prosím o preventivní kontrolu

[petouf]

To je téměř pravda... Ty ne úplně legální se mi nakonec sesypaly, pořídil jsem si teda pravé, no-a ten crack, ten tam potvora zůstal.

[Márty84]

No jo, tomu muzu verit, ale nemusim, ze Ono po preinstalaci by tam ten crack uz byt nemel, pac nebyl duvod ho znova stahovat, ne? Nebo jste po tom sesypani nenahazoval system znovu?


Stahnete CKScanner http://downloads.malwareremoval.com/CKScanner.exe , ulozte na plochu a spustte.
Kliknete na Search For Files a program zacne pracovat.
Az skonci, kliknete na Save List to File a potvrdte OK
Na plose se vam objevi poznamkovy blok s nazvem ckfiles. Jeho obsah mi sem zkopirujte

Stahnete WVCheck http://wvcheck.artellos.com/WVCheck.exe , ulozte ho na plochu a spustte.
Zmacknete Enter a program zacne pracovat.
Az skonci, sam vytvori na plose log (poznamkovy blok s nazvem WVCheck_cas_datum). Jeho obsah opet zkopirujte sem

[petouf]

Tak tady to je:
CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.TFAPMK
----- EOF -----




Windows Validation Check
Version: 1.9.12.5
Log Created On: 0852_11-05-2012
-----------------------

Windows Information
-----------------------
Windows Version: Windows XP Service Pack 3
Windows Mode: Normal
Systemroot Path: C:\WINDOWS

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates automatically, but ask me when I want to install them.
-----------------------
Last Success Time for Update Detection: 2012-05-11 05:44:56
Last Success Time for Update Download: 2012-05-11 05:52:06
Last Success Time for Update Installation: 2012-04-11 07:08:04


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
WVCheck found no known bad files.


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - e16e0990967374e76f3e40cacafd3d53


-------- End of File, program close at 0852_11-05-2012 --------

Díky za čas

[Márty84]

Vecer vam tu dam skript pro OTL. Jeste predtim ale udelejte toto

Udelejte uplnou kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a pokud neco najde, dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce.

[petouf]

Tak po šesti hodinách zkontrolován 1disk...
Našlo to toto, klidně to smažu, myslím, že to nepotřebuji...


Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.61.0.1400
www.malwarebytes.org

Verze databáze: v2012.05.11.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Administrator :: PPP-CCE959B58B8 [administrátor]

Ochrana: Povolena

11.5.2012 11:31:58
mbam-log-2012-05-11 (19-03-04).txt

Typ: Úplná kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 87108
Uplynulý čas: 7 hodin, 14 minut, 41 sekund [přerušeno]

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 2
C:\Program Files\ABBYY FineReader 10\10.0.102.130.exe (PUP.Hacktool.Patcher) -> Žádná instrukce nebyla provedena.
C:\Program Files\ABBYY FineReader 10\FixFiles\10.0.102.130.exe (PUP.Hacktool.Patcher) -> Žádná instrukce nebyla provedena.

(konec)

Dík a pěkný víkend!

[Márty84]

Dik za prani, napodobne

Soubory, co nasel MBAM, projistotu nejdrive otestujte na virustotal, pripadne jotti http://forum.viry.cz/viewtopic.php?f=29&t=5846
Vysledek oznamte, nebo zkopirujte odkazy.
Jinak koukam, ze ten test trval nejak moc dlouho a navic byl prerusen



Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Znovu spustte OTL
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

:otl
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
[14 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[7 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[2011.10.11 06:06:32 | 005,338,927 | ---- | M] () -- \Documents and Settings\Administrator\Dokumenty\Stažené soubory\windows-xp-crack-sp1-sp2-sp3-by-unknown.rar
@Alternate Data Stream - 6144 bytes -> C:\WINDOWS\Cursors\arrow_n.cur:NEDTA.DAT
@Alternate Data Stream - 305 bytes -> C:\Program Files\Dacris Benchmarks 8.1:results.txt
@Alternate Data Stream - 184 bytes -> C:\Program Files\Dacris Benchmarks 8.1:local.txt
@Alternate Data Stream - 128 bytes -> C:\Program Files\Dacris Benchmarks 8.1:prime.txt
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:1AAB2E68

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[EMPTYTEMP]
[Purity]
[EMPTYFLASH]

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

[petouf]

Tak test souborů vyšel viz obr. Některé antiviry ho označily, jiné ne.
Co se skriptu týká, je tam odkaz na ten neštastný crack(...\Dokumenty\Stažené soubory\windows-xp-crack-sp1-sp2-sp3-by-unknown.rar)... No a já ho ho ještě před spuštěním smáznul - fakt ho nepotřebuju - nevěda, že na něj skript ukazuje. Asi proto mi OTL pak nic nedělalo . Tak za to se omlouvám, byl jsem příliš aktivní. Co se přerušení testu MBAM týká, přerušil jsem ho já, protože jsem tam měl předvoleny všechny disky na test, ale ten byl tak dlouý, že jsem ho po skenu "C" musel vypnout. Mohu sken spustit na všechny disky znova, bude-li třeba...

