Prosím o kontrolu logu RSIT

[HonzaM]

Děkuji.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Honza at 2010-03-10 08:14:49
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 35 GB (46%) free of 76 GB
Total RAM: 767 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:02, on 10.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\NDP20SP2-KB974417-x86.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Honza.WHISKY\Dokumenty\Stažené soubory\RSIT.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\trend micro\Honza.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aktualne.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [combofix] "C:\ComboFix\CF26143.cfxxe" /c "C:\ComboFix\C.bat"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O11 - Options group: [java_sun] Java (Sun)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 7484 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049c3e9-b461-4bc5-8870-4c09146192ca}]
RealPlayer Download and Record Plugin for Internet Explorer - c:\program files\real\realplayer\rpbrowserrecordplugin.dll [2009-11-03 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dbc80044-a445-435b-bc74-9c25c1c588a9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7e6f031-17ce-4c07-bc86-eabfe594f69c}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-08-02 577536]
"SW20"=C:\WINDOWS\system32\sw20.exe [2006-09-07 208896]
"SW24"=C:\WINDOWS\system32\sw24.exe [2006-09-07 69632]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-11 86016]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2002-09-25 87751]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696]
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe [2005-11-29 40960]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2007-05-14 35328]
"Lexmark 1200 Series"=C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [2006-07-13 57344]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-11-03 198160]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"combofix"=C:\ComboFix\CF26143.cfxxe /c C:\ComboFix\C.bat []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe [2005-11-29 57344]

C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PC Alert 4.lnk - C:\Program Files\MSI\PC Alert 4\PCAlert4.exe

C:\Documents and Settings\Honza.WHISKY\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-03-10 08:14:58 ----D---- C:\Program Files\trend micro
2010-03-10 08:14:49 ----D---- C:\rsit
2010-03-10 08:04:28 ----HDC---- C:\WINDOWS\$NtUninstallKB977165-v2$
2010-03-10 08:03:31 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-03-10 08:01:41 ----D---- C:\WINDOWS\LastGood
2010-03-09 08:07:01 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-03-09 08:06:53 ----A---- C:\WINDOWS\imsins.BAK
2010-03-09 08:06:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-03-08 08:53:40 ----D---- C:\WINDOWS\system32\XPSViewer
2010-03-08 08:53:24 ----D---- C:\Program Files\MSBuild
2010-03-08 08:53:13 ----D---- C:\WINDOWS\system32\en-US
2010-03-08 08:52:50 ----D---- C:\Program Files\Reference Assemblies
2010-03-08 08:51:29 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-03-08 08:51:29 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-03-08 08:51:28 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-03-08 08:51:28 ----D---- C:\89b70190068b25e3fb06
2010-03-07 11:26:49 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-03-07 11:26:31 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-03-07 11:26:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-03-07 11:26:06 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-03-07 11:25:55 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-03-07 11:23:37 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-03-07 11:23:28 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-03-07 11:23:19 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-03-07 11:23:10 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-03-07 11:23:03 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-03-07 11:22:54 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-03-07 11:22:47 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-03-07 11:22:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-03-07 11:22:33 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-03-07 11:22:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-03-07 11:22:15 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-03-07 11:22:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-03-07 11:21:58 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-03-07 11:21:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-03-07 11:21:40 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-03-07 11:21:32 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-03-07 11:21:22 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-03-07 11:21:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-03-07 11:21:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-03-07 11:20:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-03-07 11:20:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-03-07 11:20:09 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-03-07 11:19:54 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-03-07 11:17:23 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-03-07 11:16:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-03-07 11:16:46 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-03-07 11:16:36 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-03-07 11:16:13 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-03-07 11:16:03 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-03-07 11:15:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-03-07 11:14:51 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-03-07 11:14:27 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-03-05 11:01:51 ----SHD---- C:\RECYCLER

