program Files\Software602\Print2PDF\Print2PDF.exe [2009-02-25 77824]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
McAfee Security Scan.lnk - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-31 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-04-16 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-03-05 10:47:29 ----D---- C:\rsit
2010-03-05 10:42:20 ----D---- C:\_OTL
2010-03-05 09:31:11 ----D---- C:\Program Files\trend micro
2010-02-24 12:00:19 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-23 12:01:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-02-23 12:01:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-02-23 12:00:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-02-22 14:23:35 ----A---- C:\WINDOWS\OEWABLog.txt
2010-02-22 14:22:24 ----D---- C:\WINDOWS\Prefetch
2010-02-22 14:20:29 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-22 14:20:21 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-22 14:20:11 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-22 14:20:04 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-22 14:19:53 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-22 14:19:42 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-22 14:19:34 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-22 14:19:27 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-02-22 14:19:20 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-02-22 14:19:13 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-02-22 14:19:01 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-02-22 14:18:54 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-02-22 14:18:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-02-22 14:18:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-02-22 14:18:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-02-22 14:18:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-02-22 14:18:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-02-22 14:18:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-02-22 14:17:58 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-02-22 14:17:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-02-22 14:17:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-02-22 14:17:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2010-02-22 14:17:27 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-02-22 14:17:18 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-02-22 14:17:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-22 14:17:02 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-02-22 14:16:54 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-02-22 14:16:46 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-02-22 14:16:36 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-02-22 14:16:29 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2010-02-22 14:16:20 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-02-22 14:16:08 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-02-22 14:16:00 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-02-22 14:15:53 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2010-02-22 14:15:46 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2010-02-22 14:15:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-02-22 14:15:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-02-22 14:15:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-02-22 14:15:15 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-02-22 14:15:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2010-02-22 14:15:00 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2010-02-22 14:14:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-02-22 14:14:45 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-02-22 14:14:38 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2010-02-22 14:14:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-02-22 14:14:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2010-02-22 14:14:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-02-22 14:14:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-02-22 14:13:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-02-22 14:13:40 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-02-22 14:13:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2010-02-22 14:13:25 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-02-22 14:13:17 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_1$
2010-02-22 14:13:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2010-02-22 14:13:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2010-02-22 14:12:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-02-22 14:12:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-02-22 14:12:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-02-22 14:12:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-02-22 14:12:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2010-02-22 14:12:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-02-22 14:12:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2010-02-22 14:11:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-02-22 14:11:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-02-22 14:11:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-02-22 14:11:36 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-02-22 14:11:30 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2010-02-22 14:11:22 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-02-22 14:08:25 ----A---- C:\WINDOWS\setuplog.txt
2010-02-22 14:07:07 ----D---- C:\WINDOWS\system32\cs
2010-02-22 14:07:07 ----D---- C:\WINDOWS\system32\bits
2010-02-22 14:07:07 ----D---- C:\WINDOWS\l2schemas
2010-02-22 13:59:12 ----A---- C:\WINDOWS\imsins.BAK
2010-02-22 13:55:53 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-02-22 13:36:06 ----D---- C:\WINDOWS\system32\appmgmt
2010-02-22 13:26:01 ----D---- C:\Program Files\Adobe
2010-02-10 12:04:07 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 12:04:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971468_0$
2010-02-10 12:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978037_0$
2010-02-10 12:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB975713_0$
2010-02-10 12:01:58 ----HDC---- C:\WINDOWS\$NtUninstallKB978251_0$
2010-02-10 12:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB975560_0$
2010-02-10 12:01:37 ----HDC---- C:\WINDOWS\$NtUninstallKB977914_0$
2010-02-10 12:01:22 ----HDC---- C:\WINDOWS\$NtUninstallKB978706_0$
2010-02-10 12:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB977165_0$

