prosím o kontrolu logu na starším notebooku
Napsal: 04 čer 2010 21:01
Logfile of random's system information tool 1.07 (written by random/random)
Run by Lenka at 2010-06-04 21:56:51
Microsoft Windows 2000 Professional
System drive C: has 2 GB (42%) free of 6 GB
Total RAM: 127 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:57:31, on 4.6.2010
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\internat.exe
C:\WINDOWS\Application Data\QipGuard\QipGuard.exe
C:\WINDOWS\system32\xfgnp.exe
C:\WINDOWS\system32\drivers\Prcgd.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Dokumenty\Stažené soubory\RSIT(2).exe
C:\Program Files\trend micro\Lenka.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\WINDOWS\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: Shell=Explorer.exe %windir%\system32\drivers\Prgds.exe
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\WINDOWS\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\system32\xfgnp.exe
O4 - HKLM\..\Run: [Prcgd] C:\WINDOWS\system32\drivers\Prcgd.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\WINDOWS\Application Data\QipGuard\QipGuard.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\system32\xfgnp.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\QIP\qip.exe (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://msn.atlas.cz
O14 - IERESET.INF: MS_START_PAGE_URL=http://msn.atlas.cz
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0453DF4-5687-499A-8464-9A7BCAA5658D}: NameServer = 79.127.144.4,212.71.133.6
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 4477 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Optimalizovat spouštiní aplikace.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\ctbr.dll [2010-06-01 1239912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\WINDOWS\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll [2010-04-12 149968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Rádio - C:\WINDOWS\System32\msdxm.ocx [2000-03-20 844560]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\ctbr.dll [2010-06-01 1239912]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"=C:\WINDOWS\system32\SysTray.Exe [2000-03-20 3856]
"Microsoft Driver Setup"=C:\WINDOWS\system32\xfgnp.exe [2010-04-13 208896]
"Prcgd"=C:\WINDOWS\system32\drivers\Prcgd.exe [2010-04-28 442368]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-06-04 2176512]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Microsoft Driver Setup"=C:\WINDOWS\system32\xfgnp.exe [2010-04-13 208896]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"=C:\WINDOWS\system32\internat.exe [2000-03-20 20752]
"QIP Internet Guardian"=C:\WINDOWS\Application Data\QipGuard\QipGuard.exe [2010-04-12 181760]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=0xFFFFFFFF
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.inf - install -
======List of files/folders created in the last 1 months======
2010-06-04 21:36:43 ----D---- C:\Program Files\Crawler
2010-06-04 21:11:08 ----D---- C:\WINDOWS\Application Data\Spyware Terminator
2010-06-04 21:10:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-06-04 21:10:12 ----AD---- C:\Program Files\Spyware Terminator
2010-06-04 20:33:15 ----A---- C:\r6x5z5j9j5d3.exe
2010-06-04 17:28:29 ----D---- C:\Program Files\trend micro
2010-06-04 17:27:09 ----D---- C:\rsit
2010-06-02 15:47:38 ----A---- C:\ffff.exe
2010-05-31 18:14:16 ----D---- C:\WINDOWS\Application Data\GHISLER
2010-05-31 18:14:16 ----D---- C:\totalcmd
2010-05-31 16:13:43 ----RASHD---- C:\autorun.inf
2010-05-31 14:42:19 ----A---- C:\c8t3r6p3k6e8.exe
2010-05-21 17:50:04 ----D---- C:\WINDOWS\Application Data\QipGuard
2010-05-21 17:49:40 ----D---- C:\QIP
2010-05-20 17:50:52 ----A---- C:\WINDOWS\System32\qpl.dll
2010-05-20 17:50:52 ----A---- C:\WINDOWS\System32\LpCom.dll
2010-05-18 23:03:23 ----A---- C:\p6yah2b9q9d1.exe
2010-05-18 15:36:55 ----D---- C:\WINDOWS\Minidump
2010-05-13 17:52:46 ----A---- C:\p6z7h2b9q9d1.exe
2010-05-08 08:37:07 ----A---- C:\4x8q2y6t2e6.exe
======List of files/folders modified in the last 1 months======
2010-06-04 21:57:00 ----AD---- C:\WINDOWS\SYSTEM32
2010-06-04 21:54:48 ----AD---- C:\WINDOWS\TEMP
2010-06-04 21:54:48 ----AD---- C:\WINDOWS\Debug
2010-06-04 21:54:48 ----AD---- C:\WINDOWS
2010-06-04 21:36:43 ----RAD---- C:\Program Files
2010-06-04 21:30:31 ----D---- C:\Program Files\Mozilla Firefox
2010-06-04 21:29:44 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Internal V.90 Modem.txt
