Prosím o kontrolu logu, děkuji

Zpráva

TwiggyRamirez · #1 Příspěvek od **TwiggyRamirez** » 03 lis 2010 17:07

LOG:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Pivo at 2010-11-03 17:04:49
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 4 GB (13%) free of 30 GB
Total RAM: 503 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:05:07, on 3.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\TO2SSM\McciTrayApp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Machr\hijackthis\RSIT.exe
C:\Program Files\trend micro\Pivo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cz.o2.com/welcome/cz/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 5622 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-22 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-22 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-09-18 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-09-18 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-09-18 137752]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-10-05 2067808]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"TO2SSM_McciTrayApp"=C:\Program Files\TO2SSM\McciTrayApp.exe [2008-08-15 1473536]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-07-22 12536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-08-08 208896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\EA GAMES\MOHAA\MOHAA.exe"="C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
"C:\Program Files\EA GAMES\MOHAA\moh_Breakthrough.exe"="C:\Program Files\EA GAMES\MOHAA\moh_Breakthrough.exe:*:Enabled:Medal of Honor Allied Assault(tm) Breakthrough"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\EA GAMES\MOHAA\moh_spearhead.exe"="C:\Program Files\EA GAMES\MOHAA\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault(tm) Spearhead"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Participatory Culture Foundation\Miro\Miro_Downloader.exe"="C:\Program Files\Participatory Culture Foundation\Miro\Miro_Downloader.exe:*:Enabled:Miro_Downloader"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\QIP Infium\infium.exe"="C:\Program Files\QIP Infium\infium.exe:*:Enabled:QIP Infium"
"C:\Program Files\Nova Torrent\Nova.exe"="C:\Program Files\Nova Torrent\Nova.exe:*:Enabled:Nova"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82a7d09d-945b-11df-96d9-9c1f40ce8032}]
shell\AutoRun\command - wd_windows_tools\WDSetup.exe

======List of files/folders created in the last 1 months======

2010-11-03 17:04:49 ----D---- C:\rsit
2010-10-31 18:40:52 ----D---- C:\Documents and Settings\Pivo\Data aplikací\Merscom
2010-10-31 18:40:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Merscom
2010-10-28 22:59:26 ----A---- C:\WINDOWS\cdplayer.ini
2010-10-28 22:50:06 ----D---- C:\Program Files\audiograbber
2010-10-28 22:21:59 ----D---- C:\Program Files\CDex
2010-10-25 19:21:01 ----D---- C:\Program Files\Nova Torrent
2010-10-14 15:35:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2010-10-14 15:35:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$
2010-10-14 15:35:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2010-10-14 15:34:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2010-10-14 15:34:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2010-10-14 15:34:46 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2010-10-14 15:34:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2360131$
2010-10-14 15:34:21 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2010-10-14 15:31:59 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$
2010-10-14 15:31:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2010-10-13 16:56:23 ----D---- C:\Program Files\Common Files\Adobe
2010-10-11 11:40:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2158563$
2010-10-07 18:18:05 ----D---- C:\Documents and Settings\Pivo\Data aplikací\skypePM
2010-10-07 18:17:17 ----D---- C:\Program Files\Common Files\Skype
2010-10-07 18:16:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype

======List of files/folders modified in the last 1 months======

2010-11-03 17:05:01 ----D---- C:\Program Files\trend micro
2010-11-03 17:04:57 ----D---- C:\WINDOWS\Prefetch
2010-11-03 17:02:06 ----D---- C:\WINDOWS\Temp
2010-11-03 17:00:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-03 14:50:45 ----D---- C:\Program Files\Mozilla Firefox
2010-11-03 09:47:39 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-03 09:47:38 ----D---- C:\Program Files\Gothic II
2010-11-02 16:47:29 ----RD---- C:\Program Files
2010-11-02 11:25:36 ----D---- C:\WINDOWS\system32
2010-11-02 11:25:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-02 11:21:13 ----D---- C:\WINDOWS
2010-11-02 11:19:22 ----D---- C:\Documents and Settings\Pivo\Data aplikací\Skype
2010-11-01 23:29:17 ----A---- C:\WINDOWS\NeroDigital.ini
2010-11-01 21:15:59 ----D---- C:\WINDOWS\system32\drivers
2010-11-01 21:15:07 ----HD---- C:\WINDOWS\inf
2010-10-28 22:27:30 ----SHD---- C:\WINDOWS\Installer
2010-10-28 22:20:00 ----D---- C:\Documents and Settings\Pivo\Data aplikací\vlc
2010-10-28 21:26:15 ----SD---- C:\Documents and Settings\Pivo\Data aplikací\Microsoft
2010-10-14 15:35:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-10-14 15:35:19 ----HD---- C:\WINDOWS\$hf_mig$
2010-10-14 15:35:17 ----A---- C:\WINDOWS\imsins.BAK
2010-10-14 15:35:01 ----D---- C:\WINDOWS\WinSxS
2010-10-14 15:32:07 ----A---- C:\WINDOWS\system32\MRT.exe
2010-10-13 16:56:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-10-13 16:56:23 ----D---- C:\Program Files\Common Files
2010-10-11 12:28:19 ----D---- C:\WINDOWS\Microsoft.NET
2010-10-11 12:28:18 ----RSD---- C:\WINDOWS\assembly
2010-10-07 18:17:17 ----RD---- C:\Program Files\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-07-22 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-07-22 29584]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-10-31 165760]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2007-02-12 625664]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-12-20 988800]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-12-20 209664]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-08 5776864]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 NETw4x32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-09-26 2236032]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-12-20 730112]
S3 ayqmul4g;ayqmul4g; C:\WINDOWS\system32\drivers\ayqmul4g.sys []
S3 cpudrv;cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys []
S3 cpuz132;cpuz132; \??\C:\DOCUME~1\Pivo\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys []
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-07-22 308136]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-22 153376]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 SonicStage Back-End Service;SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe [2007-02-05 112184]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2007-02-05 75320]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 04 lis 2010 01:32