======List of files/folders modified in the last 1 months======

2010-03-05 10:47:14 ----D---- C:\WINDOWS\Temp
2010-03-05 09:31:11 ----RD---- C:\Program Files
2010-03-05 09:01:03 ----HD---- C:\$AVG8.VAULT$
2010-03-05 08:20:14 ----D---- C:\WINDOWS\system32
2010-03-04 15:06:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-04 13:08:54 ----SHD---- C:\WINDOWS\Installer
2010-03-01 15:07:58 ----HD---- C:\WINDOWS\inf
2010-03-01 15:07:45 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-25 08:10:25 ----D---- C:\WINDOWS
2010-02-23 12:02:19 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-23 12:01:45 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-23 12:00:43 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-22 14:24:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-22 14:23:35 ----D---- C:\WINDOWS\Debug
2010-02-22 14:22:04 ----D---- C:\WINDOWS\AppPatch
2010-02-22 14:22:03 ----D---- C:\WINDOWS\system32\wbem
2010-02-22 14:22:03 ----D---- C:\WINDOWS\system32\Setup
2010-02-22 14:22:02 ----RSD---- C:\WINDOWS\Fonts
2010-02-22 14:21:56 ----D---- C:\WINDOWS\system32\drivers
2010-02-22 14:18:09 ----D---- C:\Program Files\Outlook Express
2010-02-22 14:11:38 ----D---- C:\Program Files\Messenger
2010-02-22 14:11:06 ----D---- C:\WINDOWS\security
2010-02-22 14:07:48 ----D---- C:\WINDOWS\WinSxS
2010-02-22 14:07:40 ----D---- C:\Program Files\Windows Media Player
2010-02-22 14:07:38 ----D---- C:\WINDOWS\Help
2010-02-22 14:07:25 ----D---- C:\WINDOWS\ehome
2010-02-22 14:07:23 ----D---- C:\WINDOWS\system32\inetsrv
2010-02-22 14:07:23 ----D---- C:\WINDOWS\network diagnostic
2010-02-22 14:07:23 ----D---- C:\WINDOWS\ime
2010-02-22 14:07:08 ----D---- C:\WINDOWS\system32\usmt
2010-02-22 14:07:08 ----D---- C:\WINDOWS\system32\cs-cz
2010-02-22 14:07:07 ----D---- C:\WINDOWS\PeerNet
2010-02-22 14:07:06 ----D---- C:\Program Files\Movie Maker
2010-02-22 14:03:36 ----D---- C:\WINDOWS\ServicePackFiles
2010-02-22 14:03:23 ----D---- C:\WINDOWS\system32\Restore
2010-02-22 14:03:23 ----D---- C:\WINDOWS\system32\npp
2010-02-22 14:03:22 ----D---- C:\WINDOWS\msagent
2010-02-22 14:03:20 ----D---- C:\WINDOWS\srchasst
2010-02-22 14:03:19 ----D---- C:\Program Files\NetMeeting
2010-02-22 14:03:18 ----D---- C:\WINDOWS\system32\Com
2010-02-22 14:03:14 ----D---- C:\Program Files\Windows NT
2010-02-22 14:03:10 ----D---- C:\Program Files\Common Files\System
2010-02-22 14:02:46 ----D---- C:\WINDOWS\system32\oobe
2010-02-22 14:02:44 ----D---- C:\WINDOWS\system
2010-02-22 13:59:10 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-02-22 13:39:09 ----SD---- C:\Documents and Settings\Stanislav Hruška\Data aplikací\Microsoft
2010-02-22 13:39:09 ----D---- C:\Program Files\justtarif
2010-02-22 13:33:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-02-22 13:26:28 ----D---- C:\Program Files\Common Files\Adobe
2010-02-16 11:56:05 ----SHD---- C:\RECYCLER