======List of files/folders modified in the last 1 months======

2010-03-10 08:16:49 ----SHD---- C:\WINDOWS\Installer
2010-03-10 08:16:49 ----D---- C:\Config.Msi
2010-03-10 08:16:36 ----D---- C:\WINDOWS\Microsoft.NET
2010-03-10 08:15:20 ----D---- C:\WINDOWS\Prefetch
2010-03-10 08:14:58 ----RAD---- C:\Program Files
2010-03-10 08:14:54 ----D---- C:\WINDOWS\Temp
2010-03-10 08:14:00 ----D---- C:\WINDOWS\system32
2010-03-10 08:13:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-10 08:13:23 ----RSD---- C:\WINDOWS\assembly
2010-03-10 08:12:42 ----D---- C:\WINDOWS\WinSxS
2010-03-10 08:09:54 ----D---- C:\Program Files\Mozilla Firefox
2010-03-10 08:04:53 ----HD---- C:\WINDOWS\inf
2010-03-10 08:04:53 ----D---- C:\WINDOWS
2010-03-10 08:04:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-10 08:04:25 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-10 08:04:14 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-10 08:04:12 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-09 08:20:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-09 08:07:04 ----D---- C:\WINDOWS\system32\drivers
2010-03-08 18:26:06 ----D---- C:\Documents and Settings\Honza.WHISKY\Data aplikací\ICQ
2010-03-08 16:56:36 ----A---- C:\WINDOWS\lexstat.ini
2010-03-08 08:53:05 ----RSD---- C:\WINDOWS\Fonts
2010-03-08 08:52:20 ----D---- C:\WINDOWS\system32\spool
2010-03-07 22:39:04 ----D---- C:\WINDOWS\Debug
2010-03-07 22:29:58 ----SHD---- C:\System Volume Information
2010-03-07 22:29:58 ----D---- C:\WINDOWS\system32\Restore
2010-03-07 22:07:03 ----D---- C:\WINDOWS\AppPatch
2010-03-07 11:26:45 ----D---- C:\Program Files\Messenger
2010-03-07 11:20:53 ----D---- C:\Program Files\Outlook Express
2010-03-07 11:13:09 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Real
2010-03-06 10:24:21 ----D---- C:\WINDOWS\Help
2010-03-05 08:19:53 ----A---- C:\WINDOWS\system.ini
2010-03-05 08:19:11 ----D---- C:\Program Files\Windows Media Player
2010-03-05 08:16:39 ----D---- C:\Program Files\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 PCAlertDriver;PCAlertDriver; \??\C:\Program Files\MSI\PC Alert 4\NTGLM7X.sys []
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-03-26 45568]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudio.sys [2002-09-15 64128]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2002-11-13 10496]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 AgereSoftModem;Microcom InPorte Home; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2002-09-25 1141248]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-08-18 4017536]
S3 CoolerXPDriver;CoolerXPDriver; \??\C:\Program Files\MSI\PC Alert 4\NTCooler.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-07-17 25544]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-06-16 83968]
S3 STAC97;VIA Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2001-09-17 91792]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2002-10-24 6912]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-07-17 682232]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 javaquickstarterservice;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-17 311296]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[motji]

Hezké poledne
Jaké jsou problémy s počítačem?
Vy jste spouštěl combofix?

[HonzaM]

Dobrý den. Internet na PC mi jde pomalu a vůbec se mi zdá vše nějaké zpomalené.
Ano spouštěl jsem ComboFix.

[motji]

A log by jste někde našel, případně složku qoobox? Já ho nikde v logu nevidím
LOg bývá zde C:\combofix.txt a na disku C bývá i složka qoobox.

Tím, že jste ho spustil, jste zamaskoval stopy - combofix smazal některé klíče v registru a v logu ze Rsitu není nic vidět, proto potřebuji ten log. Navíc podle záznamu ve Rsitu, se neukončil regulérně. Proto se nemá spouštět bez dozoru rádce, aby jste si třeba nepoškodil systém.

[HonzaM]

No příště už sám Combofix nespustím .
Ale bohužel požadovaný log jsem nenašel...

[motji]

Přejmenujte combofix na cokoliv.com a zkuste ho znovu spustit. Předtím vypněte antivir a firewall . Když bude combofix pracovat, na nic nechytejte, nic nespouštějte

[HonzaM]

Combofix jsem přejmenoval a spustit nejde. Píše to hlášku - This Copy of Combofix has expired. Delete this copy befor downloading and update copy.

[motji]

Combofix odinstalujte (respektive použijte název toho přejmenovaného combofixu) a stahněte nový.


Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir





Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-souhlaste s instalací konzole pro zotavení

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

[HonzaM]

Zde je požadovaný log z Combofixu.
Děkuji
ComboFix 10-03-10.04 - Honza 11.03.2010 9:21.13.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.320 [GMT 1:00]
Spuštěný z: c:\documents and settings\Honza.WHISKY\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 100310-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-11 do 2010-03-11 )))))))))))))))))))))))))))))))
.

