prosím o preventivní kontrolu

Zpráva

vrchlab · #1 Příspěvek od **vrchlab** » 11 bře 2010 09:21

Dobrý den prosím o preventivku, občas se mi seká outlook. Děkuji moc!

Přikládám log z rsit, před vytvořením logu počítač pročištěn ccleanerem.

Logfile of random's system information tool 1.06 (written by random/random)
Run by kopecny at 2010-03-11 09:16:50
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (9%) free of 32 GB
Total RAM: 2046 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:44, on 11.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\aswServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\AvAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Vfalub.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\FLIR Systems\ThermaCAM Connect 3\T3Mon.exe
C:\PROGRA~1\ALWILS~1\Avast4\aswDisp.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Alwil Software\Avast4\aswWebSv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Documents and Settings\Kopecny\Data aplikací\MyTraveler\MyTraveler.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\PROGRA~1\MICROS~4\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1029\nt\MAPISP32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Kopecny\LOCALS~1\Temp\Vld.exe
C:\Program Files\Corel\Graphics9\PROGRAMS\PHOTOPNT.EXE
C:\CLIENTRS\ClientRS.exe
D:\Dokumenty\Stažené dokumenty\RSIT.exe
C:\Program Files\trend micro\kopecny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://is.vtuo.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:5225/Toolbox/ToolBox.jsp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = isa:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = is.vtuo.cz;192.168.210.185;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe -c Direct -p DOT4_002 -pn "hp LaserJet 1300 PCL 6" -n 0 -l 1029 -sl 120000
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RSCLIENT] C:\CLIENTRS\ClientRS.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [T3Mon] "C:\Program Files\FLIR Systems\ThermaCAM Connect 3\T3Mon.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\aswDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [MyTraveler] C:\Documents and Settings\Kopecny\Data aplikací\MyTraveler\MyTraveler.exe
O4 - HKCU\..\Run: [RSCLIENT] C:\CLIENTRS\ClientRS.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [internat] C:\WINDOWS\internat.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\DOCUME~1\Kopecny\LOCALS~1\Temp\Vld.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [RSCLIENT] C:\CLIENTRS\ClientRS.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://online.tns-global.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 2920533447
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8961498208
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - http://adis.mfcr.cz/adis/jepo/epo/bin/capicom.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F680B28A-3AEE-4C88-93ED-45AE9215C128} (CryptSignX Control) - http://adisspr.mfcr.cz/adistc/adis/idpr ... tsignx.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vtuo.cz
O17 - HKLM\Software\..\Telephony: DomainName = vtuo.cz
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vtuo.cz
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe
O23 - Service: avast! NetAgent - ALWIL Software - C:\Program Files\Alwil Software\Avast4\AvAgent.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 11418 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#7600#MY39B333YKK2.job
C:\WINDOWS\tasks\HP Usg Daily.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-08-12 61952]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-02 77824]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2004-12-10 2749440]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-02-22 339968]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-05-07 188416]
"HPHUPD05"=C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe [2003-05-23 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-04-08 212992]
"HPHmon05"=C:\WINDOWS\system32\hphmon05.exe [2003-05-23 483328]
"StatusClient"=C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [2002-12-16 36864]
"TomcatStartup"=C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe [2002-12-03 143360]
"HPLJ Config"=C:\Program Files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe [2003-01-03 28672]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2004-06-08 29696]
"RSCLIENT"=C:\CLIENTRS\ClientRS [2010-03-11 18]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"T3Mon"=C:\Program Files\FLIR Systems\ThermaCAM Connect 3\T3Mon.exe [2003-06-16 262144]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\aswDisp.exe [2010-02-18 81000]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"SpywareTerminator"=C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe [2009-11-19 2166784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MyTraveler"=C:\Documents and Settings\Kopecny\Data aplikací\MyTraveler\MyTraveler.exe [2004-09-21 2338818]
"RSCLIENT"=C:\CLIENTRS\ClientRS [2010-03-11 18]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"internat"=C:\WINDOWS\internat.exe []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"TOY5KNQ8OC"=C:\DOCUME~1\Kopecny\LOCALS~1\Temp\Vld.exe [2010-03-10 152064]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe
Microsoft Firewall Client Management.lnk - C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Microtek Scanner Finder.lnk - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-02-21 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw"
"C:\CLIENTRS\WinVNC.exe"="C:\CLIENTRS\WinVNC.exe:*:Enabled:WinVNC"
"C:\CLIENTRS\ClientRS.exe"="C:\CLIENTRS\ClientRS.exe:*:Enabled:ClientRS"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\explorer.exe"="%windir%\explorer.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Program Files\Alwil Software\Avast4\AvAgent.exe"="C:\Program Files\Alwil Software\Avast4\AvAgent.exe:*:Enabled:avast! NetAgent service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Disabled:Logitech Desktop Messenger"
"D:\Dokumenty\Hry instalace\Netstorm\NetStorm\NetStorm\Netstorm.exe"="D:\Dokumenty\Hry instalace\Netstorm\NetStorm\NetStorm\Netstorm.exe:*:Enabled:Netstorm"
"C:\CLIENTRS\WinVNC.exe"="C:\CLIENTRS\WinVNC.exe:*:Enabled:WinVNC"
"C:\CLIENTRS\ClientRS.exe"="C:\CLIENTRS\ClientRS.exe:*:Enabled:ClientRS"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02e0a951-db5b-11de-8315-001111a00c38}]
shell\AutoRun\command - "E:\WD SmartWare.exe" autoplay=true

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02e0a957-db5b-11de-8315-001111a00c38}]
shell\AutoRun\command - "E:\WD SmartWare.exe" autoplay=true

======List of files/folders created in the last 1 months======

2010-03-11 09:16:50 ----D---- C:\rsit
2010-03-11 09:16:50 ----D---- C:\Program Files\trend micro
2010-03-10 16:06:08 ----A---- C:\WINDOWS\Vfalub.exe
2010-03-10 16:04:39 ----D---- C:\Program Files\Janes Hotel Family Hero
2010-03-10 16:04:22 ----D---- C:\Program Files\ReflexiveArcade
2010-03-10 15:15:39 ----A---- C:\WINDOWS\Vfalua.exe
2010-03-10 15:15:22 ----A---- C:\WINDOWS\system32\sshnas21.dll
2010-03-10 14:38:41 ----D---- C:\Documents and Settings\Kopecny\Data aplikací\Jane s Hotel Family Hero

======List of files/folders modified in the last 1 months======

2010-03-11 09:16:56 ----D---- C:\WINDOWS\Temp
2010-03-11 09:16:50 ----RD---- C:\Program Files
2010-03-11 09:14:59 ----D---- C:\Program Files\Spyware Terminator
2010-03-11 09:13:08 ----D---- C:\CLIENTRS
2010-03-11 09:12:51 ----D---- C:\WINDOWS\Debug
2010-03-11 09:12:51 ----D---- C:\WINDOWS
2010-03-11 09:11:52 ----D---- C:\Program Files\CCleaner
2010-03-11 07:59:27 ----SD---- C:\WINDOWS\Tasks
2010-03-11 07:34:20 ----D---- C:\Program Files\Mozilla Firefox
2010-03-11 07:33:31 ----A---- C:\WINDOWS\win.ini
2010-03-11 07:31:25 ----D---- C:\WINDOWS\security
2010-03-11 07:25:45 ----A---- C:\WINDOWS\SMSCFG.ini
2010-03-11 07:25:33 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-11 07:25:31 ----D---- C:\WINDOWS\system32
2010-03-10 16:22:19 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-03-10 15:58:01 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-03-10 15:19:11 ----D---- C:\WINDOWS\Prefetch
2010-03-10 13:14:28 ----D---- C:\Documents and Settings\Kopecny\Data aplikací\Spyware Terminator
2010-03-10 11:31:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-02-26 11:34:27 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-24 09:16:06 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-02-24 08:28:35 ----SHD---- C:\WINDOWS\CSC
2010-02-22 11:03:27 ----A---- C:\WINDOWS\TBPlugin.INI
2010-02-22 11:03:27 ----A---- C:\WINDOWS\avconfig.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-02-18 28064]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2005-06-21 82380]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2010-02-18 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-02-18 48624]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2010-02-18 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-02-18 94160]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-02-18 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-21 1505792]
R3 Dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-14 206976]
R3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2004-12-13 2329408]
R3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\L8042mou.sys [2004-06-08 54817]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\System32\Drivers\LMouKE.sys [2004-06-08 71533]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-10-27 223104]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 FLIRUSBNET;FLIR USB Network Adapter; C:\WINDOWS\system32\DRIVERS\FLIRUSB.sys [2003-09-19 20992]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-08-12 113664]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-22 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-22 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-22 21568]
S3 ivusb;Initio Driver for USB Default Controller; C:\WINDOWS\system32\DRIVERS\ivusb.sys []
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2004-06-08 24637]
S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2004-06-08 38081]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys []
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2010-02-18 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-21 405504]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\aswServ.exe [2010-02-18 138680]
R2 avast! NetAgent;avast! NetAgent; C:\Program Files\Alwil Software\Avast4\AvAgent.exe [2010-02-18 52160]
R2 FwcAgent;Firewall Client Agent; C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe [2006-12-09 128832]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-11-19 488960]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe [2010-02-18 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\aswWebSv.exe [2010-02-18 352920]
R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-05-14 65795]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-02-22 516096]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

vrchlab · #2 Příspěvek od **vrchlab** » 11 bře 2010 10:42

Výsledek:

http://www.virustotal.com/cs/analisis/e ... 1268300386

vrchlab · #3 Příspěvek od **vrchlab** » 11 bře 2010 12:03

log z otm:

