VIRY.CZ

Dobrý večer, prosím o pomoc. Přibližně před 3 týdny mi rootkitový štít Aviry sestřelil PC do modré smrti. Od té doby PC pěkně blbne. Pohádaly se ovladače, při spuštění průzkumníka Windows se reinstalovala tiskárna HP. Rychost AT snad byla vyšší, než je nynější rychlost mého Pentia. Ikona stahování přenosu nic nesignalizovala, načítání internetové stránky trvá i 20 minut, nejsem s to si přečíst emaily. Když jsem se však podívala na objem přenesených dat, byla jsem v šoku. Klidně i 130 MB během půl hodinky u pomalého mobilního Ufona! Ovladače tiskárny jsem prozatím odinstalovala, ale Avira má i po přeinstalování problémy s aktualizací souborů. Stáhne je, ale inicializace skončí s chybou " Validation of engine failed. Error258. " Outpostu se nelíbí neznámý systémový proces, vyžadující protokol IGMP (IGMP.MCAST.NET adresa 224.0.0.22). Pravdou je, že po jeho blokaci již údaje o přenosu dat vypadají reálně.

Log z RSIT přikládám. Díky.

Logfile of random's system information tool 1.08 (written by

random/random)
Run by Administrator at 2010-07-13 21:11:35
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 12 GB (24%) free of 50 GB
Total RAM: 383 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:15:53, on 13.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Hry\karty\123 Free Solitaire\123FreeSolitaire.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

= http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =

Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName

= Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-

0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-

7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-

B87D-784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-

A66E-4E65E497C8C0} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -

C:\Program Files\Microsoft\Search Enhancement Pack\Search

Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-

4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-

CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-

9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-

DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-

EABFE594F69C} - C:\Program Files\Java\jre6

\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-

8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost

Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [OutpostMonitor] "C:\PROGRA~1\Agnitum\OUTPOS~1

\op_mon.exe" /tray /noservice
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir

Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

(User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

(User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

(User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions

present
O8 - Extra context menu item: &Google Search - res://C:\Program

Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver -

res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Backward &Links - res://C:\Program

Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page -

res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Najít pomocí &Google - C:\Documents and

Settings\All Users\Data aplikací\TuneUp Software\TuneUp

Utilities\Web\gsearch.htm
O8 - Extra context menu item: Přeložit stránku pomocí Google -

C:\Documents and Settings\All Users\Data aplikací\TuneUp

Software\TuneUp Utilities\Web\gtranslate.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program

Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program

Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-

D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer -

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-

40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall

Pro\ie_bar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-

4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-

BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)

-

http://www.update.microsoft.com/microso ... /en/x86/cl

ient/muweb_site.cab?1220948983460
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE57FFD4-D167-44D2-ACE1-

FDF460994276}: NameServer = 78.136.128.4 78.136.128.12
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-

B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí -

{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32

\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis -

C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd.

- C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira

GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) -

Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH -

C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH

- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32

\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun

Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program

Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner -

C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp

Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9213 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\

Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!

\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\

Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\

Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\

Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement

Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\

Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\

Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar.dll

[2008-08-09 745472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\

Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6

\bin\jp2ssv.dll [2010-04-30 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\

Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows

Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\

Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6

\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-30 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program

files\google\googletoolbar.dll [2008-08-09 745472]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar -

C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"=Mixer.exe /startup []
"CmPCIaudio"=RunDll32 CMICNFG3.CPL,CMICtrlWnd []
"OutpostFeedBack"=C:\Program Files\Agnitum\Outpost Firewall

Pro\feedback.exe [2010-02-09 439784]
"OutpostMonitor"=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [2010-02-09

2447488]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02

282792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~1\agnitum\outpos~1\wl_hook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-09-14 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServ

iceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\L

avasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\L

avasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\

System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\e

xplorer]
"GreyMSIAds"=1
"NoRecentDocsNetHood"=1
"NoDriveAutoRun"=67108611
"NoDriveTypeAutoRun"=0xF5000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\

explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\para

meters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network

Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program

Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32

\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\system32\sessmgr.exe"="%windir%\system32

\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program

Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live

Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program

Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live

Sync"
"C:\Program Files\Opera\opera.exe"="C:\Program

Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program

Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program

Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\para

meters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32

\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network

Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program

Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live

Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program

Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live

Sync"

======File associations======

.js - open - NOTEPAD.EXE %1
.reg - open - NOTEPAD.EXE %1
.scr - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2010-07-10 23:41:31 ----D---- C:\Program Files\Mozilla Firefox
2010-07-10 22:27:19 ----D---- C:\Documents and

