Občasné varování Avastu. Zdá se pomalejší net.

Zpráva

alias75 · #1 Příspěvek od **alias75** » 03 kvě 2010 07:47

Dobrý den.
Jak je uvedeno v nadpisu. Sem tam vyskočí hláška Avastu. Různé, bohužel jsem
je nestihl zapsat hlášku.
Dále se mě zdá pomalejší net, ale to je pouze subjektivní pocit.

Děkuji
_____________________________________________________________________
Logfile of random's system information tool 1.06 (written by random/random)
Run by 75alias at 2010-05-03 08:43:02
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 75 GB (57%) free of 132 GB
Total RAM: 1023 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:44:05, on 3.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\TeamViewer\Version4\TeamViewer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\real\realplayer\RealPlay.exe
c:\program files\real\realplayer\RealPlay.exe
c:\program files\real\realplayer\RealPlay.exe
c:\program files\real\realplayer\RealPlay.exe
C:\Documents and Settings\75alias\Plocha\GPX_premium\RSIT.exe
c:\program files\real\realplayer\RealPlay.exe
C:\Program Files\trend micro\75alias.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\75alias\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\75alias\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 11890 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-606747145-1935655697-725345543-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-1935655697-725345543-1004.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2010-01-30 520192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-04-01 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Documents and Settings\75alias\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-07-14 150768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-11 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2010-01-30 520192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-01-15 13680640]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-01-15 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-08-14 16050176]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-11-02 167936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
""= []
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2008-04-04 88584]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-04-01 202256]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"OEXPRESS"=C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE [2010-01-30 26624]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144]
"WEBTRAN"= []

C:\Documents and Settings\75alias\Nabídka Start\Programy\Po spuštění
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Internet Camera\admin\admin.exe"="C:\Program Files\Internet Camera\admin\admin.exe:*:Enabled:admin"
"C:\Program Files\Internet Camera\util\util.exe"="C:\Program Files\Internet Camera\util\util.exe:*:Enabled:util"
"C:\Program Files\Internet Camera\util\discover.exe"="C:\Program Files\Internet Camera\util\discover.exe:*:Enabled:discover"
"C:\Program Files\WMU-6500FS\Configure.exe"="C:\Program Files\WMU-6500FS\Configure.exe:*:Enabled:Configure"
"C:\Program Files\Ground Control II\gcii.exe"="C:\Program Files\Ground Control II\gcii.exe:*:Enabled:Ground Control II"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\FileZilla FTP Client\filezilla.exe"="C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client"
"C:\Program Files\Call of Duty\CoDUOMP.exe"="C:\Program Files\Call of Duty\CoDUOMP.exe:*:Enabled:CoDUOMP"
"C:\Program Files\Sniper Elite\SniperElite.exe"="C:\Program Files\Sniper Elite\SniperElite.exe:*:Enabled:SniperElite"
"C:\Program Files\Bohemia Interactive\ArmA\arma.exe"="C:\Program Files\Bohemia Interactive\ArmA\arma.exe:*:Enabled:ArmA"
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe"="C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\Ubisoft\Heroes of Might and Magic V\bin\H5_Game.exe"="C:\Program Files\Ubisoft\Heroes of Might and Magic V\bin\H5_Game.exe:*:Enabled:Heroes of Might and Magic V"
"C:\Documents and Settings\75alias\Local Settings\Temp\Rar$EX00.843\ITNConv.exe"="C:\Documents and Settings\75alias\Local Settings\Temp\Rar$EX00.843\ITNConv.exe:*:Enabled:Itinerary Converter & Planner"
"C:\Documents and Settings\75alias\Local Settings\Temp\Rar$EX00.718\ITNConv.exe"="C:\Documents and Settings\75alias\Local Settings\Temp\Rar$EX00.718\ITNConv.exe:*:Enabled:Itinerary Converter & Planner"
"C:\Program Files\Mockba to Berlin\M2B.exe"="C:\Program Files\Mockba to Berlin\M2B.exe:*:Enabled:Ardennes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07b1965d-0f3c-11df-b1e2-000fea65459f}]
shell\AutoRun\command - N:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac4478f8-8101-11de-addc-00e04c88d73b}]
shell\AutoRun\command - N:\.\Bin\ASSETUP.exe

======List of files/folders created in the last 1 months======

2010-05-03 08:43:08 ----D---- C:\Program Files\trend micro
2010-05-03 08:43:02 ----D---- C:\rsit
2010-04-29 13:05:49 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-04-20 08:50:47 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-20 08:50:41 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-20 08:50:35 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9$
2010-04-20 08:50:34 ----A---- C:\WINDOWS\system32\MRT.INI
2010-04-20 08:48:22 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-20 08:48:17 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-20 08:48:13 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-20 08:48:02 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-17 17:32:28 ----D---- C:\Program Files\Sazkar
2010-04-06 15:56:20 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2010-04-06 15:56:20 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2010-04-06 15:56:19 ----A---- C:\WINDOWS\system32\pthreadGC2.dll
2010-04-06 15:56:17 ----D---- C:\Program Files\ffdshow