2010-03-11 07:14 . 2005-11-08 23:26 38400 ----a-w- c:\windows\system32\moveex.exe
2010-03-08 07:53 . 2010-03-08 07:53 -------- d-----w- c:\windows\system32\XPSViewer
2010-03-08 07:53 . 2010-03-08 07:53 -------- d-----w- c:\program files\MSBuild
2010-03-08 07:52 . 2010-03-08 07:52 -------- d-----w- c:\program files\Reference Assemblies
2010-03-08 07:52 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-03-08 07:51 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-03-08 07:51 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-03-08 07:51 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-03-08 07:51 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-03-08 07:51 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-03-08 07:51 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-03-08 07:51 . 2010-03-08 07:52 -------- d-----w- C:\89b70190068b25e3fb06
2010-03-08 07:51 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-03-08 07:51 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-03-06 09:33 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-03-06 09:33 . 2009-10-15 16:32 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-03-06 09:32 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-03-06 09:32 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-03-06 09:29 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-11 06:57 . 2006-04-22 06:31 -------- d-----w- c:\program files\Real
2010-03-10 07:14 . 2001-10-25 14:00 82462 ----a-w- c:\windows\system32\perfc005.dat
2010-03-10 07:14 . 2001-10-25 14:00 437062 ----a-w- c:\windows\system32\perfh005.dat
2010-02-08 07:05 . 2008-09-26 16:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-31 16:50 . 2004-08-03 21:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:09 . 2004-08-17 13:49 668160 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:09 . 2004-08-17 13:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-17 07:42 . 2007-07-17 19:14 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-17 13:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2004-05-06 12:11 . 2004-12-06 15:37 777 ----a-w- c:\program files\trial_setup.ini
2004-05-06 12:11 . 2004-12-06 15:37 4289024 ----a-w- c:\program files\trial_setup.msi
2004-05-06 12:11 . 2004-12-06 15:37 40448 ----a-w- c:\program files\trial_setup.exe
2003-10-04 14:29 . 2003-10-04 14:25 23101440 ----a-w- c:\program files\language.mix
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"SW20"="c:\windows\system32\sw20.exe" [2006-09-07 208896]
"SW24"="c:\windows\system32\sw24.exe" [2006-09-07 69632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"AGRSMMSG"="AGRSMMSG.exe" [2002-09-25 87751]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 40960]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-11 202256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Honza.WHISKY\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]

c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
PC Alert 4.lnk - c:\program files\MSI\PC Alert 4\PCAlert4.exe [2007-7-21 552960]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7.4.2008 21:00 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7.4.2008 21:00 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [15.10.2008 13:24 222456]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.7.2007 20:01 682232]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - PCAlertDriver
.
Obsah adresáře 'Naplánované úlohy'

2009-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2010-03-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1482476501-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-03-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1482476501-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-03-11 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-02 20:18]
.
.
------- Doplňkový sken -------
.
uLocal Page =
uStart Page = hxxp://aktualne.centrum.cz/
mStart Page = hxxp://search.myheritage.com
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
FF - ProfilePath - c:\documents and settings\Honza.WHISKY\Data aplikací\Mozilla\Firefox\Profiles\0bfjqry2.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://aktualne.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-HijackThis - c:\program files\trend micro\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-11 09:29
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2272)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-03-11 09:32:31
ComboFix-quarantined-files.txt 2010-03-11 08:32

Před spuštěním: Volných bajtů: 37 595 392 512
Po spuštění: Volných bajtů: 37 585 661 952

- - End Of File - - 6A69466753A09ED2DDFFC7AE4ADC2122

[motji]

otestujte na http://www.virustotal.com
c:\windows\system32\moveex.exe
c:\windows\system32\drivers\tcpip.sys
-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky


Internet je stále pomalý?

[HonzaM]

Internet i PC je již OK. Děkuji.
http://www.virustotal.com/analisis/8f97 ... 1259065415
http://www.virustotal.com/analisis/f3af ... 1266584807

[motji]

Prosím Vás, otestujte ty soubory znovu, pokud se Vám zeptá, zda chcete stálý odkaz nebo znovu testovat, dejte znovu testovat.
Musí to být soubory z Vašeho pc

[HonzaM]

Zde je scan.

