VIRY.CZ

Logfile of random's system information tool 1.09 (written by random/random)
Run by RD at 2011-12-09 20:26:55
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 68 GB (89%) free of 76 GB
Total RAM: 767 MB (70% free)

HijackThis download failed

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\RD\Data aplikací\Mozilla\Firefox\Profiles\wojjlwiy.default

"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848]
"nwiz"=nwiz.exe /install []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-15 35736]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15 932288]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-11 86016]
"avast"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-11-28 3744552]
"SpywareTerminatorShield"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2011-11-22 2779824]
"SpywareTerminatorUpdater"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-11-22 3621040]
"ZoneAlarm Installer"=C:\Program Files\CheckPoint\Install\Launcher.exe [2011-12-09 403088]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Spyware Terminator\SpywareTerminator.exe"="C:\Program Files\Spyware Terminator\SpywareTerminator.exe:*:Enabled:Spyware Terminator 2012"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Spyware Terminator 2012"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"midi"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-12-09 20:26:56 ----D---- C:\Program Files\trend micro
2011-12-09 20:26:55 ----D---- C:\rsit
2011-12-09 17:01:32 ----D---- C:\Program Files\Zone Labs
2011-12-09 17:00:53 ----D---- C:\WINDOWS\Internet Logs
2011-12-09 15:56:06 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2011-12-09 13:18:09 ----D---- C:\WINDOWS\system32\NtmsData
2011-12-08 22:59:11 ----D---- C:\Program Files\CheckPoint
2011-12-08 22:30:15 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2011-12-08 22:30:14 ----D---- C:\Documents and Settings\RD\Data aplikací\Spyware Terminator
2011-12-08 22:30:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2011-12-08 21:56:16 ----D---- C:\Program Files\Spyware Terminator
2011-12-08 19:35:31 ----SD---- C:\32788R22FWJFW
2011-11-27 18:56:57 ----D---- C:\Documents and Settings\RD\Data aplikací\Opera
2011-11-27 18:56:43 ----D---- C:\Program Files\Opera
2011-11-25 16:58:59 ----A---- C:\WINDOWS\system32\MRT.exe

======List of files/folders modified in the last 1 month======

2011-12-09 20:26:56 ----RD---- C:\Program Files
2011-12-09 20:22:32 ----D---- C:\WINDOWS\Prefetch
2011-12-09 20:20:24 ----D---- C:\WINDOWS\temp
2011-12-09 20:19:43 ----A---- C:\WINDOWS\ModemLog_NOKIA_6021 Bluetooth GPRS Modem.txt
2011-12-09 17:49:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-12-09 17:16:50 ----D---- C:\WINDOWS
2011-12-09 17:16:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-12-09 17:16:37 ----D---- C:\WINDOWS\system32\CatRoot2
2011-12-09 17:16:21 ----D---- C:\WINDOWS\system32
2011-12-09 17:07:47 ----D---- C:\WINDOWS\SoftwareDistribution
2011-12-09 15:58:00 ----D---- C:\WINDOWS\system32\CatRoot
2011-12-09 15:56:26 ----D---- C:\WINDOWS\Help
2011-12-09 15:56:11 ----HD---- C:\WINDOWS\inf
2011-12-09 13:19:51 ----SD---- C:\Documents and Settings\RD\Data aplikací\Microsoft
2011-12-08 22:30:15 ----D---- C:\WINDOWS\system32\drivers
2011-12-08 19:44:05 ----D---- C:\Documents and Settings
2011-12-08 18:31:37 ----SHD---- C:\WINDOWS\Installer
2011-12-06 20:25:36 ----D---- C:\Program Files\Mozilla Firefox
2011-12-03 12:27:27 ----D---- C:\WINDOWS\Minidump
2011-11-28 19:01:23 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-11-27 00:33:59 ----D---- C:\WINDOWS\system32\config
2011-11-27 00:33:51 ----D---- C:\WINDOWS\system32\wbem
2011-11-27 00:33:50 ----D---- C:\WINDOWS\Registration
2011-11-25 16:59:03 ----D---- C:\WINDOWS\Debug
2011-11-21 16:24:17 ----SHD---- C:\RECYCLER