======List of files/folders modified in the last 1 months======

2010-05-03 08:43:08 ----RD---- C:\Program Files
2010-05-03 08:42:34 ----D---- C:\WINDOWS\Prefetch
2010-05-03 08:40:55 ----D---- C:\Documents and Settings\75alias\Data aplikací\FileZilla
2010-05-03 07:05:08 ----D---- C:\Documents and Settings\75alias\Data aplikací\Hamachi
2010-05-03 07:03:10 ----D---- C:\WINDOWS\Temp
2010-05-03 06:20:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-03 06:19:41 ----SD---- C:\WINDOWS\Tasks
2010-05-02 14:08:45 ----D---- C:\WINDOWS
2010-05-02 12:55:06 ----SHD---- C:\WINDOWS\Installer
2010-05-02 12:55:06 ----D---- C:\Program Files\Google
2010-04-29 17:30:55 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-29 17:00:20 ----D---- C:\WINDOWS\Debug
2010-04-29 16:59:37 ----HD---- C:\WINDOWS\inf
2010-04-29 16:59:37 ----D---- C:\WINDOWS\system32
2010-04-26 17:34:06 ----D---- C:\WINDOWS\system32\drivers
2010-04-20 08:50:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-20 08:50:45 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-20 08:48:09 ----D---- C:\WINDOWS\ie8updates
2010-04-16 15:44:04 ----D---- C:\Program Files\Mozilla Firefox
2010-04-11 16:33:35 ----A---- C:\WINDOWS\TRNCOM.INI
2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-06 16:09:56 ----D---- C:\Documents and Settings\75alias\Data aplikací\XnView
2010-04-06 15:57:38 ----D---- C:\WINDOWS\Help
2010-04-06 15:44:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nero

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43008]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-11-02 56572]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-11-01 25280]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-08-15 4368896]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-01-15 6301248]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2008-01-25 19336]
R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2008-01-25 48904]
S3 ac8n0u9p;ac8n0u9p; C:\WINDOWS\system32\drivers\ac8n0u9p.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2008-01-25 28168]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2008-01-25 14728]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-17 153376]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-01-15 163908]
R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-07-30 185640]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-10-08 651720]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

1danab · #2 Příspěvek od **1danab** » 03 kvě 2010 08:27

zdravím

na Vašem logu se pracuje

1danab · #3 Příspěvek od **1danab** » 03 kvě 2010 09:10

poprosím Vás o toto

riffman píše:stahnete GMER , rozbalte a spustte

probehne sken, po jehoz ukonceni na vas bafnou vysledky

pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte

pote dle tohoto navodu absolvujte druhy sken a opet obsah logu sem

alias75 · #4 Příspěvek od **alias75** » 03 kvě 2010 13:04

Dobrý den.

Bohužel log pouze číslo 1.
Při druhém skenu vždy vyskočila hláška OS o chybě v app a o jejím ukončení.Verze GMER +1.0.15.15281

LOG č.1
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-05-03 13:56:36
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\75alias\LOCALS~1\Temp\kxtdrpow.sys

---- System - GMER 1.0.15 ----

SSDT spny.sys ZwEnumerateKey [0xF72A4CA4]
SSDT spny.sys ZwEnumerateValueKey [0xF72A5032]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 865DF1F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

1danab · #5 Příspěvek od **1danab** » 03 kvě 2010 13:10

zkuste ten druhý v nouzovém režimu

alias75 · #6 Příspěvek od **alias75** » 04 kvě 2010 05:34

Dobrý den.
Bohužel ani v nouzáku. Po cca 6 hodinách se PC drbne a konec.

1danab · #7 Příspěvek od **1danab** » 04 kvě 2010 06:23

stáhněte si OTL

po stažení klikněte na tlačítko Prohledat, nechte to pracovat, až to doběhne, vysype to log, jeho obsah dejte sem

alias75 · #8 Příspěvek od **alias75** » 04 kvě 2010 06:29

Tak OTL je mě sympatičtější

Log je OK
____________________________________
OTL logfile created on: 4.5.2010 7:25:34 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\75alias\Plocha\GPX_premium
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 023,00 Mb Total Physical Memory | 413,00 Mb Available Physical Memory | 40,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 128,91 Gb Total Space | 73,00 Gb Free Space | 56,63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALIAS
Current User Name: 75alias
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.05.04 07:25:20 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\75alias\Plocha\GPX_premium\OTL.exe
PRC - [2010.04.03 14:03:30 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.04.01 15:37:47 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010.01.30 15:45:56 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
PRC - [2009.11.25 01:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009.11.25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009.11.25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009.11.25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009.11.13 13:31:12 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009.07.30 17:42:30 | 003,874,088 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer.exe
PRC - [2009.07.30 17:29:42 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2009.04.23 15:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008.11.02 10:38:58 | 000,167,936 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2008.09.30 13:48:28 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008.06.11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.04.04 20:37:59 | 000,088,584 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe

========== Modules (SafeList) ==========

MOD - [2010.05.04 07:25:20 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\75alias\Plocha\GPX_premium\OTL.exe
MOD - [2010.04.01 15:39:28 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010.01.30 15:45:56 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\All Users\Data aplikací\LangSoft\TRNOEH.DLL
MOD - [2008.04.14 05:19:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2003.03.18 20:14:52 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSVCP71.dll
MOD - [2003.02.21 04:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSVCR71.dll

========== Win32 Services (SafeList) ==========

SRV - [2009.11.25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009.11.25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009.11.25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009.10.08 09:49:59 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.07.30 17:29:42 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2008.09.30 13:48:28 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2002.12.17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002.12.17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)

========== Driver Services (SafeList) ==========

DRV - [2009.11.25 01:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009.11.25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009.11.25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.11.25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009.11.25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009.11.25 01:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009.11.01 13:48:07 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.08.04 16:16:21 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.01.15 08:19:00 | 006,301,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008.11.02 10:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.01.25 00:09:34 | 000,048,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2008.01.25 00:09:24 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wmvirhid.sys -- (WmVirHid)
DRV - [2008.01.25 00:09:04 | 000,028,168 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wmfilter.sys -- (WmFilter)
DRV - [2008.01.25 00:08:54 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2006.08.15 14:41:16 | 004,368,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.07.11 15:38:30 | 000,020,480 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.07.11 15:38:28 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.06.18 23:59:28 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005.06.27 09:14:35 | 000,066,560 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.05.17 14:48:21 | 000,050,176 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.05.16 15:23:38 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004.08.04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\75alias\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.cz/ig?referrer=ign"
FF - prefs.js..extensions.enabledItems: cs@dictionaries.addons.mozilla.org:1.0.1
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: gpxdown@geocaching.com:1.100117b
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2009
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.04.01 15:39:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.03 14:03:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.03 14:03:32 | 000,000,000 | ---D | M]