Zdravim a pekny den preji

Mate velmi malo RAM pameti - viz citace kolegy

james008 píše:Na dane mnozstvi ram se nehodi zadny (ani uplne holy bez antibiru a programu) ze soucasnymch
funkcnich a podporovanych os vyjma minimalizovanych verzi linuxu, jako jsou ZenWalk ci ArchLinux..
popr DSL..Damn small linux
Pokud chcete provozovat win system s av tak jedine a nejblize system XP sp3 a i presto budete muset
doplnit ram alespon na hodnotu 1Gb.

Taktez bych doporucil zmenu zabezpeceni: AVG nepatri mezi nami doporucovane, navic umi hodne PC zpomalit. Pokud nepouzivate mailove klienty (outlook, thunderbird), tak dejte Aviru (bohuzel je anglicky), jinak Avast (cesky). Vice o doporucenem zabezpeceni mate zde http://www.viry.cz/forum/viewtopic.php?f=29&t=6152

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
services.msc
```
Kliknete na OK
Najdete sluzby nize
Java Quick Starter
NBService
U kazde provedte toto
- Klik na ni pravym mysidlem a zvolit Vlastnosti
- Nyní klik na Zastavit
- Typ spousteni nastavit na Zakazano
- Potvrdte kliknutim na OK

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
Spustte a kliknete na Deletion
Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

Stahnete OTM (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

Kód: Vybrat vše

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"NeroFilterCheck"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]

Kliknete na cervene tlacitko MoveIt!
Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

TwiggyRamirez · #3 Příspěvek od **TwiggyRamirez** » 04 lis 2010 18:34

USBfix LOG:

############################## | UsbFix 7.014 | [Deletion]

User: Pivo (Administrator) # TWIGGY [ ]
Updated 24/06/10 by El Desaparecido / C_XX
Started at 18:29:02 | 04/11/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: Intel(R) Core(TM) Duo CPU T2400 @ 1.83GHz
CPU 2: Intel(R) Core(TM) Duo CPU T2400 @ 1.83GHz
Microsoft Windows XP Home Edition (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 6.0.2900.5512

Windows Firewall: Enabled
Antivirus: AVG Anti-Virus Free 9.0 [Enabled | Updated]
RAM -> 503 Mb
C:\ (%systemdrive%) -> Fixed drive # 29 Gb (4 Mb free - 14%) [] # NTFS
D:\ -> Fixed drive # 45 Gb (5 Mb free - 10%) [] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Removable drive # 982 Mb (982 Mb free - 100%) [LOS FLEŠKOS] # FAT32

################## | Files # Infected Folders |

################## | Registry |

################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{82a7d09d-945b-11df-96d9-9c1f40ce8032}

################## | Listing |

[27/07/2010 - 12:09:06 | HD ] C:\$AVG
[22/07/2010 - 17:02:08 | D ] C:\6034c11198de36f821
[28/10/2010 - 22:50:10 | A | 712] C:\Audiograbber.lnk
[21/07/2010 - 00:57:58 | A | 0] C:\AUTOEXEC.BAT
[21/07/2010 - 00:52:33 | SH | 211] C:\boot.ini
[02/03/2006 - 13:00:00 | RASH | 4952] C:\Bootfont.bin
[22/10/2010 - 00:02:45 | A | 733999104] C:\bílé peklo.avi
[21/07/2010 - 00:57:58 | A | 0] C:\CONFIG.SYS
[21/07/2010 - 01:04:17 | D ] C:\Documents and Settings
[21/07/2010 - 00:57:58 | RASH | 0] C:\IO.SYS
[21/07/2010 - 00:57:58 | RASH | 0] C:\MSDOS.SYS
[21/07/2010 - 20:18:38 | RHD ] C:\MSOCache
[02/03/2006 - 13:00:00 | RASH | 47564] C:\NTDETECT.COM
[22/07/2010 - 15:38:39 | RASH | 250576] C:\ntldr
[04/11/2010 - 18:21:51 | ASH | 792723456] C:\pagefile.sys
[03/11/2010 - 17:09:07 | RD ] C:\Program Files
[04/11/2010 - 18:31:44 | SHD ] C:\RECYCLER
[03/11/2010 - 17:05:11 | D ] C:\rsit
[21/07/2010 - 01:01:54 | SHD ] C:\System Volume Information
[04/11/2010 - 18:31:44 | D ] C:\UsbFix