[Márty84]

Nalezy MBAM tedy nechte odstranit, jako havet to oznacilo dost antiviru a mezi nimi i nektere z tech lepsich
Bylo by lepsi, kdyby to projel vsechno. Pustte to treba pres noc.

Co se OTL tyka, i kdyz jste to smazal, OTL by to mel preskocit a v logu napsat, ze soubor nenasel.
Zkuste to tedy s timto skriptem, ale v nouzovem rezimu (restartujte pc, mackejte klavesu F8 - pripadne jinou, zalezi na typu stroje a zvolte moznost nouzovy rezim, nebo tady jiny postup http://forum.viry.cz/viewtopic.php?f=46&t=7554 )

Kód: Vybrat vše

:otl
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
[14 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[7 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
@Alternate Data Stream - 6144 bytes -> C:\WINDOWS\Cursors\arrow_n.cur:NEDTA.DAT
@Alternate Data Stream - 305 bytes -> C:\Program Files\Dacris Benchmarks 8.1:results.txt
@Alternate Data Stream - 184 bytes -> C:\Program Files\Dacris Benchmarks 8.1:local.txt
@Alternate Data Stream - 128 bytes -> C:\Program Files\Dacris Benchmarks 8.1:prime.txt
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:1AAB2E68

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[EMPTYTEMP]
[Purity]
[EMPTYFLASH]

[petouf]

Tak jsem dodělal test pomocí Malwarebytes - teď to šlo rychleji - něco tam ještě je, hlásí to toto:

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.61.0.1400
www.malwarebytes.org

Verze databáze: v2012.05.15.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Administrator :: PPP-CCE959B58B8 [administrátor]

Ochrana: Povolena

15.5.2012 15:32:16
mbam-log-2012-05-16 (08-05-27).txt

Typ: Úplná kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 261810
Uplynulý čas: 3 hodin, 4 minut, 48 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 2
C:\System Volume Information\_restore{D79A8983-16D3-4D27-8FE5-01CEF646D9B2}\RP181\A0033933.exe (PUP.Hacktool.Patcher) -> Žádná instrukce nebyla provedena.
D:\System Volume Information\_restore{D79A8983-16D3-4D27-8FE5-01CEF646D9B2}\RP181\A0033998.exe (RiskWare.Tool.CK) -> Žádná instrukce nebyla provedena.

(konec)

Dále jsem spustil OTL v nouzovém režimu a vyšlo z něho toto:
All processes killed
========== OTL ==========
Service HidServ stopped successfully!
Service HidServ deleted successfully!
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP12.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP12E.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP141.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP16D.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP181.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP186.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1AF.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1C9.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP201.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP205.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2D8.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3B9.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP49A.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP65C.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6C.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP73D.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA4.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAC.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD.tmp folder deleted successfully.
C:\WINDOWS\Installer\MSI100.tmp deleted successfully.
C:\WINDOWS\Installer\MSI144.tmp deleted successfully.
C:\WINDOWS\Installer\MSI14A.tmp deleted successfully.
C:\WINDOWS\Installer\MSI1F3.tmp deleted successfully.
C:\WINDOWS\Installer\MSI26.tmp deleted successfully.
C:\WINDOWS\Installer\MSI4C.tmp deleted successfully.
C:\WINDOWS\Installer\MSIA4.tmp deleted successfully.
C:\WINDOWS\Installer\MSIB1.tmp deleted successfully.
C:\WINDOWS\Installer\MSICA.tmp deleted successfully.
ADS C:\WINDOWS\Cursors\arrow_n.cur:NEDTA.DAT deleted successfully.
ADS C:\Program Files\Dacris Benchmarks 8.1:results.txt deleted successfully.
ADS C:\Program Files\Dacris Benchmarks 8.1:local.txt deleted successfully.
ADS C:\Program Files\Dacris Benchmarks 8.1:prime.txt deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:1AAB2E68 deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 22141538 bytes
->Temporary Internet Files folder emptied: 42869 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 165359985 bytes
->Google Chrome cache emptied: 103722636 bytes
->Flash cache emptied: 16755 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 443533 bytes

Total Files Cleaned = 278,00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 05162012_110023

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Tak pokud ještě mohu poprosit o opravu.
Dík, přeji pěkný den!

