VIRY.CZ

Logfile of random's system information tool 1.08 (written by random/random)
Run by student at 2011-01-22 20:13:33
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (4%) free of 153 GB
Total RAM: 1023 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:14:28, on 22.1.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\student\Plocha\RSIT.exe
C:\Program Files\Trend Micro\HiJackThis\student.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\Alwil Software\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.co ... .3.1.0.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Windows Presentation Foundation Font Cache 4.0.0.0 (WPFFontCache_v0400) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (file missing)

--
End of file - 7144 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-04 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SW20"=C:\WINDOWS\system32\sw20.exe [2006-01-03 208896]
"avast5"=C:\PROGRA~1\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2011-01-22 2548552]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-10-16 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-10-16 13851752]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PLFlash DeviceIoControl Service"=2
"Nero BackItUp Scheduler 3"=2
"gusvc"=3
"TuneUp.ProgramStatisticsSvc"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SynchronousMachineGroupPolicy"=0
"SynchronousUserGroupPolicy"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSMBalloonTip"=1
"NoDriveTypeAutoRun"=323
"MemCheckBoxInRunDlg"=0
"NoAutoTrayNotify"=0
"NoResolveTrack"=0
"NoResolveSearch"=1
"NoWelcomeScreen"=1
"NoRecentDocsNetHood"=1
"NoDesktopCleanupWizard"=1
"NoSharedDocuments"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoStrCmpLogical"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\student\Plocha\facebook-pic00005267.exe"="c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2011-01-22 20:13:33 ----D---- C:\rsit
2011-01-02 16:00:20 ----D---- C:\Program Files\Pawno
2010-12-24 20:51:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2010-12-24 20:49:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2436673$
2010-12-24 20:49:43 ----A---- C:\WINDOWS\imsins.BAK
2010-12-24 20:49:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2010-12-24 20:48:56 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2

======List of files/folders modified in the last 1 months======

2011-01-22 20:13:57 ----D---- C:\WINDOWS\Prefetch
2011-01-22 20:13:25 ----D---- C:\WINDOWS\Temp
2011-01-22 20:12:42 ----D---- C:\WINDOWS\system32\CatRoot2
2011-01-22 20:01:46 ----D---- C:\Program Files
2011-01-22 19:59:26 ----D---- C:\WINDOWS
2011-01-22 19:29:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-01-22 19:22:24 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-01-22 17:52:21 ----D---- C:\Program Files\SpeedFan
2011-01-21 19:38:10 ----D---- C:\Documents and Settings\student\Data aplikací\Skype
2011-01-21 17:12:45 ----D---- C:\Documents and Settings\student\Data aplikací\skypePM
2011-01-21 15:14:11 ----D---- C:\Documents and Settings\student\Data aplikací\ICQ
2011-01-21 14:22:00 ----D---- C:\Documents and Settings\student\Data aplikací\Xfire
2011-01-18 13:17:40 ----D---- C:\Programy
2011-01-17 14:02:50 ----D---- C:\Program Files\Xfire
2011-01-16 15:10:58 ----AD---- C:\WINDOWS\system32
2011-01-13 09:47:32 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-01-12 16:10:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\Comodo
2011-01-12 15:15:30 ----A---- C:\WINDOWS\system32\guard32.dll
2011-01-07 17:39:42 ----SHD---- C:\WINDOWS\Installer
2011-01-07 16:12:28 ----D---- C:\Program Files\ICQ7.0
2010-12-25 12:31:29 ----D---- C:\Documents and Settings
2010-12-24 21:02:32 ----D---- C:\Program Files\Microsoft Silverlight
2010-12-24 21:02:32 ----D---- C:\Program Files\Internet Explorer
2010-12-24 21:02:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-24 20:57:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-12-24 20:55:41 ----HD---- C:\WINDOWS\inf
2010-12-24 20:55:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-12-24 20:52:26 ----A---- C:\WINDOWS\system32\MRT.exe
2010-12-24 20:52:04 ----D---- C:\WINDOWS\ie8updates
2010-12-24 20:51:56 ----HD---- C:\WINDOWS\$hf_mig$
2010-12-24 20:50:32 ----D---- C:\WINDOWS\system32\drivers
2010-12-24 20:49:40 ----D---- C:\Program Files\Outlook Express