[2010.02.01 16:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\75alias\Data aplikací\Mozilla\Extensions
[2010.02.01 16:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\75alias\Data aplikací\Mozilla\Extensions\home2@tomtom.com
[2010.05.03 13:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\75alias\Data aplikací\Mozilla\Firefox\Profiles\sjrxulxx.default\extensions
[2010.01.30 15:46:26 | 000,000,000 | ---D | M] (WebTran) -- C:\Documents and Settings\75alias\Data aplikací\Mozilla\Firefox\Profiles\sjrxulxx.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
[2010.04.29 17:24:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\75alias\Data aplikací\Mozilla\Firefox\Profiles\sjrxulxx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.08.08 05:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\75alias\Data aplikací\Mozilla\Firefox\Profiles\sjrxulxx.default\extensions\cs@dictionaries.addons.mozilla.org
[2010.04.11 16:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\75alias\Data aplikací\Mozilla\Firefox\Profiles\sjrxulxx.default\extensions\DTToolbar@toolbarnet.com
[2010.02.09 22:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\75alias\Data aplikací\Mozilla\Firefox\Profiles\sjrxulxx.default\extensions\gpxdown@geocaching.com
[2010.04.29 09:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\75alias\Data aplikací\Mozilla\Firefox\Profiles\sjrxulxx.default\extensions\personas@christopher.beard
[2009.08.04 16:18:28 | 000,002,399 | ---- | M] () -- C:\Documents and Settings\75alias\Data aplikací\Mozilla\Firefox\Profiles\sjrxulxx.default\searchplugins\daemon-search.xml
[2009.08.21 09:06:19 | 000,002,061 | ---- | M] () -- C:\Documents and Settings\75alias\Data aplikací\Mozilla\Firefox\Profiles\sjrxulxx.default\searchplugins\qipsearch.xml
[2010.05.03 13:05:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.16 02:50:40 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.16 02:50:40 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.01.16 02:50:40 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.01.16 02:50:40 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.01.16 02:50:40 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2004.08.18 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (WebTransBHO Class) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\75alias\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE ()
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [WEBTRAN] File not found
O4 - Startup: C:\Documents and Settings\75alias\Nabídka Start\Programy\Po spuštění\hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (LogMeIn Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést do Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Připojit k existujícímu PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.07.02 12:23:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{07b1965d-0f3c-11df-b1e2-000fea65459f}\Shell\AutoRun\command - "" = N:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{ac4478f8-8101-11de-addc-00e04c88d73b}\Shell\AutoRun\command - "" = N:\.\Bin\ASSETUP.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.05.04 06:29:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010.05.03 08:43:08 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.05.03 08:43:02 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.03 08:11:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\75alias\Plocha\logo_tomaskobr
[2010.05.02 14:10:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\75alias\Dokumenty\1.5.2010_sasa_liberec
[2010.05.02 12:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\75alias\Plocha\foto_sasa_liberec_1_kvetna_2010
[2010.04.29 17:00:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\75alias\Recent
[2010.04.29 13:05:49 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.04.17 17:33:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\75alias\Local Settings\Data aplikací\RSA_software
[2010.04.17 17:32:28 | 000,000,000 | ---D | C] -- C:\Program Files\Sazkar
[2010.04.16 15:39:35 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010.04.16 15:39:35 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010.04.16 15:39:24 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010.04.16 15:39:16 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010.04.16 15:39:16 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010.04.06 16:06:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\75alias\Plocha\obal_wired
[2010.04.06 15:56:19 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll
[2010.04.06 15:56:17 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2010.04.06 15:45:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\75alias\Dokumenty\Nero Collections
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.04 06:51:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.04 06:30:09 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.04 06:30:05 | 000,206,530 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.05.04 06:30:01 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-606747145-1935655697-725345543-1004.job
[2010.05.04 06:29:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.04 06:29:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.03 14:41:18 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\75alias\NTUSER.DAT
[2010.05.03 14:37:43 | 000,002,719 | ---- | M] () -- C:\WINDOWS\TRNCOM.INI
[2010.05.03 14:10:42 | 000,118,684 | ---- | M] () -- C:\Documents and Settings\75alias\Plocha\hbg.jpg
[2010.05.03 13:27:34 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-1935655697-725345543-1004.job
[2010.05.03 08:31:07 | 000,055,938 | ---- | M] () -- C:\Documents and Settings\75alias\Plocha\logo.jpg
[2010.05.03 08:29:51 | 000,038,525 | ---- | M] () -- C:\Documents and Settings\75alias\Plocha\hbg2.jpg
[2010.05.03 07:24:48 | 000,114,971 | ---- | M] () -- C:\Documents and Settings\75alias\Plocha\Katalogový list stavebního ...pdf
[2010.05.03 07:07:52 | 101,288,784 | ---- | M] () -- C:\Documents and Settings\75alias\Plocha\foto_sasa_liberec_1_kvetna_2010.rar
[2010.05.02 12:50:09 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.29 09:59:40 | 000,515,853 | ---- | M] () -- C:\Documents and Settings\75alias\Plocha\do_tisku.jpg
[2010.04.29 09:59:23 | 007,708,062 | ---- | M] () -- C:\Documents and Settings\75alias\Plocha\do_tisku.bmp
[2010.04.20 08:50:34 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010.04.17 17:36:14 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\75alias\Data aplikací\avdrn.dat
[2010.04.17 17:33:50 | 000,001,464 | ---- | M] () -- C:\Documents and Settings\75alias\Plocha\Sázkař.lnk
[2010.04.14 18:14:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.04.06 15:58:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\XXLGSC
[2010.04.06 15:46:24 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\75alias\Data aplikací\default.rss
[2010.04.06 15:45:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\75alias\Data aplikací\downloads.m3u
[2010.04.06 15:32:55 | 000,023,664 | ---- | M] () -- C:\Documents and Settings\75alias\Plocha\11-stopa-11.wma
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.03 08:29:51 | 000,118,684 | ---- | C] () -- C:\Documents and Settings\75alias\Plocha\hbg.jpg
[2010.05.03 08:29:51 | 000,038,525 | ---- | C] () -- C:\Documents and Settings\75alias\Plocha\hbg2.jpg
[2010.05.03 08:23:04 | 000,055,938 | ---- | C] () -- C:\Documents and Settings\75alias\Plocha\logo.jpg
[2010.05.03 07:24:48 | 000,114,971 | ---- | C] () -- C:\Documents and Settings\75alias\Plocha\Katalogový list stavebního ...pdf
[2010.05.03 07:06:52 | 101,288,784 | ---- | C] () -- C:\Documents and Settings\75alias\Plocha\foto_sasa_liberec_1_kvetna_2010.rar
[2010.04.29 09:59:35 | 000,515,853 | ---- | C] () -- C:\Documents and Settings\75alias\Plocha\do_tisku.jpg
[2010.04.29 09:59:21 | 007,708,062 | ---- | C] () -- C:\Documents and Settings\75alias\Plocha\do_tisku.bmp
[2010.04.20 08:50:34 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010.04.17 17:36:14 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\75alias\Data aplikací\avdrn.dat
[2010.04.17 17:32:29 | 000,001,464 | ---- | C] () -- C:\Documents and Settings\75alias\Plocha\Sázkař.lnk
[2010.04.11 16:44:12 | 000,128,704 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2010.04.06 15:56:20 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.04.06 15:56:20 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010.04.06 15:45:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\75alias\Data aplikací\downloads.m3u
[2010.04.06 15:32:53 | 000,023,664 | ---- | C] () -- C:\Documents and Settings\75alias\Plocha\11-stopa-11.wma
[2010.01.30 15:45:36 | 000,002,719 | ---- | C] () -- C:\WINDOWS\TRNCOM.INI
[2010.01.26 08:04:25 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009.11.29 09:17:51 | 000,450,560 | ---- | C] () -- C:\WINDOWS\System32\mcs_cor1.dll
[2009.11.29 09:17:51 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\mcs_cor2.dll
[2009.11.05 17:26:09 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.10.08 10:15:18 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.09.29 13:41:01 | 000,015,699 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.09.29 13:41:01 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.08.04 16:16:20 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.07.08 15:12:28 | 000,000,815 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2009.07.08 15:11:50 | 000,004,969 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009.07.03 15:43:50 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009.07.03 14:35:44 | 000,000,819 | ---- | C] () -- C:\WINDOWS\CoDUO.INI
[2009.07.03 14:13:21 | 000,000,745 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2009.01.15 08:19:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009.01.15 08:19:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009.01.15 08:19:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009.01.15 08:19:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007.11.26 22:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >

1danab · #9 Příspěvek od **1danab** » 04 kvě 2010 06:43

zkusíme toto

riffman píše:stahnete a ulozte nejlepe na plochu ComboFix

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:

dale muze dojit k varovani ohledne rezidentniho stitu vaseho antiviru a upozorneni na nenainstalovanou konzoli pro zotaveni; tu zatim neinstalujte.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, deaktivujte jeho rezidentni stit, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim Combofixu s rezidentem antispyware

po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2
.txt atd.), jeho obsah vlozte sem

alias75 · #10 Příspěvek od **alias75** » 04 kvě 2010 15:55

Hezký den.
Dalo to chudákoj Combíkoj zabrat.Skoro 42 minut, ale vše je ok.

Zde je log.
_________________________________________________________________
ComboFix 10-05-03.06 - 75alias 04.05.2010 16:36:16.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.606 [GMT 2:00]
Spuštěný z: c:\documents and settings\75alias\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100504-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WindowsUpdate

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-04 do 2010-05-04 )))))))))))))))))))))))))))))))
.

2010-05-03 06:43 . 2010-05-03 06:44 -------- d-----w- c:\program files\trend micro
2010-05-03 06:43 . 2010-05-03 06:44 -------- d-----w- C:\rsit
2010-04-29 11:05 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-17 15:32 . 2010-04-17 15:33 -------- d-----w- c:\program files\Sazkar
2010-04-16 13:39 . 2008-04-13 18:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-04-16 13:39 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-04-16 13:39 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-04-16 13:39 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-04-16 13:39 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-04-16 13:39 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-04-06 13:56 . 2009-03-30 18:01 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2010-04-06 13:56 . 2009-03-30 18:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-04-06 13:56 . 2010-04-06 13:56 -------- d-----w- c:\program files\ffdshow

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-02 10:55 . 2009-08-16 06:17 -------- d-----w- c:\program files\Google
2010-04-01 15:47 . 2004-08-18 12:00 90056 ----a-w- c:\windows\system32\perfc005.dat
2010-04-01 15:47 . 2004-08-18 12:00 455388 ----a-w- c:\windows\system32\perfh005.dat
2010-04-01 13:39 . 2010-01-29 07:07 -------- d-----w- c:\program files\Common Files\Real
2010-04-01 13:38 . 2010-01-29 07:07 -------- d-----w- c:\program files\Real
2010-04-01 13:38 . 2010-04-01 13:38 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-28 11:57 . 2009-08-21 12:13 -------- d-----w- c:\program files\FileZilla FTP Client
2010-03-23 13:22 . 2009-11-04 10:38 -------- d-----w- c:\program files\Common Files\Nero
2010-03-23 13:02 . 2010-01-26 05:44 -------- d-----w- c:\program files\Nero
2010-03-23 13:00 . 2010-03-23 13:00 -------- d-----w- c:\program files\Windows Sidebar
2010-03-11 17:56 . 2009-07-03 13:22 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-10 06:17 . 2004-08-18 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 16:34 . 2010-03-08 16:34 -------- d-----w- c:\program files\Nvu
2010-02-25 06:18 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-18 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-17 12:09 . 2004-08-18 12:00 2192128 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:09 . 2004-08-17 15:45 2068992 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:35 . 2004-08-18 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-18 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2010-01-30 26624]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"nwiz"="nwiz.exe" [2009-01-15 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 16050176]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-01 202256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\75alias\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-11-1 624416]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\WMU-6500FS\\Configure.exe"=
"c:\\Program Files\\Ground Control II\\gcii.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Program Files\\Call of Duty\\CoDUOMP.exe"=
"c:\\Program Files\\Sniper Elite\\SniperElite.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Ubisoft\\Heroes of Might and Magic V\\bin\\H5_Game.exe"=
"c:\\Program Files\\Mockba to Berlin\\M2B.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7.7.2009 5:50 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7.7.2009 5:50 20560]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [30.7.2009 17:29 185640]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13.11.2009 13:31 92008]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.8.2009 16:16 721904]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2.2.2010 13:36 135664]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 11:35]

