Zdravím! Klávesnice mi už podruhé začala psát znaky navíc, někdy při nějakém stisknutí klávesy se pc vypne, jako se mi to stalo před chvílí... Než se však vypl, chtěla jsem spustit adaware ze spodní lišty a při každém kliknutí na šipku mi jedna ikona zmizela. teď při zapnutí už jsou však zpátky. je to problém software nebo tu mám nějaký vir? přikládám log z rsit a hijackthis. předem děkuji
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:11, on 22.8.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1ca03362aa4a612) (gupdate1ca03362aa4a612) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
--
End of file - 4115 bytes
rsit:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Reneček at 2010-08-22 09:59:02
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (19%) free of 11 GB
Total RAM: 447 MB (27% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:59:08, on 22.8.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Reneček\Dokumenty\Stažené soubory\RSIT(2).exe
C:\Program Files\trend micro\Reneček.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1ca03362aa4a612) (gupdate1ca03362aa4a612) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
--
End of file - 4539 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for Reneček.job
C:\WINDOWS\tasks\PCConfidential.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-04 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-03-17 339968]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-06-20 77824]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-03-15 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"D:\Dáša\ParadiseCasino - Czech\casino.exe"="D:\Dáša\ParadiseCasino - Czech\casino.exe:*:Enabled:casino"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\Reneček\Dokumenty\Stažené soubory\SweetImSetup.exe"="C:\Documents and Settings\Reneček\Dokumenty\Stažené soubory\SweetImSetup.exe:*:Enabled:SweetIM Installer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-08-17 07:12:59 ----D---- C:\Program Files\Common Files\Java
2010-08-17 07:12:27 ----A---- C:\WINDOWS\system32\javaws.exe
2010-08-17 07:12:27 ----A---- C:\WINDOWS\system32\javaw.exe
2010-08-17 07:12:27 ----A---- C:\WINDOWS\system32\java.exe
2010-08-03 12:42:34 ----D---- C:\Program Files\Avanquest update
2010-08-03 12:41:15 ----D---- C:\Program Files\Motorola Phone Tools
2010-08-03 12:32:03 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-08-03 12:31:54 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2010-08-03 12:31:07 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-08-03 12:29:50 ----D---- C:\WINDOWS\system32\LogFiles
2010-08-03 12:29:50 ----D---- C:\WINDOWS\system32\drivers\UMDF
2010-08-03 12:29:25 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2010-07-26 11:54:28 ----D---- C:\Documents and Settings\Reneček\Data aplikací\Awem
2010-07-26 11:53:53 ----D---- C:\Program Files\Hry.cz
======List of files/folders modified in the last 1 months======
2010-08-22 09:59:06 ----D---- C:\WINDOWS\Prefetch
2010-08-22 09:59:05 ----D---- C:\Program Files\Trend Micro
2010-08-22 09:30:08 ----D---- C:\Documents and Settings\Reneček\Data aplikací\Skype
2010-08-22 08:19:03 ----D---- C:\WINDOWS\Temp
2010-08-22 06:53:38 ----D---- C:\WINDOWS\system32\ias
2010-08-22 06:52:59 ----A---- C:\WINDOWS\ModemLog_Sériový kabel mezi dvěma počítači.txt
2010-08-22 06:52:57 ----A---- C:\WINDOWS\ModemLog_Sériový kabel mezi dvěma počítači #2.txt
2010-08-21 19:26:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-21 14:52:17 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-20 14:57:11 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-08-17 20:29:33 ----D---- C:\WINDOWS\system32
2010-08-17 12:00:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\AlawarWrapper
2010-08-17 07:12:59 ----SHD---- C:\WINDOWS\Installer
2010-08-17 07:12:59 ----D---- C:\Program Files\Common Files
2010-08-17 07:12:04 ----D---- C:\Program Files\Java
2010-08-12 18:47:31 ----D---- C:\Documents and Settings\Reneček\Data aplikací\skypePM
2010-08-12 08:35:56 ----D---- C:\WINDOWS
2010-08-11 08:57:51 ----D---- C:\WINDOWS\system32\drivers
2010-08-04 09:02:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-04 09:02:28 ----D---- C:\WINDOWS\AppPatch
2010-08-03 12:46:52 ----A---- C:\WINDOWS\ModemLog_Motorola USB Modem.txt
2010-08-03 12:44:31 ----HD---- C:\WINDOWS\inf
2010-08-03 12:42:34 ----RD---- C:\Program Files
2010-08-03 12:42:34 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-03 12:42:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\BVRP Software
2010-08-03 12:39:09 ----D---- C:\WINDOWS\WinSxS
2010-08-03 12:31:45 ----A---- C:\WINDOWS\imsins.BAK
2010-08-03 12:31:20 ----D---- C:\Program Files\Windows Media Player
2010-08-03 12:27:15 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-07-28 12:20:10 ----D---- C:\WINDOWS\system32\Adobe
2010-07-28 12:20:06 ----D---- C:\Documents and Settings\Reneček\Data aplikací\Macromedia
2010-07-28 12:19:39 ----D---- C:\WINDOWS\system32\Macromed
2010-07-24 22:24:46 ----D---- C:\Documents and Settings\Reneček\Data aplikací\Adobe
2010-07-24 14:07:28 ----D---- C:\Program Files\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-03-03 48640]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-02-23 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2004-12-03 20544]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-20 2324480]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-03-15 1032192]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-04-13 70144]
S3 ASFWHide;ASFWHide; \??\C:\Documents and Settings\Reneček\Local Settings\TEMP\ASFWHide []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2010-08-03 22768]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-15 1029456]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-03-15 352256]
S2 gupdate1ca03362aa4a612;Google Update Service (gupdate1ca03362aa4a612); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-12 133104]
S2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR []
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
klávesnice mi píše znaky navíc, zmizely mi ikony
Moderátor: Moderátoři
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Re: klávesnice mi píše znaky navíc, zmizely mi ikony
Hezké odpoledne 
V nouzovém režimu je to stejné?
Zazálohujte si důležitá data, pro jistotu
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-souhlaste s instalací konzole pro zotavení
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem
V nouzovém režimu je to stejné?
Zazálohujte si důležitá data, pro jistotu Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe -souhlaste s instalací konzole pro zotavení
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: klávesnice mi píše znaky navíc, zmizely mi ikony
ComboFix 10-08-22.05 - Reneček 23.08.2010 11:50:52.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.447.208 [GMT 2:00]
Spuštěný z: c:\documents and settings\Reneček\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100823-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-23 do 2010-08-23 )))))))))))))))))))))))))))))))
.