All processes killed
========== PROCESSES ==========
No active process named C:\DOCUME~1\Kopecny\LOCALS~1\Temp\Vld.exe was found!
========== FILES ==========
C:\DOCUME~1\Kopecny\LOCALS~1\Temp\Vld.exe moved successfully.
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list\\%windir%\system32\drivers\svchost.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\TOY5KNQ8OC deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Administrator.VTUO
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Kopecny
->Temp folder emptied: 60379193 bytes
->Temporary Internet Files folder emptied: 2950125 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 112155591 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 8403 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 102512 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: SMSCliSvcAcct&
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134153 bytes
%systemroot%\System32 .tmp files removed: 13793736 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 431872 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 183,00 mb

OTM by OldTimer - Version 3.1.10.0 log created on 03112010_115240

vrchlab · #4 Příspěvek od **vrchlab** » 11 bře 2010 12:03

Log z rsit:

Logfile of random's system information tool 1.06 (written by random/random)
Run by kopecny at 2010-03-11 12:02:02
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (10%) free of 32 GB
Total RAM: 2046 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:53, on 11.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\aswServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\AvAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\FLIR Systems\ThermaCAM Connect 3\T3Mon.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\PROGRA~1\ALWILS~1\Avast4\aswDisp.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Documents and Settings\Kopecny\Data aplikací\MyTraveler\MyTraveler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\MICROS~4\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1029\nt\MAPISP32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\CLIENTRS\ClientRS.exe
D:\Dokumenty\Stažené dokumenty\RSIT.exe
C:\Program Files\trend micro\kopecny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://is.vtuo.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:5225/Toolbox/ToolBox.jsp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = isa:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = is.vtuo.cz;192.168.210.185;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe -c Direct -p DOT4_002 -pn "hp LaserJet 1300 PCL 6" -n 0 -l 1029 -sl 120000
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RSCLIENT] C:\CLIENTRS\ClientRS.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [T3Mon] "C:\Program Files\FLIR Systems\ThermaCAM Connect 3\T3Mon.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\aswDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [MyTraveler] C:\Documents and Settings\Kopecny\Data aplikací\MyTraveler\MyTraveler.exe
O4 - HKCU\..\Run: [RSCLIENT] C:\CLIENTRS\ClientRS.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [internat] C:\WINDOWS\internat.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [RSCLIENT] C:\CLIENTRS\ClientRS.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://online.tns-global.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 2920533447
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8961498208
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - http://adis.mfcr.cz/adis/jepo/epo/bin/capicom.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F680B28A-3AEE-4C88-93ED-45AE9215C128} (CryptSignX Control) - http://adisspr.mfcr.cz/adistc/adis/idpr ... tsignx.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vtuo.cz
O17 - HKLM\Software\..\Telephony: DomainName = vtuo.cz
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vtuo.cz
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe
O23 - Service: avast! NetAgent - ALWIL Software - C:\Program Files\Alwil Software\Avast4\AvAgent.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 11208 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#7600#MY39B333YKK2.job
C:\WINDOWS\tasks\HP Usg Daily.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-08-12 61952]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-02 77824]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2004-12-10 2749440]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-02-22 339968]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-05-07 188416]
"HPHUPD05"=C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe [2003-05-23 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-04-08 212992]
"HPHmon05"=C:\WINDOWS\system32\hphmon05.exe [2003-05-23 483328]
"StatusClient"=C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [2002-12-16 36864]
"TomcatStartup"=C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe [2002-12-03 143360]
"HPLJ Config"=C:\Program Files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe [2003-01-03 28672]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2004-06-08 29696]
"RSCLIENT"=C:\CLIENTRS\ClientRS [2010-03-11 18]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"T3Mon"=C:\Program Files\FLIR Systems\ThermaCAM Connect 3\T3Mon.exe [2003-06-16 262144]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\aswDisp.exe [2010-02-18 81000]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"SpywareTerminator"=C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe [2009-11-19 2166784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MyTraveler"=C:\Documents and Settings\Kopecny\Data aplikací\MyTraveler\MyTraveler.exe [2004-09-21 2338818]
"RSCLIENT"=C:\CLIENTRS\ClientRS [2010-03-11 18]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"internat"=C:\WINDOWS\internat.exe []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe
Microsoft Firewall Client Management.lnk - C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Microtek Scanner Finder.lnk - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-02-21 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw"
"C:\CLIENTRS\WinVNC.exe"="C:\CLIENTRS\WinVNC.exe:*:Enabled:WinVNC"
"C:\CLIENTRS\ClientRS.exe"="C:\CLIENTRS\ClientRS.exe:*:Enabled:ClientRS"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\explorer.exe"="%windir%\explorer.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Program Files\Alwil Software\Avast4\AvAgent.exe"="C:\Program Files\Alwil Software\Avast4\AvAgent.exe:*:Enabled:avast! NetAgent service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Disabled:Logitech Desktop Messenger"
"D:\Dokumenty\Hry instalace\Netstorm\NetStorm\NetStorm\Netstorm.exe"="D:\Dokumenty\Hry instalace\Netstorm\NetStorm\NetStorm\Netstorm.exe:*:Enabled:Netstorm"
"C:\CLIENTRS\WinVNC.exe"="C:\CLIENTRS\WinVNC.exe:*:Enabled:WinVNC"
"C:\CLIENTRS\ClientRS.exe"="C:\CLIENTRS\ClientRS.exe:*:Enabled:ClientRS"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02e0a951-db5b-11de-8315-001111a00c38}]
shell\AutoRun\command - "E:\WD SmartWare.exe" autoplay=true

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02e0a957-db5b-11de-8315-001111a00c38}]
shell\AutoRun\command - "E:\WD SmartWare.exe" autoplay=true

======List of files/folders created in the last 1 months======

2010-03-11 11:52:40 ----D---- C:\_OTM
2010-03-11 09:16:50 ----D---- C:\rsit
2010-03-11 09:16:50 ----D---- C:\Program Files\trend micro
2010-03-10 16:06:08 ----A---- C:\WINDOWS\Vfalub.exe
2010-03-10 16:04:39 ----D---- C:\Program Files\Janes Hotel Family Hero
2010-03-10 16:04:22 ----D---- C:\Program Files\ReflexiveArcade
2010-03-10 15:15:39 ----A---- C:\WINDOWS\Vfalua.exe
2010-03-10 15:15:22 ----A---- C:\WINDOWS\system32\sshnas21.dll
2010-03-10 14:38:41 ----D---- C:\Documents and Settings\Kopecny\Data aplikací\Jane s Hotel Family Hero