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.03.11 -
AhnLab-V3 5.0.0.2 2010.03.11 -
AntiVir 8.2.1.180 2010.03.11 -
Antiy-AVL 2.0.3.7 2010.03.11 -
Authentium 5.2.0.5 2010.03.11 -
Avast 4.8.1351.0 2010.03.10 -
Avast5 5.0.332.0 2010.03.10 -
AVG 9.0.0.787 2010.03.11 -
BitDefender 7.2 2010.03.11 -
CAT-QuickHeal 10.00 2010.03.11 -
ClamAV 0.96.0.0-git 2010.03.11 -
Comodo 4225 2010.03.11 -
DrWeb 5.0.1.12222 2010.03.11 -
eSafe 7.0.17.0 2010.03.10 Win32.Banker
eTrust-Vet 35.2.7354 2010.03.11 -
F-Prot 4.5.1.85 2010.03.11 -
F-Secure 9.0.15370.0 2010.03.11 -
Fortinet 4.0.14.0 2010.03.09 -
GData 19 2010.03.11 -
Ikarus T3.1.1.80.0 2010.03.11 -
Jiangmin 13.0.900 2010.03.11 -
K7AntiVirus 7.10.994 2010.03.10 -
Kaspersky 7.0.0.125 2010.03.11 -
McAfee 5916 2010.03.10 -
McAfee+Artemis 5916 2010.03.10 -
McAfee-GW-Edition 6.8.5 2010.03.11 -
Microsoft 1.5502 2010.03.11 -
NOD32 4934 2010.03.11 -
Norman 6.04.08 2010.03.11 -
nProtect 2009.1.8.0 2010.03.11 -
Panda 10.0.2.2 2010.03.10 -
PCTools 7.0.3.5 2010.03.11 -
Prevx 3.0 2010.03.11 -
Rising 22.38.03.04 2010.03.11 -
Sophos 4.51.0 2010.03.11 -
Sunbelt 5823 2010.03.11 -
Symantec 20091.2.0.41 2010.03.11 -
TheHacker 6.5.2.0.230 2010.03.11 -
TrendMicro 9.120.0.1004 2010.03.11 -
VBA32 3.12.12.2 2010.03.11 -
ViRobot 2010.3.11.2222 2010.03.11 -
VirusBuster 5.0.27.0 2010.03.11 -
Additional information
File size: 38400 bytes
MD5...: 098d1e9c1b749142f999973c794be54d
SHA1..: 5f63fadc9572be19ab45899e0f77bb07460713b0
SHA256: 8f97f676c4801d925445a7c3ce424ad12eaed7d6434e3c062d6c2bbf22113f2c
ssdeep: 768:naHrVTLciZWtr48/aPOi1DGWixUWYdRB5Y:0rVjZcr4EwjxGVidRB5Y
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x17a0
timedatestamp.....: 0x34e85595 (Mon Feb 16 15:04:53 1998)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6216 0x6400 6.38 9e5cdaae61a067066f03bc143a9de807
.rdata 0x8000 0x427 0x600 4.11 8e1dbb5edd56c017b65ef05577789896
.data 0x9000 0x2b94 0x1a00 2.34 9c7ce37dc1c37a2fbadb92844055b394
.idata 0xc000 0x580 0x600 4.79 be87d461da462b3d44bf37c737e341e7
.reloc 0xd000 0x790 0x800 5.71 c6732158d73a36873b19d6418915c4dd

( 1 imports )
> KERNEL32.dll: GetOEMCP, MoveFileExA, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, GetDriveTypeA, FindFirstFileA, ExitProcess, TerminateProcess, GetCurrentProcess, GetCommandLineA, GetVersion, GetFullPathNameA, GetCurrentDirectoryA, RtlUnwind, UnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsA, MultiByteToWideChar, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, WideCharToMultiByte, GetCPInfo, GetACP, GetLastError, SetHandleCount, GetFileType, GetStdHandle, GetStartupInfoA, HeapDestroy, HeapCreate, VirtualFree, WriteFile, HeapAlloc, GetTimeZoneInformation, HeapFree, LCMapStringA, LCMapStringW, VirtualAlloc, GetProcAddress, LoadLibraryA, FlushFileBuffers, SetFilePointer, SetStdHandle, CloseHandle, GetStringTypeA, GetStringTypeW, CompareStringA, CompareStringW, SetEnvironmentVariableA, HeapReAlloc

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Win32 Executable MS Visual C++ (generic) (62.9%)
Win32 Executable Generic (14.2%)
Win32 Dynamic Link Library (generic) (12.6%)
Win16/32 Executable Delphi generic (3.4%)
Generic Win/DOS Executable (3.3%)

A ještě jeden. Děkuji.