2010-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 11:35]

2010-05-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-606747145-1935655697-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-05-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-1935655697-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
FF - ProfilePath - c:\documents and settings\75alias\Data aplikací\Mozilla\Firefox\Profiles\sjrxulxx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/ig?referrer=ign
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-WEBTRAN - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-04 16:46
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-05-04 16:52:33
ComboFix-quarantined-files.txt 2010-05-04 14:52

Před spuštěním: Volných bajtů: 79 904 841 728
Po spuštění: Volných bajtů: 79 966 138 368

- - End Of File - - 1A393D617D1ECA673255590FC80EDB6E

1danab · #11 Příspěvek od **1danab** » 04 kvě 2010 18:17

combofix nějaké malware smazal, ale potřebovala bych ještě vědět, co hlásil ten Avast

klikněte pravým tlačítkem na ikonu Avastu (A) na spodní liště vedle hodin a zvolte možnost zobrazit log soubory; v otevřeném okně zvolte vlevo ikonu Poplach, poté Soubor a zde zvolte možnost Exportovat současný výpis; v další nabídce soubor někam uložte, pak jej otevřete a jeho obsah mi sem zkopírujte

alias75 · #12 Příspěvek od **alias75** » 05 kvě 2010 05:35

Dobrý den.
Tak "Poplach" byl zcela bez záznamu. Teprve ve "Varování" jsem nalezl zmínky o trojanech a podobném svinstvu tak sem dávám log "Varování". Hlášky pro rok 2010 jsou dole. Je jich tam tam pro rok 2009 ještě více, ale když jsem to chtěl vložit vše tak jsem měl něco kolem jednoho milionu znaků a tady je povoleno jen 60000 znaků. Celý soubor i s rokem 2009 jsem v raru přiložil jako soubor.
_____________________________________________________________________________________________________________________