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2011-01-12 94784]
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2005-08-18 93568]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI NEC FireWarden; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-07-06 72896]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [2010-04-27 45648]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2005-08-10 19968]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-09-26 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-01-13 29392]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2011-01-12 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2011-01-12 27576]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-12-17 26024]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-07-06 79232]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 Angelnt;Angelnt; C:\WINDOWS\System32\Drivers\ANGELNT.SYS [2010-09-24 51072]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-01-13 100176]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2006-11-06 271360]
R2 cpuz133;cpuz133; \??\C:\WINDOWS\system32\drivers\cpuz133_x32.sys []
R2 cpuz134;cpuz134; \??\C:\WINDOWS\system32\drivers\cpuz134_x32.sys []
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2006-11-06 18048]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
R3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808]
R3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-02-06 25632]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-10-16 9623680]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-06 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-06 12928]
R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-02-03 14240]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-02-03 938272]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-08-09 29696]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2008-01-24 19336]
R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2008-01-24 48904]
S0 xmasscsi;xmasscsi; C:\WINDOWS\System32\Drivers\xmasscsi.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 as9bzxpc;as9bzxpc; C:\WINDOWS\system32\drivers\as9bzxpc.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\student\LOCALS~1\Temp\catchme.sys []
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSI_DVD_010507;MSI_DVD_010507; \??\C:\Program Files\MSI\Live Update 5\DVDSYS32_100507.sys []
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507; \??\C:\Program Files\MSI\Live Update 5\msibios32_100507.sys []
S3 MSI_VGASYS_010507;MSI_VGASYS_010507; \??\C:\Program Files\MSI\Live Update 5\VGASYS32_100507.sys []
S3 NTIOLib_1_0_4;NTIOLib_1_0_4; \??\C:\Program Files\MSI\Live Update 5\NTIOLib.sys []
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 sony_ssm.sys;sony_ssm.sys; \??\C:\DOCUME~1\student\LOCALS~1\Temp\sony_ssm.sys []
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2008-01-24 28168]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2008-01-24 14728]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WUDFRd;WUDFRd; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2010-04-14 73728]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2011-01-22 1803224]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 LVPrcSrv;Process Monitor; c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 109344]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-10-16 156776]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-09-29 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-11-15 214520]
R2 SNMP;SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-14 32768]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-25 1047880]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2006-11-06 122880]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-24 136176]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LPDSVC;Tiskový server TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2001-10-25 19456]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SNMPTRAP;Zachytávání pro službu SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-03-27 435016]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe []

-----------------EOF-----------------

Zdravim a pekny den preji

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 24.01.2011 at 16:13:59.
Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

C:\Program Files\Alwil Software\Avast5\defs\11012200\Sf.bin

Rkill completed on 24.01.2011 at 16:14:15.

-----------------------------------------------------------------------

ComboFix 11-01-23.07 - student 24.01.2011 16:24:29.12.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.610 [GMT 1:00]
Spuštěný z: c:\documents and settings\student\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-12-24 do 2011-01-24 )))))))))))))))))))))))))))))))
.