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-31 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-31 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-04-27 108552]
R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-04-16 5760096]
R3 iKeyEnum;Rainbow iKey Enumerator; C:\WINDOWS\system32\DRIVERS\ikeyenum.sys [2002-04-15 11560]
R3 iKeyIFD;Rainbow iKey Virtual Reader; C:\WINDOWS\system32\DRIVERS\ikeyifd.sys [2002-04-15 17256]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-10 4397568]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 RnbToken;Rainbow iKey Token Service; C:\WINDOWS\system32\DRIVERS\rnbtoken.sys [2002-04-15 18056]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-31 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-31 297752]
R2 DkLogger;Datakey's Log Service; C:\WINDOWS\System32\DkLog.exe [2002-07-24 102400]
R2 DkTknSrv;Datakey's Token Service; C:\WINDOWS\System32\dkcktkn.exe [2002-12-17 376832]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-14 153376]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-17 138168]
S3 TUWinStylerThemeSvc;TuneUp WinStyler Theme Service; C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe [2004-08-05 117760]

-----------------EOF-----------------

Aneta87 · #6 Příspěvek od **Aneta87** » 05 bře 2010 11:28

Vypadá to, že problém byl vyřešen

). Kdyby se vir náhodou znovu zobrazil, tak bych se ozvala.

Zatím moc děkuji za pomoc

)

Aneta87 · #7 Příspěvek od **Aneta87** » 05 bře 2010 11:44

Můžete se ještě podívat na tuto druhou flasku? Je na disku E a zobrazuje jako složka a nejde otevřít...

Aneta87 · #8 Příspěvek od **Aneta87** » 05 bře 2010 11:47

Logfile of random's system information tool 1.06 (written by random/random)
Run by Stanislav Hruška at 2010-03-05 11:45:56
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 139 GB (91%) free of 153 GB
Total RAM: 1015 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:08, on 5.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Software602\Print2PDF\Print2PDF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\dkcktkn.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Stanislav Hruška\Plocha\RSIT.exe
C:\Program Files\trend micro\Stanislav Hruška.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DkAutoReg.exe] C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkAutoReg.exe
O4 - HKLM\..\Run: [DkStartup] C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkStartup.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Print2PDF Print Monitor] "C:\Program Files\Software602\Print2PDF\Print2PDF.exe" /server
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: McAfee Security Scan.lnk = ?
O9 - Extra button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\Program Files\Software602\Print2PDF\Print602.dll
O9 - Extra 'Tools' menuitem: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\Program Files\Software602\Print2PDF\Print602.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C3CEE0B-4F2F-44C3-9586-4368F3200143} (ICApki Class) - https://s.ica.cz/icapki.cab
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... b?3,14,8,0
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Datakey's Log Service (DkLogger) - Datakey, Inc. - C:\WINDOWS\System32\DkLog.exe
O23 - Service: Datakey's Token Service (DkTknSrv) - Datakey, Inc. - C:\WINDOWS\System32\dkcktkn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

--
End of file - 7844 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Úklid 1. kliknutím.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-11 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-03 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-14 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-14 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-04-16 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-04-16 155648]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-04-16 131072]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-10 16126464]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"DkAutoReg.exe"=C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkAutoReg.exe [2002-07-24 241664]
"DkStartup"=C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkStartup.exe [2002-07-24 217088]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-11 2043160]
"Print2PDF Print Monitor"=C:\Program Files\Software602\Print2PDF\Print2PDF.exe [2009-02-25 77824]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
McAfee Security Scan.lnk - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-31 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-04-16 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e9a706f-0b14-11df-ba6a-00e04d4355c3}]
shell\AutoRun\command - SVETEJEBLO///zeljko.exe
shell\explore\command - SVETEJEBLO///zeljko.exe
shell\open\command - SVETEJEBLO///zeljko.exe

