info.txt logfile of random's system information tool 1.06 2010-04-07 01:10:18
======Uninstall list======
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\NuNInst.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
3GP Player 1.1.5-->"C:\Program Files\Bobabo\3GP Player\unins000.exe"
Ad-Aware-->"C:\Documents and Settings\All Users\Data aplikací\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Data aplikací\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0 CE-->C:\WINDOWS\ISUN0405.EXE -f"C:\Program Files\Adobe\Photoshop 7.0 CE\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0 CE\Uninst.dll"
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0xa
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
Beneton Movie GIF 1.1.2-->"C:\games\Beneton Movie GIF\unins000.exe"
Big Fish Games: Game Manager-->C:\Program Files\bfgclient\Uninstall.exe
BS.Player FREE-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
BS_Player Toolbar-->C:\PROGRA~1\BS_PLA~1\UNWISE.EXE /U C:\PROGRA~1\BS_PLA~1\INSTALL.LOG
Catalyst Control Center - Branding-->MsiExec.exe /I{FBFA6217-7363-4773-A6DC-22DABD883683}
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Dino Island-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll<UNINSTALL_CMD>
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Empire XP 5-->MsiExec.exe /I{35727D3D-A035-4F88-B080-25BAE466A7F4}
Empire XP 5-->MsiExec.exe /I{B9E9BA8F-093D-4888-8940-09E927C452D1}
EVEREST Ultimate Edition v5.02-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Farm Frenzy 2-->C:\Program Files\Alawar\FarmFrenzy2\Uninstall.exe
Farm Frenzy 3-->C:\Program Files\Alawar\FarmFrenzy3\Uninstall.exe
Farm Frenzy-->MsiExec.exe /X{40AED5D3-1CEB-AE77-131C-EE26A2E18000}
Hamachi 1.0.2.5-->C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Internet Access-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75AECBC5-B17D-424B-B847-D7B72B6CB97C}\Setup.exe" -l0x9
Janes Realty-->MsiExec.exe /X{86FF4927-DE17-4C08-9E51-77A928415691}
Jurassic Park Operation Genesis-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{A347C572-F7B4-43A3-BD51-FFC99184F70D}
LG ODD Auto Firmware Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\setup.exe"
LightScribe System Software 1.12.29.2-->MsiExec.exe /X{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}
LogonStudio-->C:\games\LOGONS~1\UNWISE.EXE C:\games\LOGONS~1\INSTALL.LOG
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110405-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Morseova abeceda-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Morseova abeceda\ST6UNST.LOG"
Mozilla Firefox (3.5.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Search Toolbar-->MsiExec.exe /X{4ADC240F-EB83-4A98-8DBB-2BA4D59DA65E}
Nero 7 Essentials-->MsiExec.exe /X{714ACFF3-B8A3-4AD6-937B-13C833D71029}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nostale Online CZ (Remove)-->"C:\Nostale(CZ)\unins000.exe"
PhotoSlide v1.0.2-->"C:\Program Files\Aspect one\PhotoSlide\unins000.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
ProShow Gold-->C:\Program Files\Photodex\ProShowGold\proshow.exe . -u
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x5 -removeonly
SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
SAMSUNG PC Studio 2.0.9-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{D48C9BFC-FBCF-4F29-B97D-822ED6D497FE}
Seekapp 1.0 build 179-->C:\Program Files\SeekappSrch\uninstall.exe
SkinStudio Free-->C:\games\SKINST~1\UNWISE.EXE C:\games\SKINST~1\INSTALL.LOG
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Softarová utilita ATI - Odinstalovat-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Virtual Farm-->C:\Program Files\Virtual Farm\Uninstal.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
WinZip 12.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}
======Security center information======
AV: avast! Antivirus
======System event log======
Computer Name: PETRA
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě Sledování umístění v síti (NLA) úspěšně odeslán.
Record Number: 4784
Source Name: Service Control Manager
Time Written: 20091219220116.000000+060
Event Type: Informace
User: NT AUTHORITY\SYSTEM
Computer Name: PETRA
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě Správce vzdáleného přístupu úspěšně odeslán.
Record Number: 4783
Source Name: Service Control Manager
Time Written: 20091219220116.000000+060
Event Type: Informace
User: PETRA\Petula
Computer Name: PETRA
Event Code: 7036
Message: Stav služby Telefonní subsystém byl změněn na: Spuštěno
Record Number: 4782
Source Name: Service Control Manager
Time Written: 20091219220116.000000+060
Event Type: Informace
User:
Computer Name: PETRA
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě Služba modelu COM pro zápis na disk CD (IMAPI) úspěšně odeslán.
Record Number: 4781
Source Name: Service Control Manager
Time Written: 20091219220116.000000+060
Event Type: Informace
User: NT AUTHORITY\SYSTEM
Computer Name: PETRA
Event Code: 7036
Message: Stav služby Kompatibilita pro rychlé přepínání uživatelů byl změněn na: Spuštěno
Record Number: 4780
Source Name: Service Control Manager
Time Written: 20091219220116.000000+060
Event Type: Informace
User:
=====Application event log=====
Computer Name: PETRA
Event Code: 100
Message: wuauclt (3836) Databázový stroj 5.01.2600.5512 byl spuštěn.
Record Number: 1151
Source Name: ESENT
Time Written: 20091101092903.000000+060
Event Type: Informace
User:
Computer Name: PETRA
Event Code: 1800
Message: Služba Centrum zabezpečení systému Windows byla spuštěna.
Record Number: 1150
Source Name: SecurityCenter
Time Written: 20091101092818.000000+060
Event Type: Informace
User:
Computer Name: PETRA
Event Code: 0
Message:
Record Number: 1149
Source Name: RichVideo
Time Written: 20091101092818.000000+060
Event Type: Informace
User:
Computer Name: PETRA
Event Code: 4
Message: The LightScribe Service started successfully.
Record Number: 1148
Source Name: LightScribeService
Time Written: 20091101092812.000000+060
Event Type: Informace
User:
Computer Name: PETRA
Event Code: 101
Message: wuauclt (3472) Databázový stroj byl zastaven.
Record Number: 1147
Source Name: ESENT
Time Written: 20091031061428.000000+060
Event Type: Informace
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Samsung\Samsung PC Studio 3\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=x86 Family 16 Model 6 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0602
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o preventivní kontrolu logu.
Moderátor: Moderátoři
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Re: Prosím o preventivní kontrolu logu.
Dobré ranko 
Já bych Vás poprosila o ten druhý log s názvem log.txt.
Jaké jsou problémy s počítačem?