27.1.2010 6:48:11 SYSTEM 1828 Virus "JS:Redirector-AM [Trj]" byl nalezen v souboru "http://www.redakcni-systemy.com/compone ... yle004.css".
21.2.2010 14:52:20 SYSTEM 1832 AAVM - varování při testování: x_AavmCheckFileDirectEx: http://eeebuntu.virginmedia.com/Eeebunt ... andard.iso (C:\WINDOWS\TEMP\_avast4_\unp221410957.tmp) returning error, 00000084.
16.4.2010 15:33:53 SYSTEM 1832 Virus "JS:Jaderun-A [Expl]" byl nalezen v souboru "C:\Documents and Settings\75alias\Local Settings\Temporary Internet Files\Content.IE5\FUU7F1OX\java[1].htm".
16.4.2010 15:37:28 SYSTEM 1832 Virus "VBS:Malware-gen" byl nalezen v souboru "C:\WINDOWS\system32\fjhdyfhsn.bat".
16.4.2010 15:38:39 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\CSAX55C6\aec[1].sys".
16.4.2010 15:38:48 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\androidusb.sys".
16.4.2010 15:38:53 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\asyncmac.sys".
16.4.2010 15:38:57 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\atmarpc.sys".
16.4.2010 15:39:10 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\LastGood\system32\drivers\atmarpc.sys".
16.4.2010 15:39:13 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\Cdaudio.sys".
16.4.2010 15:39:16 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\Changer.sys".
16.4.2010 15:39:17 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\dmusic.sys".
16.4.2010 15:39:19 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\drmkaud.sys".
16.4.2010 15:39:22 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\hidusb.sys".
16.4.2010 15:39:24 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\i2omgmt.sys".
16.4.2010 15:39:25 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\ip6fw.sys".
16.4.2010 15:39:27 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\ipfltdrv.sys".
16.4.2010 15:39:29 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\ipinip.sys".
16.4.2010 15:39:31 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\irenum.sys".
16.4.2010 15:39:33 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\kbdhid.sys".
16.4.2010 15:39:35 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\lbrtfdc.sys".
16.4.2010 15:39:36 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\Modem.sys".
16.4.2010 15:39:38 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\mouhid.sys".
16.4.2010 15:39:40 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\mskssrv.sys".
16.4.2010 15:39:43 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\mspclock.sys".
16.4.2010 15:39:44 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\mspqm.sys".
16.4.2010 15:39:46 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\nwlnkflt.sys".
16.4.2010 15:39:50 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WSP6HW7K\nwlnkfwd[1].sys".
16.4.2010 15:39:51 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\CHQJK5AB\PCIDump[1].sys".
16.4.2010 15:39:52 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\GHENCDQJ\PDCOMP[1].sys".
16.4.2010 15:39:56 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\CSAX55C6\PDFRAME[1].sys".
16.4.2010 15:39:58 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WSP6HW7K\PDRELI[1].sys".
16.4.2010 15:40:00 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\CHQJK5AB\PDRFRAME[1].sys".
16.4.2010 15:40:02 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\GHENCDQJ\processr[1].sys".
16.4.2010 15:40:04 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\CSAX55C6\RDPWD[1].sys".
16.4.2010 15:40:05 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WSP6HW7K\Sfloppy[1].sys".
16.4.2010 15:40:07 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\CHQJK5AB\splitter[1].sys".
16.4.2010 15:40:09 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\GHENCDQJ\swmidi[1].sys".
16.4.2010 15:40:10 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\CSAX55C6\TDPIPE[1].sys".
16.4.2010 15:40:12 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WSP6HW7K\TDTCP[1].sys".
16.4.2010 15:40:14 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\CHQJK5AB\usbccgp[1].sys".
16.4.2010 15:40:16 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\GHENCDQJ\usbstor[1].sys".
16.4.2010 15:40:18 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\CSAX55C6\wdf01000[1].sys".
16.4.2010 15:40:20 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WSP6HW7K\WDICA[1].sys".
16.4.2010 15:40:22 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\CHQJK5AB\wmfilter[1].sys".
16.4.2010 15:40:24 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\GHENCDQJ\wmvirhid[1].sys".
16.4.2010 15:40:26 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\CSAX55C6\wudfpf[1].sys".
16.4.2010 15:40:27 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WSP6HW7K\wudfrd[1].sys".
16.4.2010 15:40:29 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\CHQJK5AB\1737845816[1].sys".
17.4.2010 17:35:37 SYSTEM 1832 Virus "JS:Downloader-QR [Trj]" byl nalezen v souboru "C:\Documents and Settings\75alias\Local Settings\Temporary Internet Files\Content.IE5\RB2C3DZ9\index[3].htm".
17.4.2010 17:35:51 SYSTEM 1832 Virus "JS:Jaderun-A [Expl]" byl nalezen v souboru "C:\Documents and Settings\75alias\Local Settings\Temporary Internet Files\Content.IE5\RB2C3DZ9\java[1].htm".
17.4.2010 17:37:01 SYSTEM 1832 Virus "VBS:Malware-gen" byl nalezen v souboru "C:\WINDOWS\system32\fjhdyfhsn.bat".
17.4.2010 17:37:46 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\GHENCDQJ\aec[1].sys".
17.4.2010 17:38:18 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\CSAX55C6\nwlnkfwd[1].sys".
17.4.2010 17:38:21 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WSP6HW7K\PCIDump[1].sys".
17.4.2010 17:38:23 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\CHQJK5AB\PDCOMP[1].sys".
17.4.2010 17:38:25 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\GHENCDQJ\PDFRAME[1].sys".
17.4.2010 17:38:28 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\CSAX55C6\PDRELI[1].sys".
17.4.2010 17:38:29 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WSP6HW7K\PDRFRAME[1].sys".
17.4.2010 17:38:31 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\CHQJK5AB\processr[1].sys".
17.4.2010 17:38:34 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\GHENCDQJ\RDPWD[1].sys".
17.4.2010 17:38:36 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\CSAX55C6\Sfloppy[1].sys".
17.4.2010 17:38:37 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WSP6HW7K\splitter[1].sys".
17.4.2010 17:38:43 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\CHQJK5AB\swmidi[1].sys".
17.4.2010 17:38:45 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\GHENCDQJ\TDPIPE[1].sys".
17.4.2010 17:38:51 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\CSAX55C6\TDTCP[1].sys".
17.4.2010 17:38:52 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WSP6HW7K\usbccgp[1].sys".
17.4.2010 17:38:54 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\CHQJK5AB\usbstor[1].sys".
17.4.2010 17:38:55 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\GHENCDQJ\wdf01000[1].sys".
17.4.2010 17:38:56 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\CSAX55C6\WDICA[1].sys".
17.4.2010 17:39:02 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WSP6HW7K\wmfilter[1].sys".
17.4.2010 17:39:08 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\CHQJK5AB\wmvirhid[1].sys".
17.4.2010 17:39:09 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\GHENCDQJ\wudfpf[1].sys".
17.4.2010 17:39:11 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\CSAX55C6\wudfrd[1].sys".
17.4.2010 17:39:12 SYSTEM 1832 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WSP6HW7K\4236856190[1].sys".
20.4.2010 8:47:29 SYSTEM 1832 Funkce setifaceUpdatePackages() selhala. Návratová hodnota je 0xC0000142, dwRes je C0000142.
29.4.2010 12:50:44 75alias 2628 Virus "JS:Pdfka-ACQ [Expl]" byl nalezen v souboru "C:\Documents and Settings\75alias\Local Settings\Temporary Internet Files\Content.IE5\FUU7F1OX\ChangeLog[1].pdf".
29.4.2010 13:01:57 75alias 2628 Virus "JS:Jaderun-A [Expl]" byl nalezen v souboru "C:\Documents and Settings\75alias\Local Settings\Temporary Internet Files\Content.IE5\FUU7F1OX\java[1].htm".
29.4.2010 13:02:36 75alias 2628 Virus "JS:Pdfka-ACQ [Expl]" byl nalezen v souboru "C:\Documents and Settings\75alias\Local Settings\Temporary Internet Files\Content.IE5\RB2C3DZ9\ChangeLog[1].pdf".
29.4.2010 13:02:37 75alias 2628 Virus "JS:Downloader-QR [Trj]" byl nalezen v souboru "C:\Documents and Settings\75alias\Local Settings\Temporary Internet Files\Content.IE5\RB2C3DZ9\index[2].htm".
29.4.2010 13:02:37 75alias 2628 Virus "JS:Downloader-QR [Trj]" byl nalezen v souboru "C:\Documents and Settings\75alias\Local Settings\Temporary Internet Files\Content.IE5\RB2C3DZ9\index[3].htm".
29.4.2010 13:02:37 75alias 2628 Virus "JS:Jaderun-A [Expl]" byl nalezen v souboru "C:\Documents and Settings\75alias\Local Settings\Temporary Internet Files\Content.IE5\RB2C3DZ9\java[1].htm".
29.4.2010 16:28:47 75alias 2628 Virus "VBS:Malware-gen" byl nalezen v souboru "C:\WINDOWS\system32\fjhdyfhsn.bat".
29.4.2010 16:57:59 SYSTEM 1832 Virus "Win32:Rootkit-gen [Rtk]" byl nalezen v souboru "C:\Documents and Settings\75alias\Nabídka Start\Programy\Po spuštění\monxga32.exe".
2.5.2010 12:50:21 SYSTEM 1836 Virus "Win32:Rootkit-gen [Rtk]" byl nalezen v souboru "C:\Documents and Settings\75alias\Nabídka Start\Programy\Po spuštění\monxga32.exe".
3.5.2010 7:02:52 SYSTEM 1836 Virus "Win32:Rootkit-gen [Rtk]" byl nalezen v souboru "C:\Documents and Settings\75alias\Nabídka Start\Programy\Po spuštění\monxga32.exe".