2010-08-17 18:29 . 2010-08-17 18:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-17 05:12 . 2010-08-17 05:12 -------- d-----w- c:\program files\Common Files\Java
2010-08-03 10:42 . 2010-08-03 10:43 -------- d-----w- c:\program files\Avanquest update
2010-08-03 10:41 . 2010-08-03 10:42 -------- d-----w- c:\program files\Motorola Phone Tools
2010-08-03 10:29 . 2010-08-03 10:31 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-08-03 10:29 . 2010-08-03 10:29 -------- d-----w- c:\windows\system32\LogFiles
2010-07-26 09:53 . 2010-08-17 10:00 -------- d-----w- c:\program files\Hry.cz
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-22 07:59 . 2009-08-06 08:15 -------- d-----w- c:\program files\Trend Micro
2010-08-20 12:57 . 2010-06-20 09:18 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-17 05:12 . 2010-07-13 18:57 -------- d-----w- c:\program files\Java
2010-08-03 10:42 . 2009-07-12 22:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-03 10:40 . 2009-07-31 08:50 22768 ----a-w- c:\windows\system32\drivers\usbsermpt.sys
2010-07-22 08:31 . 2010-07-22 08:31 -------- d-----w- c:\program files\Plus500
2010-07-21 16:05 . 2004-07-17 09:36 11376 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-07-20 04:22 . 2009-08-10 11:00 -------- d-----w- c:\program files\uTorrent
2010-07-19 12:32 . 2001-10-25 12:00 73724 ----a-w- c:\windows\system32\perfc005.dat
2010-07-19 12:32 . 2001-10-25 12:00 401978 ----a-w- c:\windows\system32\perfh005.dat
2010-07-19 12:31 . 2010-07-19 12:31 -------- d-----w- c:\program files\Realtek AC97
2010-07-19 11:49 . 2009-07-12 20:50 22944 ----a-w- c:\windows\system32\emptyregdb.dat
2010-07-17 03:00 . 2010-06-29 21:07 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-16 13:21 . 2006-04-03 17:47 48 ----a-w- c:\windows\ELP0102.dat
2010-07-14 08:45 . 2010-07-14 08:44 -------- d-----r- c:\program files\Skype
2010-07-14 08:44 . 2010-07-14 08:44 -------- d-----w- c:\program files\Common Files\Skype
2010-07-03 08:08 . 2009-07-12 21:17 -------- d-----w- c:\program files\Google
2009-08-07 06:32 . 2009-08-07 06:32 61440 ----a-w- c:\program files\mozilla firefox\components\gemgecko.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-08-23_07.09.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-23 09:38 . 2010-08-23 09:38 16384 c:\windows\Temp\Perflib_Perfdata_4d0.dat
+ 2010-08-23 09:38 . 2010-08-23 09:38 16384 c:\windows\Temp\Perflib_Perfdata_1c0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-17 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 77824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"d:\\Dáša\\ParadiseCasino - Czech\\casino.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12.7.2009 23:18 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12.7.2009 23:24 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.7.2009 23:24 20560]
S2 gupdate1ca03362aa4a612;Google Update Service (gupdate1ca03362aa4a612);c:\program files\Google\Update\GoogleUpdate.exe [12.7.2009 23:17 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3.7.2009 16:49 1029456]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-07-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 22:18]
2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 21:17]
2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 21:17]
2010-08-21 c:\windows\Tasks\Norton Security Scan for Reneček.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-20 05:31]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Reneček\Data aplikací\Mozilla\Firefox\Profiles\1artjxm7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.atlas.cz/
FF - prefs.js: keyword.URL -
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Reneček\Data aplikací\Mozilla\Firefox\Profiles\1artjxm7.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Reneček\Data aplikací\Mozilla\Firefox\Profiles\1artjxm7.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npfiller.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-23 11:54
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\documents and settings\Reneček\Local Settings\TEMP\ASFWHide"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(428)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2052)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-08-23 11:55:04
ComboFix-quarantined-files.txt 2010-08-23 09:55
ComboFix2.txt 2010-08-23 07:10
Před spuštěním: 3 556 503 552
Po spuštění: 3 549 921 280
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 738DB7C0F991FA3AF16DF4A4B00D0D6B
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.447.208 [GMT 2:00]
Spuštěný z: c:\documents and settings\Reneček\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100823-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-23 do 2010-08-23 )))))))))))))))))))))))))))))))
.
2010-08-17 18:29 . 2010-08-17 18:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-17 05:12 . 2010-08-17 05:12 -------- d-----w- c:\program files\Common Files\Java
2010-08-03 10:42 . 2010-08-03 10:43 -------- d-----w- c:\program files\Avanquest update
2010-08-03 10:41 . 2010-08-03 10:42 -------- d-----w- c:\program files\Motorola Phone Tools
2010-08-03 10:29 . 2010-08-03 10:31 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-08-03 10:29 . 2010-08-03 10:29 -------- d-----w- c:\windows\system32\LogFiles
2010-07-26 09:53 . 2010-08-17 10:00 -------- d-----w- c:\program files\Hry.cz
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-22 07:59 . 2009-08-06 08:15 -------- d-----w- c:\program files\Trend Micro
2010-08-20 12:57 . 2010-06-20 09:18 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-17 05:12 . 2010-07-13 18:57 -------- d-----w- c:\program files\Java
2010-08-03 10:42 . 2009-07-12 22:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-03 10:40 . 2009-07-31 08:50 22768 ----a-w- c:\windows\system32\drivers\usbsermpt.sys
2010-07-22 08:31 . 2010-07-22 08:31 -------- d-----w- c:\program files\Plus500
2010-07-21 16:05 . 2004-07-17 09:36 11376 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-07-20 04:22 . 2009-08-10 11:00 -------- d-----w- c:\program files\uTorrent
2010-07-19 12:32 . 2001-10-25 12:00 73724 ----a-w- c:\windows\system32\perfc005.dat
2010-07-19 12:32 . 2001-10-25 12:00 401978 ----a-w- c:\windows\system32\perfh005.dat
2010-07-19 12:31 . 2010-07-19 12:31 -------- d-----w- c:\program files\Realtek AC97
2010-07-19 11:49 . 2009-07-12 20:50 22944 ----a-w- c:\windows\system32\emptyregdb.dat
2010-07-17 03:00 . 2010-06-29 21:07 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-16 13:21 . 2006-04-03 17:47 48 ----a-w- c:\windows\ELP0102.dat
2010-07-14 08:45 . 2010-07-14 08:44 -------- d-----r- c:\program files\Skype
2010-07-14 08:44 . 2010-07-14 08:44 -------- d-----w- c:\program files\Common Files\Skype
2010-07-03 08:08 . 2009-07-12 21:17 -------- d-----w- c:\program files\Google
2009-08-07 06:32 . 2009-08-07 06:32 61440 ----a-w- c:\program files\mozilla firefox\components\gemgecko.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-08-23_07.09.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-23 09:38 . 2010-08-23 09:38 16384 c:\windows\Temp\Perflib_Perfdata_4d0.dat
+ 2010-08-23 09:38 . 2010-08-23 09:38 16384 c:\windows\Temp\Perflib_Perfdata_1c0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-17 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 77824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"d:\\Dáša\\ParadiseCasino - Czech\\casino.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12.7.2009 23:18 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12.7.2009 23:24 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.7.2009 23:24 20560]
S2 gupdate1ca03362aa4a612;Google Update Service (gupdate1ca03362aa4a612);c:\program files\Google\Update\GoogleUpdate.exe [12.7.2009 23:17 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3.7.2009 16:49 1029456]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-07-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 22:18]
2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 21:17]
2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 21:17]
2010-08-21 c:\windows\Tasks\Norton Security Scan for Reneček.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-20 05:31]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Reneček\Data aplikací\Mozilla\Firefox\Profiles\1artjxm7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.atlas.cz/
FF - prefs.js: keyword.URL -
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Reneček\Data aplikací\Mozilla\Firefox\Profiles\1artjxm7.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Reneček\Data aplikací\Mozilla\Firefox\Profiles\1artjxm7.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npfiller.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-23 11:54
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\documents and settings\Reneček\Local Settings\TEMP\ASFWHide"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(428)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2052)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-08-23 11:55:04
ComboFix-quarantined-files.txt 2010-08-23 09:55
ComboFix2.txt 2010-08-23 07:10
Před spuštěním: 3 556 503 552
Po spuštění: 3 549 921 280
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 738DB7C0F991FA3AF16DF4A4B00D0D6B
Re: klávesnice mi píše znaky navíc, zmizely mi ikony
Máte něco od firmy Ashampoo?
Jak to ted vypadá s počítačem?
Jak to ted vypadá s počítačem?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: klávesnice mi píše znaky navíc, zmizely mi ikony
děla si co chce.ashampoo mam
Re: klávesnice mi píše znaky navíc, zmizely mi ikony
Jakou máte klávesnici? klasickou nebo přes USB?
Máte možnost vyzkoušet jinou?
