trojan System Tool - prosím o kontrolu logů

[mattey]

Ano, myslím, že vše funguje jak má.
Mám ještě poslat nějaký log?

Myslím, že problém byl odstraněn a zabezpečení jsem zlepšil. Nerad bych Vás zdržoval, když Vaše rady potřebují další. Pokud mi ještě něco můžete doporučit, rád si to přečtu.

Kdybych na nějaký problém ještě narazil, založím si kdyžtak nové téma.


S Vaší pomocí jsem nadmíru spokojen - určitě Vaše fórum podpořím (dle Vašeho podpisu).


Ještě jeden dotaz:
Tohle konkrétní téma které jsem založil, zde zůstane trvale? Nebo bude za nějaký čas smazáno? Myslím, že pokud bude mít někdo podobný problém, založí si vlastní téma. Napadlo mě ale, jestli nemůže někdo moje logy v budoucnu zneužít.

[mattey]

Jo a ta konzola při startu vypadá opravdu takto. Jen je to dost rychlé. Zkusím příště zmáčknout tu šipku.

[vyosek]

Mazeme temata starsi cca tri roky

Zneuziti, nevim jak by se dalo - zadne osobni udaje v logu nejsou. Pokud jej nekdo bude chtit zneuzit (ze si zde bude chtit resit svuj problem, tak bude pokaran a upozornen, ze si ma zalozit nove tema). Vy pokud budete mit v budoucnu nejaky novy problem, tak si zalozte tez nove tema, at se nam to tu neplete - pokud byste chtel radu ode me, tak do predmetu napiste "pro vyosek" a kolegove mi to nechaji

Pokud by byl nejaky problem tak napiste

Jinak muzete jeste poslat novy log z RSIT pro kontrolu

Jinak za podporu fora jmenem celeho tymu dekuji

[mattey]

Tady je pro jistotu ten log. Všimnul jsem si že je tam ještě něco o ICQ Lite a když jsem mrknul do Program Files, zjistil jem, že jsou tam stále složky ICQ a ICQ Toolbar a v nich pár souborů. CCleaner ale nenašel žádné zbytky v registrech a mezi programy už je taky nevidí.
Mám ty složky ICQ a ICQ Toolbar smazat ručně?




Logfile of random's system information tool 1.08 (written by random/random)
Run by mattey at 2011-02-20 19:57:45
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (10%) free of 76 GB
Total RAM: 2046 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:57:56, on 20.2.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\PROGRA~1\KLAVES~1\MEDIAK~1\MagicKey.exe
C:\PROGRA~1\KLAVES~1\MEDIAK~1\OSD.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Instalace\ZABEZPEČENÍ\_pro případ krize\RSIT - diagnostický program\RSIT.exe
C:\Program Files\trend micro\mattey.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {288A232E-4AC3-4EED-86D5-07CEB38B89A1} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [MagicKey] C:\PROGRA~1\KLAVES~1\MEDIAK~1\MagicKey.exe
O4 - HKLM\..\Run: [SmartSync - ScheduleSync] C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A6112F2-F9D1-4FBF-A6EC-B67B22915873} -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: byXNhggh - Invalid registry found
O20 - Winlogon Notify: cryptnet32 - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 7483 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{288A232E-4AC3-4EED-86D5-07CEB38B89A1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-01-30 16116224]
"nwiz"=nwiz.exe /installquiet []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-03-17 7561216]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2006-02-17 163840]
"MagicKey"=C:\PROGRA~1\KLAVES~1\MEDIAK~1\MagicKey.exe [2004-03-15 45056]
"SmartSync - ScheduleSync"=C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE [2005-10-21 45056]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-05-25 1957888]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-03-18 630784]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CorelDRAW Graphics Suite 11b]
C:\Program Files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe [2004-06-23 729088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2011-01-13 2424560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ICQ Service"=2

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\Documents and Settings\mattey\Nabídka Start\Programy\Po spuštění