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.03.11 -
AhnLab-V3 5.0.0.2 2010.03.11 -
AntiVir 8.2.1.180 2010.03.11 -
Antiy-AVL 2.0.3.7 2010.03.11 -
Authentium 5.2.0.5 2010.03.11 -
Avast 4.8.1351.0 2010.03.10 -
Avast5 5.0.332.0 2010.03.10 -
AVG 9.0.0.787 2010.03.11 -
BitDefender 7.2 2010.03.11 -
CAT-QuickHeal 10.00 2010.03.11 -
ClamAV 0.96.0.0-git 2010.03.11 -
Comodo 4225 2010.03.11 -
DrWeb 5.0.1.12222 2010.03.11 -
eSafe 7.0.17.0 2010.03.10 -
eTrust-Vet 35.2.7354 2010.03.11 -
F-Prot 4.5.1.85 2010.03.11 -
F-Secure 9.0.15370.0 2010.03.11 -
Fortinet 4.0.14.0 2010.03.09 -
GData 19 2010.03.11 -
Ikarus T3.1.1.80.0 2010.03.11 -
Jiangmin 13.0.900 2010.03.11 -
K7AntiVirus 7.10.994 2010.03.10 -
Kaspersky 7.0.0.125 2010.03.11 -
McAfee 5916 2010.03.10 -
McAfee+Artemis 5916 2010.03.10 -
McAfee-GW-Edition 6.8.5 2010.03.11 -
Microsoft 1.5502 2010.03.11 -
NOD32 4934 2010.03.11 -
Norman 6.04.08 2010.03.11 -
nProtect 2009.1.8.0 2010.03.11 -
Panda 10.0.2.2 2010.03.10 -
PCTools 7.0.3.5 2010.03.11 -
Prevx 3.0 2010.03.11 -
Rising 22.38.03.04 2010.03.11 -
Sophos 4.51.0 2010.03.11 -
Sunbelt 5823 2010.03.11 -
Symantec 20091.2.0.41 2010.03.11 -
TheHacker 6.5.2.0.230 2010.03.11 -
TrendMicro 9.120.0.1004 2010.03.11 -
VBA32 3.12.12.2 2010.03.11 -
ViRobot 2010.3.11.2222 2010.03.11 -
VirusBuster 5.0.27.0 2010.03.11 -
Additional information
File size: 361600 bytes
MD5...: 9425b72f40257b45d45d24773273dad0
SHA1..: 0668a9335026b7c84073bbef8ee2b9d19e80d335
SHA256: f3afa8c9849930ccd385dec9c050248c62a2b4b17508e430a4899178f51c06bf
ssdeep: 6144:8JVxTJMCOHOcecOeaVrith/CC/LxGh5wCQCzKLQ/xFczo:8DxTl2OzryZCA
Q4CQDQ/
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x50d23
timedatestamp.....: 0x485b99ad (Fri Jun 20 11:51:09 2008)
machinetype.......: 0x14c (I386)

( 10 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x3f05a 0x3f080 6.58 469827b02f4403f5236e017c0c4bc49a
.rdata 0x3f400 0x574 0x580 4.44 0eb5bdbba26ed4d079a201f965266cb4
.data 0x3f980 0xa4a4 0xa500 0.06 ea0c5005c163289d0c29ae80301cb86f
PAGE 0x49e80 0x1f85 0x2000 6.38 29223020b8202f58b61651e2099c84e8
PAGELK 0x4be80 0x6f2 0x700 6.19 d82540f4886ebcffb849774114194524
PAGEIPMc 0x4c580 0x2781 0x2800 6.43 bb13276e642dee8cf0a818967e06b022
.edata 0x4ed80 0x341 0x380 5.23 32781ababdbcd87358c1d1eb84509dd0
INIT 0x4f100 0x5936 0x5980 6.19 a4b5d7445e21316998d56579050f482e
.rsrc 0x54a80 0x3f0 0x400 3.41 3fd0d62483602aa6ce780c14866b4e39
.reloc 0x54e80 0x3590 0x3600 6.79 1e3ca28ef6ff9cf6fa16149dbf4fe144