[Márty84]

MBAM hlasi havet v bodech obnovy, takze je vymazte podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=46&t=47040
Nezapomente tu funkci pak zase zapnout!

OTL provedlo co melo.

Dejte mi sem aktualni log z RSIT a napiste, jak se chova pc

[petouf]

Tak dík, zdá se, že se to už tolik nekouše, jen ten správce úloh je stále "invalidní" (viz foto), ale není to tragedie, spíš zajímavost
Tady je ještě ten log:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2012-05-23 08:59:02
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (17%) free of 20 GB
Total RAM: 503 MB (17% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:59:59, on 23.5.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ConMet\ConMet.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Software602\Print2PDF\Print2PDF.exe
C:\Program Files\Kalendar\kalendar.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\Program Files\System Explorer\SystemExplorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\Program Files\System Explorer\service\SystemExplorerService.exe
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Optimization Client\bmctl.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrator\Plocha\údržba PC\specialy\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ConMet] C:\Program Files\ConMet\ConMet.exe
O4 - HKLM\..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Print2PDF Print Monitor] "C:\Program Files\Software602\Print2PDF\Print2PDF.exe" /server
O4 - HKCU\..\Run: [Kalendar] C:\Program Files\Kalendar\kalendar.exe
O4 - HKCU\..\Run: [SystemExplorerAutoStart] "C:\Program Files\System Explorer\SystemExplorer.exe" /TRAY
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SystemExplorerDisabled
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrator\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: System Explorer Service (SystemExplorerHelpService) - Mister Group - C:\Program Files\System Explorer\service\SystemExplorerService.exe
O23 - Service: Vodafone Mobile Connect Service (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe

--
End of file - 6878 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\k9ukgxjv.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"ff-bmboc@bytemobile.com"=C:\Program Files\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@parallelgraphics.com/Cortona]
"Description"=Cortona VRML Plugin
"Path"=C:\Program Files\Common Files\ParallelGraphics\Cortona\npCortona.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=602XML Filler Plugin
"Path"=C:\Program Files\Software602\602XML\Filler\npfiller.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
npCortona.xpt

C:\Program Files\Mozilla Firefox\plugins\
npCortona.dll
npdeployJava1.dll
NPOFF12.DLL
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\k9ukgxjv.default\extensions\
{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-15 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-11-15 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\core.3.dll [2011-05-25 1145888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-07-01 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-07-01 118784]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-02-23 4031368]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2011-10-07 1387288]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"ConMet"=C:\Program Files\ConMet\ConMet.exe [2012-04-13 4706816]
"MobileBroadband"=C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [2011-07-14 279552]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408]
"Print2PDF Print Monitor"=C:\Program Files\Software602\Print2PDF\Print2PDF.exe [2011-10-04 220992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Kalendar"=C:\Program Files\Kalendar\kalendar.exe [2005-11-09 580608]
"SystemExplorerAutoStart"=C:\Program Files\System Explorer\SystemExplorer.exe [2012-03-23 2642064]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2007-08-24 101784]