2010-06-04 21:16:51 ----AD---- C:\WINDOWS\System32\DRIVERS
2010-06-04 20:52:19 ----D---- C:\Program Files\CCleaner
2010-06-04 20:50:45 ----AD---- C:\WINDOWS\Application Data
2010-06-04 20:27:57 ----D---- C:\WINDOWS\System32\NtmsData
2010-06-04 20:24:52 ----N---- C:\WINDOWS\SchedLog.Txt
2010-05-31 18:18:25 ----SHD---- C:\WINDOWS\Installer
2010-05-20 17:02:17 ----D---- C:\Program Files\Maxthon2
2010-05-06 20:03:17 ----A---- C:\m6u6o6o4w1w2.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Cdr4_2K;Cdr4_2K; C:\WINDOWS\System32\drivers\Cdr4_2K.sys [2009-04-28 9072]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\System32\drivers\Cdralw2k.sys [2009-04-28 9200]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\System32\drivers\sp_rsdrv2.sys []
R2 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2000-03-20 13904]
R2 irda;Protokol IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2000-03-20 57008]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [1999-09-25 9776]
R3 ds1;Yamaha DS1 Audio Driver (WDM); C:\WINDOWS\system32\drivers\ds1wdm.sys [1999-11-06 358928]
R3 ltmodem5;Toshiba Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmntt.sys [1999-10-23 410832]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2000-03-20 11664]
R3 OBOE;Toshiba FIR Port Type-DO; C:\WINDOWS\System32\DRIVERS\tos4mo.sys [1999-10-20 28432]
R3 Rasirda;WAN Miniport (IrDA Modem); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2000-03-20 19888]
R3 rtl8139;Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [1999-09-25 18704]
R3 S3GSavageMX;S3GSavageMX; C:\WINDOWS\System32\DRIVERS\S3Gsavm.sys [2005-02-25 88576]
R3 uhcd;Ovladač univerzálního hostitelského řadiče USB; C:\WINDOWS\System32\DRIVERS\uhcd.sys [2000-03-20 32144]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2000-03-20 40016]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [1999-10-01 19760]
S4 dmload;dmload; C:\WINDOWS\System32\drivers\dmload.sys [2000-03-20 7312]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\System32\svchost.exe [2000-03-20 7952]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-06-04 488960]
S3 WmdmPmSN;Portable Media Serial Number Service; C:\WINDOWS\System32\svchost.exe [2000-03-20 7952]
-----------------EOF-----------------
Run by Lenka at 2010-06-04 21:56:51
Microsoft Windows 2000 Professional
System drive C: has 2 GB (42%) free of 6 GB
Total RAM: 127 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:57:31, on 4.6.2010
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\internat.exe
C:\WINDOWS\Application Data\QipGuard\QipGuard.exe
C:\WINDOWS\system32\xfgnp.exe
C:\WINDOWS\system32\drivers\Prcgd.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Dokumenty\Stažené soubory\RSIT(2).exe
C:\Program Files\trend micro\Lenka.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\WINDOWS\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: Shell=Explorer.exe %windir%\system32\drivers\Prgds.exe
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\WINDOWS\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\system32\xfgnp.exe
O4 - HKLM\..\Run: [Prcgd] C:\WINDOWS\system32\drivers\Prcgd.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\WINDOWS\Application Data\QipGuard\QipGuard.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\system32\xfgnp.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\QIP\qip.exe (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://msn.atlas.cz
O14 - IERESET.INF: MS_START_PAGE_URL=http://msn.atlas.cz
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0453DF4-5687-499A-8464-9A7BCAA5658D}: NameServer = 79.127.144.4,212.71.133.6
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 4477 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Optimalizovat spouštiní aplikace.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\ctbr.dll [2010-06-01 1239912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\WINDOWS\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll [2010-04-12 149968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Rádio - C:\WINDOWS\System32\msdxm.ocx [2000-03-20 844560]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\ctbr.dll [2010-06-01 1239912]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"=C:\WINDOWS\system32\SysTray.Exe [2000-03-20 3856]
"Microsoft Driver Setup"=C:\WINDOWS\system32\xfgnp.exe [2010-04-13 208896]