Já bych Vás poprosila o ten druhý log s názvem log.txt.
Jaké jsou problémy s počítačem?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
Anubides
- Vzorný návštěvník
- Příspěvky: 142
- Registrován: 22 bře 2010 22:13
- Bydliště: Praha
- Kontaktovat uživatele:
Re: Prosím o preventivní kontrolu logu.
Jop 
S PC neni zatim nic, ale přítelkyně už hoooodně dlouho nečistila, tak já jen, jestli tam je vidět nějaká havěť...=) Děkuji.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Petula at 2010-04-07 17:27:29
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 53 GB (70%) free of 76 GB
Total RAM: 1791 MB (41% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:33, on 7.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\games\HEXelonMAX6\hexelon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\Petula\Data aplikací\QipGuard\QipGuard.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\QIP Infium\infium.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Documents and Settings\All Users\Data aplikací\SeekappSrch\seekapp181.exe
C:\Program Files\SeekappSrch\seekappsrch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\totalcmd\TOTALCMD.EXE
c:\Documents and Settings\Petula\Data aplikací\QIP\Profiles\hathorka\RcvdFiles\Anubides_219525988\RSIT.exe
C:\Program Files\trend micro\Petula.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Petula\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Petula\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\games\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [RelevantKnowledge] C:\Program Files\RelevantKnowledge\rlvknlg.exe -boot
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HEXelon MAX] "c:\games\HEXelonMAX6\hexelon.exe" /auto
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Documents and Settings\Petula\Data aplikací\QipGuard\QipGuard.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.02.0000.1007\en-us\msntabres.dll/229?2c083a63cee94215b2c4c1f35d2985fc
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.02.0000.1007\en-us\msntabres.dll/230?2c083a63cee94215b2c4c1f35d2985fc
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: SeekappSrch Service - Unknown owner - C:\Documents and Settings\All Users\Data aplikací\SeekappSrch\seekapp181.exe
--
End of file - 9024 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\Petula\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-02-10 119808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
MSN Search Toolbar Helper - C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll [2005-05-10 574160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_P.dll [2009-12-31 2349080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN Search Toolbar - C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll [2005-05-10 574160]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_P.dll [2009-12-31 2349080]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-12-09 18063872]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14 71216]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256]
"LGODDFU"=C:\Program Files\lg_fwupdate\fwupdate.exe [2007-02-26 249856]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2008-02-27 570664]
"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2008-02-18 1629480]
"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2008-02-18 1057064]
"LogonStudio"=C:\games\LogonStudio\logonstudio.exe [2002-09-03 987187]
"RelevantKnowledge"=C:\Program Files\RelevantKnowledge\rlvknlg.exe -boot []
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-03-09 2769336]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-01-24 2289664]
"HEXelon MAX"=c:\games\HEXelonMAX6\hexelon.exe [2007-06-28 2816512]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"QIP Internet Guardian"=C:\Documents and Settings\Petula\Data aplikací\QipGuard\QipGuard.exe [2010-03-12 184272]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearch.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-10-25 143360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\CDS\Nero\Installation\SetupX.exe"="D:\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Program Files\QIP Infium\infium.exe"="C:\Program Files\QIP Infium\infium.exe:*:Enabled:QIP Infium"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Documents and Settings\Petula\Local Settings\Temp\~os1BE.tmp\rlvknlg.exe"="C:\Documents and Settings\Petula\Local Settings\Temp\~os1BE.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Metin2_CZ\metin2.bin"="C:\Program Files\Metin2_CZ\metin2.bin:*:Enabled:metin2"
"C:\Program Files\Metin2_CZ\metin2client.bin"="C:\Program Files\Metin2_CZ\metin2client.bin:*:Enabled:metin2client"
"c:\program files\relevantknowledge\rlvknlg.exe"="c:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe -a
======List of files/folders created in the last 1 months======
2010-04-07 01:10:10 ----D---- C:\Program Files\trend micro
2010-04-07 01:10:09 ----D---- C:\rsit
2010-04-04 20:32:16 ----D---- C:\Program Files\Conduit
2010-04-04 20:32:15 ----D---- C:\Program Files\BS_Player
2010-04-04 20:32:09 ----D---- C:\Documents and Settings\Petula\Data aplikací\BSplayer Pro
2010-04-04 20:32:09 ----D---- C:\Documents and Settings\Petula\Data aplikací\BSplayer
2010-04-04 20:32:08 ----D---- C:\Program Files\Webteh
2010-04-03 21:45:57 ----D---- C:\Program Files\Photodex
2010-04-03 21:22:56 ----D---- C:\Program Files\Aspect one
2010-04-03 18:05:42 ----D---- C:\Program Files\Bobabo
2010-04-03 18:05:42 ----A---- C:\WINDOWS\system32\MioPlayer2.dll
2010-04-03 18:05:42 ----A---- C:\WINDOWS\system32\MediaIO1.dll
2010-04-03 17:35:36 ----D---- C:\Documents and Settings\Petula\Data aplikací\U3
2010-03-26 00:10:12 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-03-26 00:10:04 ----D---- C:\Program Files\Alwil Software
2010-03-26 00:10:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-03-25 00:30:55 ----D---- C:\Documents and Settings\Petula\Data aplikací\IWin_Janes_Realty
2010-03-25 00:30:07 ----D---- C:\Program Files\Janes Realty
2010-03-14 01:57:09 ----D---- C:\Documents and Settings\Petula\Data aplikací\QipGuard
======List of files/folders modified in the last 1 months======
2010-04-07 17:27:31 ----D---- C:\WINDOWS\Prefetch
2010-04-07 17:26:24 ----A---- C:\WINDOWS\wincmd.ini
2010-04-07 15:41:51 ----D---- C:\WINDOWS\Temp
2010-04-07 15:40:36 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-07 15:40:22 ----D---- C:\Program Files\Mozilla Firefox
2010-04-07 15:39:53 ----D---- C:\Program Files\lg_fwupdate
2010-04-07 15:39:51 ----A---- C:\WINDOWS\LogonStudio.ini
2010-04-07 15:39:51 ----A---- C:\WINDOWS\lgfwup.ini
2010-04-07 15:39:31 ----D---- C:\Program Files\SeekappSrch
2010-04-07 13:19:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-07 11:36:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\SeekappSrch
2010-04-07 01:10:10 ----RD---- C:\Program Files
2010-04-06 23:23:10 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-06 02:19:04 ----D---- C:\WINDOWS\system32\config
2010-04-04 20:32:15 ----D---- C:\WINDOWS\system32
2010-04-03 21:46:14 ----D---- C:\WINDOWS
2010-04-03 18:06:46 ----SD---- C:\Documents and Settings\Petula\Data aplikací\Microsoft
2010-04-01 00:24:18 ----D---- C:\Documents and Settings\Petula\Data aplikací\Skype
2010-04-01 00:06:30 ----D---- C:\Documents and Settings\Petula\Data aplikací\skypePM
2010-03-28 21:57:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-26 00:25:09 ----D---- C:\Documents and Settings\Petula\Data aplikací\Adobe
2010-03-26 00:25:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-03-26 00:10:29 ----D---- C:\WINDOWS\system32\drivers
2010-03-26 00:10:22 ----SHD---- C:\WINDOWS\Installer
2010-03-26 00:10:21 ----D---- C:\WINDOWS\WinSxS
2010-03-25 00:25:49 ----D---- C:\games
2010-03-14 01:55:10 ----D---- C:\Program Files\QIP Infium
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-03-09 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-03-09 162640]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-03-09 46672]
R1 InCDPass;Nero InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2008-02-18 36648]
R1 incdrm;Nero InCD MRW Remapper; C:\WINDOWS\system32\drivers\InCDRm.sys [2008-02-18 38312]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-09-21 5632]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-03-09 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-03-09 100432]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-03-09 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2008-10-25 3341824]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-08-20 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-12-11 4959232]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2008-10-30 117888]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
R4 InCDfs;Nero InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2008-02-18 118952]
S1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
S3 aqwoeje1;aqwoeje1; C:\WINDOWS\system32\drivers\aqwoeje1.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2008-10-25 585728]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2008-02-18 1553704]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-01 1029456]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-01-24 73728]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-05-14 272024]
R2 ScsiAccess;ScsiAccess; C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe [2010-04-03 181312]
R2 SeekappSrch Service;SeekappSrch Service; C:\Documents and Settings\All Users\Data aplikací\SeekappSrch\seekapp181.exe [2010-04-06 62152]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
S1 InCDrec;Nero InCD File System Recognizer; C:\WINDOWS\system32\drivers\InCDRec.sys [2008-02-18 16040]
S2 NeroRegInCDSrv;Nero Registry InCD Service; C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-09-17 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
-----------------EOF-----------------
S PC neni zatim nic, ale přítelkyně už hoooodně dlouho nečistila, tak já jen, jestli tam je vidět nějaká havěť...=) Děkuji.Logfile of random's system information tool 1.06 (written by random/random)
Run by Petula at 2010-04-07 17:27:29
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 53 GB (70%) free of 76 GB
Total RAM: 1791 MB (41% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:33, on 7.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\games\HEXelonMAX6\hexelon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\Petula\Data aplikací\QipGuard\QipGuard.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\QIP Infium\infium.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Documents and Settings\All Users\Data aplikací\SeekappSrch\seekapp181.exe
C:\Program Files\SeekappSrch\seekappsrch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\totalcmd\TOTALCMD.EXE
c:\Documents and Settings\Petula\Data aplikací\QIP\Profiles\hathorka\RcvdFiles\Anubides_219525988\RSIT.exe
C:\Program Files\trend micro\Petula.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Petula\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Petula\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\games\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [RelevantKnowledge] C:\Program Files\RelevantKnowledge\rlvknlg.exe -boot
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HEXelon MAX] "c:\games\HEXelonMAX6\hexelon.exe" /auto
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Documents and Settings\Petula\Data aplikací\QipGuard\QipGuard.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.02.0000.1007\en-us\msntabres.dll/229?2c083a63cee94215b2c4c1f35d2985fc
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.02.0000.1007\en-us\msntabres.dll/230?2c083a63cee94215b2c4c1f35d2985fc
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: SeekappSrch Service - Unknown owner - C:\Documents and Settings\All Users\Data aplikací\SeekappSrch\seekapp181.exe
--
End of file - 9024 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\Petula\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-02-10 119808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
MSN Search Toolbar Helper - C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll [2005-05-10 574160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_P.dll [2009-12-31 2349080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN Search Toolbar - C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll [2005-05-10 574160]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_P.dll [2009-12-31 2349080]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-12-09 18063872]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14 71216]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256]
"LGODDFU"=C:\Program Files\lg_fwupdate\fwupdate.exe [2007-02-26 249856]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2008-02-27 570664]
"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2008-02-18 1629480]
"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2008-02-18 1057064]
"LogonStudio"=C:\games\LogonStudio\logonstudio.exe [2002-09-03 987187]
"RelevantKnowledge"=C:\Program Files\RelevantKnowledge\rlvknlg.exe -boot []
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-03-09 2769336]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-01-24 2289664]
"HEXelon MAX"=c:\games\HEXelonMAX6\hexelon.exe [2007-06-28 2816512]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"QIP Internet Guardian"=C:\Documents and Settings\Petula\Data aplikací\QipGuard\QipGuard.exe [2010-03-12 184272]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearch.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-10-25 143360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\CDS\Nero\Installation\SetupX.exe"="D:\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Program Files\QIP Infium\infium.exe"="C:\Program Files\QIP Infium\infium.exe:*:Enabled:QIP Infium"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Documents and Settings\Petula\Local Settings\Temp\~os1BE.tmp\rlvknlg.exe"="C:\Documents and Settings\Petula\Local Settings\Temp\~os1BE.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Metin2_CZ\metin2.bin"="C:\Program Files\Metin2_CZ\metin2.bin:*:Enabled:metin2"
"C:\Program Files\Metin2_CZ\metin2client.bin"="C:\Program Files\Metin2_CZ\metin2client.bin:*:Enabled:metin2client"
"c:\program files\relevantknowledge\rlvknlg.exe"="c:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe -a
======List of files/folders created in the last 1 months======
2010-04-07 01:10:10 ----D---- C:\Program Files\trend micro
2010-04-07 01:10:09 ----D---- C:\rsit
2010-04-04 20:32:16 ----D---- C:\Program Files\Conduit
2010-04-04 20:32:15 ----D---- C:\Program Files\BS_Player
2010-04-04 20:32:09 ----D---- C:\Documents and Settings\Petula\Data aplikací\BSplayer Pro
2010-04-04 20:32:09 ----D---- C:\Documents and Settings\Petula\Data aplikací\BSplayer
2010-04-04 20:32:08 ----D---- C:\Program Files\Webteh