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2002-07-24 32128]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-11-28 30808]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-11-28 34392]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-11-28 435032]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-11-28 314456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-11-28 52952]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 VIAPFD;VIAPFD; C:\WINDOWS\System32\Drivers\VIAPFD.SYS [2001-12-18 3279]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-11-28 20568]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-11-28 111320]
R3 Ma730c;MA730 Bluetooth Core Driver; C:\WINDOWS\system32\DRIVERS\MA730C.sys [2006-01-02 145344]
R3 Ma730Pt;MA730 Bluetooth VCOM Driver; C:\WINDOWS\system32\DRIVERS\Ma730Pt.sys [2005-12-22 102720]
R3 Ma730Vad;MA730 Bluetooth Audio; C:\WINDOWS\system32\DRIVERS\Ma730Vad.sys [2005-11-22 23376]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-11 3958496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudio.sys [2002-07-24 59264]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\RD\LOCALS~1\Temp\catchme.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-11-28 44768]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; C:\Program Files\Spyware Terminator\st_rsser.exe [2011-11-22 482992]
S4 avast! Firewall;avast! Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe []

-----------------EOF-----------------

Hezke nedelni dopoledne preji

Na logu se pracuje, bude to chvili trvat

I kdyz neni log kompletni (chybi cast HJT, nepodarilo se ho stahnout), na havet to vypada v poradku. Jen par zbytecnosti

1) Otevrte Poznamkovy blok (pokud ho nemate na plose, tak kliknete na Start, pak programy a prislusenstvi)
2) Zkopirujte do nej ten zeleny text
3) Vlevo nahore kliknete na napis Soubor
4) Kliknete na napis Ulozit jako...
5) Napiste spravne ten cerveny nazev oprava.reg a pak vyberte u moznosti Ulozit jako typ : Vsechny soubory
6) Ulozte, nejlepe na plochu
7) No a na to, co jste prave ulozil, pak 2x kliknete, ono se to spusti a pak to jen potvrdte

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-

Doinstalujte Service Pack 3

Jsou s pc nejake problemy?

Dobré odpoledne,
díky za Váš čas a rady. SP3 mám v plánu, ale zatím na stažení nemám vhodné připojení k netu. Počítač trochu zlobí, ale zatím nevím proč. Na účtech s omezeným oprávněním, nemůžu manipulovat se soubory a složkami, které uložím.
Při kopírování, přejmenování nebo mazání se vždy napíše: Chyba C:\ není přístupný Přístup byl.
odepřen. Nemůžu otevřít místní disk C:\, jako by byl nějak blokovaný.
Zkoušel jsem vyčistit disk a dostal jem takovouto hlášku: Program vyčištění disku nemohl vyčistit disk C:\, ujistěte se, že v jednotce je vložen disk a že dvířka jednotky jsou zavřená.
Já osobně jsem žádné nastavení oprávnění a podobné věci neměnil, tak fakt nevím co se děje. Účet asministrátor zatím pracuje bez problémů. Někde jsem četl, že podobné věci dokáže malwar...

Zkusil jsem ještě jednou ten scan, snad se už vše podařilo stáhnout.

Logfile of random's system information tool 1.09 (written by random/random)
Run by RD at 2011-12-11 15:48:02
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 67 GB (88%) free of 76 GB
Total RAM: 767 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:50:48, on 11.12.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\st_rsser.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\DE\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\RD.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
O4 - HKLM\..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
O4 - HKLM\..\Run: [ZoneAlarm Installer] "C:\Program Files\CheckPoint\Install\Launcher.exe" "C:\Program Files\CheckPoint\Install\Install.exe" /r download /c "C:\Program Files\CheckPoint\Install\Install.xml" /w
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{48B65350-D6AB-49E1-873A-45FF3152AC64}: NameServer = 160.218.161.60 194.228.211.33
O17 - HKLM\System\CS3\Services\Tcpip\..\{48B65350-D6AB-49E1-873A-45FF3152AC64}: NameServer = 160.218.161.60 194.228.211.33
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files\Spyware Terminator\st_rsser.exe