2011-01-02 15:00 . 2010-08-10 01:58 -------- d-----w- c:\program files\Pawno

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2008-05-31 09:59 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2008-05-31 09:59 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2008-05-31 09:59 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2008-05-31 09:59 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2008-05-31 09:59 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2008-05-31 09:59 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2008-05-31 09:59 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2008-05-31 09:59 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-12 14:15 . 2010-09-10 21:41 285480 ----a-w- c:\windows\system32\guard32.dll
2011-01-12 14:15 . 2010-09-10 21:40 94784 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-12 14:15 . 2010-09-10 21:40 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-12 14:15 . 2010-09-10 21:40 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-01-12 14:15 . 2010-09-10 21:40 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-12-31 20:06 . 2010-07-08 13:31 38848 ----a-w- c:\windows\avastSS.scr
2010-12-20 17:09 . 2010-05-29 16:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-05-29 16:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 19:47 . 2010-11-29 19:47 81920 ---ha-w- c:\windows\system32\v3shrtkgn.dll
2010-11-25 18:49 . 2006-11-12 20:36 60416 ----a-w- c:\windows\ALCFDRTM.VER
2010-11-18 18:15 . 2006-11-04 13:23 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-15 18:36 . 2010-09-29 13:20 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-15 18:35 . 2010-09-29 13:20 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-15 18:35 . 2009-03-16 16:29 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-06 00:23 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:23 . 2004-08-17 13:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:23 . 2004-08-17 13:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-03 12:25 . 2004-08-17 13:44 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2001-10-25 14:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2004-08-17 13:48 290048 ----a-w- c:\windows\system32\atmfd.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SW20"="c:\windows\system32\sw20.exe" [2006-01-03 208896]
"avast5"="c:\progra~1\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-22 2548552]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PLFlash DeviceIoControl Service"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"gusvc"=3 (0x3)
"TuneUp.ProgramStatisticsSvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.11.2006 17:51 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [31.5.2008 10:59 294608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10.9.2010 22:40 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10.9.2010 22:40 27576]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 10:28 73728]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [1.12.2007 22:23 51072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31.5.2008 10:59 17744]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [6.4.2010 15:15 20968]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [24.9.2010 19:40 20328]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [29.5.2010 17:26 363344]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [25.2.2010 10:59 1047880]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29.5.2010 17:26 20952]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 10:18 10064]
S0 xmasscsi;xmasscsi;c:\windows\system32\Drivers\xmasscsi.sys --> c:\windows\system32\Drivers\xmasscsi.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24.7.2010 14:55 136176]
S3 MSI_DVD_010507;MSI_DVD_010507;\??\c:\program files\MSI\Live Update 5\DVDSYS32_100507.sys --> c:\program files\MSI\Live Update 5\DVDSYS32_100507.sys [?]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;\??\c:\program files\MSI\Live Update 5\msibios32_100507.sys --> c:\program files\MSI\Live Update 5\msibios32_100507.sys [?]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;\??\c:\program files\MSI\Live Update 5\VGASYS32_100507.sys --> c:\program files\MSI\Live Update 5\VGASYS32_100507.sys [?]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;\??\c:\program files\MSI\Live Update 5\NTIOLib.sys --> c:\program files\MSI\Live Update 5\NTIOLib.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [17.8.2004 14:49 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2011-01-24 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-05 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-24 16:34
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1202660629-776561741-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1202660629-776561741-725345543-1003\Software\SecuRom\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"????????????????????????"=hex:05,fa,c8,4c,2b,b9,3b,24,4b,a5,dc,57,b7,93,ba,00,
25,28,70,25,63,63,70,f7,25,25,63,9d,70,f4,90,90,00,00,00,00,00,00,00,00,00,\
"??"=hex:f8,13,54,80,7b,99,8d,00,b5,23,3b,87,b2,4d,9b,b2,bf,7d,54,89,c4,cf,55,
63,8e,08,13,f1,12,f2,77,0e,26,94,b3,b5,a3,59,5a,49,a3,ce,51,7a,02,be,70,b3,\
"??"=hex:c3,e6,8d,95,f7,15,df,41,47,63,75,40,49,a4,21,29

[HKEY_USERS\S-1-5-21-1202660629-776561741-725345543-1003\Software\SecuRom\License information*]
"datasecu"=hex:60,02,70,77,37,b1,dd,91,d8,dd,2f,9c,ca,bc,1b,43,ae,7e,b6,f9,67,
67,d4,a7,82,68,2f,d1,6d,0e,62,fd,82,e8,0b,9c,bf,de,af,17,9e,28,56,84,97,55,\
"rkeysecu"=hex:a9,99,9e,c5,a1,49,0b,49,f2,f9,50,b9,23,28,c2,a8

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1028)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(1088)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(3316)
c:\windows\system32\guard32.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\msi.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-01-24 16:40:36
ComboFix-quarantined-files.txt 2011-01-24 15:40

Před spuštěním: 5 982 183 424
Po spuštění: 6 026 772 480

- - End Of File - - CBFC24C8B18BF82A5F38F1A141426E5D

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Collect::
C:\Documents and Settings\student\Plocha\facebook-pic00005267.exe
c:\windows\nvsvc32.exe

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\student\Plocha\facebook-pic00005267.exe"=-

RegLock::
[HKEY_USERS\S-1-5-21-1202660629-776561741-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
[HKEY_USERS\S-1-5-21-1202660629-776561741-725345543-1003\Software\SecuRom\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-1202660629-776561741-725345543-1003\Software\SecuRom\License information*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

ComboFix 11-01-23.07 - student 25.01.2011 15:24:02.13.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.569 [GMT 1:00]
Spuštěný z: c:\documents and settings\student\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\student\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-12-25 do 2011-01-25 )))))))))))))))))))))))))))))))
.