( 4 imports )
> HAL.dll: KfLowerIrql, KeRaiseIrqlToDpcLevel, KfReleaseSpinLock, KfAcquireSpinLock, KfRaiseIrql, KeGetCurrentIrql, KeQueryPerformanceCounter, ExAcquireFastMutex, ExReleaseFastMutex
> NDIS.SYS: NdisCloseAdapter, NdisCancelSendPackets, NdisFreePacket, NdisUnchainBufferAtFront, NdisCompletePnPEvent, NdisFreePacketPool, NdisRequest, NdisAllocatePacket, NdisFreeMemory, NdisQueryAdapterInstanceName, NdisGetDriverHandle, NdisOpenAdapter, NdisAllocatePacketPoolEx, NdisGetReceivedPacket, NdisRegisterProtocol, NdisAllocateBuffer, NdisSetPacketPoolProtocolId, NdisReturnPackets, NdisCopyBuffer, NdisAllocateBufferPool, NdisFreeBufferPool, NdisReEnumerateProtocolBindings, NdisCompleteBindAdapter
> ntoskrnl.exe: IoCreateDevice, _wcsicmp, wcscpy, wcsncpy, wcschr, ZwSetInformationThread, KeLeaveCriticalRegion, KeEnterCriticalRegion, KeQueryTimeIncrement, KeSetEvent, IoDeleteSymbolicLink, ExDeleteNPagedLookasideList, KeDelayExecutionThread, ZwOpenKey, KeSetTimerEx, KeInitializeTimer, KeInitializeDpc, ExInitializeNPagedLookasideList, MmLockPagableSectionByHandle, ZwQueryValueKey, ZwSetValueKey, InterlockedPopEntrySList, InterlockedPushEntrySList, ExIsProcessorFeaturePresent, RtlAddAccessAllowedAce, RtlCreateAcl, RtlLengthSid, SeExports, RtlMapGenericMask, IoGetFileObjectGenericMapping, ObReleaseObjectSecurity, SeSetSecurityDescriptorInfo, RtlLengthSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, ObGetObjectSecurity, IofCallDriver, IoBuildDeviceIoControlRequest, IoGetDeviceObjectPointer, ObfDereferenceObject, RtlAddAce, RtlGetAce, IoCreateSymbolicLink, RtlInitializeSid, RtlLengthRequiredSid, ObSetSecurityObjectByPointer, RtlSelfRelativeToAbsoluteSD, RtlGetSaclSecurityDescriptor, RtlGetGroupSecurityDescriptor, RtlGetOwnerSecurityDescriptor, RtlGetDaclSecurityDescriptor, RtlVerifyVersionInfo, VerSetConditionMask, IoWMIRegistrationControl, IoGetCurrentProcess, KeInitializeTimerEx, RtlExtendedIntegerMultiply, KeQueryInterruptTime, _aulldiv, DbgBreakPoint, KeSetTargetProcessorDpc, RtlSetBit, SeUnlockSubjectContext, SeAccessCheck, SeLockSubjectContext, ObDereferenceSecurityDescriptor, PsGetCurrentProcessId, RtlWalkFrameChain, ExNotifyCallback, ExCreateCallback, ObReferenceObjectByHandle, MmUnlockPages, SeFreePrivileges, SeAppendPrivileges, ObLogSecurityDescriptor, SeAssignSecurity, IoFileObjectType, MmProbeAndLockPages, IoAllocateMdl, _except_handler3, ProbeForWrite, ObfReferenceObject, PsGetCurrentProcess, RtlPrefetchMemoryNonTemporal, KeInitializeMutex, MmIsThisAnNtAsSystem, KeWaitForSingleObject, KeReleaseMutex, KeReadStateEvent, IoDeleteDevice, ZwEnumerateValueKey, RtlUnicodeStringToInteger, RtlIpv4StringToAddressW, RtlTimeToTimeFields, ExLocalTimeToSystemTime, RtlExtendedMagicDivide, RtlAppendUnicodeToString, ZwClose, _allmul, MmQuerySystemSize, RtlCompareUnicodeString, RtlInitializeBitMap, RtlClearAllBits, RtlSetBits, wcslen, RtlAreBitsSet, RtlClearBits, RtlFindClearBitsAndSet, RtlFindClearRuns, DbgPrint, memmove, RtlCopyUnicodeString, RtlAppendUnicodeStringToString, ZwLoadDriver, KeResetEvent, IoAcquireCancelSpinLock, IoReleaseCancelSpinLock, IofCompleteRequest, ExfInterlockedAddUlong, MmMapLockedPagesSpecifyCache, IoFreeMdl, ExfInterlockedInsertTailList, RtlInitUnicodeString, MmMapLockedPages, KeNumberProcessors, RtlUnicodeStringToAnsiString, MmLockPagableDataSection, MmUnlockPagableImageSection, RtlCompareMemory, ExAllocatePoolWithTag, KeCancelTimer, KeClearEvent, RtlAnsiStringToUnicodeString, IoRaiseInformationalHardError, KeInitializeEvent, ExFreePoolWithTag, ExAllocatePoolWithTagPriority, KeInitializeSpinLock, _alldiv, KeQuerySystemTime, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, KeBugCheckEx, RtlSubAuthoritySid, KeTickCount, MmBuildMdlForNonPagedPool, ZwDeviceIoControlFile, ZwCreateFile
> TDI.SYS: CTESystemUpTime, CTEBlock, CTELogEvent, CTESignal, CTEBlockWithTracker, CTEStartTimer, CTEInitEvent, CTEScheduleDelayedEvent, CTEInitTimer, TdiProviderReady, CTEInitialize, TdiDeregisterNetAddress, TdiRegisterNetAddress, TdiDeregisterDeviceObject, TdiRegisterDeviceObject, TdiDeregisterProvider, TdiRegisterProvider, TdiPnPPowerRequest, TdiCopyMdlChainToMdlChain, TdiInitialize, TdiDeregisterPnPHandlers, TdiRegisterPnPHandlers, CTEScheduleEvent, TdiCopyBufferToMdl, CTERemoveBlockTracker, CTEInsertBlockTracker, TdiMapUserRequest, TdiCopyBufferToMdlWithReservedMappingAtDpcLevel