--
End of file - 3602 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\RD\Data aplikací\Mozilla\Firefox\Profiles\wojjlwiy.default

"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-11 86016]
"avast"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-11-28 3744552]
"SpywareTerminatorShield"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2011-11-22 2779824]
"SpywareTerminatorUpdater"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-11-22 3621040]
"ZoneAlarm Installer"=C:\Program Files\CheckPoint\Install\Launcher.exe C:\Program Files\CheckPoint\Install\Install.exe /r download /c C:\Program Files\CheckPoint\Install\Install.xml /w []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Spyware Terminator\SpywareTerminator.exe"="C:\Program Files\Spyware Terminator\SpywareTerminator.exe:*:Enabled:Spyware Terminator 2012"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Spyware Terminator 2012"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"midi"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-12-11 15:03:05 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2011-12-11 15:02:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2011-12-11 15:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2011-12-11 15:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2011-12-11 15:02:31 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2011-12-11 15:02:22 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2011-12-11 09:05:34 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2011-12-11 09:05:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2011-12-11 09:05:03 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2011-12-11 09:04:47 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2011-12-11 09:04:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2011-12-11 09:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2011-12-10 21:26:53 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2011-12-10 21:26:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2011-12-10 21:26:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2011-12-10 21:25:48 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2011-12-10 21:25:27 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2011-12-10 21:25:01 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2011-12-10 20:13:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2011-12-10 20:12:49 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2011-12-10 20:12:20 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2011-12-10 20:11:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2011-12-10 20:10:58 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2011-12-10 20:10:22 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2011-12-10 19:59:29 ----N---- C:\WINDOWS\system32\tzchange.exe
2011-12-10 19:53:23 ----N---- C:\WINDOWS\system32\browserchoice.exe
2011-12-10 19:21:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2011-12-10 19:21:11 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2011-12-09 23:56:14 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2011-12-09 23:55:56 ----D---- C:\WINDOWS\system32\PreInstall
2011-12-09 23:55:53 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2011-12-09 23:55:53 ----HD---- C:\WINDOWS\$hf_mig$
2011-12-09 20:26:56 ----D---- C:\Program Files\trend micro
2011-12-09 20:26:55 ----D---- C:\rsit
2011-12-09 17:01:32 ----D---- C:\Program Files\Zone Labs
2011-12-09 17:00:53 ----D---- C:\WINDOWS\Internet Logs
2011-12-09 15:56:06 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2011-12-09 13:18:09 ----D---- C:\WINDOWS\system32\NtmsData
2011-12-08 22:59:11 ----D---- C:\Program Files\CheckPoint
2011-12-08 22:30:15 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2011-12-08 22:30:14 ----D---- C:\Documents and Settings\RD\Data aplikací\Spyware Terminator
2011-12-08 22:30:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2011-12-08 21:56:16 ----D---- C:\Program Files\Spyware Terminator
2011-11-27 18:56:57 ----D---- C:\Documents and Settings\RD\Data aplikací\Opera
2011-11-27 18:56:43 ----D---- C:\Program Files\Opera
2011-11-25 16:58:59 ----A---- C:\WINDOWS\system32\MRT.exe