2011-01-02 15:00 . 2010-08-10 01:58 -------- d-----w- c:\program files\Pawno

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2008-05-31 09:59 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2008-05-31 09:59 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2008-05-31 09:59 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2008-05-31 09:59 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2008-05-31 09:59 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2008-05-31 09:59 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2008-05-31 09:59 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2008-05-31 09:59 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-12 14:15 . 2010-09-10 21:41 285480 ----a-w- c:\windows\system32\guard32.dll
2011-01-12 14:15 . 2010-09-10 21:40 94784 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-12 14:15 . 2010-09-10 21:40 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-12 14:15 . 2010-09-10 21:40 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-01-12 14:15 . 2010-09-10 21:40 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-12-31 20:06 . 2010-07-08 13:31 38848 ----a-w- c:\windows\avastSS.scr
2010-12-20 17:09 . 2010-05-29 16:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-05-29 16:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 19:47 . 2010-11-29 19:47 81920 ---ha-w- c:\windows\system32\v3shrtkgn.dll
2010-11-25 18:49 . 2006-11-12 20:36 60416 ----a-w- c:\windows\ALCFDRTM.VER
2010-11-18 18:15 . 2006-11-04 13:23 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-15 18:36 . 2010-09-29 13:20 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-15 18:35 . 2010-09-29 13:20 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-15 18:35 . 2009-03-16 16:29 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-06 00:23 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:23 . 2004-08-17 13:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:23 . 2004-08-17 13:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-03 12:25 . 2004-08-17 13:44 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2001-10-25 14:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2004-08-17 13:48 290048 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-01-24_15.34.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-25 08:54 . 2011-01-25 08:54 16384 c:\windows\Temp\Perflib_Perfdata_e7c.dat
+ 2011-01-25 08:53 . 2011-01-25 08:53 16384 c:\windows\Temp\Perflib_Perfdata_aac.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SW20"="c:\windows\system32\sw20.exe" [2006-01-03 208896]
"avast5"="c:\progra~1\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-22 2548552]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PLFlash DeviceIoControl Service"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"gusvc"=3 (0x3)
"TuneUp.ProgramStatisticsSvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.11.2006 17:51 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [31.5.2008 10:59 294608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10.9.2010 22:40 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10.9.2010 22:40 27576]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 10:28 73728]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [1.12.2007 22:23 51072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31.5.2008 10:59 17744]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [6.4.2010 15:15 20968]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [24.9.2010 19:40 20328]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [29.5.2010 17:26 363344]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [25.2.2010 10:59 1047880]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29.5.2010 17:26 20952]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 10:18 10064]
S0 xmasscsi;xmasscsi;c:\windows\system32\Drivers\xmasscsi.sys --> c:\windows\system32\Drivers\xmasscsi.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24.7.2010 14:55 136176]
S3 MSI_DVD_010507;MSI_DVD_010507;\??\c:\program files\MSI\Live Update 5\DVDSYS32_100507.sys --> c:\program files\MSI\Live Update 5\DVDSYS32_100507.sys [?]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;\??\c:\program files\MSI\Live Update 5\msibios32_100507.sys --> c:\program files\MSI\Live Update 5\msibios32_100507.sys [?]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;\??\c:\program files\MSI\Live Update 5\VGASYS32_100507.sys --> c:\program files\MSI\Live Update 5\VGASYS32_100507.sys [?]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;\??\c:\program files\MSI\Live Update 5\NTIOLib.sys --> c:\program files\MSI\Live Update 5\NTIOLib.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [17.8.2004 14:49 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2011-01-25 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-05 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-25 15:34
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1202660629-776561741-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1202660629-776561741-725345543-1003\Software\SecuRom\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"????????????????????????"=hex:05,fa,c8,4c,2b,b9,3b,24,4b,a5,dc,57,b7,93,ba,00,
25,28,70,25,63,63,70,f7,25,25,63,9d,70,f4,90,90,00,00,00,00,00,00,00,00,00,\
"??"=hex:f8,13,54,80,7b,99,8d,00,b5,23,3b,87,b2,4d,9b,b2,bf,7d,54,89,c4,cf,55,
63,8e,08,13,f1,12,f2,77,0e,26,94,b3,b5,a3,59,5a,49,a3,ce,51,7a,02,be,70,b3,\
"??"=hex:c3,e6,8d,95,f7,15,df,41,47,63,75,40,49,a4,21,29

[HKEY_USERS\S-1-5-21-1202660629-776561741-725345543-1003\Software\SecuRom\License information*]
"datasecu"=hex:60,02,70,77,37,b1,dd,91,d8,dd,2f,9c,ca,bc,1b,43,ae,7e,b6,f9,67,
67,d4,a7,82,68,2f,d1,6d,0e,62,fd,82,e8,0b,9c,bf,de,af,17,9e,28,56,84,97,55,\
"rkeysecu"=hex:a9,99,9e,c5,a1,49,0b,49,f2,f9,50,b9,23,28,c2,a8
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1028)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(1088)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(692)
c:\windows\system32\guard32.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-01-25 15:38:41
ComboFix-quarantined-files.txt 2011-01-25 14:38

Před spuštěním: 6 086 205 440
Po spuštění: 6 061 731 840

- - End Of File - - 3F91BA3F83AEB739192063C5BC5F9388

Jak se chova PC

PC uz ide poriadku ziadne problemy

Tak jeste uklidime

Odinstalujte Combofix

Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
Napiste ComboFix /Uninstall
Stisknete Enter
Tohle smaze Combofix a jeho slozky

T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

A pokud nejsou problemy ci dotazy, je to z me strany vse

VIRY.CZ

Kontrola logu

Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu