Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosim skontrolujte mi log ..

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
sasa.eu
Návštěvník
Návštěvník
Příspěvky: 42
Registrován: 08 lis 2008 20:15

Prosim skontrolujte mi log ..

#1 Příspěvek od sasa.eu »

Logfile of Spyware Terminator v2.6.6.196 (db:4.002.008.000)
Scan Time: 8.2.2010 11:18:49 length: 422 s
Platform: WXP (5.1.0.2600)
User: Admin
Boot Mode: Normal
Scan type: Fast_Spyware_Scan
Scanned Objects: 35290 (Critical:3)
Filter: No System items, No Safe items, No Invalid items

Running Processes
msnmsgr.exe [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msnmsgr.exe
ICQ.exe [ICQ, Inc.] : C:\Program Files\ICQ7.0\ICQ.exe
ICQ Service.exe : C:\Program Files\ICQ6Toolbar\ICQ Service.exe
HPZipm12.exe [HP] : C:\WINDOWS\system32\HPZipm12.exe
PnkBstrA.exe : C:\WINDOWS\system32\PnkBstrA.exe
chrome.exe [Google Inc.] : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
chrome.exe [Google Inc.] : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
chrome.exe [Google Inc.] : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe

Internet Settings
R - HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60341
R - HKLM\Software\Microsoft\Internet Explorer\Main, SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R - HKLM\Software\Microsoft\Internet Explorer\Main, CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://home.sweetim.com
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =

BHO
02 - BHO: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - [qip.ru] : C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
02 - BHO: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - [ICQ] : C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
02 - BHO: Shell Search Band - {21569614-B795-46B1-85F4-E737A8DC09AD} - [Společnost Microsoft] : C:\WINDOWS\system32\BROWSEUI.dll

Toolbars
03 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - [ICQ] : C:\Program Files\ICQ6Toolbar\ICQToolBar.dll

StartUps
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, msnmsgr : [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msnmsgr.exe
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ICQ : [ICQ, Inc.] : C:\Program Files\ICQ7.0\ICQ.exe

Explorer Bars
ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - [ICQ] : C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
Shell Search Band - {21569614-B795-46B1-85F4-E737A8DC09AD} - [Společnost Microsoft] : C:\WINDOWS\system32\BROWSEUI.dll

Shell Extensions
Stránka vlastností multimediálního souboru - {00022613-0000-0000-C000-000000000046} - [Microsoft Corporation] : C:\WINDOWS\system32\mmsys.cpl
Popisovač dat výstřižku prostředí - {56117100-C0CD-101B-81E2-00AA004AE837} - [Microsoft Corporation] : C:\WINDOWS\system32\shscrap.dll
Microsoft OLE DB Service Component Data Links - {2206CDB2-19C1-11D1-89E0-00C04FD7A829} - [Microsoft Corporation] : C:\Program Files\Common Files\System\Ole DB\oledb32.dll
Scheduling UI icon handler - {DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} - [Microsoft Corporation] : C:\WINDOWS\system32\mstask.dll
Scheduling UI property sheet handler - {797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} - [Microsoft Corporation] : C:\WINDOWS\system32\mstask.dll
Naplánované úlohy - {D6277990-4C6A-11CF-8D87-00AA0060F5BF} - [Microsoft Corporation] : C:\WINDOWS\system32\mstask.dll
Panel nástrojů Microsoft pro síť Internet - {5E6AB780-7743-11CF-A12B-00AA004AE837} - [Společnost Microsoft] : C:\WINDOWS\system32\BROWSEUI.dll
Stav stahování - {22BF0C20-6DA7-11D0-B373-00A0C9034938} - [Společnost Microsoft] : C:\WINDOWS\system32\BROWSEUI.dll
Rozšířená složka prostředí - {91EA3F8B-C99B-11d0-9815-00C04FD91972} - [Společnost Microsoft] : C:\WINDOWS\system32\BROWSEUI.dll
Augmented Shell Folder 2 - {6413BA2C-B461-11d1-A18A-080036B11A03} - [Společnost Microsoft] : C:\WINDOWS\system32\BROWSEUI.dll
BandProxy - {F61FFEC1-754F-11d0-80CA-00AA005B4383} - [Společnost Microsoft] : C:\WINDOWS\system32\BROWSEUI.dll
Microsoft BrowserBand - {7BA4C742-9E81-11CF-99D3-00AA004AE837} - [Společnost Microsoft] : C:\WINDOWS\system32\BROWSEUI.dll
Shell Search Band - {21569614-B795-46b1-85F4-E737A8DC09AD} - [Společnost Microsoft] : C:\WINDOWS\system32\BROWSEUI.dll
Vyhledávat v podokně - {169A0691-8DF9-11d1-A1C4-00C04FD75D13} - [Společnost Microsoft] : C:\WINDOWS\system32\BROWSEUI.dll
Nástroj možností registrového stromu - {AF4F6510-F982-11d0-8595-00AA004CD6D8} - [Společnost Microsoft] : C:\WINDOWS\system32\BROWSEUI.dll
&Adresa - {01E04581-4EEE-11d0-BFE9-00AA005B4383} - [Společnost Microsoft] : C:\WINDOWS\system32\BROWSEUI.dll
Textové pole adresy - {A08C11D2-A228-11d0-825B-00AA005B4383} - [Společnost Microsoft] : C:\WINDOWS\system32\BROWSEUI.dll
Shell Microsoft AutoComplete - {00BB2763-6A77-11D0-A535-00C04FD7D062} - [Společnost Microsoft] : C:\WINDOWS\system32\BROWSEUI.dll
Automaticky dokončovaný seznam MRU - {6756A641-DE71-11d0-831B-00AA005B4383} - [Společnost Microsoft] : C:\WINDOWS\system32\BROWSEUI.dll
Custom MRU AutoCompleted List - {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} - [Společnost Microsoft] : C:\WINDOWS\system32\BROWSEUI.dll
Přístupný - {7e653215-fa25-46bd-a339-34a2790f3cb7} - [Společnost Microsoft] : C:\WINDOWS\system32\BROWSEUI.dll
Track Popup Bar - {acf35015-526e-4230-9596-becbe19f0ac9} - [Společnost Microsoft] : C:\WINDOWS\system32\BROWSEUI.dll
Automaticky dokončovaný seznam historie - {00BB2764-6A77-11D0-A535-00C04FD7D062} - [Společnost Microsoft] : C:\WINDOWS\system32\BROWSEUI.dll
Automaticky se doplňující seznam složky prostředí společnosti Microsoft - {03C036F1-A186-11D0-824A-00AA005B4383} - [Společnost Microsoft] : C:\WINDOWS\system32\BROWSEUI.dll
Kontejner automatického dokončování více seznamů - {00BB2765-6A77-11D0-A535-00C04FD7D062} - [Společnost Microsoft] : C:\WINDOWS\system32\BROWSEUI.dll
Nabídka serveru pruhu prostředí - {ECD4FC4E-521C-11D0-B792-00A0C90312E1} - [Společnost Microsoft] : C:\WINDOWS\system32\BROWSEUI.dll
Panel plochy aplikací prostředí - {3CCF8A41-5C85-11d0-9796-00AA00B90ADF} - [Společnost Microsoft] : C:\WINDOWS\system32\BROWSEUI.dll
Panel plochy prostředí - {ECD4FC4C-521C-11D0-B792-00A0C90312E1} - [Společnost Microsoft] : C:\WINDOWS\system32\BROWSEUI.dll
Shell Rebar BandSite - {ECD4FC4D-521C-11D0-B792-00A0C90312E1} - [Společnost Microsoft] : C:\WINDOWS\system32\BROWSEUI.dll
Asistence uživatele - {DD313E04-FEFF-11d1-8ECD-0000F87A470C} - [Společnost Microsoft] : C:\WINDOWS\system32\BROWSEUI.dll
Globální nastavení složek - {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} - [Společnost Microsoft] : C:\WINDOWS\system32\BROWSEUI.dll
Hledání na webu - {07798131-AF23-11d1-9111-00A0C98BA67D} - [Společnost Microsoft] : C:\WINDOWS\system32\BROWSEUI.dll
TridentImageExtractor - {7376D660-C583-11d0-A3A5-00C04FD706EC} - [Společnost Microsoft] : C:\WINDOWS\system32\BROWSEUI.dll
Prostředí automatického přehrávání prezentace - {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - [Microsoft Corporation] : C:\WINDOWS\system32\RUNDLL32.EXE
CompressedFolder - {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} - [Microsoft Corporation] : C:\WINDOWS\system32\zipfldr.dll
Compressed (zipped) Folder Right Drag Handler - {BD472F60-27FA-11cf-B8B4-444553540000} - [Microsoft Corporation] : C:\WINDOWS\system32\zipfldr.dll
Compressed (zipped) Folder SendTo Target - {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} - [Microsoft Corporation] : C:\WINDOWS\system32\zipfldr.dll
Extensions Manager Folder - {692F0339-CBAA-47e6-B5B5-3B84DB604E87} - [Microsoft Corporation] : C:\WINDOWS\system32\extmgr.dll
Microsoft Agent Character Property Sheet Handler - {143A62C8-C33B-11D1-84FE-00C04FA34A14} - [Microsoft Corporation] : C:\WINDOWS\msagent\agentpsh.dll
Webové složky - {BDEADF00-C265-11D0-BCED-00A0C90AB50F} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL

Shell Extecute Hooks
Browseui preloader - {{438755C2-A8BA-11D1-B96B-00A0C90312E1}} - [Společnost Microsoft] : C:\WINDOWS\system32\BROWSEUI.dll
Proces mezipaměti kategorií součástí - {{8C7461EF-2B13-11d2-BE35-3078302C2030}} - [Společnost Microsoft] : C:\WINDOWS\system32\BROWSEUI.dll

Protocol Handler
- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll
- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll
Data Page Pluggable Protocol mso-offdap Handler - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
Data Page Plugable Protocal mso-offdap11 Handler - {32505114-5902-49B2-880A-1F7738E5A384} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
WiaProtocol Class - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - [Microsoft Corporation] : C:\WINDOWS\system32\wiascr.dll

Services
23 - : C:\WINDOWS\system32\DRIVERS\atksgt.sys
23 - [Microsoft Corporation] : C:\WINDOWS\system32\DRIVERS\disk.sys
23 - [Microsoft Corp., Veritas Software] : C:\WINDOWS\system32\drivers\dmio.sys
23 - [Microsoft Corp., Veritas Software.] : C:\WINDOWS\system32\drivers\dmload.sys
23 - [Intel Corporation] : C:\WINDOWS\system32\DRIVERS\e1000325.sys
23 - [Microsoft Corporation] : C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23 - [Intel Corporation] : C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
23 - : C:\Program Files\ICQ6Toolbar\ICQ Service.exe
23 - : C:\WINDOWS\system32\DRIVERS\lirsgt.sys
23 - [Microsoft Corporation] : C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23 - [HP] : C:\WINDOWS\system32\HPZipm12.exe
23 - : C:\WINDOWS\system32\PnkBstrA.exe
23 - [Ralink Technology, Corp.] : C:\WINDOWS\system32\DRIVERS\rt73.sys
23 - [Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.] : C:\WINDOWS\system32\DRIVERS\secdrv.sys
23 - : C:\WINDOWS\system32\Drivers\sptd.sys
23 - [Crawler.com] : C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

Winlogon Notify
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui, DLLName : [Intel Corporation] : C:\WINDOWS\system32\igfxsrvc.dll

System Policies
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, ForceActiveDesktopOn : :