Máte možnost vyzkoušet jinou?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: klávesnice mi píše znaky navíc, zmizely mi ikony
tedužnejdejenoklávesnici
Re: klávesnice mi píše znaky navíc, zmizely mi ikony
Můžete vyzkoušet, jestli máte stejné problémy v nouzovém režimu? (po restartu mačkejte F8)
Stáhněte Bootkit Remover http://www.esagelab.com/files/bootkit_remover.rar
-uložte ho na plochu a spusťte
- pravým tlačítkem myši klikněte do černého okna, zvolte Vybrat vše, stiskněte CTRL+C a pak zde na foru CTRL+V.
Stáhněte Bootkit Remover http://www.esagelab.com/files/bootkit_remover.rar-uložte ho na plochu a spusťte
- pravým tlačítkem myši klikněte do černého okna, zvolte Vybrat vše, stiskněte CTRL+C a pak zde na foru CTRL+V.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: klávesnice mi píše znaky navíc, zmizely mi ikony
Zdravím! Tak problém je konečně vyřešen - byla to právě ta klávesnice. Teď už mám koupenou novou a pc funguje bez problému. Díky moc za pomoc a za čas. A omlouváme se za to, jak jsem psala - jen jsem kopírovala písmenka po písmenku myší a pak mi nešly mezery Ještě jednou díky.
Ještě jednou díky.Re: klávesnice mi píše znaky navíc, zmizely mi ikony
arrow: Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:
ComboFix /Uninstall
-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
***********
Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe
-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir
***********
Z mého podpisu stahněte Ccleaner- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner
záložka Registry- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy
ok zavřít Záložka Nástroje- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.
Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
***********
Stahněte OTC a použijtehttp://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech
***********
Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: klávesnice mi píše znaky navíc, zmizely mi ikony
Jo, počítač šlape jako hodinky Ještě jednou moc díky. Dávám sem tedy pro jistotu ještě ten log:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Reneček at 2010-08-26 09:05:58
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 4 GB (38%) free of 11 GB
Total RAM: 447 MB (2% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:06:37, on 26.8.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\KB350e\MagicKey.exe
C:\Program Files\KB350e\OSD.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Plus500\main\InvestSoftProject.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Reneček\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Reneček.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KB350e] C:\Program Files\KB350e\MagicKey.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1ca03362aa4a612) (gupdate1ca03362aa4a612) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)
--
End of file - 3484 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-06-20 77824]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-03-17 339968]
"KB350e"=C:\Program Files\KB350e\MagicKey.exe [2007-12-12 184320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-03-15 61440]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"D:\Dáša\ParadiseCasino - Czech\casino.exe"="D:\Dáša\ParadiseCasino - Czech\casino.exe:*:Enabled:casino"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-08-26 09:05:58 ----D---- C:\rsit
2010-08-25 14:34:13 ----D---- C:\Program Files\DIFX
2010-08-25 14:34:06 ----RA---- C:\WINDOWS\system32\drivers\230Fltr.sys
2010-08-25 14:33:57 ----D---- C:\Program Files\KB350e
2010-08-25 14:33:46 ----D---- C:\Documents and Settings\Reneček\Data aplikací\InstallShield
2010-08-25 14:31:16 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-08-25 14:31:14 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys
2010-08-25 14:31:08 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2010-08-25 14:31:04 ----A---- C:\WINDOWS\system32\drivers\usbccgp.sys
2010-08-24 19:11:18 ----SHD---- C:\Config.Msi
2010-08-24 17:58:34 ----RSHD---- C:\_Backup.RC
2010-08-24 17:58:31 ----HD---- C:\_Backup
2010-08-24 17:57:22 ----D---- C:\Documents and Settings\Reneček\Data aplikací\VCOM
2010-08-24 17:56:55 ----D---- C:\Program Files\VCOM
2010-08-24 15:00:23 ----D---- C:\Program Files\Turbo Navigator
2010-08-24 14:35:53 ----D---- C:\WINDOWS\pss
2010-08-23 21:53:59 ----SHD---- C:\RECYCLER
2010-08-23 20:01:35 ----D---- C:\WINDOWS\Prefetch
2010-08-23 19:48:19 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-08-23 19:42:48 ----A---- C:\WINDOWS\system32\irclass.dll
2010-08-23 19:42:47 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-08-23 19:42:32 ----RA---- C:\WINDOWS\SET3F.tmp
2010-08-23 19:42:28 ----RA---- C:\WINDOWS\SET30.tmp
2010-08-23 19:42:27 ----RA---- C:\WINDOWS\SET2D.tmp
2010-08-23 18:23:56 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-08-23 18:19:45 ----ASH---- C:\pagefile.sys
2010-08-23 17:58:55 ----RA---- C:\WINDOWS\SET38.tmp
2010-08-23 17:58:51 ----RA---- C:\WINDOWS\SET2C.tmp
2010-08-23 17:58:50 ----RA---- C:\WINDOWS\SET29.tmp
2010-08-23 11:50:18 ----RASHD---- C:\CMDCONS12
2010-08-23 09:01:39 ----A---- C:\WINDOWS\PEV.exe
2010-08-23 09:01:39 ----A---- C:\WINDOWS\MBR.exe
2010-08-23 09:01:34 ----D---- C:\WINDOWS\ERDNT
2010-08-17 07:12:59 ----D---- C:\Program Files\Common Files\Java
2010-08-17 07:12:27 ----A---- C:\WINDOWS\system32\javaws.exe
2010-08-17 07:12:27 ----A---- C:\WINDOWS\system32\javaw.exe
2010-08-17 07:12:27 ----A---- C:\WINDOWS\system32\java.exe
2010-08-03 12:42:34 ----D---- C:\Program Files\Avanquest update
2010-08-03 12:41:15 ----D---- C:\Program Files\Motorola Phone Tools
2010-08-03 12:32:03 ----A---- C:\WINDOWS\system32\spmsg.dll
2010-08-03 12:29:50 ----D---- C:\WINDOWS\system32\LogFiles
2010-08-03 12:29:50 ----D---- C:\WINDOWS\system32\drivers\UMDF
======List of files/folders modified in the last 1 months======
2010-08-26 09:06:16 ----D---- C:\Program Files\Trend Micro
2010-08-26 09:01:20 ----D---- C:\WINDOWS\Temp
2010-08-26 09:01:12 ----D---- C:\WINDOWS\system32\ias
2010-08-26 09:01:09 ----A---- C:\WINDOWS\ModemLog_Sériový kabel mezi dvěma počítači.txt
2010-08-26 09:01:09 ----A---- C:\WINDOWS\ModemLog_Sériový kabel mezi dvěma počítači #2.txt
2010-08-26 09:01:04 ----D---- C:\WINDOWS
2010-08-26 08:59:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-26 08:51:46 ----D---- C:\Program Files\Hry.cz
2010-08-25 14:35:12 ----D---- C:\WINDOWS\system32\drivers
2010-08-25 14:34:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-25 14:34:13 ----RD---- C:\Program Files
2010-08-25 14:34:11 ----D---- C:\WINDOWS\system32
2010-08-25 14:34:10 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-08-25 14:34:02 ----HD---- C:\WINDOWS\inf
2010-08-25 14:34:02 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-08-25 14:33:54 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-25 14:31:02 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-25 07:36:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-24 22:15:46 ----D---- C:\Documents and Settings\Reneček\Data aplikací\Mozilla
2010-08-24 22:15:14 ----D---- C:\Program Files\Mozilla Firefox
2010-08-24 21:01:18 ----ASH---- C:\boot.ini
2010-08-24 19:11:46 ----SHD---- C:\WINDOWS\Installer
2010-08-24 19:11:43 ----D---- C:\WINDOWS\WinSxS