Settings\Administrator\Data aplikací\Avira
2010-07-10 22:01:38 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2010-07-10 22:00:34 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2010-07-10 22:00:34 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys
2010-07-10 22:00:34 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2010-07-10 22:00:33 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys
2010-07-10 21:59:54 ----D---- C:\Program Files\Avira
2010-07-09 18:44:07 ----D---- C:\Documents and

Settings\Administrator\Data aplikací\HpUpdate
2010-07-09 18:43:36 ----D---- C:\WINDOWS\Hewlett-Packard

======List of files/folders modified in the last 1 months======

2010-07-13 21:15:05 ----A---- C:\WINDOWS\ModemLog_Axesstel USB

Modem.txt
2010-07-13 21:14:55 ----D---- C:\Program Files\trend micro
2010-07-13 21:11:33 ----D---- C:\WINDOWS\Prefetch
2010-07-13 20:33:37 ----D---- C:\WINDOWS\system32\Filt
2010-07-13 20:33:22 ----D---- C:\WINDOWS\Temp
2010-07-13 19:27:02 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-13 19:26:58 ----D---- C:\WINDOWS
2010-07-13 08:22:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-12 18:14:49 ----D---- C:\WINDOWS\system32
2010-07-12 18:14:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-11 14:31:01 ----D---- C:\WINDOWS\system32\NtmsData
2010-07-11 11:35:13 ----D---- C:\WINDOWS\Registration
2010-07-10 23:43:45 ----D---- C:\Documents and

Settings\Administrator\Data aplikací\Mozilla
2010-07-10 23:41:31 ----RD---- C:\Program Files
2010-07-10 22:46:25 ----D---- C:\Program Files\Mozilla Firefox 3 Beta 5
2010-07-10 22:01:38 ----D---- C:\WINDOWS\system32\drivers
2010-07-10 21:59:54 ----D---- C:\Documents and Settings\All Users\Data

aplikací\Avira
2010-07-10 21:04:43 ----RD---- C:\WINDOWS\Web
2010-07-10 18:54:57 ----D---- C:\Program Files\ATI Technologies
2010-07-10 18:54:56 ----SHD---- C:\WINDOWS\Installer
2010-07-10 18:54:56 ----HD---- C:\Config.Msi
2010-07-10 18:41:40 ----RSD---- C:\WINDOWS\assembly
2010-07-10 17:32:50 ----HD---- C:\WINDOWS\inf
2010-07-10 17:29:05 ----SD---- C:\WINDOWS\Tasks
2010-07-10 16:53:28 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-07-10 09:16:47 ----D---- C:\WINDOWS\WinSxS
2010-07-08 08:18:46 ----D---- C:\Program Files\TuneUp Utilities 2008
2010-07-07 07:43:48 ----SHD---- C:\WINDOWS\CSC
2010-07-06 07:51:31 ----D---- C:\WINDOWS\system32\config
2010-07-05 20:12:18 ----D---- C:\Documents and

Settings\Administrator\Data aplikací\Skype
2010-07-05 10:11:11 ----D---- C:\Program Files\Opera
2010-07-02 12:05:36 ----D---- C:\Documents and

Settings\Administrator\Data aplikací\Simple Sudoku
2010-06-23 08:21:50 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-23 07:26:07 ----D---- C:\Program Files\MediaCoder
2010-06-18 22:06:09 ----D---- C:\Documents and

Settings\Administrator\Data aplikací\skypePM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto,

3=Demand, 4=Disabled)======

R0 hotcore2;hotcore2; C:\WINDOWS\system32\drivers\hotcore2.sys [2006-

10-02 30808]
R0 hotcore3;Hotcore helper; C:\WINDOWS\system32\DRIVERS\hotcore3.sys

[2008-09-26 40496]
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2009-09-23 64288]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-

11-20 43872]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32

\DRIVERS\snapman.sys [2008-09-14 120992]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-08-18 717296]
R0 timounter;Acronis True Image Backup Archive Explorer;

C:\WINDOWS\system32\DRIVERS\timntr.sys [2008-09-14 400864]
R0 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32

\DRIVERS\viaagp.sys [2008-04-14 42240]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32

\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01

124784]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program

Files\UltraISO\drivers\ISODrive.sys []
R1 SandBox;SandBox; C:\WINDOWS\system32\DRIVERS\SandBox.sys [2010-02-09

715000]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11

28520]
R1 StarPortLite;StarPort Storage Controller (Lite);

C:\WINDOWS\system32\DRIVERS\StarPortLite.sys [2007-12-27 85760]
R1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32

\Drivers\Uim_IM.sys [2008-09-26 129824]
R1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32

\DRIVERS\UimBus.sys [2008-09-26 32048]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket

2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2007-10-

29 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-

02-16 60936]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys

[2005-01-02 9728]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-

02-06 55152]
R2 Prvflder;Prvflder; C:\WINDOWS\system32\DRIVERS\prvflder.sys [2006-

04-21 70912]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32

\DRIVERS\tifsfilt.sys [2008-09-14 32768]
R3 afw;Agnitum firewall driver; C:\WINDOWS\system32\DRIVERS\afw.sys

[2009-02-18 31128]
R3 afwcore;afwcore; C:\WINDOWS\system32\drivers\afwcore.sys [2009-11-02

257304]
R3 ASWFilt;ASWFilt; C:\WINDOWS\system32\Filt\ASWFilt.dll [2010-02-09

34488]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-

09-14 2455040]
R3 Axtmvflt;Axesstel USB Filter Service; C:\WINDOWS\system32

\DRIVERS\Axtmvflt.sys [2007-03-22 3456]
R3 Axtmvmdm;Axesstel USB Modem; C:\WINDOWS\system32

\DRIVERS\Axtmvmdm.sys [2007-03-26 40064]
R3 Axtmvprt;Axesstel Diagnostic Port; C:\WINDOWS\System32

\Drivers\Axtmvprt.sys [2007-03-26 38784]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32

\drivers\cmaudio.sys [2002-11-18 377358]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2003-

10-19 25856]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys

[2005-01-02 3968]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32

\Drivers\pcouffin.sys [2008-06-10 47360]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32

\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od

společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-

04-14 20608]
S3 cmuda3;C-Media PCI Audio Interface; C:\WINDOWS\system32

\drivers\cmuda3.sys [2004-08-16 798592]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32

\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32

\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32

\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32

\DRIVERS\lgusbbus.sys []
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32

\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32

\DRIVERS\lgusbmodem.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys

[2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys

[2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;

C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VIAudio;Zvukový řadič VIA AC'97 (WDM); C:\WINDOWS\system32

\drivers\ac97via.sys [2004-08-04 84480]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-

11-02 492000]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto,

3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common

Files\Seagate\Schedule2\schedul2.exe [2007-09-04 410904]
R2 acssrv;Agnitum Client Security Service; C:\PROGRA~1

\Agnitum\OUTPOS~1\acs.exe [2010-02-09 1338160]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir

Desktop\avguard.exe [2010-04-01 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program

Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32

\Ati2evxx.exe [2007-09-14 483328]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32

\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program

Files\Java\jre6\bin\jqs.exe [2010-04-30 153376]
R2 prfldsvc;Private Folder Service; C:\Program Files\Microsoft Private

Folder 1.0\PrfldSvc.exe [2006-04-21 69632]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement

Pack\SeaPort\SeaPort.exe [2010-05-14 249136]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe

[2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14

14336]
S2 AntiVirMailService;Avira AntiVir MailGuard; C:\Program

Files\Avira\AntiVir Desktop\avmailc.exe [2010-03-30 337064]
S2 AntiVirWebService;Avira AntiVir WebGuard; C:\Program

Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-04-01 405672]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-14

593920]
S3 aspnet_state;Stavová služba ASP.NET;

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-

07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service

v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727

\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;

C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[2008-07-29 46104]
S3 fsssvc;Windows Live Zabezpečení rodiny; C:\Program Files\Windows

Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 idsvc;Služba Windows CardSpace;

C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication

Foundation\infocard.exe [2008-07-29 881664]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program

Files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-10 1181328]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32

\TuneUpDefragService.exe [2009-08-23 306432]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing;

C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp;

C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication

Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

ahoj,
odinstaluj Ad-aware - natrvalo a aj Aviru - docasne
prescanuj PC s AVPTool http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 pocas scanu mozes odpojit PC od siete - ak prebieha nejaka nekala komunikacia

Ahoj,
AVPTool se mi prý na 3. pokus podařilo stáhnout, i když výsledná velikost souboru na ploše je 70,5 MB, zatím co původní velikost měla být 70.6 MB. Snad je to jen známý zaokrouhlovací rozdíl při počítání v desítkové soustavě a soubor není poškozen. Provedení dalších akcí (zejména Kašperského scan na procesoru 1,3 Gz se základní pamětí) zabere hodně času. Potom se ozvu.
Zatím moc díky.

Ahoj,
tak Kašperský tam našel zadní vrátka, v programu. který nebyl nainstalovaný. Jen jsem ho před časem stáhla na plochu a teď už si ani nevzpomínám, co to vlastně bylo a na co to bylo, případně pro koho to bylo.

Autoscan: completed 6 minutes ago (events: 13, objects: 618492, time: 06:55:07)
17.7.2010 19:03:05 Task completed
17.7.2010 17:31:13 Detected: MultiPacked.Multi.Generic H:\install\Mistek\play\big.money.deluxe.1.22.+keygen-tsrh\big.money.deluxe.1.22.keygen-tsrh.exe/ExeStealth
17.7.2010 17:22:35 Untreated: MultiPacked.Multi.Generic H:\install\Mistek\play\big.money.deluxe.1.22.+keygen-tsrh\big.money.deluxe.1.22.keygen-tsrh.rar/big.money.deluxe.1.22.keygen-tsrh.exe/ExeStealth Write not supported
17.7.2010 17:22:35 Detected: MultiPacked.Multi.Generic H:\install\Mistek\play\big.money.deluxe.1.22.+keygen-tsrh\big.money.deluxe.1.22.keygen-tsrh.rar/big.money.deluxe.1.22.keygen-tsrh.exe/ExeStealth
17.7.2010 17:11:33 Untreated: MultiPacked.Multi.Generic H:\install\Mistek\play\Big Money Deluxe 1.22 + Keygen.rar/big.money.deluxe.1.22.+keygen-tsrh/big.money.deluxe.1.22.keygen-tsrh.rar/big.money.deluxe.1.22.keygen-tsrh.exe/ExeStealth Write not supported
17.7.2010 17:11:33 Detected: MultiPacked.Multi.Generic H:\install\Mistek\play\Big Money Deluxe 1.22 + Keygen.rar/big.money.deluxe.1.22.+keygen-tsrh/big.money.deluxe.1.22.keygen-tsrh.rar/big.money.deluxe.1.22.keygen-tsrh.exe/ExeStealth
17.7.2010 17:10:15 Untreated: MultiPacked.Multi.Generic H:\install\Mistek\play\Big Money Deluxe 1.22 + Keygen.rar/big.money.deluxe.1.22.+keygen-tsrh/big.money.deluxe.1.22.keygen-tsrh.exe/ExeStealth Write not supported
17.7.2010 17:10:15 Detected: MultiPacked.Multi.Generic H:\install\Mistek\play\Big Money Deluxe 1.22 + Keygen.rar/big.money.deluxe.1.22.+keygen-tsrh/big.money.deluxe.1.22.keygen-tsrh.exe/ExeStealth
17.7.2010 16:13:52 Deleted: Hoax.Win32.Agent.na G:\Program Files\Nero\divxpp\DivFix++.exe
17.7.2010 16:13:14 Detected: Hoax.Win32.Agent.na G:\Program Files\Nero\divxpp\DivFix++.exe/PE_Patch.UPX/UPX
17.7.2010 12:59:46 Deleted: Backdoor.Win32.Bifrose.cqmy C:\Documents and Settings\Administrator\Plocha\zelscope10.exe
17.7.2010 12:58:47 Detected: Backdoor.Win32.Bifrose.cqmy C:\Documents and Settings\Administrator\Plocha\zelscope10.exe/zelscopesetup.msi/_C11A81A0C660B99D5E36B5C4FFD83A26/_9F5166DC6B1EAAE35A93D4AEA938292D/Armadillo
17.7.2010 12:07:58 Task started

Díky.

Druhý scan Kašperský (PC je z druhé ruky včetně systému a je tam hodně pohrobků ještě od původního majitele. Časem jsem koupila druhý disk a novou instalaci Win, takže C, D, E jsou moje, F, G, H původní disk s původní instalací, od které nenám CD. BIOS je nastavený na boot HD 0, CD ROM, floppy. Původní disk přijde zformátovat, jenže ještě tam mám pár cenných dokumentů z doby, než se aktivoval druhý disk. Chybí čas. My private folder je od Microsoftu.)