C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
SystemExplorerDisabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-07-01 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2011-09-27 66328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter"
"C:\Program Files\Common Files\soft602\langserv.exe"="C:\Program Files\Common Files\soft602\langserv.exe:*:Enabled:Software602 Spell Checker"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"midi"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-05-21 15:07:59 ----D---- C:\Documents and Settings\Administrator\Data aplikací\DVDVideoSoft
2012-05-21 15:06:13 ----D---- C:\Documents and Settings\Administrator\Data aplikací\DVDVideoSoftIEHelpers
2012-05-21 15:02:43 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2012-05-21 15:02:42 ----D---- C:\Program Files\DVDVideoSoft
2012-05-21 14:13:58 ----D---- C:\Documents and Settings\Administrator\Data aplikací\MusicBrainz
2012-05-21 14:13:06 ----D---- C:\Program Files\MusicBrainz Picard
2012-05-21 14:01:22 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Google
2012-05-21 09:05:06 ----A---- C:\WINDOWS\system32\cdintf450_x64.dll
2012-05-21 09:04:52 ----A---- C:\WINDOWS\system32\gdpdfplug.dll
2012-05-21 09:04:51 ----A---- C:\WINDOWS\system32\cdintf450.dll
2012-05-21 09:04:11 ----D---- C:\Documents and Settings\Administrator\Data aplikací\InstallShield
2012-05-21 09:03:38 ----D---- C:\Documents and Settings\Administrator\Data aplikací\602XML
2012-05-21 09:03:20 ----D---- C:\Documents and Settings\Administrator\Data aplikací\602Installer
2012-05-21 09:01:57 ----D---- C:\Program Files\Common Files\soft602
2012-05-21 09:01:53 ----D---- C:\Program Files\Common Files\Freedom Scientific
2012-05-21 09:01:44 ----D---- C:\Program Files\Software602
2012-05-16 08:14:08 ----A---- C:\WINDOWS\ntbtlog.txt
2012-05-14 09:33:39 ----D---- C:\_OTL
2012-05-11 11:25:53 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
2012-05-11 11:25:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2012-05-11 11:25:14 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2012-05-11 11:25:13 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-05-11 09:54:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2659262$
2012-05-11 08:40:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2686509$
2012-05-11 08:39:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2695962$
2012-05-11 08:33:41 ----A---- C:\WINDOWS\imsins.BAK
2012-05-11 08:33:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2676562$
2012-05-04 08:32:18 ----D---- C:\_OTM
2012-04-27 13:53:10 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Stellarium
2012-04-27 13:52:06 ----D---- C:\Program Files\Stellarium
2012-04-26 11:01:42 ----D---- C:\Program Files\trend micro
2012-04-26 11:01:39 ----D---- C:\rsit
2012-04-25 13:37:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Mozilla
2012-04-25 13:37:38 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-04-24 11:07:40 ----A---- C:\WINDOWS\system32\drivers\rfcomm.sys
2012-04-24 11:07:38 ----A---- C:\WINDOWS\system32\drivers\BthEnum.sys
2012-04-24 11:07:35 ----A---- C:\WINDOWS\system32\irmon.dll
2012-04-24 11:07:30 ----A---- C:\WINDOWS\system32\irftp.exe
2012-04-24 11:07:27 ----A---- C:\WINDOWS\system32\wshirda.dll
2012-04-24 11:07:08 ----A---- C:\WINDOWS\system32\drivers\BTHUSB.SYS

======List of files/folders modified in the last 1 month======

2012-05-23 08:59:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\ConMet
2012-05-23 08:31:06 ----D---- C:\Documents and Settings\Administrator\Data aplikací\ConMet
2012-05-23 08:09:42 ----D---- C:\WINDOWS\Temp
2012-05-23 07:57:35 ----D---- C:\WINDOWS\system32\drivers
2012-05-22 16:59:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-05-22 16:51:20 ----D---- C:\WINDOWS\Prefetch
2012-05-22 14:38:24 ----D---- C:\Program Files\The KMPlayer
2012-05-22 13:56:24 ----SHD---- C:\WINDOWS\Installer
2012-05-22 13:08:02 ----D---- C:\WINDOWS\Microsoft.NET
2012-05-22 12:27:04 ----D---- C:\WINDOWS
2012-05-22 09:05:28 ----D---- C:\WINDOWS\WinSxS
2012-05-22 09:05:27 ----D---- C:\WINDOWS\system32
2012-05-22 09:05:26 ----D---- C:\Program Files\MSXML 4.0
2012-05-21 15:03:10 ----RSD---- C:\WINDOWS\assembly
2012-05-21 15:02:43 ----D---- C:\Program Files\Common Files
2012-05-21 15:02:42 ----RD---- C:\Program Files
2012-05-21 13:53:07 ----D---- C:\Program Files\Google
2012-05-21 13:46:43 ----SD---- C:\WINDOWS\Tasks
2012-05-21 09:04:34 ----HD---- C:\Program Files\InstallShield Installation Information
2012-05-18 08:36:35 ----HD---- C:\WINDOWS\inf
2012-05-18 08:36:28 ----D---- C:\WINDOWS\system32\CatRoot2
2012-05-15 15:24:17 ----D---- C:\WINDOWS\pchealth
2012-05-15 08:31:57 ----D---- C:\WINDOWS\Registration
2012-05-15 08:23:46 ----D---- C:\Program Files\ABBYY FineReader 10
2012-05-14 12:03:23 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-05-11 09:53:31 ----D---- C:\WINDOWS\system32\XPSViewer
2012-05-11 09:22:42 ----A---- C:\WINDOWS\system32\MRT.exe
2012-05-11 09:07:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-05-11 08:40:26 ----D---- C:\Program Files\Mozilla Firefox
2012-05-11 08:40:16 ----HD---- C:\WINDOWS\$hf_mig$
2012-05-11 08:33:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-05-04 08:33:00 ----D---- C:\WINDOWS\system32\drivers\etc
2012-04-24 11:07:17 ----D---- C:\WINDOWS\security
2012-04-24 11:06:33 ----A---- C:\WINDOWS\nwc.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BMLoad;Bytemobile Boot Time Load Driver; C:\WINDOWS\system32\drivers\BMLoad.sys [2010-03-11 13184]
R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2011-03-18 25240]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2012-04-18 477240]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-03-07 24920]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2012-02-23 35672]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-02-23 610648]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-02-23 337112]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-02-23 53848]
R1 EterlogicVirtualSerialDriver;EterlogicVirtualSerialDriver; \??\C:\WINDOWS\system32\drivers\VSPE.sys []
R1 tcpipBM;Bytemobile Kernel Network Provider; \??\C:\WINDOWS\system32\drivers\tcpipBM.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-02-23 20696]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-02-23 95704]
R2 LBeepKE;Logitech Beep Suppression Driver; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2011-09-02 12184]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2008-04-14 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2008-04-14 55936]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 ewusbnet;HUAWEI USB-NDIS miniport; C:\WINDOWS\system32\DRIVERS\ewusbnet.sys [2011-07-12 237440]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 huawei_enumerator;huawei_enumerator; C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys [2011-07-12 73344]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2011-07-12 192768]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-07-01 724221]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2011-09-02 41240]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2011-09-02 39192]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2011-09-02 30360]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-14 20992]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum; C:\WINDOWS\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [2010-09-01 80000]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 BthEnum;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys [2011-07-12 102784]
S3 hwusbfake;Huawei DataCard USB Fake; C:\WINDOWS\system32\DRIVERS\ewusbfake.sys []
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys []
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 rtl8185;Realtek RTL8185 54M Wireless LAN Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\rtl8185.sys [2010-03-23 835616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WinUSB;Sony Ericsson USB Device sa0101 Driver; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-02-23 44768]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 VmbService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-07-14 9216]
R3 SystemExplorerHelpService;System Explorer Service; C:\Program Files\System Explorer\service\SystemExplorerService.exe [2012-03-01 536208]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-05-21 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 257696]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-05-21 116648]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2011-09-27 295192]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Díky moc, přeji pěkný den!