( 31 exports )
ARPRcv, ARPRcvPacket, FreeIprBuff, GetIFAndLink, IPAddInterface, IPAllocBuff, IPDelInterface, IPDelayedNdisReEnumerateBindings, IPDeregisterARP, IPDisableSniffer, IPEnableSniffer, IPFreeBuff, IPGetAddrType, IPGetBestInterface, IPGetInfo, IPInjectPkt, IPProxyNdisRequest, IPRcvComplete, IPRcvPacket, IPRegisterARP, IPRegisterProtocol, IPSetIPSecStatus, IPTransmit, LookupRoute, LookupRouteInformation, LookupRouteInformationWithBuffer, SendICMPErr, SetIPSecPtr, UnSetIPSecPtr, UnSetIPSecSendPtr, tcpxsum
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: TCP/IP Protocol Driver
original name: tcpip.sys
internal name: tcpip.sys
file version.: 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

[motji]

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********




Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

[HonzaM]

Myslím, že PC je již OK. Děkuji moc.
Ještě log RSTI.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Honza at 2010-03-11 16:42:18
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 36 GB (47%) free of 76 GB
Total RAM: 767 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:42:32, on 11.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Honza.WHISKY\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Honza.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aktualne.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O11 - Options group: [java_sun] Java (Sun)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 6915 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1482476501-839522115-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1482476501-839522115-1003.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dbc80044-a445-435b-bc74-9c25c1c588a9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7e6f031-17ce-4c07-bc86-eabfe594f69c}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-08-02 577536]
"SW20"=C:\WINDOWS\system32\sw20.exe [2006-09-07 208896]
"SW24"=C:\WINDOWS\system32\sw24.exe [2006-09-07 69632]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-11 86016]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2002-09-25 87751]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696]
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe [2005-11-29 40960]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2007-05-14 35328]
"Lexmark 1200 Series"=C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [2006-07-13 57344]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-03-11 202256]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe [2005-11-29 57344]

C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PC Alert 4.lnk - C:\Program Files\MSI\PC Alert 4\PCAlert4.exe

C:\Documents and Settings\Honza.WHISKY\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-03-11 16:42:18 ----D---- C:\rsit
2010-03-11 16:42:18 ----D---- C:\Program Files\trend micro
2010-03-11 11:47:39 ----SHD---- C:\RECYCLER
2010-03-11 08:14:38 ----A---- C:\WINDOWS\system32\moveex.exe
2010-03-10 08:04:28 ----HDC---- C:\WINDOWS\$NtUninstallKB977165-v2$
2010-03-10 08:03:31 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-03-09 08:07:01 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-03-09 08:06:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-03-08 08:53:40 ----D---- C:\WINDOWS\system32\XPSViewer
2010-03-08 08:53:24 ----D---- C:\Program Files\MSBuild
2010-03-08 08:53:13 ----D---- C:\WINDOWS\system32\en-US
2010-03-08 08:52:50 ----D---- C:\Program Files\Reference Assemblies
2010-03-08 08:51:29 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-03-08 08:51:29 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-03-08 08:51:28 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-03-08 08:51:28 ----D---- C:\89b70190068b25e3fb06
2010-03-07 11:26:49 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-03-07 11:26:31 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-03-07 11:26:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-03-07 11:26:06 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-03-07 11:25:55 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-03-07 11:23:37 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-03-07 11:23:28 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-03-07 11:23:19 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-03-07 11:23:10 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-03-07 11:23:03 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-03-07 11:22:54 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-03-07 11:22:47 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-03-07 11:22:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-03-07 11:22:33 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-03-07 11:22:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-03-07 11:22:15 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-03-07 11:22:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-03-07 11:21:58 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-03-07 11:21:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-03-07 11:21:40 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-03-07 11:21:32 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-03-07 11:21:22 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-03-07 11:21:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-03-07 11:21:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-03-07 11:20:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-03-07 11:20:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-03-07 11:20:09 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-03-07 11:19:54 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-03-07 11:17:23 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-03-07 11:16:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-03-07 11:16:46 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-03-07 11:16:36 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-03-07 11:16:13 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-03-07 11:16:03 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-03-07 11:15:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-03-07 11:14:51 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-03-07 11:14:27 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$