======List of files/folders created in the last 1 months======

2010-03-05 11:45:56 ----D---- C:\rsit
2010-03-05 09:31:11 ----D---- C:\Program Files\trend micro
2010-02-24 12:00:19 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-23 12:01:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-02-23 12:01:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-02-23 12:00:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-02-22 14:23:35 ----A---- C:\WINDOWS\OEWABLog.txt
2010-02-22 14:22:24 ----D---- C:\WINDOWS\Prefetch
2010-02-22 14:20:29 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-22 14:20:21 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-22 14:20:11 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-22 14:20:04 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-22 14:19:53 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-22 14:19:42 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-22 14:19:34 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-22 14:19:27 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-02-22 14:19:20 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-02-22 14:19:13 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-02-22 14:19:01 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-02-22 14:18:54 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-02-22 14:18:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-02-22 14:18:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-02-22 14:18:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-02-22 14:18:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-02-22 14:18:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-02-22 14:18:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-02-22 14:17:58 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-02-22 14:17:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-02-22 14:17:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-02-22 14:17:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2010-02-22 14:17:27 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-02-22 14:17:18 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-02-22 14:17:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-22 14:17:02 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-02-22 14:16:54 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-02-22 14:16:46 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-02-22 14:16:36 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-02-22 14:16:29 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2010-02-22 14:16:20 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-02-22 14:16:08 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-02-22 14:16:00 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-02-22 14:15:53 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2010-02-22 14:15:46 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2010-02-22 14:15:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-02-22 14:15:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-02-22 14:15:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-02-22 14:15:15 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-02-22 14:15:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2010-02-22 14:15:00 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2010-02-22 14:14:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-02-22 14:14:45 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-02-22 14:14:38 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2010-02-22 14:14:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-02-22 14:14:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2010-02-22 14:14:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-02-22 14:14:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-02-22 14:13:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-02-22 14:13:40 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-02-22 14:13:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2010-02-22 14:13:25 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-02-22 14:13:17 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_1$
2010-02-22 14:13:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2010-02-22 14:13:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2010-02-22 14:12:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-02-22 14:12:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-02-22 14:12:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-02-22 14:12:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-02-22 14:12:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2010-02-22 14:12:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-02-22 14:12:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2010-02-22 14:11:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-02-22 14:11:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-02-22 14:11:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-02-22 14:11:36 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-02-22 14:11:30 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2010-02-22 14:11:22 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-02-22 14:08:25 ----A---- C:\WINDOWS\setuplog.txt
2010-02-22 14:07:07 ----D---- C:\WINDOWS\system32\cs
2010-02-22 14:07:07 ----D---- C:\WINDOWS\system32\bits
2010-02-22 14:07:07 ----D---- C:\WINDOWS\l2schemas
2010-02-22 13:59:12 ----A---- C:\WINDOWS\imsins.BAK
2010-02-22 13:55:53 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-02-22 13:36:06 ----D---- C:\WINDOWS\system32\appmgmt
2010-02-22 13:26:01 ----D---- C:\Program Files\Adobe
2010-02-10 12:04:07 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 12:04:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971468_0$
2010-02-10 12:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978037_0$
2010-02-10 12:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB975713_0$
2010-02-10 12:01:58 ----HDC---- C:\WINDOWS\$NtUninstallKB978251_0$
2010-02-10 12:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB975560_0$
2010-02-10 12:01:37 ----HDC---- C:\WINDOWS\$NtUninstallKB977914_0$
2010-02-10 12:01:22 ----HDC---- C:\WINDOWS\$NtUninstallKB978706_0$
2010-02-10 12:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB977165_0$