1danab · #13 Příspěvek od **1danab** » 05 kvě 2010 06:07

budeme pokračovat takto

Dle tohoto navodu stahnete a nainstalujte skener CureIt

po instalaci a spusteni budete dotazani na Expresni sken, ktery odsouhlaste a po jeho ukonceni nahlaste vysledky formou zkopirovani textu logu (Soubor/Ulozit vysledky, coz ulozite jako textovy soubor) a zkopirujete sem

pote zatrhnete Kompletni skenovani (Complete scan) a nechte probehnout; po ukonceni opet nahlaste vysledky

alias75 · #14 Příspěvek od **alias75** » 05 kvě 2010 07:19

Bohužel není co vložit. Po expresním skenu byla hláška "Hotovo-nebyl nalezen žádný vir". Když jsem klikl na "Soubor" tak volba "Uložit výsledky" je zašedlá a nejde nic uložit.

Mám ještě provézt kompletní sken?

1danab · #15 Příspěvek od **1danab** » 05 kvě 2010 07:31

ano, proveďte ještě kompletní sken

VIRY.CZ

Občasné varování Avastu. Zdá se pomalejší net.

Občasné varování Avastu. Zdá se pomalejší net.

Re: Občasné varování Avastu. Zdá se pomalejší net.

Re: Občasné varování Avastu. Zdá se pomalejší net.

Re: Občasné varování Avastu. Zdá se pomalejší net.

Re: Občasné varování Avastu. Zdá se pomalejší net.

Re: Občasné varování Avastu. Zdá se pomalejší net.

Re: Občasné varování Avastu. Zdá se pomalejší net.

Re: Občasné varování Avastu. Zdá se pomalejší net.

Re: Občasné varování Avastu. Zdá se pomalejší net.

Re: Občasné varování Avastu. Zdá se pomalejší net.

Re: Občasné varování Avastu. Zdá se pomalejší net.

Re: Občasné varování Avastu. Zdá se pomalejší net.

Re: Občasné varování Avastu. Zdá se pomalejší net.

Re: Občasné varování Avastu. Zdá se pomalejší net.

Re: Občasné varování Avastu. Zdá se pomalejší net.