2010-08-24 19:01:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2010-08-24 19:01:50 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-08-24 19:01:44 ----SD---- C:\WINDOWS\Tasks
2010-08-24 17:58:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\BVRP Software
2010-08-24 17:52:48 ----D---- C:\WINDOWS\system32\CatRoot
2010-08-24 16:20:32 ----SHD---- C:\System Volume Information
2010-08-24 16:20:32 ----D---- C:\WINDOWS\system32\Restore
2010-08-24 16:03:48 ----A---- C:\WINDOWS\win.ini
2010-08-24 16:03:48 ----A---- C:\WINDOWS\system.ini
2010-08-24 15:24:00 ----D---- C:\WINDOWS\SoftwareDistribution
2010-08-24 15:23:57 ----D---- C:\WINDOWS\Help
2010-08-24 14:51:52 ----D---- C:\Documents and Settings\Reneček\Data aplikací\Skype
2010-08-24 14:50:43 ----D---- C:\WINDOWS\security
2010-08-24 13:22:59 ----D---- C:\WINDOWS\Debug
2010-08-24 13:22:58 ----D---- C:\WINDOWS\Minidump
2010-08-23 23:02:30 ----D---- C:\Documents and Settings
2010-08-23 22:18:40 ----D---- C:\Program Files\Windows Media Player
2010-08-23 21:40:26 ----D---- C:\WINDOWS\system
2010-08-23 21:40:25 ----D---- C:\WINDOWS\system32\Setup
2010-08-23 21:40:10 ----D---- C:\WINDOWS\system32\usmt
2010-08-23 21:39:57 ----D---- C:\WINDOWS\AppPatch
2010-08-23 21:39:56 ----D---- C:\WINDOWS\ehome
2010-08-23 21:39:55 ----D---- C:\WINDOWS\ime
2010-08-23 21:39:53 ----RSD---- C:\WINDOWS\Fonts
2010-08-23 21:39:51 ----D---- C:\WINDOWS\Media
2010-08-23 21:39:35 ----D---- C:\WINDOWS\PeerNet
2010-08-23 21:39:17 ----D---- C:\WINDOWS\system32\npp
2010-08-23 21:39:07 ----D---- C:\WINDOWS\msagent
2010-08-23 21:36:00 ----D---- C:\WINDOWS\system32\1029
2010-08-23 21:35:49 ----D---- C:\WINDOWS\twain_32
2010-08-23 21:35:32 ----D---- C:\WINDOWS\system32\icsxml
2010-08-23 21:34:43 ----D---- C:\WINDOWS\system32\1033
2010-08-23 21:32:54 ----D---- C:\WINDOWS\Driver Cache
2010-08-23 20:05:59 ----D---- C:\WINDOWS\Registration
2010-08-23 20:01:06 ----D---- C:\WINDOWS\system32\config
2010-08-23 19:49:24 ----A---- C:\WINDOWS\ODBCINST.INI
2010-08-23 19:48:46 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2010-08-23 19:48:21 ----RD---- C:\WINDOWS\Web
2010-08-23 19:48:15 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-08-23 19:48:02 ----D---- C:\WINDOWS\system32\oobe
2010-08-23 19:47:13 ----D---- C:\WINDOWS\system32\Com
2010-08-23 19:46:51 ----D---- C:\Program Files\Messenger
2010-08-23 19:46:50 ----D---- C:\WINDOWS\system32\wbem
2010-08-23 19:42:42 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2010-08-23 19:20:29 ----A---- C:\WINDOWS\UPGRADE.TXT
2010-08-23 11:52:32 ----D---- C:\Program Files\Common Files
2010-08-17 12:00:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\AlawarWrapper
2010-08-17 07:12:04 ----D---- C:\Program Files\Java
2010-08-12 18:47:31 ----D---- C:\Documents and Settings\Reneček\Data aplikací\skypePM
2010-08-03 12:46:52 ----A---- C:\WINDOWS\ModemLog_Motorola USB Modem.txt
2010-07-28 12:20:10 ----D---- C:\WINDOWS\system32\Adobe
2010-07-28 12:20:06 ----D---- C:\Documents and Settings\Reneček\Data aplikací\Macromedia
2010-07-28 12:19:39 ----D---- C:\WINDOWS\system32\Macromed
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-03-03 48640]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-02-23 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2004-12-03 20544]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 230Fltr;KB350e USB Filter Driver; C:\WINDOWS\System32\Drivers\230Fltr.sys [2007-11-26 8192]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-20 2324480]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-03-15 1032192]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-04-13 70144]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2010-08-03 22768]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 ASFWHide;ASFWHide; \??\C:\Documents and Settings\Reneček\Local Settings\TEMP\ASFWHide []
S4 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S4 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS []
S4 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-03-15 352256]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 gupdate1ca03362aa4a612;Google Update Service (gupdate1ca03362aa4a612); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-12 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-15 1029456]
S4 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR []
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe []
-----------------EOF-----------------
Ještě jednou moc díky. Dávám sem tedy pro jistotu ještě ten log:Logfile of random's system information tool 1.08 (written by random/random)
Run by Reneček at 2010-08-26 09:05:58
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 4 GB (38%) free of 11 GB
Total RAM: 447 MB (2% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:06:37, on 26.8.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\KB350e\MagicKey.exe
C:\Program Files\KB350e\OSD.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Plus500\main\InvestSoftProject.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Reneček\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Reneček.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KB350e] C:\Program Files\KB350e\MagicKey.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1ca03362aa4a612) (gupdate1ca03362aa4a612) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)
--
End of file - 3484 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-06-20 77824]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-03-17 339968]
"KB350e"=C:\Program Files\KB350e\MagicKey.exe [2007-12-12 184320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-03-15 61440]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"D:\Dáša\ParadiseCasino - Czech\casino.exe"="D:\Dáša\ParadiseCasino - Czech\casino.exe:*:Enabled:casino"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-08-26 09:05:58 ----D---- C:\rsit
2010-08-25 14:34:13 ----D---- C:\Program Files\DIFX
2010-08-25 14:34:06 ----RA---- C:\WINDOWS\system32\drivers\230Fltr.sys
2010-08-25 14:33:57 ----D---- C:\Program Files\KB350e
2010-08-25 14:33:46 ----D---- C:\Documents and Settings\Reneček\Data aplikací\InstallShield
2010-08-25 14:31:16 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-08-25 14:31:14 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys
2010-08-25 14:31:08 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2010-08-25 14:31:04 ----A---- C:\WINDOWS\system32\drivers\usbccgp.sys
2010-08-24 19:11:18 ----SHD---- C:\Config.Msi
2010-08-24 17:58:34 ----RSHD---- C:\_Backup.RC
2010-08-24 17:58:31 ----HD---- C:\_Backup
2010-08-24 17:57:22 ----D---- C:\Documents and Settings\Reneček\Data aplikací\VCOM
2010-08-24 17:56:55 ----D---- C:\Program Files\VCOM
2010-08-24 15:00:23 ----D---- C:\Program Files\Turbo Navigator
2010-08-24 14:35:53 ----D---- C:\WINDOWS\pss
2010-08-23 21:53:59 ----SHD---- C:\RECYCLER
2010-08-23 20:01:35 ----D---- C:\WINDOWS\Prefetch
2010-08-23 19:48:19 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-08-23 19:42:48 ----A---- C:\WINDOWS\system32\irclass.dll
2010-08-23 19:42:47 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-08-23 19:42:32 ----RA---- C:\WINDOWS\SET3F.tmp
2010-08-23 19:42:28 ----RA---- C:\WINDOWS\SET30.tmp
2010-08-23 19:42:27 ----RA---- C:\WINDOWS\SET2D.tmp