Advanced Files Report
%SYSDIR%\hpzll054.dll [Hewlett-Packard Company] [Language Monitor] MD5=8368F1B57150F129935762E7BE9BC4BA SIZE=48128
%SYSDIR%\BROWSEUI.dll [Společnost Microsoft] [Microsoft(R) Windows (R) 2000 Operating System] MD5=E45ECB5A023F77F813CD0DFF92699B76 SIZE=1025024
%SYSDIR%\hccutils.DLL [Intel Corporation] [Intel(R) Common User Interface] MD5=11671F812E89402A3A46FC4152ADF824 SIZE=118784
%SYSDIR%\igfxdev.dll [Intel Corporation] [Intel(R) Common User Interface] MD5=21F0A42DC7BB6380D2B013370DB55115 SIZE=143360
%SYSDIR%\igfxsrvc.dll [Intel Corporation] [Intel(R) Common User Interface] MD5=3C29995B8199D4ACCEBF29B0C143E44F SIZE=339968
%SYSDIR%\igfxres.dll [Intel Corporation] [Intel(R) Common User Interface] MD5=81FC49B3DF8B39F68C490E8C063D45DC SIZE=155648
%SYSDIR%\igfxhk.dll [Intel Corporation] [Intel(R) Common User Interface] MD5=0A13FD824542CBBA060005AF3F3D268A SIZE=126976
%PROGRAMFILES%\ICQ7.0\MUtils.dll [ICQ, Inc.] [ICQ] MD5=9D4DE5CA500737D2D7AE996DD1D9FEB7 SIZE=590848
%PROGRAMFILES%\ICQ7.0\xprt6.dll [AOL Inc.] [XPRT Runtime Library] MD5=68192C9D89CCA50DA96D4F32042A84C0 SIZE=238592
%PROGRAMFILES%\ICQ7.0\MKernel.dll [ICQ, Inc.] [ICQ] MD5=0E29ADC0A2903C9471D36501B2ABFFC1 SIZE=246272
%PROGRAMFILES%\ICQ7.0\MDb.dll MD5=33BFB08350E8015BD8E390C59B50719F SIZE=733184
%PROGRAMFILES%\ICQ7.0\MCoreLib.dll [ICQ, Inc.] [ICQ] MD5=1D615B6BA00AA936DD45308310EBCC0D SIZE=96768
%PROGRAMFILES%\ICQ7.0\MUIUtils.dll [ICQ, Inc.] [ICQ] MD5=DFF2562E6C921FF6576DA86F0CB015BA SIZE=2349056
%PROGRAMFILES%\ICQ7.0\MUICoreLib.dll [ICQ, Inc.] [ICQ] MD5=30F05B30352BA5107208B78D9AE01726 SIZE=647680
%PROGRAMFILES%\ICQ7.0\tbdiag.dll [AOL LLC] [AOL Diagnostics] MD5=628C28F3B0F227266573EFD19FAA9EB6 SIZE=108032
%PROGRAMFILES%\ICQ7.0\MBContainer.dll [ICQ, Inc.] [ICQ] MD5=43863381A4B41432A0E31E26B0F3370D SIZE=194560
%PROGRAMFILES%\ICQ7.0\MCore.dll [ICQ, Inc.] [ICQ] MD5=CF4F0512B5A987CCB1EA217051CEA4DC SIZE=1375744
%PROGRAMFILES%\ICQ7.0\coolcore59.dll [AOL Inc.] [COOL Component Libraries] MD5=6142FA079BE55B291F11009864B797E7 SIZE=926208
%PROGRAMFILES%\ICQ7.0\acccore.dll [AOL Inc.] [AIMCC] MD5=1BF804D6E1DE714B26BFBFF790ABAF01 SIZE=786432
%PROGRAMFILES%\ICQ7.0\MISB.dll [ICQ, Inc.] [ICQ] MD5=4AC212B39E475FC9C103D9FE2D47473A SIZE=850432
%PROGRAMFILES%\ICQ7.0\MUICore.dll [ICQ, Inc.] [ICQ] MD5=6BD0E2631FA840CE6828E753772E7138 SIZE=2300416
%PROGRAMFILES%\ICQ7.0\MReport.dll [ICQ, Inc.] [ICQ] MD5=6079D0866EA4030FC2D8FF3C4F1222AA SIZE=87552
%PROGRAMFILES%\ICQ7.0\MUIMessage.dll [ICQ, Inc.] [ICQ] MD5=401BA4C6B1A4F66185695E95BC700194 SIZE=808960
%SYSDIR%\Macromed\Flash\Flash10d.ocx [Adobe Systems, Inc.] [Shockwave Flash] MD5=C5AA69ED6CE6F2962A79F03039A87084 SIZE=3982240
%SYSDIR%\l3codecx.ax [Fraunhofer Institut Integrierte Schaltungen IIS] [MPEG Layer-3 Audio Codec for Microsoft DirectShow] MD5=EA6D28C4CDA1501A2BC66A03D5DD0E5E SIZE=83456