======List of files/folders modified in the last 1 month======

2011-12-11 15:47:47 ----D---- C:\WINDOWS\temp
2011-12-11 15:47:27 ----D---- C:\WINDOWS\Prefetch
2011-12-11 15:41:04 ----A---- C:\WINDOWS\ModemLog_NOKIA_6021 Bluetooth GPRS Modem.txt
2011-12-11 15:31:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-12-11 15:25:31 ----D---- C:\WINDOWS
2011-12-11 15:24:50 ----D---- C:\WINDOWS\system32
2011-12-11 15:03:09 ----HD---- C:\WINDOWS\inf
2011-12-11 15:03:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-12-11 15:03:01 ----A---- C:\WINDOWS\imsins.BAK
2011-12-11 15:02:30 ----D---- C:\WINDOWS\system32\CatRoot2
2011-12-11 09:04:17 ----D---- C:\WINDOWS\system32\drivers
2011-12-10 21:26:56 ----D---- C:\Program Files\Movie Maker
2011-12-10 18:29:55 ----D---- C:\Documents and Settings
2011-12-10 18:23:03 ----A---- C:\WINDOWS\ntbtlog.txt
2011-12-10 12:07:43 ----SHD---- C:\RECYCLER
2011-12-09 23:56:31 ----D---- C:\WINDOWS\system32\CatRoot
2011-12-09 20:26:56 ----RD---- C:\Program Files
2011-12-09 17:07:47 ----D---- C:\WINDOWS\SoftwareDistribution
2011-12-09 15:56:26 ----D---- C:\WINDOWS\Help
2011-12-09 13:19:51 ----SD---- C:\Documents and Settings\RD\Data aplikací\Microsoft
2011-12-08 18:31:37 ----SHD---- C:\WINDOWS\Installer
2011-12-06 20:25:36 ----D---- C:\Program Files\Mozilla Firefox
2011-12-03 12:27:27 ----D---- C:\WINDOWS\Minidump
2011-11-28 19:01:23 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-11-27 00:33:59 ----D---- C:\WINDOWS\system32\config
2011-11-27 00:33:51 ----D---- C:\WINDOWS\system32\wbem
2011-11-27 00:33:50 ----D---- C:\WINDOWS\Registration
2011-11-25 16:59:03 ----D---- C:\WINDOWS\Debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2002-07-24 32128]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-11-28 30808]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-11-28 34392]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-11-28 435032]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-11-28 314456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-11-28 52952]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 VIAPFD;VIAPFD; C:\WINDOWS\System32\Drivers\VIAPFD.SYS [2001-12-18 3279]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-11-28 20568]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-11-28 111320]
R3 Ma730c;MA730 Bluetooth Core Driver; C:\WINDOWS\system32\DRIVERS\MA730C.sys [2006-01-02 145344]
R3 Ma730Pt;MA730 Bluetooth VCOM Driver; C:\WINDOWS\system32\DRIVERS\Ma730Pt.sys [2005-12-22 102720]
R3 Ma730Vad;MA730 Bluetooth Audio; C:\WINDOWS\system32\DRIVERS\Ma730Vad.sys [2005-11-22 23376]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-11 3958496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudio.sys [2002-07-24 59264]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\RD\LOCALS~1\Temp\catchme.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-11-28 44768]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; C:\Program Files\Spyware Terminator\st_rsser.exe [2011-11-22 482992]

-----------------EOF-----------------

Zdravim a pekny podvecer preji

Omlouvam se kolegovi za vstup

Proc na ten odepreny pristup zakladate nove tema, resime jej zde http://viry.cz/forum/viewtopic.php?f=4&t=117655 a ja i kolega Vrtue tam cekame

I zbytek logu vypada v poradku. Jen vidim, ze se vam spousti neco od ZoneAlarmu. Ale v procesech nebezi. Pouzivate jej? Pokud ne, zopakujte jeste jednou minuly postup, jen tam tentokrat zkopirujte toto.

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Installer"=-

Muze to byt i nejaky malware, i to se jiste proveri.
Ale jak psal kolega, pokracujte v puvodnim tematu http://www.viry.cz/forum/viewtopic.php? ... 7#p1063367
Jsou tam na vas dva a vic hlav vic vi

Napiste jim tam odpoved na jejich otazku a muzete jim tam rovnou pripsat, kdy se problem objevil a jestli jste tesne predtim neco neinstaloval, nebo nemenil.

Preji uspesne vyreseni

VIRY.CZ

Předem děkuji za vyhodnocení.

Předem děkuji za vyhodnocení.

Re: Předem děkuji za vyhodnocení.

Re: Předem děkuji za vyhodnocení.

Re: Předem děkuji za vyhodnocení.

Re: Předem děkuji za vyhodnocení.

Re: Předem děkuji za vyhodnocení.