2010-08-23 18:23:56 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-08-23 18:19:45 ----ASH---- C:\pagefile.sys
2010-08-23 17:58:55 ----RA---- C:\WINDOWS\SET38.tmp
2010-08-23 17:58:51 ----RA---- C:\WINDOWS\SET2C.tmp
2010-08-23 17:58:50 ----RA---- C:\WINDOWS\SET29.tmp
2010-08-23 11:50:18 ----RASHD---- C:\CMDCONS12
2010-08-23 09:01:39 ----A---- C:\WINDOWS\PEV.exe
2010-08-23 09:01:39 ----A---- C:\WINDOWS\MBR.exe
2010-08-23 09:01:34 ----D---- C:\WINDOWS\ERDNT
2010-08-17 07:12:59 ----D---- C:\Program Files\Common Files\Java
2010-08-17 07:12:27 ----A---- C:\WINDOWS\system32\javaws.exe
2010-08-17 07:12:27 ----A---- C:\WINDOWS\system32\javaw.exe
2010-08-17 07:12:27 ----A---- C:\WINDOWS\system32\java.exe
2010-08-03 12:42:34 ----D---- C:\Program Files\Avanquest update
2010-08-03 12:41:15 ----D---- C:\Program Files\Motorola Phone Tools
2010-08-03 12:32:03 ----A---- C:\WINDOWS\system32\spmsg.dll
2010-08-03 12:29:50 ----D---- C:\WINDOWS\system32\LogFiles
2010-08-03 12:29:50 ----D---- C:\WINDOWS\system32\drivers\UMDF
======List of files/folders modified in the last 1 months======
2010-08-26 09:06:16 ----D---- C:\Program Files\Trend Micro
2010-08-26 09:01:20 ----D---- C:\WINDOWS\Temp
2010-08-26 09:01:12 ----D---- C:\WINDOWS\system32\ias
2010-08-26 09:01:09 ----A---- C:\WINDOWS\ModemLog_Sériový kabel mezi dvěma počítači.txt
2010-08-26 09:01:09 ----A---- C:\WINDOWS\ModemLog_Sériový kabel mezi dvěma počítači #2.txt
2010-08-26 09:01:04 ----D---- C:\WINDOWS
2010-08-26 08:59:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-26 08:51:46 ----D---- C:\Program Files\Hry.cz
2010-08-25 14:35:12 ----D---- C:\WINDOWS\system32\drivers
2010-08-25 14:34:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-25 14:34:13 ----RD---- C:\Program Files
2010-08-25 14:34:11 ----D---- C:\WINDOWS\system32
2010-08-25 14:34:10 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-08-25 14:34:02 ----HD---- C:\WINDOWS\inf
2010-08-25 14:34:02 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-08-25 14:33:54 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-25 14:31:02 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-25 07:36:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-24 22:15:46 ----D---- C:\Documents and Settings\Reneček\Data aplikací\Mozilla
2010-08-24 22:15:14 ----D---- C:\Program Files\Mozilla Firefox
2010-08-24 21:01:18 ----ASH---- C:\boot.ini
2010-08-24 19:11:46 ----SHD---- C:\WINDOWS\Installer
2010-08-24 19:11:43 ----D---- C:\WINDOWS\WinSxS
2010-08-24 19:01:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2010-08-24 19:01:50 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-08-24 19:01:44 ----SD---- C:\WINDOWS\Tasks
2010-08-24 17:58:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\BVRP Software
2010-08-24 17:52:48 ----D---- C:\WINDOWS\system32\CatRoot
2010-08-24 16:20:32 ----SHD---- C:\System Volume Information
2010-08-24 16:20:32 ----D---- C:\WINDOWS\system32\Restore
2010-08-24 16:03:48 ----A---- C:\WINDOWS\win.ini
2010-08-24 16:03:48 ----A---- C:\WINDOWS\system.ini
2010-08-24 15:24:00 ----D---- C:\WINDOWS\SoftwareDistribution
2010-08-24 15:23:57 ----D---- C:\WINDOWS\Help
2010-08-24 14:51:52 ----D---- C:\Documents and Settings\Reneček\Data aplikací\Skype
2010-08-24 14:50:43 ----D---- C:\WINDOWS\security
2010-08-24 13:22:59 ----D---- C:\WINDOWS\Debug
2010-08-24 13:22:58 ----D---- C:\WINDOWS\Minidump
2010-08-23 23:02:30 ----D---- C:\Documents and Settings
2010-08-23 22:18:40 ----D---- C:\Program Files\Windows Media Player
2010-08-23 21:40:26 ----D---- C:\WINDOWS\system
2010-08-23 21:40:25 ----D---- C:\WINDOWS\system32\Setup
2010-08-23 21:40:10 ----D---- C:\WINDOWS\system32\usmt
2010-08-23 21:39:57 ----D---- C:\WINDOWS\AppPatch
2010-08-23 21:39:56 ----D---- C:\WINDOWS\ehome
2010-08-23 21:39:55 ----D---- C:\WINDOWS\ime
2010-08-23 21:39:53 ----RSD---- C:\WINDOWS\Fonts
2010-08-23 21:39:51 ----D---- C:\WINDOWS\Media
2010-08-23 21:39:35 ----D---- C:\WINDOWS\PeerNet
2010-08-23 21:39:17 ----D---- C:\WINDOWS\system32\npp
2010-08-23 21:39:07 ----D---- C:\WINDOWS\msagent
2010-08-23 21:36:00 ----D---- C:\WINDOWS\system32\1029
2010-08-23 21:35:49 ----D---- C:\WINDOWS\twain_32
2010-08-23 21:35:32 ----D---- C:\WINDOWS\system32\icsxml
2010-08-23 21:34:43 ----D---- C:\WINDOWS\system32\1033
2010-08-23 21:32:54 ----D---- C:\WINDOWS\Driver Cache
2010-08-23 20:05:59 ----D---- C:\WINDOWS\Registration
2010-08-23 20:01:06 ----D---- C:\WINDOWS\system32\config
2010-08-23 19:49:24 ----A---- C:\WINDOWS\ODBCINST.INI
2010-08-23 19:48:46 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2010-08-23 19:48:21 ----RD---- C:\WINDOWS\Web
2010-08-23 19:48:15 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-08-23 19:48:02 ----D---- C:\WINDOWS\system32\oobe
2010-08-23 19:47:13 ----D---- C:\WINDOWS\system32\Com
2010-08-23 19:46:51 ----D---- C:\Program Files\Messenger
2010-08-23 19:46:50 ----D---- C:\WINDOWS\system32\wbem
2010-08-23 19:42:42 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2010-08-23 19:20:29 ----A---- C:\WINDOWS\UPGRADE.TXT
2010-08-23 11:52:32 ----D---- C:\Program Files\Common Files
2010-08-17 12:00:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\AlawarWrapper
2010-08-17 07:12:04 ----D---- C:\Program Files\Java
2010-08-12 18:47:31 ----D---- C:\Documents and Settings\Reneček\Data aplikací\skypePM
2010-08-03 12:46:52 ----A---- C:\WINDOWS\ModemLog_Motorola USB Modem.txt
2010-07-28 12:20:10 ----D---- C:\WINDOWS\system32\Adobe
2010-07-28 12:20:06 ----D---- C:\Documents and Settings\Reneček\Data aplikací\Macromedia
2010-07-28 12:19:39 ----D---- C:\WINDOWS\system32\Macromed
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-03-03 48640]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-02-23 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2004-12-03 20544]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 230Fltr;KB350e USB Filter Driver; C:\WINDOWS\System32\Drivers\230Fltr.sys [2007-11-26 8192]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-20 2324480]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-03-15 1032192]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-04-13 70144]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2010-08-03 22768]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 ASFWHide;ASFWHide; \??\C:\Documents and Settings\Reneček\Local Settings\TEMP\ASFWHide []
S4 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S4 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS []
S4 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-03-15 352256]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 gupdate1ca03362aa4a612;Google Update Service (gupdate1ca03362aa4a612); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-12 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-15 1029456]
S4 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR []
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe []
-----------------EOF-----------------
Re: klávesnice mi píše znaky navíc, zmizely mi ikony
Můžu udělat pro jsitotu ještě jeden sken? Něco se mi nezdá 
Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Stahněte MBAM z mého podpisu-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: klávesnice mi píše znaky navíc, zmizely mi ikony
Tak takhle to vypadá: (Jinak - co není v pořádku?)