======List of files/folders modified in the last 1 months======

2010-03-11 12:02:03 ----D---- C:\WINDOWS\Temp
2010-03-11 12:00:47 ----D---- C:\CLIENTRS
2010-03-11 11:57:52 ----SD---- C:\WINDOWS\Tasks
2010-03-11 11:57:18 ----D---- C:\Program Files\Mozilla Firefox
2010-03-11 11:56:13 ----A---- C:\WINDOWS\win.ini
2010-03-11 11:55:39 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-11 11:55:39 ----A---- C:\WINDOWS\SMSCFG.ini
2010-03-11 11:55:17 ----D---- C:\WINDOWS\system32
2010-03-11 11:54:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-11 11:53:28 ----D---- C:\WINDOWS
2010-03-11 10:48:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-03-11 09:16:50 ----RD---- C:\Program Files
2010-03-11 09:14:59 ----D---- C:\Program Files\Spyware Terminator
2010-03-11 09:12:51 ----D---- C:\WINDOWS\Debug
2010-03-11 09:11:52 ----D---- C:\Program Files\CCleaner
2010-03-11 07:31:25 ----D---- C:\WINDOWS\security
2010-03-10 15:58:01 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-03-10 15:19:11 ----D---- C:\WINDOWS\Prefetch
2010-03-10 13:14:28 ----D---- C:\Documents and Settings\Kopecny\Data aplikací\Spyware Terminator
2010-02-26 11:34:27 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-24 09:16:06 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-02-24 08:28:35 ----SHD---- C:\WINDOWS\CSC
2010-02-22 11:03:27 ----A---- C:\WINDOWS\TBPlugin.INI
2010-02-22 11:03:27 ----A---- C:\WINDOWS\avconfig.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-02-18 28064]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2005-06-21 82380]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2010-02-18 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-02-18 48624]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2010-02-18 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-02-18 94160]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-02-18 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-21 1505792]
R3 Dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-14 206976]
R3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2004-12-13 2329408]
R3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\L8042mou.sys [2004-06-08 54817]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\System32\Drivers\LMouKE.sys [2004-06-08 71533]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-10-27 223104]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 FLIRUSBNET;FLIR USB Network Adapter; C:\WINDOWS\system32\DRIVERS\FLIRUSB.sys [2003-09-19 20992]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-08-12 113664]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-22 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-22 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-22 21568]
S3 ivusb;Initio Driver for USB Default Controller; C:\WINDOWS\system32\DRIVERS\ivusb.sys []
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2004-06-08 24637]
S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2004-06-08 38081]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys []
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2010-02-18 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-21 405504]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\aswServ.exe [2010-02-18 138680]
R2 avast! NetAgent;avast! NetAgent; C:\Program Files\Alwil Software\Avast4\AvAgent.exe [2010-02-18 52160]
R2 FwcAgent;Firewall Client Agent; C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe [2006-12-09 128832]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-11-19 488960]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe [2010-02-18 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\aswWebSv.exe [2010-02-18 352920]
R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-05-14 65795]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-02-22 516096]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

vrchlab · #5 Příspěvek od **vrchlab** » 11 bře 2010 14:08

log z mbam:

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3851
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11.3.2010 14:07:09
mbam-log-2010-03-11 (14-07-04).txt

Typ kontroly: Kompletní kontrola (C:\|D:\|)
Zkontrolované objekty: 273875
Uplynulý čas: 54 minute(s), 28 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 3
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 6

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internat (Trojan.FakeAlert.H) -> No action taken.

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\WINDOWS\internat.exe (Trojan.FakeAlert.H) -> No action taken.
C:\WINDOWS\Vfalua.exe (Trojan.Fraudpack) -> No action taken.
C:\WINDOWS\Vfalub.exe (Trojan.Fraudpack) -> No action taken.
C:\_OTM\MovedFiles\03112010_115240\C_DOCUME~1\Kopecny\LOCALS~1\Temp\Vld.exe (Trojan.Fraudpack) -> No action taken.
D:\hry\SolSuite 2009 v9.1 + Graphics Pack\Patch\SolSuite.2007.Universal.Patch.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Kopecny\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.

vrchlab · #6 Příspěvek od **vrchlab** » 11 bře 2010 14:46

vše odstraněno

k outlooku: těžko říct, seká se nárazově, někdy třeba 3x za 10 min, jindy celej den v pohodě. Vypadá to tak, že otevírám nebo mažu zprávu, outlook zatuhne a nejde vypnout (ani přes správce) a jediná možnost je restartovat kompl. Dneska se to stalo jednou ještě před tím, než sem poslal ten log z rsitu na preventivní kontrolu, od tý doba zatím v poho.

vrchlab · #7 Příspěvek od **vrchlab** » 11 bře 2010 15:46

firewall na síti máme

ten log při sekání outlooku mám dát zase sem nebo mám založit nový vlákno (je klidně možný, že se sekne třeba až pozítří nebo v pondělí, nevím jestli pak je tohle vlákno aktivní, případně jestli ti někde vyskočí, že sem do něj po dlouhý době něco přidal

)

log z rsit:

Logfile of random's system information tool 1.06 (written by random/random)
Run by kopecny at 2010-03-11 15:41:31
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (9%) free of 32 GB
Total RAM: 2046 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:42:29, on 11.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\aswServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\AvAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe
C:\Program Files\Alwil Software\Avast4\aswWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\FLIR Systems\ThermaCAM Connect 3\T3Mon.exe
C:\PROGRA~1\ALWILS~1\Avast4\aswDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Documents and Settings\Kopecny\Data aplikací\MyTraveler\MyTraveler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\MICROS~4\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1029\nt\MAPISP32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Janes Hotel Family Hero\janeshotel.exe
C:\Program Files\Janes Hotel Family Hero\janeshotel.RWG
C:\Program Files\Janes Hotel Family Hero\ReflexiveArcade\RAW_003.wdt
C:\CLIENTRS\ClientRS.exe
D:\Dokumenty\Stažené dokumenty\RSIT.exe
C:\Program Files\trend micro\kopecny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://is.vtuo.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:5225/Toolbox/ToolBox.jsp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = isa:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = is.vtuo.cz;192.168.210.185;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe -c Direct -p DOT4_002 -pn "hp LaserJet 1300 PCL 6" -n 0 -l 1029 -sl 120000
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RSCLIENT] C:\CLIENTRS\ClientRS.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [T3Mon] "C:\Program Files\FLIR Systems\ThermaCAM Connect 3\T3Mon.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\aswDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [MyTraveler] C:\Documents and Settings\Kopecny\Data aplikací\MyTraveler\MyTraveler.exe
O4 - HKCU\..\Run: [RSCLIENT] C:\CLIENTRS\ClientRS.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [RSCLIENT] C:\CLIENTRS\ClientRS.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://online.tns-global.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 2920533447
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8961498208
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - http://adis.mfcr.cz/adis/jepo/epo/bin/capicom.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F680B28A-3AEE-4C88-93ED-45AE9215C128} (CryptSignX Control) - http://adisspr.mfcr.cz/adistc/adis/idpr ... tsignx.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vtuo.cz
O17 - HKLM\Software\..\Telephony: DomainName = vtuo.cz
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vtuo.cz
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe
O23 - Service: avast! NetAgent - ALWIL Software - C:\Program Files\Alwil Software\Avast4\AvAgent.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 11338 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#7600#MY39B333YKK2.job
C:\WINDOWS\tasks\HP Usg Daily.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-08-12 61952]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-02 77824]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2004-12-10 2749440]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-02-22 339968]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-05-07 188416]
"HPHUPD05"=C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe [2003-05-23 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-04-08 212992]
"HPHmon05"=C:\WINDOWS\system32\hphmon05.exe [2003-05-23 483328]
"StatusClient"=C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [2002-12-16 36864]
"TomcatStartup"=C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe [2002-12-03 143360]
"HPLJ Config"=C:\Program Files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe [2003-01-03 28672]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2004-06-08 29696]
"RSCLIENT"=C:\CLIENTRS\ClientRS [2010-03-11 18]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"T3Mon"=C:\Program Files\FLIR Systems\ThermaCAM Connect 3\T3Mon.exe [2003-06-16 262144]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\aswDisp.exe [2010-02-18 81000]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"SpywareTerminator"=C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe [2009-11-19 2166784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MyTraveler"=C:\Documents and Settings\Kopecny\Data aplikací\MyTraveler\MyTraveler.exe [2004-09-21 2338818]
"RSCLIENT"=C:\CLIENTRS\ClientRS [2010-03-11 18]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe
Microsoft Firewall Client Management.lnk - C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Microtek Scanner Finder.lnk - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-02-21 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw"
"C:\CLIENTRS\WinVNC.exe"="C:\CLIENTRS\WinVNC.exe:*:Enabled:WinVNC"
"C:\CLIENTRS\ClientRS.exe"="C:\CLIENTRS\ClientRS.exe:*:Enabled:ClientRS"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\explorer.exe"="%windir%\explorer.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Program Files\Alwil Software\Avast4\AvAgent.exe"="C:\Program Files\Alwil Software\Avast4\AvAgent.exe:*:Enabled:avast! NetAgent service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Disabled:Logitech Desktop Messenger"
"D:\Dokumenty\Hry instalace\Netstorm\NetStorm\NetStorm\Netstorm.exe"="D:\Dokumenty\Hry instalace\Netstorm\NetStorm\NetStorm\Netstorm.exe:*:Enabled:Netstorm"
"C:\CLIENTRS\WinVNC.exe"="C:\CLIENTRS\WinVNC.exe:*:Enabled:WinVNC"
"C:\CLIENTRS\ClientRS.exe"="C:\CLIENTRS\ClientRS.exe:*:Enabled:ClientRS"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02e0a951-db5b-11de-8315-001111a00c38}]
shell\AutoRun\command - "E:\WD SmartWare.exe" autoplay=true

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02e0a957-db5b-11de-8315-001111a00c38}]
shell\AutoRun\command - "E:\WD SmartWare.exe" autoplay=true

======List of files/folders created in the last 1 months======

2010-03-11 13:08:37 ----D---- C:\Documents and Settings\Kopecny\Data aplikací\Malwarebytes
2010-03-11 13:08:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-03-11 13:08:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-11 11:52:40 ----D---- C:\_OTM
2010-03-11 09:16:50 ----D---- C:\rsit
2010-03-11 09:16:50 ----D---- C:\Program Files\trend micro
2010-03-10 16:04:39 ----D---- C:\Program Files\Janes Hotel Family Hero
2010-03-10 16:04:22 ----D---- C:\Program Files\ReflexiveArcade
2010-03-10 14:38:41 ----D---- C:\Documents and Settings\Kopecny\Data aplikací\Jane s Hotel Family Hero

======List of files/folders modified in the last 1 months======

2010-03-11 15:42:32 ----D---- C:\WINDOWS\Temp
2010-03-11 15:41:47 ----D---- C:\WINDOWS\Prefetch
2010-03-11 15:40:29 ----D---- C:\CLIENTRS
2010-03-11 14:43:06 ----SD---- C:\WINDOWS\Tasks
2010-03-11 14:41:55 ----D---- C:\Program Files\Mozilla Firefox
2010-03-11 14:41:18 ----A---- C:\WINDOWS\win.ini
2010-03-11 14:41:03 ----A---- C:\WINDOWS\SMSCFG.ini
2010-03-11 14:40:57 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-11 14:40:39 ----D---- C:\WINDOWS\system32
2010-03-11 14:39:37 ----D---- C:\WINDOWS\system32\drivers
2010-03-11 14:38:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-11 14:38:15 ----HDC---- C:\WINDOWS\$NtUninstallKB912919$
2010-03-11 14:38:00 ----D---- C:\WINDOWS
2010-03-11 13:08:28 ----RD---- C:\Program Files
2010-03-11 10:48:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-03-11 09:14:59 ----D---- C:\Program Files\Spyware Terminator
2010-03-11 09:12:51 ----D---- C:\WINDOWS\Debug
2010-03-11 09:11:52 ----D---- C:\Program Files\CCleaner
2010-03-11 07:31:25 ----D---- C:\WINDOWS\security
2010-03-10 15:58:01 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-03-10 13:14:28 ----D---- C:\Documents and Settings\Kopecny\Data aplikací\Spyware Terminator
2010-02-26 11:34:27 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-24 09:16:06 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-02-24 08:28:35 ----SHD---- C:\WINDOWS\CSC
2010-02-22 11:03:27 ----A---- C:\WINDOWS\TBPlugin.INI
2010-02-22 11:03:27 ----A---- C:\WINDOWS\avconfig.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-02-18 28064]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2005-06-21 82380]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2010-02-18 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-02-18 48624]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2010-02-18 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-02-18 94160]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-02-18 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-21 1505792]
R3 Dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-14 206976]
R3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2004-12-13 2329408]
R3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\L8042mou.sys [2004-06-08 54817]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\System32\Drivers\LMouKE.sys [2004-06-08 71533]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-10-27 223104]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 FLIRUSBNET;FLIR USB Network Adapter; C:\WINDOWS\system32\DRIVERS\FLIRUSB.sys [2003-09-19 20992]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-08-12 113664]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-22 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-22 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-22 21568]
S3 ivusb;Initio Driver for USB Default Controller; C:\WINDOWS\system32\DRIVERS\ivusb.sys []
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2004-06-08 24637]
S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2004-06-08 38081]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys []
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2010-02-18 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-21 405504]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\aswServ.exe [2010-02-18 138680]
R2 avast! NetAgent;avast! NetAgent; C:\Program Files\Alwil Software\Avast4\AvAgent.exe [2010-02-18 52160]
R2 FwcAgent;Firewall Client Agent; C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe [2006-12-09 128832]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-11-19 488960]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe [2010-02-18 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\aswWebSv.exe [2010-02-18 352920]
R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-05-14 65795]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-02-22 516096]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

vrchlab · #8 Příspěvek od **vrchlab** » 11 bře 2010 16:32

předpokládám, že tě bude zajímat, co je nabalený na outlook.exe.

Dnes už nebudu otravovat, vypínám kompl

Díky moc za tvou pomoc

vrchlab · #9 Příspěvek od **vrchlab** » 12 bře 2010 09:49

ahoj, tak toto je log z process exploreru poté co se zase sekl outlook.

Process PID CPU Description Company Name
System Idle Process 0 96.27
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 664 Správce relací systému Windows NT Microsoft Corporation
csrss.exe 716 Client Server Runtime Process Microsoft Corporation
winlogon.exe 744 Windows NT Logon Application Microsoft Corporation
services.exe 788 0.75 Services and Controller app Microsoft Corporation
ati2evxx.exe 988 ATI External Event Utility EXE Module ATI Technologies Inc.
svchost.exe 1004 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1084 Generic Host Process for Win32 Services Microsoft Corporation
MsMpEng.exe 1200 Service Executable Microsoft Corporation
svchost.exe 1244 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1300 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1448 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1560 Generic Host Process for Win32 Services Microsoft Corporation
aswUpdSv.exe 1636 avast! Antivirus updating service ALWIL Software
aswServ.exe 1684 avast! antivirus service ALWIL Software
spoolsv.exe 472 Spooler SubSystem App Microsoft Corporation
svchost.exe 560 Generic Host Process for Win32 Services Microsoft Corporation
AvAgent.exe 652 avast! Antivirus NetAgent ALWIL Software
FwcAgent.exe 872 Microsoft Firewall Client Agent Microsoft (R) Corporation
svchost.exe 1180 Generic Host Process for Win32 Services Microsoft Corporation
jqs.exe 1440 Java(TM) Quick Starter Service Sun Microsystems, Inc.
sp_rsser.exe 1860 Spyware Terminator Realtime Shield Service Crawler.com
svchost.exe 2232 Generic Host Process for Win32 Services Microsoft Corporation
searchindexer.exe 2376 0.75 Microsoft Windows Search Indexer Microsoft Corporation
wmpnetwk.exe 2760 Služba Windows Media Player Network Sharing Microsoft Corporation
aswMaiSv.exe 3612 avast! e-Mail Scanner Service ALWIL Software
aswWebSv.exe 3904 avast! Web Scanner ALWIL Software
HPZipm12.exe 2432 PML Driver HP
alg.exe 2476 Application Layer Gateway Service Microsoft Corporation
lsass.exe 800 LSA Shell (Export Version) Microsoft Corporation
ati2evxx.exe 1892 ATI External Event Utility EXE Module ATI Technologies Inc.
explorer.exe 1960 Průzkumník Windows Microsoft Corporation
SOUNDMAN.EXE 1412 Realtek Sound Manager Realtek Semiconductor Corp.
ALCWZRD.EXE 1444 RealTek AlcWzrd Application RealTek Semicoductor Corp.
atiptaxx.exe 1524 ATI Desktop Control Panel ATI Technologies, Inc.
hpztsb09.exe 1800 HP
hphmon05.exe 2168 HPHmon05 Hewlett-Packard
StatusClient.exe 2176 Hewlett-Packard T-TR Status Client Hewlett-Packard
acrotray.exe 2560 AcroTray Adobe Systems Inc.
MSASCui.exe 2592 Windows Defender User Interface Microsoft Corporation
T3Mon.exe 2624 ThermaCAM Connect Monitor FLIR Systems
aswDisp.exe 2720 avast! service GUI component ALWIL Software
jusched.exe 2880 Java(TM) Platform SE binary Sun Microsystems, Inc.
SpywareTerminatorShield.Exe 3240 Spyware Terminator Realtime Shield Crawler.com
MyTraveler.exe 3460 DataTraveler's Application Kingston
ctfmon.exe 3844 CTF Loader Microsoft Corporation
KEM.exe 3768 Logitech SetPoint Logitech Inc.
KHALMNPR.exe 2104 Logitech Hardware Abstraction Layer Logitech Inc.
FwcMgmt.exe 3828 Microsoft Firewall Client Management Microsoft (R) Corporation
ScannerFinder.exe 4044 SDII MFC Application
WindowsSearch.exe 3832 Windows Search System Tray Microsoft Corporation
WZQKPICK.EXE 2452 WinZip Executable WinZip Computing, Inc.
OUTLOOK.EXE 4576 Microsoft Outlook Microsoft Corporation
MAPISP32.EXE 4840 Microsoft Windows(TM) Messaging Subsystem Spooler Microsoft Corporation
firefox.exe 4640 Firefox Mozilla Corporation
iexplore.exe 2272 Internet Explorer Microsoft Corporation
iexplore.exe 2800 Internet Explorer Microsoft Corporation
procexp.exe 3032 2.24 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
javaw.exe 3080
ClientRS.exe 1744 ClientRS Micos s.r.o.