======List of files/folders modified in the last 1 months======

2010-03-11 16:42:28 ----D---- C:\WINDOWS\Prefetch
2010-03-11 16:42:18 ----RAD---- C:\Program Files
2010-03-11 16:40:34 ----D---- C:\Program Files\Mozilla Firefox
2010-03-11 16:38:48 ----D---- C:\WINDOWS
2010-03-11 16:35:11 ----D---- C:\WINDOWS\Temp
2010-03-11 16:35:10 ----SHD---- C:\System Volume Information
2010-03-11 16:35:10 ----D---- C:\WINDOWS\system32\Restore
2010-03-11 14:56:36 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-03-11 11:59:53 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-11 11:59:38 ----D---- C:\Documents and Settings\Honza.WHISKY\Data aplikací\ICQ
2010-03-11 09:32:34 ----D---- C:\WINDOWS\system32
2010-03-11 09:29:08 ----A---- C:\WINDOWS\system.ini
2010-03-11 09:26:09 ----D---- C:\WINDOWS\system32\drivers
2010-03-11 09:26:09 ----D---- C:\WINDOWS\AppPatch
2010-03-11 09:26:02 ----D---- C:\Program Files\Common Files
2010-03-11 09:14:20 ----D---- C:\Odvirování PC
2010-03-11 07:59:03 ----SD---- C:\WINDOWS\Tasks
2010-03-11 07:58:53 ----D---- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Real
2010-03-11 07:57:56 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Real
2010-03-11 07:57:33 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2010-03-11 07:57:20 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-03-11 07:57:20 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-03-11 07:57:14 ----SHD---- C:\WINDOWS\Installer
2010-03-11 07:57:14 ----D---- C:\Program Files\Real
2010-03-11 07:57:14 ----D---- C:\Config.Msi
2010-03-11 07:56:16 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-03-11 07:47:40 ----D---- C:\WINDOWS\Microsoft.NET
2010-03-11 07:47:31 ----RSD---- C:\WINDOWS\assembly
2010-03-10 08:13:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-10 08:12:42 ----D---- C:\WINDOWS\WinSxS
2010-03-10 08:05:39 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-10 08:04:53 ----HD---- C:\WINDOWS\inf
2010-03-10 08:04:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-10 08:04:25 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-08 16:56:36 ----A---- C:\WINDOWS\lexstat.ini
2010-03-08 08:53:05 ----RSD---- C:\WINDOWS\Fonts
2010-03-08 08:52:20 ----D---- C:\WINDOWS\system32\spool
2010-03-07 22:39:04 ----D---- C:\WINDOWS\Debug
2010-03-07 11:26:45 ----D---- C:\Program Files\Messenger
2010-03-07 11:20:53 ----D---- C:\Program Files\Outlook Express
2010-03-06 10:24:21 ----D---- C:\WINDOWS\Help
2010-03-05 08:19:11 ----D---- C:\Program Files\Windows Media Player

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-03-26 45568]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudio.sys [2002-09-15 64128]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2002-11-13 10496]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 AgereSoftModem;Microcom InPorte Home; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2002-09-25 1141248]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-08-18 4017536]
S3 CoolerXPDriver;CoolerXPDriver; \??\C:\Program Files\MSI\PC Alert 4\NTCooler.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-07-17 25544]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-06-16 83968]
S3 STAC97;VIA Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2001-09-17 91792]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2002-10-24 6912]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-07-17 682232]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 javaquickstarterservice;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-17 311296]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------