Malwarebytes' Anti-Malware 1.42
Verze databáze: 3405
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
27.8.2010 10:46:02
mbam-log-2010-08-27 (10-46-02).txt
Typ kontroly: Kompletní kontrola (C:\|D:\|)
Zkontrolované objekty: 220889
Uplynulý čas: 1 hour(s), 21 minute(s), 34 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)
Malwarebytes' Anti-Malware 1.42
Verze databáze: 3405
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
27.8.2010 10:46:02
mbam-log-2010-08-27 (10-46-02).txt
Typ kontroly: Kompletní kontrola (C:\|D:\|)
Zkontrolované objekty: 220889
Uplynulý čas: 1 hour(s), 21 minute(s), 34 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)
Re: klávesnice mi píše znaky navíc, zmizely mi ikony
Jeden záznam v registru, je neuplný .
:arrow:Otevřete poznámkový blok a do něj zkopírujte:
-uložte jako (typ: všechny soubory) kde za název souboru zadáte "smazani.reg" bez uvozovek,
klikněte na uložit, pak na soubor standardně 2X klikněte a potvrďte dialogové okno.
-restartujte počítač
A pak poprosím o nový log ze Rsitu.
.:arrow:Otevřete poznámkový blok a do něj zkopírujte:
Kód: Vybrat vše
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"
klikněte na uložit, pak na soubor standardně 2X klikněte a potvrďte dialogové okno.
-restartujte počítač
A pak poprosím o nový log ze Rsitu.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: klávesnice mi píše znaky navíc, zmizely mi ikony
Tak jsem to udělala, tady je nový log:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Reneček at 2010-08-27 13:46:26
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (18%) free of 11 GB
Total RAM: 447 MB (13% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:46:34, on 27.8.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\KB350e\MagicKey.exe
C:\Program Files\KB350e\OSD.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Reneček\Dokumenty\Stažené soubory\RSIT(3).exe
C:\Program Files\trend micro\Reneček.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KB350e] C:\Program Files\KB350e\MagicKey.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1ca03362aa4a612) (gupdate1ca03362aa4a612) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)
--
End of file - 3384 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-06-20 77824]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-03-17 339968]
"KB350e"=C:\Program Files\KB350e\MagicKey.exe [2007-12-12 184320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-03-15 61440]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"D:\Dáša\ParadiseCasino - Czech\casino.exe"="D:\Dáša\ParadiseCasino - Czech\casino.exe:*:Enabled:casino"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-08-26 09:05:58 ----D---- C:\rsit
2010-08-25 14:34:13 ----D---- C:\Program Files\DIFX
2010-08-25 14:34:06 ----RA---- C:\WINDOWS\system32\drivers\230Fltr.sys
2010-08-25 14:33:57 ----D---- C:\Program Files\KB350e
2010-08-25 14:33:46 ----D---- C:\Documents and Settings\Reneček\Data aplikací\InstallShield
2010-08-25 14:31:16 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-08-25 14:31:14 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys
2010-08-25 14:31:08 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2010-08-25 14:31:04 ----A---- C:\WINDOWS\system32\drivers\usbccgp.sys
2010-08-24 19:11:18 ----SHD---- C:\Config.Msi
2010-08-24 17:58:34 ----RSHD---- C:\_Backup.RC
2010-08-24 17:58:31 ----HD---- C:\_Backup
2010-08-24 17:57:22 ----D---- C:\Documents and Settings\Reneček\Data aplikací\VCOM
2010-08-24 17:56:55 ----D---- C:\Program Files\VCOM
2010-08-24 15:00:23 ----D---- C:\Program Files\Turbo Navigator
2010-08-24 14:35:53 ----D---- C:\WINDOWS\pss
2010-08-23 21:53:59 ----SHD---- C:\RECYCLER
2010-08-23 20:01:35 ----D---- C:\WINDOWS\Prefetch
2010-08-23 19:48:19 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-08-23 19:42:48 ----A---- C:\WINDOWS\system32\irclass.dll
2010-08-23 19:42:47 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-08-23 19:42:32 ----RA---- C:\WINDOWS\SET3F.tmp
2010-08-23 19:42:28 ----RA---- C:\WINDOWS\SET30.tmp
2010-08-23 19:42:27 ----RA---- C:\WINDOWS\SET2D.tmp
2010-08-23 18:23:56 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-08-23 18:19:45 ----ASH---- C:\pagefile.sys
2010-08-23 17:58:55 ----RA---- C:\WINDOWS\SET38.tmp
2010-08-23 17:58:51 ----RA---- C:\WINDOWS\SET2C.tmp
2010-08-23 17:58:50 ----RA---- C:\WINDOWS\SET29.tmp
2010-08-23 11:50:18 ----RASHD---- C:\CMDCONS12
2010-08-23 09:01:39 ----A---- C:\WINDOWS\PEV.exe
2010-08-23 09:01:39 ----A---- C:\WINDOWS\MBR.exe
2010-08-23 09:01:34 ----D---- C:\WINDOWS\ERDNT
2010-08-17 07:12:59 ----D---- C:\Program Files\Common Files\Java
2010-08-17 07:12:27 ----A---- C:\WINDOWS\system32\javaws.exe
2010-08-17 07:12:27 ----A---- C:\WINDOWS\system32\javaw.exe
2010-08-17 07:12:27 ----A---- C:\WINDOWS\system32\java.exe
2010-08-03 12:42:34 ----D---- C:\Program Files\Avanquest update
2010-08-03 12:41:15 ----D---- C:\Program Files\Motorola Phone Tools
2010-08-03 12:32:03 ----A---- C:\WINDOWS\system32\spmsg.dll
2010-08-03 12:29:50 ----D---- C:\WINDOWS\system32\LogFiles
2010-08-03 12:29:50 ----D---- C:\WINDOWS\system32\drivers\UMDF
======List of files/folders modified in the last 1 months======
2010-08-27 13:46:28 ----D---- C:\Program Files\Trend Micro
2010-08-27 13:44:59 ----D---- C:\WINDOWS\Temp
2010-08-27 13:44:59 ----D---- C:\WINDOWS\system32\ias
2010-08-27 13:44:56 ----A---- C:\WINDOWS\ModemLog_Sériový kabel mezi dvěma počítači.txt
2010-08-27 13:44:55 ----A---- C:\WINDOWS\ModemLog_Sériový kabel mezi dvěma počítači #2.txt
2010-08-27 13:43:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-26 09:01:04 ----D---- C:\WINDOWS
2010-08-26 08:51:46 ----D---- C:\Program Files\Hry.cz
2010-08-25 14:35:12 ----D---- C:\WINDOWS\system32\drivers
2010-08-25 14:34:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-25 14:34:13 ----RD---- C:\Program Files
2010-08-25 14:34:11 ----D---- C:\WINDOWS\system32
2010-08-25 14:34:10 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-08-25 14:34:02 ----HD---- C:\WINDOWS\inf
2010-08-25 14:34:02 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-08-25 14:33:54 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-25 14:31:02 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-25 07:36:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-24 22:15:46 ----D---- C:\Documents and Settings\Reneček\Data aplikací\Mozilla
2010-08-24 22:15:14 ----D---- C:\Program Files\Mozilla Firefox
2010-08-24 21:01:18 ----ASH---- C:\boot.ini
2010-08-24 19:11:46 ----SHD---- C:\WINDOWS\Installer
2010-08-24 19:11:43 ----D---- C:\WINDOWS\WinSxS
2010-08-24 19:01:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2010-08-24 19:01:50 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-08-24 19:01:44 ----SD---- C:\WINDOWS\Tasks
2010-08-24 17:58:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\BVRP Software
2010-08-24 17:52:48 ----D---- C:\WINDOWS\system32\CatRoot