%PROGRAMFILES%\ICQ6Toolbar\ICQ Service.exe [ICQIEUpdater Module] MD5=848EDEBB3C1D6FEC50E09EDA95C21E84 SIZE=246520
%SYSDIR%\HPZipm12.exe [HP] [HP PML] MD5=2D091A99624FB9E7EEF0A86D872EC0C3 SIZE=73728
%SYSDIR%\PnkBstrA.exe MD5=A9D6B1E7EF097C7F3B5DC4F56C0E7386 SIZE=66872
%USERPROFILE%\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe [Google Inc.] [Google Chrome] MD5=643FDE8B9E600F4DE85BBA8C653F9B25 SIZE=527344
%USERPROFILE%\Local Settings\Data aplikací\Google\Chrome\Application\4.0.249.78\chrome.dll [Google Inc.] [Google Chrome] MD5=C80D9C4397CA24C1DC9190A37EF46914 SIZE=14489584
%USERPROFILE%\Local Settings\Data aplikací\Google\Chrome\Application\4.0.249.78\icudt42.dll [IBM Corporation and others] [International Components for Unicode] MD5=2008942F93F041351355D0AC6009FC35 SIZE=10947056
%USERPROFILE%\Local Settings\Data aplikací\Google\Chrome\Application\4.0.249.78\locales\cs.dll MD5=6CAA7DDA5702338214947DB32F9287F9 SIZE=142320
%USERPROFILE%\Local Settings\Data aplikací\Google\Chrome\Application\4.0.249.78\gears.dll [Google Inc.] [Google Gears 0.5.33.0] MD5=A4C17F16FC2ABE7F6B95E66C169EDCDE SIZE=3184112
%USERPROFILE%\Local Settings\Data aplikací\Google\Chrome\Application\4.0.249.78\rlz.dll MD5=965FE6824BB37EB823633746E6995043 SIZE=109040
%USERPROFILE%\Local Settings\Data aplikací\Google\Chrome\Application\4.0.249.78\avcodec-52.dll MD5=00E161C691D0A83D2C454DDC6D9251C2 SIZE=1112560
%USERPROFILE%\Local Settings\Data aplikací\Google\Chrome\Application\4.0.249.78\avutil-50.dll MD5=3701C5D050674992151887CFAAA48CF1 SIZE=61424
%USERPROFILE%\Local Settings\Data aplikací\Google\Chrome\Application\4.0.249.78\avformat-52.dll MD5=99854F6F0DB602F351D3D6101B72655E SIZE=135152
%PROGRAMFILES%\DAEMON TOOLS LITE\DAEMON.EXE
%PROGRAMFILES%\TURBINE\TURBINE DOWNLOAD MANAGER\TURBINEDOWNLOADMANAGERICON.EXE
%PROGRAMFILES%\ICQ6Toolbar\ICQToolBar.dll [ICQ] [ICQToolBar] MD5=70063D8E32195F38430B5897940FDC19 SIZE=1019128
%SystemDiskRoot%\PROGRA~1\ICQTOO~1\toolbaru.dll
%SYSDIR%\299914\299914.dll
%SYSDIR%\mmsys.cpl [Microsoft Corporation] [Operační systém Microsoft® Windows®] MD5=BDA35E3DD90F54B64C507E78118563C0 SIZE=620032
deskpan.dll
%SYSDIR%\shscrap.dll [Microsoft Corporation] [Operační systém Microsoft® Windows®] MD5=7CCB3A022D07A84EBC9DED2BB2A60BB8 SIZE=27648
%COMMONFILES%\System\Ole DB\oledb32.dll [Microsoft Corporation] [Microsoft Data Access Components] MD5=6EADE93669DFBB501F3BFB8C12A9456E SIZE=487424
%SYSDIR%\mstask.dll [Microsoft Corporation] [Operační systém Microsoft® Windows®] MD5=4140DF1A80A347E250B91E3E1335FD9D SIZE=275968
%SYSDIR%\RUNDLL32.EXE [Microsoft Corporation] [Operační systém Microsoft® Windows®] MD5=33FC9AB5D74633F257B879B401F70BBE SIZE=33280
%SYSDIR%\zipfldr.dll [Microsoft Corporation] [Operační systém Microsoft® Windows®] MD5=3A5688CD1A780CE298FDF2E8B8BE136B SIZE=338944
%SYSDIR%\extmgr.dll [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=41ADC50957C2C141969852C8B5EE518A SIZE=55808