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byXNhggh]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Firewall GUI"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ZZZ_Gamesy\OpenArena\ioquake3.x86.exe"="C:\Program Files\ZZZ_Gamesy\OpenArena\ioquake3.x86.exe:*:Enabled:ioquake3.x86"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2011-02-20 17:32:28 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-02-20 17:32:27 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-02-20 17:32:26 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-02-20 17:32:25 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-02-20 17:32:25 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-02-20 17:32:25 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-02-20 17:32:23 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-02-20 17:31:54 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-02-20 15:40:28 ----D---- C:\Documents and Settings\mattey\Data aplikací\SUPERAntiSpyware.com
2011-02-20 15:40:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-02-20 15:38:56 ----D---- C:\Program Files\SUPERAntiSpyware
2011-02-19 18:04:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2011-02-19 18:04:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2485376$
2011-02-19 18:04:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2479628$
2011-02-19 18:04:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2011-02-19 18:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2476687$
2011-02-19 18:01:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2011-02-19 18:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$
2011-02-18 18:13:24 ----D---- C:\rsit
2011-02-18 17:38:08 ----D---- C:\Program Files\CCleaner
2011-02-17 23:04:35 ----SHD---- C:\RECYCLER
2011-02-17 21:16:44 ----A---- C:\Boot.bak
2011-02-17 21:16:36 ----RASHD---- C:\cmdcons
2011-02-17 19:55:47 ----D---- C:\Program Files\trend micro
2011-02-17 18:31:13 ----D---- C:\Documents and Settings\mattey\Data aplikací\Malwarebytes
2011-02-17 18:31:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-02-17 18:31:04 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-02-17 18:31:01 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-02-17 18:31:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-02-17 17:54:53 ----D---- C:\WINDOWS\CSC
2011-02-14 16:41:19 ----D---- C:\Program Files\Western Digital
2011-02-14 16:41:19 ----A---- C:\WINDOWS\system32\drivers\wdcsam.sys