Autoscan: completed 18 hours ago (events: 13, objects: 618492, time: 06:55:07)
Autoscan: completed 13 hours ago (events: 9, objects: 153298, time: 00:46:41)
17.7.2010 23:45:48 Task started
18.7.2010 0:03:03 Processing error C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0813.JPG Read error
18.7.2010 0:30:28 Detected: MultiPacked.Multi.Generic H:\install\Mistek\play\big.money.deluxe.1.22.+keygen-tsrh\big.money.deluxe.1.22.keygen-tsrh.rar/big.money.deluxe.1.22.keygen-tsrh.exe/ExeStealth
18.7.2010 0:30:28 Untreated: MultiPacked.Multi.Generic H:\install\Mistek\play\big.money.deluxe.1.22.+keygen-tsrh\big.money.deluxe.1.22.keygen-tsrh.rar/big.money.deluxe.1.22.keygen-tsrh.exe/ExeStealth Write not supported
18.7.2010 0:30:31 Detected: MultiPacked.Multi.Generic H:\install\Mistek\play\Big Money Deluxe 1.22 + Keygen.rar/big.money.deluxe.1.22.+keygen-tsrh/big.money.deluxe.1.22.keygen-tsrh.exe/ExeStealth
18.7.2010 0:30:31 Untreated: MultiPacked.Multi.Generic H:\install\Mistek\play\Big Money Deluxe 1.22 + Keygen.rar/big.money.deluxe.1.22.+keygen-tsrh/big.money.deluxe.1.22.keygen-tsrh.exe/ExeStealth Write not supported
18.7.2010 0:30:45 Detected: MultiPacked.Multi.Generic H:\install\Mistek\play\Big Money Deluxe 1.22 + Keygen.rar/big.money.deluxe.1.22.+keygen-tsrh/big.money.deluxe.1.22.keygen-tsrh.rar/big.money.deluxe.1.22.keygen-tsrh.exe/ExeStealth
18.7.2010 0:30:45 Untreated: MultiPacked.Multi.Generic H:\install\Mistek\play\Big Money Deluxe 1.22 + Keygen.rar/big.money.deluxe.1.22.+keygen-tsrh/big.money.deluxe.1.22.keygen-tsrh.rar/big.money.deluxe.1.22.keygen-tsrh.exe/ExeStealth Write not supported
18.7.2010 0:32:29 Task completed

Než přijde kolega

Keygeny smažte
jak to teď vypadá s počítačem?

Keygeny smazal druhý scan Kašperského, jak je vidět z protokolu. Avira zatím obnovená není, PC jsem nepoužila. Plánuji přeinstalovat drivery, odinstalovat Real player a podobné blbinky, které si vynutila nová verze Firefoxu a vrátit se zpět ke K-lite kodeku. Vzhledem k tomu, že jsem teď vlezla na síť bez ochrany antiviru, opět nainstaluji a spustí, Kašperského.
Dobrou noc.

Dejte pak vědět, jak to vypadá

samožejmě, jen mi to zase bude chvilku trvat. Včera delý den, dnes jdu taky za chvilku do práce... PC je pořád jako šnek. Zatím díky.

Pak Vás ještě poprosím o nový log ze rsitu

Ahoj,
došlo k malé změně v organizaci. Kašperskému se ty keygeny nepodařilo vyseknout, jak jsem potom zjistila. Takže jsem v BIOSU změnila bootování z HDD-0 CD-ROM floppy na HDD-1 CD-ROM floppy, vyďobala nějaké ty moje soubory, které jsem našla, smazala mrchy ve třetím oddílu disku (tady jsem přesunula svoje soubory). Při odinstalovávání programů na mrtvé verzi Windows jsem si všimla, že instalace Open Office org je na živém disku. Bootování jsem vrátila zpátky a následoval formát 1. a 2. oddílu HDD-1, čili původní verze Windows, se kterou jsem počítač odkoupila, je snad pryč. Ve své instalaci jsem zatím přeinstalovala jen ovladače videa. Poslední scan Kašperského:
Autoscan: completed 2 hours ago (events: 3, objects: 611191, time: 06:24:55)
27.7.2010 15:05:51 Task started
27.7.2010 15:50:39 Processing error C:\Documents and Settings\Administrator\My Private Folder\JOKO\IMG_0813.JPG Read error
27.7.2010 21:30:47 Task completed
(Soubory z private jsou čisté, měla jsem obavy, aby složka nebyla Kašperským zrušena, takže jsem si je předtím zkopírovala do nechráněné složky.)
Zkusila jsem vrátit Aviru. Po instalaci se zupgradovala, teď měla problémy, podařilo se mi to nakonec až na čtvrtý pokus. Záhadný proces se pořád objevuje, Otpost ho blokuje. Zde je mezilog z RSIT:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-07-28 19:19:05
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 14 GB (28%) free of 50 GB
Total RAM: 639 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:19:54, on 28.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Opera\opera.exe
D:\Hry\karty\123 Free Solitaire\123FreeSolitaire.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [OutpostMonitor] "C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" /tray /noservice
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Opera\program\plugins\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Najít pomocí &Google - C:\Documents and Settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
O8 - Extra context menu item: Přeložit stránku pomocí Google - C:\Documents and Settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0948983460
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE57FFD4-D167-44D2-ACE1-FDF460994276}: NameServer = 78.136.128.4 78.136.128.12
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9611 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar.dll [2008-08-09 745472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-30 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-30 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar.dll [2008-08-09 745472]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"=Mixer.exe /startup []
"CmPCIaudio"=RunDll32 CMICNFG3.CPL,CMICtrlWnd []
"OutpostFeedBack"=C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe [2010-02-09 439784]
"OutpostMonitor"=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [2010-02-09 2447488]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\Program Files\Opera\program\plugins\NPSWF32_FlashUtil.exe [2010-01-27 256280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~1\agnitum\outpos~1\wl_hook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-09-14 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"GreyMSIAds"=1
"NoRecentDocsNetHood"=1
"NoDriveAutoRun"=67108611
"NoDriveTypeAutoRun"=0xF5000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======File associations======