[04/11/2010 - 18:31:45 | A | 905] C:\UsbFix.txt
[13/10/2010 - 18:20:15 | A | 734212096] C:\vrazda.ing.certa.xvid.cz-bbb7.avi
[02/11/2010 - 11:21:13 | D ] C:\WINDOWS
[18/10/2010 - 22:52:43 | A | 471881728] C:\Zivot Po Lidech 8- Vzacne kovy-dokument.CZ.avi
[21/07/2010 - 21:27:51 | D ] D:\Dokumenty táta
[26/09/2008 - 10:52:40 | A | 3659913] D:\FileZilla_3.1.3_win32-setup.exe
[21/07/2010 - 21:27:52 | D ] D:\FreeRapid-0.81
[21/07/2010 - 21:27:54 | D ] D:\game
[21/07/2010 - 21:29:12 | D ] D:\gothic
[21/07/2010 - 21:32:12 | D ] D:\hjsplit
[21/07/2010 - 21:27:32 | D ] D:\INTRPLAY
[18/10/2010 - 20:53:41 | RAD ] D:\Machr
[28/10/2010 - 23:32:45 | D ] D:\Music
[04/11/2010 - 18:31:44 | SHD ] D:\RECYCLER
[20/05/2009 - 16:43:04 | A | 781909] D:\RSIT.exe
[21/07/2010 - 21:34:47 | D ] D:\SopCast
[21/07/2010 - 12:42:44 | D ] D:\Stronghold Crusader
[22/07/2010 - 01:54:03 | SHD ] D:\System Volume Information
[21/07/2010 - 02:00:32 | D ] D:\Všehochuť
[21/07/2010 - 21:33:08 | D ] D:\zaver
[16/04/2003 - 19:25:38 | RD ] E:\Audio
[09/05/2003 - 06:41:58 | RD ] E:\Crack
[16/04/2003 - 15:50:18 | R | 512] E:\data3.cab

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
G:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | E.O.F |

TwiggyRamirez · #4 Příspěvek od **TwiggyRamirez** » 04 lis 2010 18:42

OTM log:

All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\002617_.tmp moved successfully.
C:\WINDOWS\SET21.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP14D.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1B3.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP22E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP23D.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP250.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP31F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP33F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA2.tmp folder moved successfully.
C:\WINDOWS\Installer\MSI16B.tmp moved successfully.
C:\WINDOWS\Installer\MSI16D.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\system32\dllcache\drmstor.dll.tmp moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66062 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Pivo
->Temp folder emptied: 1451586 bytes
->Temporary Internet Files folder emptied: 229510 bytes
->Java cache emptied: 788184 bytes
->FireFox cache emptied: 47220865 bytes
->Flash cache emptied: 33455 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 48,00 mb

Restore points cleared and new OTM Restore Point set!

OTM by OldTimer - Version 3.1.17.2 log created on 11042010_183654

#5 Příspěvek od **vyosek** » 04 lis 2010 23:31

Tohle E:\Crack je prosim co

Jak se chova PC

TwiggyRamirez · #6 Příspěvek od **TwiggyRamirez** » 05 lis 2010 00:23

To je CD.

Chová se normálně

#7 Příspěvek od **vyosek** » 05 lis 2010 00:28

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u yahoo toolbaru
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

A pokud nejsou problemy a ani dotazy, je to z me strany vse

TwiggyRamirez · #8 Příspěvek od **TwiggyRamirez** » 05 lis 2010 00:49

Já děkuju moc za rady.

Díky

#9 Příspěvek od **vyosek** » 05 lis 2010 00:53

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

VIRY.CZ

Prosím o kontrolu logu, děkuji

Prosím o kontrolu logu, děkuji

Re: Prosím o kontrolu logu, děkuji

Re: Prosím o kontrolu logu, děkuji

Re: Prosím o kontrolu logu, děkuji

Re: Prosím o kontrolu logu, děkuji

Re: Prosím o kontrolu logu, děkuji

Re: Prosím o kontrolu logu, děkuji

Re: Prosím o kontrolu logu, děkuji

Re: Prosím o kontrolu logu, děkuji