2010-08-24 16:20:32 ----SHD---- C:\System Volume Information
2010-08-24 16:20:32 ----D---- C:\WINDOWS\system32\Restore
2010-08-24 16:03:48 ----A---- C:\WINDOWS\win.ini
2010-08-24 16:03:48 ----A---- C:\WINDOWS\system.ini
2010-08-24 15:24:00 ----D---- C:\WINDOWS\SoftwareDistribution
2010-08-24 15:23:57 ----D---- C:\WINDOWS\Help
2010-08-24 14:51:52 ----D---- C:\Documents and Settings\Reneček\Data aplikací\Skype
2010-08-24 14:50:43 ----D---- C:\WINDOWS\security
2010-08-24 13:22:59 ----D---- C:\WINDOWS\Debug
2010-08-24 13:22:58 ----D---- C:\WINDOWS\Minidump
2010-08-23 23:02:30 ----D---- C:\Documents and Settings
2010-08-23 22:18:40 ----D---- C:\Program Files\Windows Media Player
2010-08-23 21:40:26 ----D---- C:\WINDOWS\system
2010-08-23 21:40:25 ----D---- C:\WINDOWS\system32\Setup
2010-08-23 21:40:10 ----D---- C:\WINDOWS\system32\usmt
2010-08-23 21:39:57 ----D---- C:\WINDOWS\AppPatch
2010-08-23 21:39:56 ----D---- C:\WINDOWS\ehome
2010-08-23 21:39:55 ----D---- C:\WINDOWS\ime
2010-08-23 21:39:53 ----RSD---- C:\WINDOWS\Fonts
2010-08-23 21:39:51 ----D---- C:\WINDOWS\Media
2010-08-23 21:39:35 ----D---- C:\WINDOWS\PeerNet
2010-08-23 21:39:17 ----D---- C:\WINDOWS\system32\npp
2010-08-23 21:39:07 ----D---- C:\WINDOWS\msagent
2010-08-23 21:36:00 ----D---- C:\WINDOWS\system32\1029
2010-08-23 21:35:49 ----D---- C:\WINDOWS\twain_32
2010-08-23 21:35:32 ----D---- C:\WINDOWS\system32\icsxml
2010-08-23 21:34:43 ----D---- C:\WINDOWS\system32\1033
2010-08-23 21:32:54 ----D---- C:\WINDOWS\Driver Cache
2010-08-23 20:05:59 ----D---- C:\WINDOWS\Registration
2010-08-23 20:01:06 ----D---- C:\WINDOWS\system32\config
2010-08-23 19:49:24 ----A---- C:\WINDOWS\ODBCINST.INI
2010-08-23 19:48:46 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2010-08-23 19:48:21 ----RD---- C:\WINDOWS\Web
2010-08-23 19:48:15 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-08-23 19:48:02 ----D---- C:\WINDOWS\system32\oobe
2010-08-23 19:47:13 ----D---- C:\WINDOWS\system32\Com
2010-08-23 19:46:51 ----D---- C:\Program Files\Messenger
2010-08-23 19:46:50 ----D---- C:\WINDOWS\system32\wbem
2010-08-23 19:42:42 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2010-08-23 19:20:29 ----A---- C:\WINDOWS\UPGRADE.TXT
2010-08-23 11:52:32 ----D---- C:\Program Files\Common Files
2010-08-17 12:00:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\AlawarWrapper
2010-08-17 07:12:04 ----D---- C:\Program Files\Java
2010-08-12 18:47:31 ----D---- C:\Documents and Settings\Reneček\Data aplikací\skypePM
2010-08-03 12:46:52 ----A---- C:\WINDOWS\ModemLog_Motorola USB Modem.txt
2010-07-28 12:20:10 ----D---- C:\WINDOWS\system32\Adobe
2010-07-28 12:20:06 ----D---- C:\Documents and Settings\Reneček\Data aplikací\Macromedia
2010-07-28 12:19:39 ----D---- C:\WINDOWS\system32\Macromed
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-03-03 48640]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-02-23 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2004-12-03 20544]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 230Fltr;KB350e USB Filter Driver; C:\WINDOWS\System32\Drivers\230Fltr.sys [2007-11-26 8192]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-20 2324480]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-03-15 1032192]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-04-13 70144]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2010-08-03 22768]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 ASFWHide;ASFWHide; \??\C:\Documents and Settings\Reneček\Local Settings\TEMP\ASFWHide []
S4 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S4 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS []
S4 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-03-15 352256]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 gupdate1ca03362aa4a612;Google Update Service (gupdate1ca03362aa4a612); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-12 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-15 1029456]
S4 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR []
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe []
-----------------EOF-----------------
Logfile of random's system information tool 1.08 (written by random/random)
Run by Reneček at 2010-08-27 13:46:26
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (18%) free of 11 GB
Total RAM: 447 MB (13% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:46:34, on 27.8.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\KB350e\MagicKey.exe
C:\Program Files\KB350e\OSD.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Reneček\Dokumenty\Stažené soubory\RSIT(3).exe
C:\Program Files\trend micro\Reneček.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KB350e] C:\Program Files\KB350e\MagicKey.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1ca03362aa4a612) (gupdate1ca03362aa4a612) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)
--
End of file - 3384 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-06-20 77824]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-03-17 339968]
"KB350e"=C:\Program Files\KB350e\MagicKey.exe [2007-12-12 184320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-03-15 61440]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"D:\Dáša\ParadiseCasino - Czech\casino.exe"="D:\Dáša\ParadiseCasino - Czech\casino.exe:*:Enabled:casino"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-08-26 09:05:58 ----D---- C:\rsit
2010-08-25 14:34:13 ----D---- C:\Program Files\DIFX
2010-08-25 14:34:06 ----RA---- C:\WINDOWS\system32\drivers\230Fltr.sys
2010-08-25 14:33:57 ----D---- C:\Program Files\KB350e
2010-08-25 14:33:46 ----D---- C:\Documents and Settings\Reneček\Data aplikací\InstallShield
2010-08-25 14:31:16 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-08-25 14:31:14 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys
2010-08-25 14:31:08 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2010-08-25 14:31:04 ----A---- C:\WINDOWS\system32\drivers\usbccgp.sys
2010-08-24 19:11:18 ----SHD---- C:\Config.Msi
2010-08-24 17:58:34 ----RSHD---- C:\_Backup.RC
2010-08-24 17:58:31 ----HD---- C:\_Backup
2010-08-24 17:57:22 ----D---- C:\Documents and Settings\Reneček\Data aplikací\VCOM
2010-08-24 17:56:55 ----D---- C:\Program Files\VCOM
2010-08-24 15:00:23 ----D---- C:\Program Files\Turbo Navigator
2010-08-24 14:35:53 ----D---- C:\WINDOWS\pss
2010-08-23 21:53:59 ----SHD---- C:\RECYCLER
2010-08-23 20:01:35 ----D---- C:\WINDOWS\Prefetch
2010-08-23 19:48:19 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-08-23 19:42:48 ----A---- C:\WINDOWS\system32\irclass.dll
2010-08-23 19:42:47 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-08-23 19:42:32 ----RA---- C:\WINDOWS\SET3F.tmp
2010-08-23 19:42:28 ----RA---- C:\WINDOWS\SET30.tmp
2010-08-23 19:42:27 ----RA---- C:\WINDOWS\SET2D.tmp
2010-08-23 18:23:56 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-08-23 18:19:45 ----ASH---- C:\pagefile.sys