2010-04-03 21:45:57 ----D---- C:\Program Files\Photodex
2010-04-03 21:22:56 ----D---- C:\Program Files\Aspect one
2010-04-03 18:05:42 ----D---- C:\Program Files\Bobabo
2010-04-03 18:05:42 ----A---- C:\WINDOWS\system32\MioPlayer2.dll
2010-04-03 18:05:42 ----A---- C:\WINDOWS\system32\MediaIO1.dll
2010-04-03 17:35:36 ----D---- C:\Documents and Settings\Petula\Data aplikací\U3
2010-03-26 00:10:12 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-03-26 00:10:04 ----D---- C:\Program Files\Alwil Software
2010-03-26 00:10:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-03-25 00:30:55 ----D---- C:\Documents and Settings\Petula\Data aplikací\IWin_Janes_Realty
2010-03-25 00:30:07 ----D---- C:\Program Files\Janes Realty
2010-03-14 01:57:09 ----D---- C:\Documents and Settings\Petula\Data aplikací\QipGuard
======List of files/folders modified in the last 1 months======
2010-04-07 17:27:31 ----D---- C:\WINDOWS\Prefetch
2010-04-07 17:26:24 ----A---- C:\WINDOWS\wincmd.ini
2010-04-07 15:41:51 ----D---- C:\WINDOWS\Temp
2010-04-07 15:40:36 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-07 15:40:22 ----D---- C:\Program Files\Mozilla Firefox
2010-04-07 15:39:53 ----D---- C:\Program Files\lg_fwupdate
2010-04-07 15:39:51 ----A---- C:\WINDOWS\LogonStudio.ini
2010-04-07 15:39:51 ----A---- C:\WINDOWS\lgfwup.ini
2010-04-07 15:39:31 ----D---- C:\Program Files\SeekappSrch
2010-04-07 13:19:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-07 11:36:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\SeekappSrch
2010-04-07 01:10:10 ----RD---- C:\Program Files
2010-04-06 23:23:10 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-06 02:19:04 ----D---- C:\WINDOWS\system32\config
2010-04-04 20:32:15 ----D---- C:\WINDOWS\system32
2010-04-03 21:46:14 ----D---- C:\WINDOWS
2010-04-03 18:06:46 ----SD---- C:\Documents and Settings\Petula\Data aplikací\Microsoft
2010-04-01 00:24:18 ----D---- C:\Documents and Settings\Petula\Data aplikací\Skype
2010-04-01 00:06:30 ----D---- C:\Documents and Settings\Petula\Data aplikací\skypePM
2010-03-28 21:57:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-26 00:25:09 ----D---- C:\Documents and Settings\Petula\Data aplikací\Adobe
2010-03-26 00:25:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-03-26 00:10:29 ----D---- C:\WINDOWS\system32\drivers
2010-03-26 00:10:22 ----SHD---- C:\WINDOWS\Installer
2010-03-26 00:10:21 ----D---- C:\WINDOWS\WinSxS
2010-03-25 00:25:49 ----D---- C:\games
2010-03-14 01:55:10 ----D---- C:\Program Files\QIP Infium
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-03-09 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-03-09 162640]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-03-09 46672]
R1 InCDPass;Nero InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2008-02-18 36648]
R1 incdrm;Nero InCD MRW Remapper; C:\WINDOWS\system32\drivers\InCDRm.sys [2008-02-18 38312]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-09-21 5632]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-03-09 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-03-09 100432]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-03-09 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2008-10-25 3341824]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-08-20 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-12-11 4959232]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2008-10-30 117888]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
R4 InCDfs;Nero InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2008-02-18 118952]
S1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
S3 aqwoeje1;aqwoeje1; C:\WINDOWS\system32\drivers\aqwoeje1.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2008-10-25 585728]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2008-02-18 1553704]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-01 1029456]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-01-24 73728]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-05-14 272024]
R2 ScsiAccess;ScsiAccess; C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe [2010-04-03 181312]
R2 SeekappSrch Service;SeekappSrch Service; C:\Documents and Settings\All Users\Data aplikací\SeekappSrch\seekapp181.exe [2010-04-06 62152]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
S1 InCDrec;Nero InCD File System Recognizer; C:\WINDOWS\system32\drivers\InCDRec.sys [2008-02-18 16040]
S2 NeroRegInCDSrv;Nero Registry InCD Service; C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-09-17 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
-----------------EOF-----------------
Re: Prosím o preventivní kontrolu logu.
Nějaké adware tam vidím
:arrow:Stáhněte OTM http://oldtimer.geekstogo.com/OTM.exe
Stáhněte na plochu Otm, 2krát klikněte na Otm,spustí se program,
Do levého okna "Paste Instructions for Items to be Moved" pod žlutou čáru zkopírujete skript
-klikněte na červené tlačítko Moveit!
-sem vložte obsah zeleného okénka
-Pokud se bude chtít restartovat pc, dejte YES,log pak najdete C:\_OTM\MovedFiles. Log vložte sem
Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner
záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít
Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.
Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
Spouští se spousta programů po startu, doporučuji omezit.
- ccleaner - nástroje - start - zde zbytečné spouštění programů můžete vypnout.
Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
:arrow:Stáhněte OTM http://oldtimer.geekstogo.com/OTM.exe
Stáhněte na plochu Otm, 2krát klikněte na Otm,spustí se program,
Do levého okna "Paste Instructions for Items to be Moved" pod žlutou čáru zkopírujete skript
Kód: Vybrat vše
:processes
explorer.exe
:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
c:\program files\relevantknowledge
C:\Documents and Settings\Petula\Local Settings\Temp\~os1BE.tmp\rlvknlg.exe
C:\Documents and Settings\All Users\Data aplikací\SeekappSrch
:reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\Petula\Local Settings\Temp\~os1BE.tmp\rlvknlg.exe"=-
"c:\program files\relevantknowledge\rlvknlg.exe"=-
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=""
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Search Page"=""
[HKCU\Software\Microsoft\Internet Explorer\SearchURL]
"(Default)"=""
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Search Bar"=""
[HKCU\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"=""
[HKLM\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz"
:Services
SeekappSrch Service
GMSIPC
:commands
[emptytemp]
[EMPTYFLASH]
[clearallrestorepoints]
[Reboot]-sem vložte obsah zeleného okénka
-Pokud se bude chtít restartovat pc, dejte YES,log pak najdete C:\_OTM\MovedFiles. Log vložte sem
Z mého podpisu stahněte Ccleaner- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner
záložka Registry- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy
ok zavřít Záložka Nástroje- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.
Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
Spouští se spousta programů po startu, doporučuji omezit.- ccleaner - nástroje - start - zde zbytečné spouštění programů můžete vypnout.
Stahněte MBAM z mého podpisu-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
Anubides
- Vzorný návštěvník
- Příspěvky: 142
- Registrován: 22 bře 2010 22:13
- Bydliště: Praha
- Kontaktovat uživatele:
Re: Prosím o preventivní kontrolu logu.