"Prcgd"=C:\WINDOWS\system32\drivers\Prcgd.exe [2010-04-28 442368]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-06-04 2176512]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Microsoft Driver Setup"=C:\WINDOWS\system32\xfgnp.exe [2010-04-13 208896]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"=C:\WINDOWS\system32\internat.exe [2000-03-20 20752]
"QIP Internet Guardian"=C:\WINDOWS\Application Data\QipGuard\QipGuard.exe [2010-04-12 181760]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=0xFFFFFFFF
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.inf - install -
======List of files/folders created in the last 1 months======
2010-06-04 21:36:43 ----D---- C:\Program Files\Crawler
2010-06-04 21:11:08 ----D---- C:\WINDOWS\Application Data\Spyware Terminator
2010-06-04 21:10:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-06-04 21:10:12 ----AD---- C:\Program Files\Spyware Terminator
2010-06-04 20:33:15 ----A---- C:\r6x5z5j9j5d3.exe
2010-06-04 17:28:29 ----D---- C:\Program Files\trend micro
2010-06-04 17:27:09 ----D---- C:\rsit
2010-06-02 15:47:38 ----A---- C:\ffff.exe
2010-05-31 18:14:16 ----D---- C:\WINDOWS\Application Data\GHISLER
2010-05-31 18:14:16 ----D---- C:\totalcmd
2010-05-31 16:13:43 ----RASHD---- C:\autorun.inf
2010-05-31 14:42:19 ----A---- C:\c8t3r6p3k6e8.exe
2010-05-21 17:50:04 ----D---- C:\WINDOWS\Application Data\QipGuard
2010-05-21 17:49:40 ----D---- C:\QIP
2010-05-20 17:50:52 ----A---- C:\WINDOWS\System32\qpl.dll
2010-05-20 17:50:52 ----A---- C:\WINDOWS\System32\LpCom.dll
2010-05-18 23:03:23 ----A---- C:\p6yah2b9q9d1.exe
2010-05-18 15:36:55 ----D---- C:\WINDOWS\Minidump
2010-05-13 17:52:46 ----A---- C:\p6z7h2b9q9d1.exe
2010-05-08 08:37:07 ----A---- C:\4x8q2y6t2e6.exe
======List of files/folders modified in the last 1 months======
2010-06-04 21:57:00 ----AD---- C:\WINDOWS\SYSTEM32
2010-06-04 21:54:48 ----AD---- C:\WINDOWS\TEMP
2010-06-04 21:54:48 ----AD---- C:\WINDOWS\Debug
2010-06-04 21:54:48 ----AD---- C:\WINDOWS
2010-06-04 21:36:43 ----RAD---- C:\Program Files
2010-06-04 21:30:31 ----D---- C:\Program Files\Mozilla Firefox
2010-06-04 21:29:44 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Internal V.90 Modem.txt
2010-06-04 21:16:51 ----AD---- C:\WINDOWS\System32\DRIVERS
2010-06-04 20:52:19 ----D---- C:\Program Files\CCleaner
2010-06-04 20:50:45 ----AD---- C:\WINDOWS\Application Data
2010-06-04 20:27:57 ----D---- C:\WINDOWS\System32\NtmsData
2010-06-04 20:24:52 ----N---- C:\WINDOWS\SchedLog.Txt
2010-05-31 18:18:25 ----SHD---- C:\WINDOWS\Installer
2010-05-20 17:02:17 ----D---- C:\Program Files\Maxthon2
2010-05-06 20:03:17 ----A---- C:\m6u6o6o4w1w2.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Cdr4_2K;Cdr4_2K; C:\WINDOWS\System32\drivers\Cdr4_2K.sys [2009-04-28 9072]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\System32\drivers\Cdralw2k.sys [2009-04-28 9200]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\System32\drivers\sp_rsdrv2.sys []
R2 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2000-03-20 13904]
R2 irda;Protokol IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2000-03-20 57008]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [1999-09-25 9776]
R3 ds1;Yamaha DS1 Audio Driver (WDM); C:\WINDOWS\system32\drivers\ds1wdm.sys [1999-11-06 358928]
R3 ltmodem5;Toshiba Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmntt.sys [1999-10-23 410832]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2000-03-20 11664]
R3 OBOE;Toshiba FIR Port Type-DO; C:\WINDOWS\System32\DRIVERS\tos4mo.sys [1999-10-20 28432]
R3 Rasirda;WAN Miniport (IrDA Modem); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2000-03-20 19888]
R3 rtl8139;Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [1999-09-25 18704]
R3 S3GSavageMX;S3GSavageMX; C:\WINDOWS\System32\DRIVERS\S3Gsavm.sys [2005-02-25 88576]
R3 uhcd;Ovladač univerzálního hostitelského řadiče USB; C:\WINDOWS\System32\DRIVERS\uhcd.sys [2000-03-20 32144]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2000-03-20 40016]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [1999-10-01 19760]
S4 dmload;dmload; C:\WINDOWS\System32\drivers\dmload.sys [2000-03-20 7312]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\System32\svchost.exe [2000-03-20 7952]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-06-04 488960]
S3 WmdmPmSN;Portable Media Serial Number Service; C:\WINDOWS\System32\svchost.exe [2000-03-20 7952]
-----------------EOF-----------------
Chybi Vam zakladni zabezpeceni - antivir+firewall - nainstalujte 
Uz na prvni pohled tam toho neni pomalo...