Process: OUTLOOK.EXE Pid: 4576

Name Description Company Name Version
Aavm4.dll avast! Asynchronous Virus Monitor (AAVM) ALWIL Software 4.8.1367.0
AavmRpc.dll avast! AAVM Remote Procedure Call Library ALWIL Software 4.8.1367.0
AcSpecfc.DLL Windows Compatibility DLL Microsoft Corporation 5.1.2600.5512
actxprxy.dll ActiveX Interface Marshaling Library Microsoft Corporation 6.0.2900.5512
AdobePDFMakerX.CZE 7.0.0.0
AdobePDFMakerX.dll 7.0.0.0
ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.1.2600.5755
appHelp.dll Application Compatibility Client Library Microsoft Corporation 5.1.2600.5512
aswAux.dll avast! Auxiliary Library ALWIL Software 4.8.1367.0
aswBase.dll Basic Functionality Module ALWIL Software 4.8.1367.0
aswCmnB.dll High level portable functions ALWIL Software 4.8.1367.0
aswCmnOS.dll Antivirus HW dependent library ALWIL Software 4.8.1367.0
aswCmnS.dll Common non-portable functions ALWIL Software 4.8.1367.0
aswEngin.dll High level antivirus engine ALWIL Software 4.8.1367.0
aswOutXt.dll avast! Outlook Plug-in ALWIL Software 4.8.1367.0
aswScan.dll Low level antivirus engine ALWIL Software 4.8.1367.0
aswTask.dll Task Handling Module ALWIL Software 4.8.1367.0
aswUInt.dll avast! User Interface Common Module ALWIL Software 4.8.1367.0
AvJsctNs.dll avast! Script Blocking library for Netscape/Mozilla ALWIL Software 4.8.1367.0
AvResOut.dll avast! MS Outlook/Exchange AAVM Provider Library ALWIL Software 4.8.1367.0
Base.dll avast! Czech Basic Module ALWIL Software 4.8.1356.0
c_1252.nls
c_20127.nls
c_28591.nls
c_28592.nls
c_936.nls
c_950.nls
CLBCATQ.DLL Microsoft Corporation 2001.12.4414.700
COMCTL32.dll Common Controls Library Microsoft Corporation 5.82.2900.5512
comctl32.dll User Experience Controls Library Microsoft Corporation 6.0.2900.5512
comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.0.2900.5512
COMRes.dll Microsoft Corporation 2001.12.4414.700
contab32.dll Outlook Address Book Service Microsoft Corporation 9.0.0.8936
CRYPT32.DLL Crypto API32 Microsoft Corporation 5.131.2600.5512
cryptdll.dll Cryptography Manager Microsoft Corporation 5.1.2600.5512
ctype.nls
DCIMAN32.dll DCI Manager Microsoft Corporation 5.1.2600.5512
DDRAW.dll Microsoft DirectDraw Microsoft Corporation 5.3.2600.5512
DNSAPI.dll DNS Client API DLL Microsoft Corporation 5.1.2600.5625
EMSABP32.DLL Microsoft Exchange Address Book Provider DLL Microsoft Corporation 5.5.3189.0
EMSMDB32.DLL Zprostředkovatel služby informační zásobník pro Microsoft Exchange Server Microsoft Corporation 5.5.3165.0
EMSUI32.DLL Microsoft Exchange Configuration Library Microsoft Corporation 5.5.3188.0
ExSec32.dll digsig32 Microsoft Corporation 5.5.3187.0
fldpub.dll Microsoft Outlook Network Folders Microsoft Corporation 9.0.3425.0
FwcWsp.dll Microsoft Firewall Client Windows Sockets 2 Service Provider Microsoft (R) Corporation 4.0.3442.654
GAPI32.dll Konfigurační knihovna Microsoft Mail Microsoft Corporation 5.5.2803.0
GDI32.dll GDI Client DLL Microsoft Corporation 5.1.2600.5698
gdiplus.dll Microsoft GDI+ Microsoft Corporation 5.2.6001.22319
hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.1.2600.5512
IEFRAME.dll Internet Explorer Microsoft Corporation 8.0.6001.18876
ieframe.dll.mui Internet Explorer Microsoft Corporation 8.0.6001.18702
ieframe.dll.mui Internet Explorer Microsoft Corporation 8.0.6001.18702
ieproxy.dll IE ActiveX Interface Marshaling Library Microsoft Corporation 8.0.6001.18876
iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 8.0.6001.18876
IMAGEHLP.dll Windows NT Image Helper Microsoft Corporation 5.1.2600.5512
IMM32.dll Windows XP IMM32 API Client DLL Microsoft Corporation 5.1.2600.5512
index.dat
index.dat
index.dat
index.dat
INETAB32.DLL MAPI 1.0 Service Providers for Outlook 9 IMEP Microsoft Corporation 4.40.460.0
INETCOMM.DLL Microsoft Internet Messaging API Microsoft Corporation 6.0.2900.5579
inetres.dll Prostředky pro Microsoft Internet Messaging API Microsoft Corporation 6.0.2900.5512
iphlpapi.dll IP Helper API Microsoft Corporation 5.1.2600.5512
kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.1.2600.5781
Lang.dll avast! Main Czech Module ALWIL Software 4.8.1356.0
lgscroll.dll
locale.nls
MAPI32.dll Extended MAPI 1.0 for Windows NT Microsoft Corporation 1.0.2536.0
MFC71.DLL MFCDLL Shared Library - Retail Version Microsoft Corporation 7.10.3077.0
midimap.dll Microsoft MIDI Mapper Microsoft Corporation 5.1.2600.5512
mlang.dll Multi Language Support DLL Microsoft Corporation 6.0.2900.5512
MPR.dll Multiple Provider Router DLL Microsoft Corporation 5.1.2600.5512
MpShHook.dll Shell Execution Monitor Microsoft Corporation 1.1.1593.0
MSACM32.dll Microsoft ACM Audio Filter Microsoft Corporation 5.1.2600.5512
msacm32.drv Microsoft Sound Mapper Microsoft Corporation 5.1.2600.0
MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.1.2600.5875
MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.1.2600.5512
msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.1.2600.5512
mshtml.dll Microsoft (R) HTML Viewer Microsoft Corporation 8.0.6001.18876
mshtml.dll.mui Microsoft (R) HTML Viewer Microsoft Corporation 8.0.6001.18702
msi.dll Windows Installer Microsoft Corporation 3.1.4001.5512
MSIMGSIZ.DAT
msimtf.dll Active IMM Server DLL Microsoft Corporation 5.1.2600.5512
msls31.dll Microsoft Line Services library file Microsoft Corporation 3.10.349.0
msmapi32.dll Extended MAPI 1.0 for Windows NT Microsoft Corporation 5.5.3201.0
MSNLNamespaceMgr.dll Windows Search Namespace Manager Microsoft Corporation 7.0.6001.18260
MSO9.DLL Microsoft Office 2000 component Microsoft Corporation 9.0.0.8960
MSO9.DLL Microsoft Office 2000 component Microsoft Corporation 9.0.0.8960
MSO9INTL.DLL Microsoft Office 2000 component Microsoft Corporation 9.0.0.2720
MSOERT2.dll Microsoft Outlook Express RT Lib Microsoft Corporation 6.0.2900.5512
MSOUTL9.OLB Microsoft Outlook Object Library Microsoft Corporation 9.0.0.2702
mspst32.dll Microsoft Personal Folder/Address Book Service Provider Microsoft Corporation 5.5.3171.0
mssphtb.dll Outlook MSSearch Connector Microsoft Corporation 7.0.6001.16503
msv1_0.dll Microsoft Authentication Package v1.0 Microsoft Corporation 5.1.2600.5876
MSVCP71.dll Microsoft® C++ Runtime Library Microsoft Corporation 7.10.3077.0
MSVCP80.dll Microsoft® C++ Runtime Library Microsoft Corporation 8.0.50727.4053
MSVCR71.dll Microsoft® C Runtime Library Microsoft Corporation 7.10.3052.4
MSVCR80.dll Microsoft® C Runtime Library Microsoft Corporation 8.0.50727.4053
MSVCRT.dll Windows NT CRT DLL Microsoft Corporation 7.0.2600.5512
mswsock.dll Poskytovatel služeb Microsoft Windows Sockets 2.0 Microsoft Corporation 5.1.2600.5625
NETAPI32.dll Net Win32 API DLL Microsoft Corporation 5.1.2600.5694
Normaliz.dll Unicode Normalization DLL Microsoft Corporation 6.0.5441.0
ntdll.dll NT Layer DLL Microsoft Corporation 5.1.2600.5755
ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.1.2600.5512
OLEAUT32.dll Microsoft Corporation 5.1.2600.5512
OUTEX.dll Outlook Exchange User Interface Microsoft Corporation 8.30.3173.0
OUTLLIB.dll Microsoft Outlook Microsoft Corporation 9.0.0.8954
outllibr.dll Microsoft Outlook Microsoft Corporation 9.0.0.6627
OUTLOOK.EXE Microsoft Outlook Microsoft Corporation 9.0.0.6604
OUTLRPC.dll Microsoft Outlook Microsoft Corporation 9.0.0.3519
PDFMOutlook.dll PDFMOutlook Module Adobe Systems Incorporated 7.0.0.0
PSAPI.DLL Process Status Helper Microsoft Corporation 5.1.2600.5512
rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.1.2600.5512
RASAPI32.dll Rozhraní API pro vzdálený přístup Microsoft Corporation 5.1.2600.5512
rasman.dll Remote Access Connection Manager Microsoft Corporation 5.1.2600.5512
RICHED20.DLL Rich Text Edit Control, v3.0 Microsoft Corporation 5.30.23.1230
RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.1.2600.5795
rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.1.2600.5507
RTFHTML.dll Outlook RTF/HTML Converter Microsoft Corporation 9.0.0.6418
rtutils.dll Routing Utilities Microsoft Corporation 5.1.2600.5512
Secur32.dll Security Support Provider Interface Microsoft Corporation 5.1.2600.5834
security.dll Security Support Provider Interface Microsoft Corporation 5.1.2600.5512
sensapi.dll SENS Connectivity API DLL Microsoft Corporation 5.1.2600.5512
SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.0.2900.5622
ShimEng.dll Shim Engine DLL Microsoft Corporation 5.1.2600.5512
SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.0.2900.5912
sortkey.nls
sorttbls.nls
SXS.DLL Fusion 2.5 Microsoft Corporation 5.1.2600.5512
TAPI32.dll Microsoft® Windows(TM) Telephony API Client DLL Microsoft Corporation 5.1.2600.5512
unicode.nls
urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 8.0.6001.18876
USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.1.2600.5512
USERENV.dll Userenv Microsoft Corporation 5.1.2600.5512
uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.0.2900.5512
VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.1.2600.5512
wdmaud.drv WDM Audio driver mapper Microsoft Corporation 5.1.2600.5512
WININET.dll Internet Extensions for Win32 Microsoft Corporation 8.0.6001.18876
WINMM.dll MCI API DLL Microsoft Corporation 5.1.2600.5512
winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 5.1.2600.5512
WINSPOOL.DRV Windows Spooler Driver Microsoft Corporation 5.1.2600.5512
WINSTA.dll Winstation Library Microsoft Corporation 5.1.2600.5512
WINTRUST.dll Microsoft Trust Verification APIs Microsoft Corporation 5.131.2600.5512
WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.1.2600.5512
WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.1.2600.5512
WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.1.2600.5512
wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.1.2600.5512
WSOCK32.dll Windows Socket 32-Bit DLL Microsoft Corporation 5.1.2600.5512
xpsp2res.dll Zprávy aktualizace Service Pack 2 Microsoft Corporation 5.1.2600.5512
XT1922.dll Xtreme Toolkit Library DLL Codejock Software 1.9.4.0