.js - open - NOTEPAD.EXE %1
.reg - open - NOTEPAD.EXE %1
.scr - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2010-07-28 00:32:46 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Avira
2010-07-28 00:11:32 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2010-07-28 00:11:22 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2010-07-28 00:11:22 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys
2010-07-28 00:11:22 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2010-07-28 00:11:22 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys
2010-07-28 00:11:14 ----D---- C:\Program Files\Avira
2010-07-27 14:58:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\ATI
2010-07-10 23:41:31 ----D---- C:\Program Files\Mozilla Firefox
2010-07-09 18:44:07 ----D---- C:\Documents and Settings\Administrator\Data aplikací\HpUpdate
2010-07-09 18:43:36 ----D---- C:\WINDOWS\Hewlett-Packard

======List of files/folders modified in the last 1 months======

2010-07-28 19:19:23 ----D---- C:\Program Files\trend micro
2010-07-28 19:19:02 ----D---- C:\WINDOWS\Prefetch
2010-07-28 19:18:10 ----A---- C:\WINDOWS\ModemLog_Axesstel USB Modem.txt
2010-07-28 18:14:19 ----D---- C:\WINDOWS\Temp
2010-07-28 18:08:27 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-28 08:17:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-28 02:38:36 ----D---- C:\WINDOWS\system32\NtmsData
2010-07-28 01:00:56 ----D---- C:\WINDOWS\system32\Filt
2010-07-28 00:33:43 ----D---- C:\WINDOWS\Registration
2010-07-28 00:11:32 ----D---- C:\WINDOWS\system32\drivers
2010-07-28 00:11:14 ----RD---- C:\Program Files
2010-07-28 00:11:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Avira
2010-07-28 00:04:14 ----D---- C:\WINDOWS
2010-07-27 15:47:54 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Simple Sudoku
2010-07-27 15:05:22 ----SHD---- C:\System Volume Information
2010-07-27 15:03:41 ----HD---- C:\WINDOWS\inf
2010-07-27 14:53:03 ----SHD---- C:\WINDOWS\Installer
2010-07-27 14:53:03 ----HD---- C:\Config.Msi
2010-07-27 14:52:19 ----D---- C:\Program Files\ATI Technologies
2010-07-27 14:52:03 ----RSD---- C:\WINDOWS\assembly
2010-07-27 14:44:00 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2010-07-27 14:43:34 ----D---- C:\WINDOWS\system32\DirectX
2010-07-27 14:41:00 ----RD---- C:\WINDOWS\Web
2010-07-27 14:40:02 ----D---- C:\WINDOWS\system32
2010-07-23 06:48:51 ----D---- C:\Program Files\Mozilla Thunderbird
2010-07-20 09:15:52 ----SHD---- C:\RECYCLER
2010-07-15 08:50:23 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2010-07-15 08:39:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2010-07-15 08:30:16 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-07-14 21:14:52 ----A---- C:\WINDOWS\win.ini
2010-07-14 21:02:02 ----D---- C:\WINDOWS\system32\Restore
2010-07-14 09:31:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-14 09:30:55 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-12 18:14:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-10 23:43:45 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
2010-07-10 17:29:05 ----SD---- C:\WINDOWS\Tasks
2010-07-10 09:16:47 ----D---- C:\WINDOWS\WinSxS
2010-07-08 08:18:46 ----D---- C:\Program Files\TuneUp Utilities 2008
2010-07-07 07:43:48 ----SHD---- C:\WINDOWS\CSC
2010-07-06 07:51:31 ----D---- C:\WINDOWS\system32\config
2010-07-05 20:12:18 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Skype
2010-07-05 10:11:11 ----D---- C:\Program Files\Opera