[Márty84]

Co se vam na tom spravci nezda?

Jestli nepotrebujete, aby to bezelo hned po startu, spustte tento soubor C:\Program Files\trend micro\Administrator.exe a fixnete toto (navod stejny jako minule)

O4 - HKLM\..\Run: [ConMet] C:\Program Files\ConMet\ConMet.exe
O4 - HKLM\..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent

Odinstalujte MBAM, bezi vam spolecne s Avastem a to nedela dobrotu, navic zere zbytecne pamet.

Uvolnete nejake misto na disku, blizite se doporucovanemu minimu.



Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Znovu spustte OTL
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
[-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

:services
gupdate
AdobeFlashPlayerUpdateSvc
gupdatem

:commands
[EMPTYTEMP]
[Purity]
[EMPTYFLASH]

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

[petouf]

Tak zdá se, že to běhá. U toho správce se mi nelíbilo, že nemá rámeček, ale už jsem ho objevil
Tady je log, snad bude ok...
All processes killed
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 10749828 bytes
->Temporary Internet Files folder emptied: 8453257 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 412050941 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 470 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 120582668 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 526,00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 05282012_130253

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Dík a přeju pěkný den!

[Márty84]

Vidite, toho ramecku jsem si vubec nevsim Ja koukal hlavne na ty hodnoty A kde se schovaval, hajzlik?


Log je OK


Stahnete si OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.

Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustte
Kliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat

Stahnete Ccleaner http://www.stahuj.centrum.cz/utility_a_ ... /ccleaner/ a spustte.
Pri instalaci pozor na toolbar, jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!

Defragmentujte disk
Stahnete napriklad program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci



No a vic z toho asi nevymacknem. Precejen, ta RAMka neni nic moc.

Hlidejte si to misto na disku. 3GB uz je opravdu minimum.

A aktualizujte si Internet Explorer, i kdyz jej treba nepouzivate. Jelikoz je vlastne soucasti windows, zbytecne tim otevirate vratka haveti.

No a pokud nebudou po vsech tech krocich nejake problemy, melo by to byt vse

[petouf]

Tak dík moc, šlape to v mezích možností PC
Se správcem úloh to bylo jednoduché - dvoukliknul jsem na šedivý rámeček - a záložky se objevily. Nějaká vlastnost
Tak přeji pěkný den a posílám obolos
Přeji pěkný víkend