======List of files/folders modified in the last 1 months======

2010-03-05 11:45:23 ----D---- C:\WINDOWS\Temp
2010-03-05 11:38:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-05 09:31:11 ----RD---- C:\Program Files
2010-03-05 09:01:03 ----HD---- C:\$AVG8.VAULT$
2010-03-05 08:20:14 ----D---- C:\WINDOWS\system32
2010-03-04 13:08:54 ----SHD---- C:\WINDOWS\Installer
2010-03-01 15:07:58 ----HD---- C:\WINDOWS\inf
2010-03-01 15:07:45 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-25 08:10:25 ----D---- C:\WINDOWS
2010-02-23 12:02:19 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-23 12:01:45 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-23 12:00:43 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-22 14:24:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-22 14:23:35 ----D---- C:\WINDOWS\Debug
2010-02-22 14:22:04 ----D---- C:\WINDOWS\AppPatch
2010-02-22 14:22:03 ----D---- C:\WINDOWS\system32\wbem
2010-02-22 14:22:03 ----D---- C:\WINDOWS\system32\Setup
2010-02-22 14:22:02 ----RSD---- C:\WINDOWS\Fonts
2010-02-22 14:21:56 ----D---- C:\WINDOWS\system32\drivers
2010-02-22 14:18:09 ----D---- C:\Program Files\Outlook Express
2010-02-22 14:11:38 ----D---- C:\Program Files\Messenger
2010-02-22 14:11:06 ----D---- C:\WINDOWS\security
2010-02-22 14:07:48 ----D---- C:\WINDOWS\WinSxS
2010-02-22 14:07:40 ----D---- C:\Program Files\Windows Media Player
2010-02-22 14:07:38 ----D---- C:\WINDOWS\Help
2010-02-22 14:07:25 ----D---- C:\WINDOWS\ehome
2010-02-22 14:07:23 ----D---- C:\WINDOWS\system32\inetsrv
2010-02-22 14:07:23 ----D---- C:\WINDOWS\network diagnostic
2010-02-22 14:07:23 ----D---- C:\WINDOWS\ime
2010-02-22 14:07:08 ----D---- C:\WINDOWS\system32\usmt
2010-02-22 14:07:08 ----D---- C:\WINDOWS\system32\cs-cz
2010-02-22 14:07:07 ----D---- C:\WINDOWS\PeerNet
2010-02-22 14:07:06 ----D---- C:\Program Files\Movie Maker
2010-02-22 14:03:36 ----D---- C:\WINDOWS\ServicePackFiles
2010-02-22 14:03:23 ----D---- C:\WINDOWS\system32\Restore
2010-02-22 14:03:23 ----D---- C:\WINDOWS\system32\npp
2010-02-22 14:03:22 ----D---- C:\WINDOWS\msagent
2010-02-22 14:03:20 ----D---- C:\WINDOWS\srchasst
2010-02-22 14:03:19 ----D---- C:\Program Files\NetMeeting
2010-02-22 14:03:18 ----D---- C:\WINDOWS\system32\Com
2010-02-22 14:03:14 ----D---- C:\Program Files\Windows NT
2010-02-22 14:03:10 ----D---- C:\Program Files\Common Files\System
2010-02-22 14:02:46 ----D---- C:\WINDOWS\system32\oobe
2010-02-22 14:02:44 ----D---- C:\WINDOWS\system
2010-02-22 13:59:10 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-02-22 13:39:09 ----SD---- C:\Documents and Settings\Stanislav Hruška\Data aplikací\Microsoft
2010-02-22 13:39:09 ----D---- C:\Program Files\justtarif
2010-02-22 13:33:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-02-22 13:26:28 ----D---- C:\Program Files\Common Files\Adobe
2010-02-16 11:56:05 ----SHD---- C:\RECYCLER

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-31 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-31 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-04-27 108552]
R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-04-16 5760096]
R3 iKeyEnum;Rainbow iKey Enumerator; C:\WINDOWS\system32\DRIVERS\ikeyenum.sys [2002-04-15 11560]
R3 iKeyIFD;Rainbow iKey Virtual Reader; C:\WINDOWS\system32\DRIVERS\ikeyifd.sys [2002-04-15 17256]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-10 4397568]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 RnbToken;Rainbow iKey Token Service; C:\WINDOWS\system32\DRIVERS\rnbtoken.sys [2002-04-15 18056]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-31 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-31 297752]
R2 DkTknSrv;Datakey's Token Service; C:\WINDOWS\System32\dkcktkn.exe [2002-12-17 376832]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-14 153376]
S2 DkLogger;Datakey's Log Service; C:\WINDOWS\System32\DkLog.exe [2002-07-24 102400]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-17 138168]
S3 TUWinStylerThemeSvc;TuneUp WinStyler Theme Service; C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe [2004-08-05 117760]

-----------------EOF-----------------

Aneta87 · #9 Příspěvek od **Aneta87** » 05 bře 2010 12:10

¨Mam v tom OTL jeste neco zaklikavat (scan all user, file age,..?) kromě zkopírování dir E:\ /c ?