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hotcore2;hotcore2; C:\WINDOWS\system32\drivers\hotcore2.sys [2006-10-02 30808]
R0 hotcore3;Hotcore helper; C:\WINDOWS\system32\DRIVERS\hotcore3.sys [2008-09-26 40496]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2008-09-14 120992]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-08-18 717296]
R0 timounter;Acronis True Image Backup Archive Explorer; C:\WINDOWS\system32\DRIVERS\timntr.sys [2008-09-14 400864]
R0 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys []
R1 SandBox;SandBox; C:\WINDOWS\system32\DRIVERS\SandBox.sys [2010-02-09 715000]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 StarPortLite;StarPort Storage Controller (Lite); C:\WINDOWS\system32\DRIVERS\StarPortLite.sys [2007-12-27 85760]
R1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys [2008-09-26 129824]
R1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys [2008-09-26 32048]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2007-10-29 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-01-02 9728]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R2 Prvflder;Prvflder; C:\WINDOWS\system32\DRIVERS\prvflder.sys [2006-04-21 70912]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-09-14 32768]
R3 afw;Agnitum firewall driver; C:\WINDOWS\system32\DRIVERS\afw.sys [2009-02-18 31128]
R3 afwcore;afwcore; C:\WINDOWS\system32\drivers\afwcore.sys [2009-11-02 257304]
R3 ASWFilt;ASWFilt; C:\WINDOWS\system32\Filt\ASWFilt.dll [2010-02-09 34488]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-14 2455040]
R3 Axtmvflt;Axesstel USB Filter Service; C:\WINDOWS\system32\DRIVERS\Axtmvflt.sys [2007-03-22 3456]
R3 Axtmvmdm;Axesstel USB Modem; C:\WINDOWS\system32\DRIVERS\Axtmvmdm.sys [2007-03-26 40064]
R3 Axtmvprt;Axesstel Diagnostic Port; C:\WINDOWS\System32\Drivers\Axtmvprt.sys [2007-03-26 38784]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2003-10-19 25856]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-01-02 3968]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-06-10 47360]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys []
S3 cmuda3;C-Media PCI Audio Interface; C:\WINDOWS\system32\drivers\cmuda3.sys [2004-08-16 798592]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VIAudio;Zvukový řadič VIA AC'97 (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2004-08-04 84480]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [2007-09-04 410904]
R2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2010-02-09 1338160]
R2 AntiVirMailService;Avira AntiVir MailGuard; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [2010-03-30 337064]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-04-01 405672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-14 483328]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-30 153376]
R2 prfldsvc;Private Folder Service; C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe [2006-04-21 69632]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-14 593920]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-08-23 306432]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Do přeinstalování FireFoxu, Office a playerů se asi pustím o víkendu, tento bych měla mít volný, minulý byl pracovní.

Zatím moc díky.

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe


- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

Ahoj,
tady je log z Combofixu: (Outpost vypnutý, Avira jen sklopená, vypnout se nedá.)

ComboFix 10-07-27.05 - Administrator 29.07.2010 7:26.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.639.240 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
FW: Outpost Firewall Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\avcodec-51.dll
c:\documents and settings\All Users\avformat-51.dll
c:\documents and settings\All Users\avutil-49.dll
c:\documents and settings\All Users\swscale-0.dll
c:\documents and settings\kluci\Dokumenty\cc_20100707_014529.reg
c:\documents and settings\Sylva\Dokumenty\cc_20100708_070433.reg
c:\windows\msvrc20.dll
c:\windows\system32\1029\dwintl.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\1029 . . . . nemohl být smazán

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-28 do 2010-07-29 )))))))))))))))))))))))))))))))
.

2010-07-27 22:11 . 2010-03-01 08:06 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-07-27 22:11 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-27 22:11 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-07-27 22:11 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-07-27 22:11 . 2010-07-27 22:11 -------- d-----w- c:\program files\Avira
2010-07-14 00:37 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-09 16:43 . 2010-07-09 16:43 -------- d-----w- c:\windows\Hewlett-Packard
2010-07-08 04:59 . 2010-07-08 04:59 -------- d-sh--w- c:\documents and settings\Sylva\PrivacIE