%WINDIR%\msagent\agentpsh.dll [Microsoft Corporation] [Microsoft Agent Property Sheet Handler] MD5=057096BB1687AA9B61195ABAE9A57BBF SIZE=24064
%COMMONFILES%\Microsoft Shared\Web Folders\MSONSEXT.DLL [Microsoft Corporation] [SharePoint Portal Server] MD5=32E82A0C6D4272407DC8547354EFA42B SIZE=1293008
%SYSDIR%\DRIVERS\atksgt.sys MD5=6E996CF8459A2594E0E9609D0E34D41F SIZE=271360
%SYSDIR%\svchost.exe -k netsvcs
%SYSDIR%\svchost -k DcomLaunch
%SYSDIR%\DRIVERS\disk.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=044452051F3E02E7963599FC8F4F3E25 SIZE=36352
%SYSDIR%\drivers\dmio.sys [Microsoft Corp., Veritas Software] [VERITAS® NT Disk Manager] MD5=FFF1720AF51171F32F1EAD5CF71F2810 SIZE=153856
%SYSDIR%\drivers\dmload.sys [Microsoft Corp., Veritas Software.] [Logical Disk Manager for Windows NT] MD5=E9317282A63CA4D188C0DF5E09C6AC5F SIZE=5888
%SYSDIR%\svchost.exe -k NetworkService
%SYSDIR%\DRIVERS\e1000325.sys [Intel Corporation] [Intel(R) PRO/1000 Adapter] MD5=A8B3EC8EE13CBE14F067C72110155A1B SIZE=121856
%SYSDIR%\DRIVERS\flpydisk.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=9D27E7B80BFCDF1CDD9B555862D5E7F0 SIZE=20480
%SYSDIR%\svchost.exe -k HTTPFilter
%SYSDIR%\DRIVERS\ialmnt5.sys [Intel Corporation] [Intel Graphics Accelerator Drivers for Windows NT(R)] MD5=DA58A8BE6A445835F603720C4BC8837E SIZE=681469
%SYSDIR%\DRIVERS\lirsgt.sys MD5=975B6CF65F44E95883F3855BAE8CECAF SIZE=18048
%SYSDIR%\svchost.exe -k LocalService
%SYSDIR%\DRIVERS\mssmbios.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=AF5F4F3F14A8EA2C26DE30F7A1E17136 SIZE=15488
%SYSDIR%\svchost -k rpcss
%SYSDIR%\DRIVERS\rt73.sys [Ralink Technology, Corp.] [Ralink 802.11 Wireless Adapters] MD5=7436BFD3A542CF6FF55097200031B293 SIZE=245248
%SYSDIR%\DRIVERS\secdrv.sys [Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.] [Macrovision SECURITY Driver] MD5=90A3935D05B494A5A39D37E71F09A677 SIZE=20480
%SYSDIR%\Drivers\sptd.sys SIZE=717296
%SYSDIR%\svchost.exe -k imgsvc
%SYSDIR%\drivers\sp_rsdrv2.sys [Crawler.com] [Spyware Terminator] MD5=8831252BCF05FCFB5ABD116A22E552D8 SIZE=142592
%SYSDIR%\mscoree.dll [Microsoft Corporation] [Microsoft® .NET Framework] MD5=C99248B969A799B771F484CD68BCB96E SIZE=282112
%PROGRAMFILES%\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [Microsoft Corporation] [Windows Live Messenger Protocol Handler Module] MD5=61B0C981F7C10B8861809ADC1B31E8E5 SIZE=61264
%COMMONFILES%\Microsoft Shared\Web Components\10\OWC10.DLL [Microsoft Corporation] [Microsoft Office XP] MD5=CD87D4396557AA897952B0ED890DF91E SIZE=7255872
%COMMONFILES%\Microsoft Shared\Web Components\11\OWC11.DLL [Microsoft Corporation] [Microsoft Office 2003] MD5=6038EB24E4B56F42E92072C5A306ECA8 SIZE=8058192
%SYSDIR%\wiascr.dll [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=962380E6EF60872F7A52B0AAF814C0FD SIZE=75776