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\002208_.tmp moved successfully.
C:\WINDOWS\005173_.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SETA.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\Temp\SEE12.tmp folder moved successfully.
C:\WINDOWS\Temp\SEE141.tmp folder moved successfully.
C:\WINDOWS\Temp\SEE1BF.tmp folder moved successfully.
C:\WINDOWS\Temp\SEE1D.tmp folder moved successfully.
C:\WINDOWS\Temp\SEE20F.tmp folder moved successfully.
C:\WINDOWS\Temp\SEE23E.tmp folder moved successfully.
C:\WINDOWS\Temp\SEE2CD.tmp folder moved successfully.
C:\WINDOWS\Temp\SEE3C.tmp folder moved successfully.
C:\WINDOWS\Temp\SEE51.tmp folder moved successfully.
C:\WINDOWS\Temp\SEE61.tmp folder moved successfully.
C:\WINDOWS\Temp\SEE9.tmp folder moved successfully.
C:\WINDOWS\Temp\SEEA5.tmp folder moved successfully.
C:\WINDOWS\Temp\SEEB.tmp folder moved successfully.
C:\WINDOWS\Temp\SEEE.tmp folder moved successfully.
C:\WINDOWS\Temp\SEEEF.tmp folder moved successfully.
C:\WINDOWS\Temp\~nsu.tmp folder moved successfully.
File/Folder c:\program files\relevantknowledge not found.
File/Folder C:\Documents and Settings\Petula\Local Settings\Temp\~os1BE.tmp\rlvknlg.exe not found.
C:\Documents and Settings\All Users\Data aplikací\SeekappSrch folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\Petula\Local Settings\Temp\~os1BE.tmp\rlvknlg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\c:\program files\relevantknowledge\rlvknlg.exe deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\"Default_Page_URL"|"" /E : value set successfully!
HKCU\Software\Microsoft\Internet Explorer\Main\\"Search Page"|"" /E : value set successfully!
HKCU\Software\Microsoft\Internet Explorer\SearchURL\\"(Default)"|"" /E : value set successfully!
HKCU\Software\Microsoft\Internet Explorer\Main\\"Search Bar"|"" /E : value set successfully!
HKCU\Software\Microsoft\Internet Explorer\Search\\"SearchAssistant"|"" /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"http://www.seznam.cz" /E : value set successfully!
========== SERVICES/DRIVERS ==========
Service SeekappSrch Service stopped successfully!
Service SeekappSrch Service deleted successfully!
Error: No service named GMSIPC was found to stop!
Service\Driver key GMSIPC not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 10486460 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Petula
->Temp folder emptied: 623517461 bytes
->Temporary Internet Files folder emptied: 1288328538 bytes
->FireFox cache emptied: 77926423 bytes
->Flash cache emptied: 265703 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4333931 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4264210754 bytes
Total Files Cleaned = 5 979,00 mb
Restore points cleared and new OTM Restore Point set!
OTM by OldTimer - Version 3.1.10.1 log created on 04072010_214638
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\002208_.tmp moved successfully.
C:\WINDOWS\005173_.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SETA.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\Temp\SEE12.tmp folder moved successfully.
C:\WINDOWS\Temp\SEE141.tmp folder moved successfully.
C:\WINDOWS\Temp\SEE1BF.tmp folder moved successfully.
C:\WINDOWS\Temp\SEE1D.tmp folder moved successfully.
C:\WINDOWS\Temp\SEE20F.tmp folder moved successfully.
C:\WINDOWS\Temp\SEE23E.tmp folder moved successfully.
C:\WINDOWS\Temp\SEE2CD.tmp folder moved successfully.
C:\WINDOWS\Temp\SEE3C.tmp folder moved successfully.
C:\WINDOWS\Temp\SEE51.tmp folder moved successfully.
C:\WINDOWS\Temp\SEE61.tmp folder moved successfully.
C:\WINDOWS\Temp\SEE9.tmp folder moved successfully.
C:\WINDOWS\Temp\SEEA5.tmp folder moved successfully.
C:\WINDOWS\Temp\SEEB.tmp folder moved successfully.
C:\WINDOWS\Temp\SEEE.tmp folder moved successfully.
C:\WINDOWS\Temp\SEEEF.tmp folder moved successfully.
C:\WINDOWS\Temp\~nsu.tmp folder moved successfully.
File/Folder c:\program files\relevantknowledge not found.
File/Folder C:\Documents and Settings\Petula\Local Settings\Temp\~os1BE.tmp\rlvknlg.exe not found.
C:\Documents and Settings\All Users\Data aplikací\SeekappSrch folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\Petula\Local Settings\Temp\~os1BE.tmp\rlvknlg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\c:\program files\relevantknowledge\rlvknlg.exe deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\"Default_Page_URL"|"" /E : value set successfully!
HKCU\Software\Microsoft\Internet Explorer\Main\\"Search Page"|"" /E : value set successfully!
HKCU\Software\Microsoft\Internet Explorer\SearchURL\\"(Default)"|"" /E : value set successfully!
HKCU\Software\Microsoft\Internet Explorer\Main\\"Search Bar"|"" /E : value set successfully!
HKCU\Software\Microsoft\Internet Explorer\Search\\"SearchAssistant"|"" /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"http://www.seznam.cz" /E : value set successfully!
========== SERVICES/DRIVERS ==========
Service SeekappSrch Service stopped successfully!
Service SeekappSrch Service deleted successfully!
Error: No service named GMSIPC was found to stop!
Service\Driver key GMSIPC not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 10486460 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Petula
->Temp folder emptied: 623517461 bytes
->Temporary Internet Files folder emptied: 1288328538 bytes
->FireFox cache emptied: 77926423 bytes
->Flash cache emptied: 265703 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4333931 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4264210754 bytes
Total Files Cleaned = 5 979,00 mb
Restore points cleared and new OTM Restore Point set!
OTM by OldTimer - Version 3.1.10.1 log created on 04072010_214638
-
Anubides
- Vzorný návštěvník
- Příspěvky: 142
- Registrován: 22 bře 2010 22:13
- Bydliště: Praha
- Kontaktovat uživatele:
Re: Prosím o preventivní kontrolu logu.
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Verze databáze: 3966
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
7.4.2010 22:34:25
mbam-log-2010-04-07 (22-34-25).txt
Typ skenu: Úplný sken (C:\|)
Skenované objekty: 166068
Uplynulý čas: 22 minuta(y), 46 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 1
Infikované soubory: 4
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
C:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge (Spyware.MarketScore) -> No action taken.