Dvakrát se mi to seklo...

Aneta87 · #10 Příspěvek od **Aneta87** » 05 bře 2010 12:27

sláva:-), už to mám

OTL logfile created on: 5.3.2010 12:26:53 - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Documents and Settings\Stanislav Hruška\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 015,00 Mb Total Physical Memory | 576,00 Mb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 3048 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 136,15 Gb Free Space | 91,35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1,86 Gb Total Space | 1,48 Gb Free Space | 79,29% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPUTER
Current User Name: Stanislav Hruška
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
< End of report >

Aneta87 · #11 Příspěvek od **Aneta87** » 05 bře 2010 12:50

Oznamilo mi to, ze v aplikaci PEV.cfxxe došlo k probému.. sken ale vyšel

ComboFix 10-03-04.05 - Stanislav Hruška 05.03.2010 12:39:16.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1015.476 [GMT 1:00]
Spuštěný z: c:\documents and settings\Stanislav Hruška\Plocha\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-0166533469-3885321323-904617785-2081
c:\recycler\S-1-5-21-1270477403-7264083315-327752778-3410
c:\recycler\S-1-5-21-1655358584-9345951380-232376566-9578
c:\recycler\S-1-5-21-2011080095-9708995864-468979449-1104
c:\recycler\S-1-5-21-3947552187-1337530977-865255515-7610
c:\recycler\S-1-5-21-8551194025-5272792409-335414866-7550

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-05 do 2010-03-05 )))))))))))))))))))))))))))))))
.

2010-02-22 13:07 . 2010-02-22 13:07 -------- d-----w- c:\windows\system32\cs
2010-02-22 13:07 . 2010-02-22 13:07 -------- d-----w- c:\windows\system32\bits
2010-02-22 13:07 . 2010-02-22 13:07 -------- d-----w- c:\windows\l2schemas

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 10:46 . 2010-03-05 08:31 -------- d-----w- c:\program files\trend micro
2010-02-22 13:24 . 2004-08-18 12:00 46016 ----a-w- c:\windows\system32\perfc005.dat
2010-02-22 13:24 . 2004-08-18 12:00 309716 ----a-w- c:\windows\system32\perfh005.dat
2010-02-22 13:09 . 2007-10-17 16:00 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-22 13:09 . 2007-10-17 16:00 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-02-22 12:39 . 2009-10-14 11:43 -------- d-----w- c:\program files\justtarif
2010-02-22 12:26 . 2008-06-30 05:44 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-05 09:58 . 2004-08-18 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2004-08-18 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2004-08-18 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2004-08-18 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-17 07:42 . 2007-10-17 15:56 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2004-08-18 12:00 2191360 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2068224 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:02 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-16 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-16 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-16 131072]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"DkAutoReg.exe"="c:\program files\Rainbow Technologies\iKey 2000 Series Software\DkAutoReg.exe" [2002-07-24 241664]
"DkStartup"="c:\program files\Rainbow Technologies\iKey 2000 Series Software\DkStartup.exe" [2002-07-24 217088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-11 2043160]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2009-02-25 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 06:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [27.1.2009 8:48 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [27.1.2009 8:48 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [27.1.2009 8:48 108552]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [17.10.2007 17:06 13696]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [27.1.2009 8:47 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [27.1.2009 8:47 297752]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [12.9.2008 8:09 222968]
R3 iKeyEnum;Rainbow iKey Enumerator;c:\windows\system32\drivers\IKEYENUM.SYS [18.10.2007 12:00 11560]
R3 iKeyIFD;Rainbow iKey Virtual Reader;c:\windows\system32\drivers\IKEYIFD.SYS [18.10.2007 12:00 17256]
R3 RnbToken;Rainbow iKey Token Service;c:\windows\system32\drivers\RNBTOKEN.SYS [18.10.2007 12:00 18056]
.
Obsah adresáře 'Naplánované úlohy'