2010-08-23 17:58:55 ----RA---- C:\WINDOWS\SET38.tmp
2010-08-23 17:58:51 ----RA---- C:\WINDOWS\SET2C.tmp
2010-08-23 17:58:50 ----RA---- C:\WINDOWS\SET29.tmp
2010-08-23 11:50:18 ----RASHD---- C:\CMDCONS12
2010-08-23 09:01:39 ----A---- C:\WINDOWS\PEV.exe
2010-08-23 09:01:39 ----A---- C:\WINDOWS\MBR.exe
2010-08-23 09:01:34 ----D---- C:\WINDOWS\ERDNT
2010-08-17 07:12:59 ----D---- C:\Program Files\Common Files\Java
2010-08-17 07:12:27 ----A---- C:\WINDOWS\system32\javaws.exe
2010-08-17 07:12:27 ----A---- C:\WINDOWS\system32\javaw.exe
2010-08-17 07:12:27 ----A---- C:\WINDOWS\system32\java.exe
2010-08-03 12:42:34 ----D---- C:\Program Files\Avanquest update
2010-08-03 12:41:15 ----D---- C:\Program Files\Motorola Phone Tools
2010-08-03 12:32:03 ----A---- C:\WINDOWS\system32\spmsg.dll
2010-08-03 12:29:50 ----D---- C:\WINDOWS\system32\LogFiles
2010-08-03 12:29:50 ----D---- C:\WINDOWS\system32\drivers\UMDF
======List of files/folders modified in the last 1 months======
2010-08-27 13:46:28 ----D---- C:\Program Files\Trend Micro
2010-08-27 13:44:59 ----D---- C:\WINDOWS\Temp
2010-08-27 13:44:59 ----D---- C:\WINDOWS\system32\ias
2010-08-27 13:44:56 ----A---- C:\WINDOWS\ModemLog_Sériový kabel mezi dvěma počítači.txt
2010-08-27 13:44:55 ----A---- C:\WINDOWS\ModemLog_Sériový kabel mezi dvěma počítači #2.txt
2010-08-27 13:43:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-26 09:01:04 ----D---- C:\WINDOWS
2010-08-26 08:51:46 ----D---- C:\Program Files\Hry.cz
2010-08-25 14:35:12 ----D---- C:\WINDOWS\system32\drivers
2010-08-25 14:34:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-25 14:34:13 ----RD---- C:\Program Files
2010-08-25 14:34:11 ----D---- C:\WINDOWS\system32
2010-08-25 14:34:10 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-08-25 14:34:02 ----HD---- C:\WINDOWS\inf
2010-08-25 14:34:02 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-08-25 14:33:54 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-25 14:31:02 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-25 07:36:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-24 22:15:46 ----D---- C:\Documents and Settings\Reneček\Data aplikací\Mozilla
2010-08-24 22:15:14 ----D---- C:\Program Files\Mozilla Firefox
2010-08-24 21:01:18 ----ASH---- C:\boot.ini
2010-08-24 19:11:46 ----SHD---- C:\WINDOWS\Installer
2010-08-24 19:11:43 ----D---- C:\WINDOWS\WinSxS
2010-08-24 19:01:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2010-08-24 19:01:50 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-08-24 19:01:44 ----SD---- C:\WINDOWS\Tasks
2010-08-24 17:58:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\BVRP Software
2010-08-24 17:52:48 ----D---- C:\WINDOWS\system32\CatRoot
2010-08-24 16:20:32 ----SHD---- C:\System Volume Information
2010-08-24 16:20:32 ----D---- C:\WINDOWS\system32\Restore
2010-08-24 16:03:48 ----A---- C:\WINDOWS\win.ini
2010-08-24 16:03:48 ----A---- C:\WINDOWS\system.ini
2010-08-24 15:24:00 ----D---- C:\WINDOWS\SoftwareDistribution
2010-08-24 15:23:57 ----D---- C:\WINDOWS\Help
2010-08-24 14:51:52 ----D---- C:\Documents and Settings\Reneček\Data aplikací\Skype
2010-08-24 14:50:43 ----D---- C:\WINDOWS\security
2010-08-24 13:22:59 ----D---- C:\WINDOWS\Debug
2010-08-24 13:22:58 ----D---- C:\WINDOWS\Minidump
2010-08-23 23:02:30 ----D---- C:\Documents and Settings
2010-08-23 22:18:40 ----D---- C:\Program Files\Windows Media Player
2010-08-23 21:40:26 ----D---- C:\WINDOWS\system
2010-08-23 21:40:25 ----D---- C:\WINDOWS\system32\Setup
2010-08-23 21:40:10 ----D---- C:\WINDOWS\system32\usmt
2010-08-23 21:39:57 ----D---- C:\WINDOWS\AppPatch
2010-08-23 21:39:56 ----D---- C:\WINDOWS\ehome
2010-08-23 21:39:55 ----D---- C:\WINDOWS\ime
2010-08-23 21:39:53 ----RSD---- C:\WINDOWS\Fonts
2010-08-23 21:39:51 ----D---- C:\WINDOWS\Media
2010-08-23 21:39:35 ----D---- C:\WINDOWS\PeerNet
2010-08-23 21:39:17 ----D---- C:\WINDOWS\system32\npp
2010-08-23 21:39:07 ----D---- C:\WINDOWS\msagent
2010-08-23 21:36:00 ----D---- C:\WINDOWS\system32\1029
2010-08-23 21:35:49 ----D---- C:\WINDOWS\twain_32
2010-08-23 21:35:32 ----D---- C:\WINDOWS\system32\icsxml
2010-08-23 21:34:43 ----D---- C:\WINDOWS\system32\1033
2010-08-23 21:32:54 ----D---- C:\WINDOWS\Driver Cache
2010-08-23 20:05:59 ----D---- C:\WINDOWS\Registration
2010-08-23 20:01:06 ----D---- C:\WINDOWS\system32\config
2010-08-23 19:49:24 ----A---- C:\WINDOWS\ODBCINST.INI
2010-08-23 19:48:46 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2010-08-23 19:48:21 ----RD---- C:\WINDOWS\Web
2010-08-23 19:48:15 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-08-23 19:48:02 ----D---- C:\WINDOWS\system32\oobe
2010-08-23 19:47:13 ----D---- C:\WINDOWS\system32\Com
2010-08-23 19:46:51 ----D---- C:\Program Files\Messenger
2010-08-23 19:46:50 ----D---- C:\WINDOWS\system32\wbem
2010-08-23 19:42:42 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2010-08-23 19:20:29 ----A---- C:\WINDOWS\UPGRADE.TXT
2010-08-23 11:52:32 ----D---- C:\Program Files\Common Files
2010-08-17 12:00:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\AlawarWrapper
2010-08-17 07:12:04 ----D---- C:\Program Files\Java
2010-08-12 18:47:31 ----D---- C:\Documents and Settings\Reneček\Data aplikací\skypePM
2010-08-03 12:46:52 ----A---- C:\WINDOWS\ModemLog_Motorola USB Modem.txt
2010-07-28 12:20:10 ----D---- C:\WINDOWS\system32\Adobe
2010-07-28 12:20:06 ----D---- C:\Documents and Settings\Reneček\Data aplikací\Macromedia
2010-07-28 12:19:39 ----D---- C:\WINDOWS\system32\Macromed
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-03-03 48640]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-02-23 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2004-12-03 20544]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 230Fltr;KB350e USB Filter Driver; C:\WINDOWS\System32\Drivers\230Fltr.sys [2007-11-26 8192]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-20 2324480]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-03-15 1032192]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-04-13 70144]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2010-08-03 22768]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 ASFWHide;ASFWHide; \??\C:\Documents and Settings\Reneček\Local Settings\TEMP\ASFWHide []
S4 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S4 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS []
S4 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-03-15 352256]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 gupdate1ca03362aa4a612;Google Update Service (gupdate1ca03362aa4a612); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-12 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-15 1029456]
S4 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR []
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe []
-----------------EOF-----------------
Přispějete na provoz fóra?