Infikované soubory:
C:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> No action taken.
C:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> No action taken.
C:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> No action taken.
C:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.MarketScore) -> No action taken.
www.malwarebytes.org
Verze databáze: 3966
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
7.4.2010 22:34:25
mbam-log-2010-04-07 (22-34-25).txt
Typ skenu: Úplný sken (C:\|)
Skenované objekty: 166068
Uplynulý čas: 22 minuta(y), 46 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 1
Infikované soubory: 4
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
C:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge (Spyware.MarketScore) -> No action taken.
Infikované soubory:
C:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> No action taken.
C:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> No action taken.
C:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> No action taken.
C:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.MarketScore) -> No action taken.
Re: Prosím o preventivní kontrolu logu.
Co našel mbam, můžete smazat a poprosím o nový log ze Rsitu .
Jak to vypadá s počítačem?
.Jak to vypadá s počítačem?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
Anubides
- Vzorný návštěvník
- Příspěvky: 142
- Registrován: 22 bře 2010 22:13
- Bydliště: Praha
- Kontaktovat uživatele:
Re: Prosím o preventivní kontrolu logu.
PC jede svižně, paráda =) Děkuji za preventivku, jsem říkal, že tam nějakou havěť mít bude a nevěřila mi 
Co, že ještě nespíte? =)
Logfile of random's system information tool 1.06 (written by random/random)
Run by Petula at 2010-04-08 01:11:50
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 61 GB (80%) free of 76 GB
Total RAM: 1791 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:11:53, on 8.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\games\HEXelonMAX6\hexelon.exe
C:\Documents and Settings\Petula\Data aplikací\QipGuard\QipGuard.exe
C:\Program Files\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\QIP Infium\infium.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
c:\Documents and Settings\Petula\Data aplikací\QIP\Profiles\hathorka\RcvdFiles\Anubides_219525988\RSIT.exe
C:\Program Files\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearchFilter.exe
C:\Program Files\trend micro\Petula.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Petula\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Petula\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\games\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HEXelon MAX] "c:\games\HEXelonMAX6\hexelon.exe" /auto
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Documents and Settings\Petula\Data aplikací\QipGuard\QipGuard.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.02.0000.1007\en-us\msntabres.dll/229?2c083a63cee94215b2c4c1f35d2985fc
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.02.0000.1007\en-us\msntabres.dll/230?2c083a63cee94215b2c4c1f35d2985fc
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
--
End of file - 8348 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\Petula\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-02-10 119808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
MSN Search Toolbar Helper - C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll [2005-05-10 574160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_P.dll [2009-12-31 2349080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN Search Toolbar - C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll [2005-05-10 574160]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_P.dll [2009-12-31 2349080]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-12-09 18063872]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14 71216]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256]
"LGODDFU"=C:\Program Files\lg_fwupdate\fwupdate.exe [2007-02-26 249856]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2008-02-27 570664]
"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2008-02-18 1629480]
"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2008-02-18 1057064]
"LogonStudio"=C:\games\LogonStudio\logonstudio.exe [2002-09-03 987187]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-03-09 2769336]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-01-24 2289664]
"HEXelon MAX"=c:\games\HEXelonMAX6\hexelon.exe [2007-06-28 2816512]
"QIP Internet Guardian"=C:\Documents and Settings\Petula\Data aplikací\QipGuard\QipGuard.exe [2010-03-12 184272]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearch.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-10-25 143360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\CDS\Nero\Installation\SetupX.exe"="D:\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Program Files\QIP Infium\infium.exe"="C:\Program Files\QIP Infium\infium.exe:*:Enabled:QIP Infium"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Metin2_CZ\metin2.bin"="C:\Program Files\Metin2_CZ\metin2.bin:*:Enabled:metin2"
"C:\Program Files\Metin2_CZ\metin2client.bin"="C:\Program Files\Metin2_CZ\metin2client.bin:*:Enabled:metin2client"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe -a
======List of files/folders created in the last 1 months======
2010-04-07 22:10:38 ----D---- C:\Documents and Settings\Petula\Data aplikací\Malwarebytes
2010-04-07 22:10:27 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-07 22:10:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-04-07 22:01:49 ----D---- C:\Program Files\CCleaner
2010-04-07 21:46:38 ----D---- C:\_OTM
2010-04-07 01:10:10 ----D---- C:\Program Files\trend micro
2010-04-07 01:10:09 ----D---- C:\rsit
2010-04-04 20:32:16 ----D---- C:\Program Files\Conduit
2010-04-04 20:32:15 ----D---- C:\Program Files\BS_Player
2010-04-04 20:32:09 ----D---- C:\Documents and Settings\Petula\Data aplikací\BSplayer Pro
2010-04-04 20:32:09 ----D---- C:\Documents and Settings\Petula\Data aplikací\BSplayer
2010-04-04 20:32:08 ----D---- C:\Program Files\Webteh
2010-04-03 21:45:57 ----D---- C:\Program Files\Photodex
2010-04-03 21:22:56 ----D---- C:\Program Files\Aspect one
2010-04-03 18:05:42 ----D---- C:\Program Files\Bobabo
2010-04-03 18:05:42 ----A---- C:\WINDOWS\system32\MioPlayer2.dll
2010-04-03 18:05:42 ----A---- C:\WINDOWS\system32\MediaIO1.dll
2010-04-03 17:35:36 ----D---- C:\Documents and Settings\Petula\Data aplikací\U3
2010-03-26 00:10:12 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-03-26 00:10:04 ----D---- C:\Program Files\Alwil Software
2010-03-26 00:10:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-03-25 00:30:55 ----D---- C:\Documents and Settings\Petula\Data aplikací\IWin_Janes_Realty
2010-03-25 00:30:07 ----D---- C:\Program Files\Janes Realty
2010-03-14 01:57:09 ----D---- C:\Documents and Settings\Petula\Data aplikací\QipGuard
======List of files/folders modified in the last 1 months======
2010-04-08 01:09:07 ----A---- C:\WINDOWS\wincmd.ini
2010-04-08 01:07:05 ----D---- C:\Program Files\Mozilla Firefox
2010-04-08 01:05:55 ----D---- C:\WINDOWS\Prefetch
2010-04-08 01:05:20 ----D---- C:\WINDOWS
2010-04-08 01:05:14 ----A---- C:\WINDOWS\LogonStudio.ini
2010-04-08 01:05:13 ----D---- C:\Program Files\lg_fwupdate