vrchlab · #10 Příspěvek od **vrchlab** » 12 bře 2010 11:25

virustotal:

http://www.virustotal.com/cs/analisis/7 ... 1268389211

vrchlab · #11 Příspěvek od **vrchlab** » 16 bře 2010 13:55

ahoj, tak to bohužel vypadá, že sem špatně identifikoval problém a že zatuhnutí vyvolává firefox

přikládám log z process exploreru k firefox.exe, mohl by ses na něj kouknout? díky

Process PID CPU Description Company Name
System Idle Process 0 97.92
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 636 Správce relací systému Windows NT Microsoft Corporation
csrss.exe 696 Client Server Runtime Process Microsoft Corporation
winlogon.exe 724 Windows NT Logon Application Microsoft Corporation
services.exe 768 1.49 Services and Controller app Microsoft Corporation
ati2evxx.exe 960 ATI External Event Utility EXE Module ATI Technologies Inc.
svchost.exe 976 Generic Host Process for Win32 Services Microsoft Corporation
wmiprvse.exe 2812 WMI Microsoft Corporation
svchost.exe 1056 Generic Host Process for Win32 Services Microsoft Corporation
MsMpEng.exe 1164 Service Executable Microsoft Corporation
svchost.exe 1204 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1236 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1296 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1372 Generic Host Process for Win32 Services Microsoft Corporation
aswUpdSv.exe 1484 avast! Antivirus updating service ALWIL Software
aswServ.exe 1532 avast! antivirus service ALWIL Software
spoolsv.exe 484 Spooler SubSystem App Microsoft Corporation
svchost.exe 576 Generic Host Process for Win32 Services Microsoft Corporation
AvAgent.exe 848 avast! Antivirus NetAgent ALWIL Software
FwcAgent.exe 1120 Microsoft Firewall Client Agent Microsoft (R) Corporation
svchost.exe 1316 Generic Host Process for Win32 Services Microsoft Corporation
jqs.exe 1400 Java(TM) Quick Starter Service Sun Microsystems, Inc.
sp_rsser.exe 1616 Spyware Terminator Realtime Shield Service Crawler.com
svchost.exe 1936 Generic Host Process for Win32 Services Microsoft Corporation
searchindexer.exe 2228 Microsoft Windows Search Indexer Microsoft Corporation
wmpnetwk.exe 2980 Služba Windows Media Player Network Sharing Microsoft Corporation
aswMaiSv.exe 3292 avast! e-Mail Scanner Service ALWIL Software
aswWebSv.exe 3508 avast! Web Scanner ALWIL Software
HPZipm12.exe 4092 PML Driver HP
alg.exe 2780 Application Layer Gateway Service Microsoft Corporation
lsass.exe 780 LSA Shell (Export Version) Microsoft Corporation
ati2evxx.exe 1912 ATI External Event Utility EXE Module ATI Technologies Inc.
explorer.exe 1984 Průzkumník Windows Microsoft Corporation
SOUNDMAN.EXE 1560 Realtek Sound Manager Realtek Semiconductor Corp.
ALCWZRD.EXE 1784 RealTek AlcWzrd Application RealTek Semicoductor Corp.
atiptaxx.exe 1832 ATI Desktop Control Panel ATI Technologies, Inc.
hpztsb09.exe 2208 HP
hphmon05.exe 2448 HPHmon05 Hewlett-Packard
StatusClient.exe 2476 Hewlett-Packard T-TR Status Client Hewlett-Packard
acrotray.exe 3168 AcroTray Adobe Systems Inc.
MSASCui.exe 3280 Windows Defender User Interface Microsoft Corporation
T3Mon.exe 3468 ThermaCAM Connect Monitor FLIR Systems
aswDisp.exe 3504 avast! service GUI component ALWIL Software
jusched.exe 3708 Java(TM) Platform SE binary Sun Microsystems, Inc.
SpywareTerminatorShield.Exe 3752 Spyware Terminator Realtime Shield Crawler.com
MyTraveler.exe 4016 DataTraveler's Application Kingston
ctfmon.exe 2224 CTF Loader Microsoft Corporation
KEM.exe 4056 Logitech SetPoint Logitech Inc.
KHALMNPR.exe 3392 Logitech Hardware Abstraction Layer Logitech Inc.
FwcMgmt.exe 1708 Microsoft Firewall Client Management Microsoft (R) Corporation
ScannerFinder.exe 3304 SDII MFC Application
WindowsSearch.exe 3416 Windows Search System Tray Microsoft Corporation
WZQKPICK.EXE 520 WinZip Executable WinZip Computing, Inc.
OUTLOOK.EXE 3876 Microsoft Outlook Microsoft Corporation
MAPISP32.EXE 2824 Microsoft Windows(TM) Messaging Subsystem Spooler Microsoft Corporation
firefox.exe 3072 0.75 Firefox Mozilla Corporation
procexp.exe 2908 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
javaw.exe 3588
ClientRS.exe 400 ClientRS Micos s.r.o.