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-28 17:19 . 2009-11-17 13:55 -------- d-----w- c:\program files\trend micro
2010-07-27 12:52 . 2009-11-02 15:15 -------- d-----w- c:\program files\ATI Technologies
2010-07-23 04:48 . 2008-06-09 12:38 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-07-18 10:43 . 2008-08-09 19:34 30 ----a-w- c:\windows\popcinfo.dat
2010-07-12 16:14 . 2007-10-29 12:00 83582 ----a-w- c:\windows\system32\perfc005.dat
2010-07-12 16:14 . 2007-10-29 12:00 438772 ----a-w- c:\windows\system32\perfh005.dat
2010-07-08 06:18 . 2009-05-03 12:14 -------- d-----w- c:\program files\TuneUp Utilities 2008
2010-07-05 08:11 . 2010-01-02 13:20 -------- d-----w- c:\program files\Opera
2010-06-23 05:26 . 2009-02-08 16:04 -------- d-----w- c:\program files\MediaCoder
2010-06-14 14:31 . 2008-06-08 22:58 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-07 16:39 . 2009-04-28 03:27 -------- d-----w- c:\program files\rajce
2010-06-04 21:34 . 2008-06-10 16:56 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-21 12:14 . 2009-10-18 02:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-06 10:35 . 2007-10-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2007-10-29 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-30 10:52 . 2008-06-09 00:41 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-04-30 10:45 . 2010-04-30 10:46 411368 ----a-w- c:\windows\system32\deployJava1.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe" [2010-02-09 439784]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2010-02-09 2447488]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"GreyMSIAds"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf e:\program files\iolo\System Mechanic 6"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
"HydraVisionDesktopManager"=c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 hotcore2;hotcore2;c:\windows\system32\drivers\hotcore2.sys [12.6.2008 10:02 30808]
R0 hotcore3;Hotcore helper;c:\windows\system32\drivers\hotcore3.sys [2.2.2009 10:57 40496]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [9.4.2009 7:26 715000]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [18.8.2009 17:34 85760]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [9.4.2009 7:26 1338160]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [28.7.2010 0:11 135336]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [21.4.2006 8:22 70912]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [9.4.2009 7:26 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [9.4.2009 7:27 257304]
R3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [9.4.2009 7:26 34488]
R3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\Axtmvflt.sys [28.1.2010 20:19 3456]
R3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\Axtmvmdm.sys [28.1.2010 20:19 40064]
R3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\Axtmvprt.sys [28.1.2010 20:19 38784]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [28.7.2010 0:11 337064]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [28.7.2010 0:11 405672]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.8.2009 17:55 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-07-02 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 11:31]

2010-07-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html
IE: Najít pomocí &Google - c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
IE: Přeložit stránku pomocí Google - c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm
IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\q13obgam.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-CmPCIaudio - CMICNFG3.CPL



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-29 07:52
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(808)
c:\windows\system32\relog_ap.dll
c:\program files\Avira\AntiVir Desktop\avsda.dll

- - - - - - - > 'explorer.exe'(3944)
c:\program files\Microsoft Private Folder 1.0\ShellExt.dll
c:\windows\system32\PFLib.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Seagate\Schedule2\schedul2.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft Private Folder 1.0\PrfldSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\Mixer.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2010-07-29 08:02:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-29 06:02

Před spuštěním: Volných bajtů: 13 750 218 752
Po spuštění: Volných bajtů: 13 150 679 040

Current=2 Default=2 Failed=4 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - CE1F361CDB6617D0862ED1224814CEA5

Zatím díky.

Jak to ted vypadá s počítačem?

:arrow:najděte soubor c:\qoobox\qarantine\c\windows\system32\1029\dwintl.dll.vir,
vytáhněte ho z qooboxu, umažte koncovku vir a dejte zpět do složky c:\windows\system32\1029


Používáte nějaké usbklíče?

Avira má odříznutý webový a emailový štít (ten jsem používala, když si chci nějaké emaily stáhnout do Mozilla Thunderbirdu), Neznámý proces Outpost blokoval okamžitě, jak jsem spustila Operu. Mašinka se nepatrně zrychlila, ale pořád to není ono. V klíčích mne zarazil System mechanic, ten jsem kdysi zkoušela, ale pak jsem ho odinstalovala, pral se s Outpostem. Usbklíče nepoužívám, jen USB flash disky. Taky mi vrtá hlavou jedna věc: Kdysi byly v počítači dva HD a 3 optické mechaniky. Pak mi odešel zdroj, takže jsem koupila jiný, ten má ale napájení jen pro 4 mechaniky. V počítači tedy zůstaly 2 HD a 2 DVD mechaniky, když však kliknu na "tento počítač", zobrazuje se pořád i neexistující CD mechanika. Pochopitelně pokusy "vysunout" neexistující mechaniku vedou k tuhnutí počítače. Při psaní této zprávy se objevil další fór. Chtěla jsem opravit překlep ve slově tento počítač. Najela jsem na slovo myší a klikla na ně levým tlačítkem. Místo umístění kurzoru se však slovo označené jako překlep zachovalo jako odkaz a přesunulo mne na stránku http://www.gfi.cz/webmon/?utm_source=ig ... gn=product a měla jsem pak problém se vrátit do psaní zprávy. (Zatímco slovo usbklíče? ve Vašem textu, které jsem předtím chtěla zkopírovat, mne zavedlo na http://www.antivirovecentrum.cz/) Teď už se to chová normálně, i ky usbklíče jsem zkopírovala.
Zatím díky, už mi padá hlava do klávesnice. Dobrou noc.