2007-10-17 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2004\SystemOptimizer.exe [2004-11-09 20:11]

2010-03-05 c:\windows\Tasks\Úklid 1. kliknutím.job
- c:\program files\TuneUp Utilities 2004\SystemOptimizer.exe [2004-11-09 20:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {4C3CEE0B-4F2F-44C3-9586-4368F3200143} - hxxps://s.ica.cz/icapki.cab
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... b?3,14,8,0
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-05 12:42
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-03-05 12:44:14
ComboFix-quarantined-files.txt 2010-03-05 11:44

Před spuštěním: Volných bajtů: 146 123 390 976
Po spuštění: Volných bajtů: 146 115 301 376

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - E4645B0D28CDE917736D638D0BDB114E

Aneta87 · #12 Příspěvek od **Aneta87** » 05 bře 2010 13:01

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 13:00 on 05/03/2010 by Stanislav Hruška (Administrator - Elevation successful)

========== filefind ==========

Searching for "zeljko.exe"
No files found.

========== file ==========

zeljko.exe - Unable to find/read file.

========== regfind ==========

Searching for "zeljko.exe"
No data found.

-=End Of File=-

Aneta87 · #13 Příspěvek od **Aneta87** » 05 bře 2010 13:12

OTL logfile created on: 5.3.2010 13:12:02 - Run 2
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Documents and Settings\Stanislav Hruška\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 015,00 Mb Total Physical Memory | 499,00 Mb Available Physical Memory | 49,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 3048 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 136,11 Gb Free Space | 91,32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1,86 Gb Total Space | 1,48 Gb Free Space | 79,29% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPUTER
Current User Name: Stanislav Hruška
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Custom Scans ==========

< dir c:\ /c >
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je 70BD-07B4.
Výpis adresáře C:\
05.03.2010 09:01 <DIR> $AVG8.VAULT$
28.01.2010 13:27 1 024 .rnd
17.10.2007 17:01 0 AUTOEXEC.BAT
17.10.2007 16:55 211 Boot.bak
03.08.2004 23:00 261 312 cmldr
05.03.2010 12:44 8 654 ComboFix.txt
17.10.2007 17:01 0 CONFIG.SYS
18.10.2007 07:12 <DIR> disk
17.10.2007 17:04 <DIR> Documents and Settings
17.10.2007 17:07 <DIR> Intel
18.10.2007 07:14 <DIR> KONICA_MINOLTA_130f
04.11.2009 14:34 22 528 msword&part=1.doc
31.03.2009 07:23 <DIR> Notservis
05.03.2010 09:31 <DIR> Program Files
05.03.2010 12:44 <DIR> Qoobox
17.10.2007 17:09 575 RHDSetup.log
05.03.2010 11:46 <DIR> rsit
29.05.2009 10:03 73 398 rtf&part=1.rtf
05.03.2010 12:42 <DIR> WINDOWS
9 souborů, 367 702 bajtů
Adresářů: 10, Volných bajtů: 146 144 268 288

< dir e:\ c >
< End of report >

Aneta87 · #14 Příspěvek od **Aneta87** » 05 bře 2010 13:17

jj jde. dnes se neni vir nezobrazoval, ale problémem je, že nejde otevřít podobně jako předtím ta napadnutá virem...

Aneta87 · #15 Příspěvek od **Aneta87** » 05 bře 2010 13:23

poškozena by být nemela, začalo to blbnout od toho viru...

ted uz otevrit zase jde... nechapu, cim to je. kazdopadne vir na ni uz neni?

VIRY.CZ

worm/autorun

worm/autorun

Re: worm/autorun

Re: worm/autorun

Re: worm/autorun

Re: worm/autorun

Re: worm/autorun

Re: worm/autorun

Re: worm/autorun

Re: worm/autorun

Re: worm/autorun

Re: worm/autorun

Re: worm/autorun

Re: worm/autorun

Re: worm/autorun

Re: worm/autorun