2010-04-08 01:05:12 ----A---- C:\WINDOWS\lgfwup.ini
2010-04-08 01:05:09 ----D---- C:\WINDOWS\Temp
2010-04-08 01:03:54 ----D---- C:\WINDOWS\system32\drivers
2010-04-08 01:01:24 ----SHD---- C:\System Volume Information
2010-04-08 01:01:24 ----D---- C:\WINDOWS\system32\Restore
2010-04-08 00:58:53 ----D---- C:\WINDOWS\Config
2010-04-07 22:10:27 ----RD---- C:\Program Files
2010-04-07 22:04:07 ----D---- C:\WINDOWS\Debug
2010-04-07 22:02:13 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-07 21:50:01 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-04-07 21:46:51 ----D---- C:\WINDOWS\system32
2010-04-07 15:39:31 ----D---- C:\Program Files\SeekappSrch
2010-04-06 23:23:10 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-06 02:19:04 ----D---- C:\WINDOWS\system32\config
2010-04-03 18:06:46 ----SD---- C:\Documents and Settings\Petula\Data aplikací\Microsoft
2010-04-01 00:24:18 ----D---- C:\Documents and Settings\Petula\Data aplikací\Skype
2010-04-01 00:06:30 ----D---- C:\Documents and Settings\Petula\Data aplikací\skypePM
2010-03-28 21:57:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-26 00:25:09 ----D---- C:\Documents and Settings\Petula\Data aplikací\Adobe
2010-03-26 00:25:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-03-26 00:10:22 ----SHD---- C:\WINDOWS\Installer
2010-03-26 00:10:21 ----D---- C:\WINDOWS\WinSxS
2010-03-25 00:25:49 ----D---- C:\games
2010-03-14 01:55:10 ----D---- C:\Program Files\QIP Infium
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-03-09 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-03-09 162640]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-03-09 46672]
R1 InCDPass;Nero InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2008-02-18 36648]
R1 incdrm;Nero InCD MRW Remapper; C:\WINDOWS\system32\drivers\InCDRm.sys [2008-02-18 38312]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-09-21 5632]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-03-09 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-03-09 100432]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-03-09 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2008-10-25 3341824]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-08-20 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-12-11 4959232]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2008-10-30 117888]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
R4 InCDfs;Nero InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2008-02-18 118952]
S1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
S3 afvypdjw;afvypdjw; C:\WINDOWS\system32\drivers\afvypdjw.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2008-10-25 585728]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2008-02-18 1553704]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-01 1029456]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-01-24 73728]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-05-14 272024]
R2 ScsiAccess;ScsiAccess; C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe [2010-04-03 181312]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
S1 InCDrec;Nero InCD File System Recognizer; C:\WINDOWS\system32\drivers\InCDRec.sys [2008-02-18 16040]
S2 NeroRegInCDSrv;Nero Registry InCD Service; C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-09-17 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
-----------------EOF-----------------
Co, že ještě nespíte? =)
Logfile of random's system information tool 1.06 (written by random/random)
Run by Petula at 2010-04-08 01:11:50
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 61 GB (80%) free of 76 GB
Total RAM: 1791 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:11:53, on 8.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\games\HEXelonMAX6\hexelon.exe
C:\Documents and Settings\Petula\Data aplikací\QipGuard\QipGuard.exe
C:\Program Files\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\QIP Infium\infium.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
c:\Documents and Settings\Petula\Data aplikací\QIP\Profiles\hathorka\RcvdFiles\Anubides_219525988\RSIT.exe
C:\Program Files\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearchFilter.exe
C:\Program Files\trend micro\Petula.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Petula\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Petula\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\games\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HEXelon MAX] "c:\games\HEXelonMAX6\hexelon.exe" /auto
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Documents and Settings\Petula\Data aplikací\QipGuard\QipGuard.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.02.0000.1007\en-us\msntabres.dll/229?2c083a63cee94215b2c4c1f35d2985fc
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.02.0000.1007\en-us\msntabres.dll/230?2c083a63cee94215b2c4c1f35d2985fc
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
--
End of file - 8348 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\Petula\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-02-10 119808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
MSN Search Toolbar Helper - C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll [2005-05-10 574160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_P.dll [2009-12-31 2349080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN Search Toolbar - C:\Program Files\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll [2005-05-10 574160]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_P.dll [2009-12-31 2349080]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-12-09 18063872]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14 71216]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256]
"LGODDFU"=C:\Program Files\lg_fwupdate\fwupdate.exe [2007-02-26 249856]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2008-02-27 570664]
"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2008-02-18 1629480]
"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2008-02-18 1057064]
"LogonStudio"=C:\games\LogonStudio\logonstudio.exe [2002-09-03 987187]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-03-09 2769336]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-01-24 2289664]
"HEXelon MAX"=c:\games\HEXelonMAX6\hexelon.exe [2007-06-28 2816512]
"QIP Internet Guardian"=C:\Documents and Settings\Petula\Data aplikací\QipGuard\QipGuard.exe [2010-03-12 184272]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearch.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-10-25 143360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\CDS\Nero\Installation\SetupX.exe"="D:\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Program Files\QIP Infium\infium.exe"="C:\Program Files\QIP Infium\infium.exe:*:Enabled:QIP Infium"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Metin2_CZ\metin2.bin"="C:\Program Files\Metin2_CZ\metin2.bin:*:Enabled:metin2"
"C:\Program Files\Metin2_CZ\metin2client.bin"="C:\Program Files\Metin2_CZ\metin2client.bin:*:Enabled:metin2client"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe -a
======List of files/folders created in the last 1 months======
2010-04-07 22:10:38 ----D---- C:\Documents and Settings\Petula\Data aplikací\Malwarebytes