Process: firefox.exe Pid: 3072

Name Description Company Name Version
ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.1.2600.5755
appHelp.dll Application Compatibility Client Library Microsoft Corporation 5.1.2600.5512
AvJsctNs.dll avast! Script Blocking library for Netscape/Mozilla ALWIL Software 4.8.1367.0
browser.jar
browserdirprovider.dll Mozilla Foundation 1.9.2.3667
brwsrcmp.dll Mozilla Foundation 1.9.2.3667
c_1252.nls
classic.jar
CLBCATQ.DLL Microsoft Corporation 2001.12.4414.700
COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.0.2900.5512
COMDLG32.dll Common Dialogs DLL Microsoft Corporation 6.0.2900.5512
COMRes.dll Microsoft Corporation 2001.12.4414.700
CRYPT32.dll Crypto API32 Microsoft Corporation 5.131.2600.5512
CRYPTUI.dll Microsoft Trust UI Provider Microsoft Corporation 5.131.2600.5512
cs.jar
ctype.nls
dbghelp.dll Windows Image Helper Microsoft Corporation 5.1.2600.5512
DNSAPI.dll DNS Client API DLL Microsoft Corporation 5.1.2600.5625
firefox.exe Firefox Mozilla Corporation 1.9.2.3667
freebl3.dll NSS freebl Library Mozilla Foundation 3.12.4.0
FwcWsp.dll Microsoft Firewall Client Windows Sockets 2 Service Provider Microsoft (R) Corporation 4.0.3442.654
GDI32.dll GDI Client DLL Microsoft Corporation 5.1.2600.5698
hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.1.2600.5512
iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 8.0.6001.18876
IMAGEHLP.dll Windows NT Image Helper Microsoft Corporation 5.1.2600.5512
IMM32.dll Windows XP IMM32 API Client DLL Microsoft Corporation 5.1.2600.5512
index.dat
index.dat
index.dat
index.dat
iphlpapi.dll IP Helper API Microsoft Corporation 5.1.2600.5512
js3250.dll
kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.1.2600.5781
lgscroll.dll
locale.nls
LZ32.dll LZ Expand/Compress API DLL Microsoft Corporation 5.1.2600.0
midimap.dll Microsoft MIDI Mapper Microsoft Corporation 5.1.2600.5512
mlang.dll Multi Language Support DLL Microsoft Corporation 6.0.2900.5512
MOZCRT19.dll User-Generated Microsoft (R) C/C++ Runtime Library Mozilla Foundation 8.0.0.0
MpShHook.dll Shell Execution Monitor Microsoft Corporation 1.1.1593.0
MSACM32.dll Microsoft ACM Audio Filter Microsoft Corporation 5.1.2600.5512
msacm32.drv Microsoft Sound Mapper Microsoft Corporation 5.1.2600.0
MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.1.2600.5875
mscms.dll Microsoft Color Matching System DLL Microsoft Corporation 5.1.2600.5627
MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.1.2600.5512
msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.1.2600.5512
MSIMG32.dll GDIEXT Client DLL Microsoft Corporation 5.1.2600.5512
MSNLNamespaceMgr.dll Windows Search Namespace Manager Microsoft Corporation 7.0.6001.18260
MSVCP80.dll Microsoft® C++ Runtime Library Microsoft Corporation 8.0.50727.4053
MSVCR80.dll Microsoft® C Runtime Library Microsoft Corporation 8.0.50727.4053
msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.2600.5512
mswsock.dll Poskytovatel služeb Microsoft Windows Sockets 2.0 Microsoft Corporation 5.1.2600.5625
netapi32.dll Net Win32 API DLL Microsoft Corporation 5.1.2600.5694
Normaliz.dll Unicode Normalization DLL Microsoft Corporation 6.0.5441.0
NPSWF32.dll Shockwave Flash 10.0 r45 Adobe Systems, Inc. 10.0.45.2
nspr4.dll NSPR Library Mozilla Foundation 4.8.3.0
nss3.dll NSS Base Library Mozilla Foundation 3.12.4.0
nssckbi.dll NSS Builtin Trusted Root CAs Mozilla Foundation 1.77.0.0
nssdbm3.dll Legacy Database Driver Mozilla Foundation 3.12.4.0
nssutil3.dll NSS Utility Library Mozilla Foundation 3.12.4.0
ntdll.dll NT Layer DLL Microsoft Corporation 5.1.2600.5755
NTMARTA.DLL Windows NT MARTA provider Microsoft Corporation 5.1.2600.5512
ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.1.2600.5512
OLEAUT32.dll Microsoft Corporation 5.1.2600.5512
plc4.dll PLC Library Mozilla Foundation 4.8.3.0
plds4.dll PLDS Library Mozilla Foundation 4.8.3.0
rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.1.2600.5512
RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.1.2600.5795
rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.1.2600.5507
SAMLIB.dll SAM Library DLL Microsoft Corporation 5.1.2600.5512
Secur32.dll Security Support Provider Interface Microsoft Corporation 5.1.2600.5834
SETUPAPI.dll Windows Setup API Microsoft Corporation 5.1.2600.5512
shdocvw.dll Shell Doc Object and Control Library Microsoft Corporation 6.0.2900.5512
SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.0.2900.5622
SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.0.2900.5912
schannel.dll TLS / SSL Security Provider Microsoft Corporation 5.1.2600.5834
smime3.dll NSS S/MIME Library Mozilla Foundation 3.12.4.0
softokn3.dll NSS PKCS #11 Library Mozilla Foundation 3.12.4.0
sortkey.nls
sorttbls.nls
sqlite3.dll SQLite Database Library sqlite.org 3.6.16.1
ssl3.dll NSS SSL Library Mozilla Foundation 3.12.4.0
t2embed.dll Microsoft T2Embed Font Embedding Microsoft Corporation 5.1.2600.5888
toolkit.jar
unicode.nls
urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 8.0.6001.18876
USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.1.2600.5512
USERENV.dll Userenv Microsoft Corporation 5.1.2600.5512
USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.420.2600.5512
uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.0.2900.5512
VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.1.2600.5512
wdmaud.drv WDM Audio driver mapper Microsoft Corporation 5.1.2600.5512
WININET.dll Internet Extensions for Win32 Microsoft Corporation 8.0.6001.18876
WINMM.dll MCI API DLL Microsoft Corporation 5.1.2600.5512
winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 5.1.2600.5512
WINSPOOL.DRV Windows Spooler Driver Microsoft Corporation 5.1.2600.5512
WINTRUST.dll Microsoft Trust Verification APIs Microsoft Corporation 5.131.2600.5512
WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.1.2600.5512
WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.1.2600.5512
WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.1.2600.5512
wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.1.2600.5512
WSOCK32.dll Windows Socket 32-Bit DLL Microsoft Corporation 5.1.2600.5512
xpcom.dll Mozilla Foundation 1.9.2.3667
xpsp2res.dll Zprávy aktualizace Service Pack 2 Microsoft Corporation 5.1.2600.5512
xul.dll Mozilla Foundation 1.9.2.3667

vrchlab · #12 Příspěvek od **vrchlab** » 17 bře 2010 10:56

log z gooredfix:

GooredFix by jpshortstuff (08.01.10.1)
Log created at 10:54 on 17/03/2010 (kopecny)
Firefox version 3.6 (cs)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [09:40 17/03/2010]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [07:03 10/11/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [07:30 03/02/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [07:22 20/03/2009]

-=E.O.F=-

vrchlab · #13 Příspěvek od **vrchlab** » 17 bře 2010 11:09

a tady log z combofixu:

ComboFix 10-03-16.05 - kopecny 17.03.2010 11:00:57.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1328 [GMT 1:00]
Spuštěný z: c:\documents and settings\Kopecny\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1061 [VPS 100316-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Možné infikované stránky -----

hxxp://mili
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-17 do 2010-03-17 )))))))))))))))))))))))))))))))
.