======List of files/folders modified in the last 1 months======

2011-02-20 19:08:55 ----D---- C:\Program Files
2011-02-20 19:07:01 ----D---- C:\WINDOWS\Temp
2011-02-20 17:43:29 ----D---- C:\Documents and Settings\mattey\Data aplikací\OpenOffice.org2
2011-02-20 17:32:28 ----D---- C:\WINDOWS\system32\drivers
2011-02-20 17:32:08 ----D---- C:\Config.Msi
2011-02-20 17:32:06 ----D---- C:\WINDOWS\WinSxS
2011-02-20 17:32:03 ----SHD---- C:\WINDOWS\Installer
2011-02-20 17:31:57 ----D---- C:\WINDOWS
2011-02-20 17:31:54 ----D---- C:\WINDOWS\system32
2011-02-20 17:31:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2011-02-20 17:14:09 ----D---- C:\WINDOWS\system32\CatRoot2
2011-02-20 17:12:27 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-02-20 00:41:46 ----D---- C:\WINDOWS\Prefetch
2011-02-20 00:19:03 ----D---- C:\Instalace
2011-02-19 23:38:20 ----D---- C:\Documents and Settings\mattey\Data aplikací\Winamp
2011-02-19 23:34:28 ----D---- C:\Documents and Settings\mattey\Data aplikací\Media Player Classic
2011-02-19 23:34:27 ----D---- C:\WINDOWS\Debug
2011-02-19 23:26:21 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2011-02-19 23:26:17 ----D---- C:\Program Files\Lavasoft
2011-02-19 23:06:15 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-02-19 23:04:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-02-19 18:04:42 ----HD---- C:\WINDOWS\inf
2011-02-19 18:04:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-02-19 18:02:51 ----A---- C:\WINDOWS\system32\MRT.exe
2011-02-19 18:02:22 ----D---- C:\Program Files\Internet Explorer
2011-02-19 18:02:01 ----D---- C:\WINDOWS\ie8updates
2011-02-19 18:01:57 ----HD---- C:\WINDOWS\$hf_mig$
2011-02-18 16:19:15 ----SHD---- C:\System Volume Information
2011-02-18 16:19:15 ----D---- C:\WINDOWS\system32\Restore
2011-02-18 16:14:59 ----D---- C:\WINDOWS\Minidump
2011-02-17 23:04:04 ----D---- C:\WINDOWS\system32\drivers\etc
2011-02-17 22:37:10 ----A---- C:\WINDOWS\system.ini
2011-02-17 22:34:47 ----D---- C:\WINDOWS\system32\config
2011-02-17 22:33:32 ----SD---- C:\WINDOWS\Tasks
2011-02-17 22:31:44 ----D---- C:\WINDOWS\AppPatch
2011-02-17 22:31:42 ----D---- C:\Program Files\Common Files
2011-02-17 21:16:44 ----RASH---- C:\boot.ini
2011-02-17 20:49:27 ----D---- C:\Program Files\Mozilla Firefox
2011-02-17 17:51:29 ----A---- C:\WINDOWS\win.ini
2011-02-16 22:09:09 ----A---- C:\WINDOWS\NeroDigital.ini
2011-02-14 16:41:19 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-02-05 03:20:36 ----D---- C:\Documents and Settings\mattey\Data aplikací\Skype
2011-02-05 00:05:51 ----D---- C:\Documents and Settings\mattey\Data aplikací\skypePM
2011-01-22 18:01:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2011-01-21 15:44:07 ----A---- C:\WINDOWS\system32\shimgvw.dll
2011-01-21 15:44:07 ----A---- C:\WINDOWS\system32\shell32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2007-05-24 49920]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PenClass;Pen Class; C:\WINDOWS\system32\Drivers\PenClass.sys [2001-04-09 8138]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-11-18 685816]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-01-13 29392]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 302000]
R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2006-11-10 31360]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2006-11-10 33792]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 72624]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 UGURU;UGURU; C:\WINDOWS\system32\drivers\uGuru.sys [2006-05-03 14592]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-01-13 100176]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2006-05-09 13824]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-01-30 4474368]
R3 MouseCap;MouseCapture Driver; C:\WINDOWS\System32\Drivers\MouseCap.sys [2005-08-08 6640]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-03-17 3655712]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-02 5888]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vsbus;Virtual Serial Bus Enumerator; C:\WINDOWS\system32\DRIVERS\vsb.sys [2005-11-30 15264]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2006-11-10 102912]
S2 ELOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2007-02-07 56088]
S3 actser;actser; C:\WINDOWS\system32\drivers\actser.sys [2005-11-30 29440]
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2007-02-07 118552]
S3 apnccnmz;apnccnmz; C:\WINDOWS\system32\drivers\apnccnmz.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Memctl;Memctl; \??\C:\Program Files\U-ABIT\FlashMenu\Memctl.sys []
S3 Moufiltr;Mouse Test Driver; C:\WINDOWS\system32\DRIVERS\Moufiltr.sys [2005-08-06 9661]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 STIrUsb;SigmaTel USB-IrDA Dongle; C:\WINDOWS\system32\DRIVERS\irstusb.sys [2001-08-17 26624]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vserial;ELTIMA Virtual Serial Ports Driver; C:\WINDOWS\System32\DRIVERS\vserial.sys [2005-11-30 47744]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S3 Winflash;WINFLASH; \??\C:\Program Files\U-ABIT\FlashMenu\WinFlash.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero 7\InCD\InCDsrv.exe [2006-11-10 859136]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-09 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-03-17 143426]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 1234480]
R2 TabletService;TabletService; C:\WINDOWS\system32\Tablet.exe [2005-10-19 749568]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[mattey]

Malá oprava - jsou tam solžky:
ICQ6Toolbar
ICQToolbar

Ale to není až takový rozdíl...

[vyosek]

Spustte HJT a provedeme fixnuti polozek

• HJT najdete zde C:\Program Files\trend micro\mattey.exe
• Otevre se Vam okno, kliknete na Do a system scan only
• V dalsim okne najdete radky které jsem Vam vypsal nize, vedle nich je ctverecek, do ktereho udelate zatrzitko
• O2 - BHO: (no name) - {288A232E-4AC3-4EED-86D5-07CEB38B89A1} - (no file)
  O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
  O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
  O16 - DPF: {0A6112F2-F9D1-4FBF-A6EC-B67B22915873} -
  O20 - Winlogon Notify: byXNhggh - Invalid registry found
  O20 - Winlogon Notify: cryptnet32 - Invalid registry found
• Kliknete na Fix checked (vlevo dole)
• HJT se Vas zepta zda opravdu ANO, s tim souhlasite a je hotovo

Slozky smazte rucne

Pozor na volne misto na disku, jak klesne pod 5 giga, tak se zacnou windows dusit

Jinak log vypada OK

[mattey]

Provedeno.
Disk se chystám brzy promazat a důležíté zálohovat.

Díky za pomoc. Rád se na Vás příště zase obrátím:-)

[vyosek]

Nemate zac, rad jsem pomohl Zase nekdy