2010-04-07 22:10:27 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-07 22:10:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-04-07 22:01:49 ----D---- C:\Program Files\CCleaner
2010-04-07 21:46:38 ----D---- C:\_OTM
2010-04-07 01:10:10 ----D---- C:\Program Files\trend micro
2010-04-07 01:10:09 ----D---- C:\rsit
2010-04-04 20:32:16 ----D---- C:\Program Files\Conduit
2010-04-04 20:32:15 ----D---- C:\Program Files\BS_Player
2010-04-04 20:32:09 ----D---- C:\Documents and Settings\Petula\Data aplikací\BSplayer Pro
2010-04-04 20:32:09 ----D---- C:\Documents and Settings\Petula\Data aplikací\BSplayer
2010-04-04 20:32:08 ----D---- C:\Program Files\Webteh
2010-04-03 21:45:57 ----D---- C:\Program Files\Photodex
2010-04-03 21:22:56 ----D---- C:\Program Files\Aspect one
2010-04-03 18:05:42 ----D---- C:\Program Files\Bobabo
2010-04-03 18:05:42 ----A---- C:\WINDOWS\system32\MioPlayer2.dll
2010-04-03 18:05:42 ----A---- C:\WINDOWS\system32\MediaIO1.dll
2010-04-03 17:35:36 ----D---- C:\Documents and Settings\Petula\Data aplikací\U3
2010-03-26 00:10:12 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-03-26 00:10:04 ----D---- C:\Program Files\Alwil Software
2010-03-26 00:10:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-03-25 00:30:55 ----D---- C:\Documents and Settings\Petula\Data aplikací\IWin_Janes_Realty
2010-03-25 00:30:07 ----D---- C:\Program Files\Janes Realty
2010-03-14 01:57:09 ----D---- C:\Documents and Settings\Petula\Data aplikací\QipGuard
======List of files/folders modified in the last 1 months======
2010-04-08 01:09:07 ----A---- C:\WINDOWS\wincmd.ini
2010-04-08 01:07:05 ----D---- C:\Program Files\Mozilla Firefox
2010-04-08 01:05:55 ----D---- C:\WINDOWS\Prefetch
2010-04-08 01:05:20 ----D---- C:\WINDOWS
2010-04-08 01:05:14 ----A---- C:\WINDOWS\LogonStudio.ini
2010-04-08 01:05:13 ----D---- C:\Program Files\lg_fwupdate
2010-04-08 01:05:12 ----A---- C:\WINDOWS\lgfwup.ini
2010-04-08 01:05:09 ----D---- C:\WINDOWS\Temp
2010-04-08 01:03:54 ----D---- C:\WINDOWS\system32\drivers
2010-04-08 01:01:24 ----SHD---- C:\System Volume Information
2010-04-08 01:01:24 ----D---- C:\WINDOWS\system32\Restore
2010-04-08 00:58:53 ----D---- C:\WINDOWS\Config
2010-04-07 22:10:27 ----RD---- C:\Program Files
2010-04-07 22:04:07 ----D---- C:\WINDOWS\Debug
2010-04-07 22:02:13 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-07 21:50:01 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-04-07 21:46:51 ----D---- C:\WINDOWS\system32
2010-04-07 15:39:31 ----D---- C:\Program Files\SeekappSrch
2010-04-06 23:23:10 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-06 02:19:04 ----D---- C:\WINDOWS\system32\config
2010-04-03 18:06:46 ----SD---- C:\Documents and Settings\Petula\Data aplikací\Microsoft
2010-04-01 00:24:18 ----D---- C:\Documents and Settings\Petula\Data aplikací\Skype
2010-04-01 00:06:30 ----D---- C:\Documents and Settings\Petula\Data aplikací\skypePM
2010-03-28 21:57:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-26 00:25:09 ----D---- C:\Documents and Settings\Petula\Data aplikací\Adobe
2010-03-26 00:25:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-03-26 00:10:22 ----SHD---- C:\WINDOWS\Installer
2010-03-26 00:10:21 ----D---- C:\WINDOWS\WinSxS
2010-03-25 00:25:49 ----D---- C:\games
2010-03-14 01:55:10 ----D---- C:\Program Files\QIP Infium
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-03-09 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-03-09 162640]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-03-09 46672]
R1 InCDPass;Nero InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2008-02-18 36648]
R1 incdrm;Nero InCD MRW Remapper; C:\WINDOWS\system32\drivers\InCDRm.sys [2008-02-18 38312]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-09-21 5632]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-03-09 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-03-09 100432]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-03-09 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2008-10-25 3341824]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-08-20 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-12-11 4959232]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2008-10-30 117888]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
R4 InCDfs;Nero InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2008-02-18 118952]
S1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
S3 afvypdjw;afvypdjw; C:\WINDOWS\system32\drivers\afvypdjw.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2008-10-25 585728]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2008-02-18 1553704]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-01 1029456]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-01-24 73728]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-05-14 272024]
R2 ScsiAccess;ScsiAccess; C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe [2010-04-03 181312]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
S1 InCDrec;Nero InCD File System Recognizer; C:\WINDOWS\system32\drivers\InCDRec.sys [2008-02-18 16040]
S2 NeroRegInCDSrv;Nero Registry InCD Service; C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-09-17 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
-----------------EOF-----------------
Re: Prosím o preventivní kontrolu logu.
spusťte přejmenované HJT C:\Program Files\trend micro\Petula.exe, má tuto ikonku
- Klikněte na "Do a system scan only"
- U řádku
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Petula\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
- Dejte fajfku do čtverečku a zmáčkněte Fix checked
- restartujte pc
Pokud nechcete, aby se spouštěli po startu a tím se zrychlil náběh počítače, fixněte ještě tohle:O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\games\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKCU\..\Run: [HEXelon MAX] "c:\games\HEXelonMAX6\hexelon.exe" /auto
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
Můžete odinstalovat zbytečné toolbary Tyto dva programy znáte?C:\games\LogonStudio
c:\games\HEXelonMAX6
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
Anubides
- Vzorný návštěvník
- Příspěvky: 142
- Registrován: 22 bře 2010 22:13
- Bydliště: Praha
- Kontaktovat uživatele:
Re: Prosím o preventivní kontrolu logu.
Hotovo madam čarodějko =)
Re: Prosím o preventivní kontrolu logu.
Ty dva programy, na které jsem se ptala, znáte?
A popřemýšlejte nad firewallem
A popřemýšlejte nad firewallem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
Anubides
- Vzorný návštěvník
- Příspěvky: 142
- Registrován: 22 bře 2010 22:13
- Bydliště: Praha
- Kontaktovat uživatele:
Re: Prosím o preventivní kontrolu logu.
JJ, zná je. Jeden je aplikace rozšířené kalkulačky a druhý je hra
Firewall jí doporučim bez debat, odmlouvat nebude
Firewall jí doporučim bez debat, odmlouvat nebude
Re: Prosím o preventivní kontrolu logu.
Fajn, mně se zdálo divné, proč se hra spouští po startu
Pokud nejsou problémy, je to vše
Pokud nejsou problémy, je to vše
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
Anubides
- Vzorný návštěvník
- Příspěvky: 142
- Registrován: 22 bře 2010 22:13
- Bydliště: Praha
- Kontaktovat uživatele:
Re: Prosím o preventivní kontrolu logu.
NN, PC šlape tak jak má =)
Vřele děkuji za pomoc jako vždy =)
Vřele děkuji za pomoc jako vždy =)
Re: Prosím o preventivní kontrolu logu.
Není zač
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?