2010-03-11 12:08 . 2010-03-11 15:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-11 08:16 . 2010-03-11 14:41 -------- d-----w- c:\program files\trend micro
2010-03-10 15:04 . 2010-03-11 10:30 -------- d-----w- c:\program files\Janes Hotel Family Hero
2010-03-10 15:04 . 2010-03-10 15:04 -------- d-----w- c:\program files\ReflexiveArcade

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-11 08:14 . 2009-11-19 10:25 -------- d-----w- c:\program files\Spyware Terminator
2010-03-11 08:11 . 2009-11-19 10:00 -------- d-----w- c:\program files\CCleaner
2010-02-24 08:16 . 2009-10-05 05:39 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-18 15:32 . 2009-10-08 06:57 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-18 15:32 . 2009-10-08 06:57 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-18 15:31 . 2009-10-08 06:57 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-18 15:30 . 2009-10-08 06:57 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-18 15:28 . 2009-10-08 06:57 48624 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-18 15:28 . 2009-10-08 06:57 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-18 15:27 . 2009-10-08 06:57 28064 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-18 15:24 . 2009-10-08 06:57 97480 ----a-w- c:\windows\system32\AvastSSw.scr
2010-01-20 12:36 . 2010-01-20 12:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-01-14 12:14 . 2010-01-14 12:14 575880 ----a-w- c:\windows\system32\RmActivate_isv.exe
2010-01-14 12:14 . 2010-01-14 12:14 567176 ----a-w- c:\windows\system32\RmActivate.exe
2010-01-14 12:14 . 2010-01-14 12:14 562064 ----a-w- c:\windows\system32\SecProc_isv.dll
2010-01-14 12:14 . 2010-01-14 12:14 558984 ----a-w- c:\windows\system32\SecProc.dll
2010-01-14 12:14 . 2010-01-14 12:14 362888 ----a-w- c:\windows\system32\RmActivate_ssp.exe
2010-01-14 12:14 . 2010-01-14 12:14 361872 ----a-w- c:\windows\system32\RmActivate_ssp_isv.exe
2010-01-14 12:14 . 2010-01-14 12:14 339336 ----a-w- c:\windows\system32\msdrm.dll
2010-01-14 12:14 . 2010-01-14 12:14 192912 ----a-w- c:\windows\system32\SecProc_ssp_isv.dll
2010-01-14 12:14 . 2010-01-14 12:14 192904 ----a-w- c:\windows\system32\SecProc_ssp.dll
2010-01-08 08:03 . 2005-10-18 05:52 628376 ----a-w- c:\windows\UnInstallRSC.exe
2009-12-31 16:50 . 2004-08-18 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTraveler"="c:\documents and settings\Kopecny\Data aplikací\MyTraveler\MyTraveler.exe" [2004-09-21 2338818]
"RSCLIENT"="c:\clientrs\ClientRS.exe" [2010-01-08 719000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 61952]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 77824]
"AlcWzrd"="ALCWZRD.EXE" [2004-12-10 2749440]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 339968]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-07 188416]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-08 212992]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-05-23 483328]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2002-12-03 143360]
"HPLJ Config"="c:\program files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe" [2003-01-03 28672]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 29696]
"RSCLIENT"="c:\clientrs\ClientRS.exe" [2010-01-08 719000]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"T3Mon"="c:\program files\FLIR Systems\ThermaCAM Connect 3\T3Mon.exe" [2003-06-16 262144]
"avast!"="c:\progra~1\ALWILS~1\Avast4\aswDisp.exe" [2010-02-18 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2009-11-19 2166784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"RSCLIENT"="c:\clientrs\ClientRS.exe" [2010-01-08 719000]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe [2006-4-11 25214]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2005-7-7 581632]
Microsoft Firewall Client Management.lnk - c:\program files\Microsoft Firewall Client 2004\FwcMgmt.exe [2006-12-9 117568]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Microtek Scanner Finder.lnk - c:\program files\Microtek\ScanWizard 5\ScannerFinder.exe [2006-1-9 335872]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-5-2 106560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\CLIENTRS\\WinVNC.exe"=
"c:\\CLIENTRS\\ClientRS.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\explorer.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\AvAgent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"8886:TCP"= 8886:TCP:ClientRS_8886_TCP
"8887:TCP"= 8887:TCP:ClientRS_8887_TCP
"8888:TCP"= 8888:TCP:ClientRS_8888_TCP
"16109:TCP"= 16109:TCP:avast! NetAgent "Apply To" feature
"16108:TCP"= 16108:TCP:avast! NetAgent "Remote Chest" feature

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8.10.2009 7:57 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [19.11.2009 11:25 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8.10.2009 7:57 20560]
R2 avast! NetAgent;avast! NetAgent;c:\program files\Alwil Software\Avast4\AvAgent.exe [8.10.2009 7:57 52160]
R2 FwcAgent;Firewall Client Agent;c:\program files\Microsoft Firewall Client 2004\FwcAgent.exe [9.12.2006 18:04 128832]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 18:19 13592]
S3 FLIRUSBNET;FLIR USB Network Adapter;c:\windows\system32\drivers\FLIRUSB.sys [16.6.2009 7:47 20992]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [18.8.2004 13:00 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'

2010-01-21 c:\windows\Tasks\HP DArC Task 2003-04-08 07:12ewlett-Packard76002003-04-08 10:45Y39B333YKK2.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-04-08 10:45]

2010-03-17 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2005-06-21 03:03]

2010-03-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://is.vtuo.cz/
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:5225/Toolbox/ToolBox.jsp
uInternet Settings,ProxyServer = isa:8080
uInternet Settings,ProxyOverride = is.vtuo.cz;192.168.210.185;<local>
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
LSP: c:\program files\Microsoft Firewall Client 2004\FwcWsp.dll
Trusted Zone: e-gold.com\www
Trusted Zone: microsoft.com\office
Trusted Zone: tns-global.com\online
DPF: {F680B28A-3AEE-4C88-93ED-45AE9215C128} - hxxp://adisspr.mfcr.cz/adistc/adis/idpr_pub/hlib/bin/cryptsignx.cab
FF - ProfilePath - c:\documents and settings\Kopecny\Data aplikací\Mozilla\Firefox\Profiles\mczdgbfk.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-03-17 11:07:09
ComboFix-quarantined-files.txt 2010-03-17 10:07

Před spuštěním: 2 605 772 800
Po spuštění: 2 578 403 328

- - End Of File - - 9C22761DEA19BF34F89A1798BE024F8E

vrchlab · #14 Příspěvek od **vrchlab** » 17 bře 2010 11:41

nenašel sem ho, je správně ta cesta?
myslím ten %windir%\system32\drivers\svchost.exe

vrchlab · #15 Příspěvek od **vrchlab** » 17 bře 2010 11:48

gmer rychlý scan (tj. ten úvodní automatický po spuštění gmer.exe):

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-17 11:46:44
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Kopecny\LOCALS~1\Temp\pxliafow.sys

---- System - GMER 1.0.15 ----

Code \??\C:\DOCUME~1\Kopecny\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

VIRY.CZ

prosím o preventivní kontrolu

prosím o preventivní kontrolu

Re: prosím o preventivní kontrolu

Re: prosím o preventivní kontrolu

Re: prosím o preventivní kontrolu

Re: prosím o preventivní kontrolu

Re: prosím o preventivní kontrolu

Re: prosím o preventivní kontrolu

Re: prosím o preventivní kontrolu

Re: prosím o preventivní kontrolu

Re: prosím o preventivní kontrolu

Re: prosím o preventivní kontrolu

Re: prosím o preventivní kontrolu

Re: prosím o preventivní kontrolu

Re: prosím o preventivní kontrolu

Re: prosím o preventivní kontrolu