End of Report


Průběh odstraňování:

Příprava struktur
Vytváření bodu pro obnovu systému
Odstranit SpyShredder
Smazané registry : HKCU\Software\SpyShredder
Odstranit Affiliate tracking cookie
Smazaný soubor: C:\Documents and Settings\Administrator\cookies\administrator@apmebf[1].txt
Smazaný soubor: C:\Documents and Settings\Administrator\cookies\administrator@apmebf[2].txt
Smazaný soubor: C:\Documents and Settings\Administrator\cookies\administrator@apmebf[3].txt
Smazaný soubor: C:\Documents and Settings\Administrator\cookies\administrator@atdmt[1].txt
Smazaný soubor: C:\Documents and Settings\Administrator\cookies\administrator@atdmt[2].txt
Smazaný soubor: C:\Documents and Settings\Administrator\cookies\administrator@server.iad.liveperson[1].txt
Smazaný soubor: C:\Documents and Settings\Administrator\cookies\administrator@server.iad.liveperson[3].txt
Odstranit Invalid Startup Items
Smazané registry : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DAEMON Tools Lite
Smazané registry : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Turbine Download Manager Tray Icon
Zavírání bodu pro obnovu systému
Hotovo

Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: Prosim skontrolujte mi log ..

#2 Příspěvek od Unlimited_Killer »

Prosím o dodání RSIT logu. Ve ST logu se moc nevyznám, i když je prakticky totožný. :oops:

~~~

Random's System Information Tool
  • Stáhněte a uložte na Plochu RSIT.
  • Spusťte, nechte v rolovacím menu '1 month' a klikněte na 'Continue'.
  • Vyčkejte několik vteřin, než se vygeneruje log se jménem log.txt
  • Pokud nebude log vygenerován, naleznete jej v C:\rsit\log.txt
  • Obsah tohoto logu vložte do svého příspěvku.
inactive

sasa.eu
Návštěvník
Návštěvník
Příspěvky: 42
Registrován: 08 lis 2008 20:15

Re: Prosim skontrolujte mi log ..

#3 Příspěvek od sasa.eu »

System drive C: has 58 GB (77%) free of 76 GB
Total RAM: 510 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:14:47, on 8.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ICQ7.0\ICQ.exe
C:\WINDOWS\system32\OSK.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Spyware Terminator\SpywareTerminator.exe
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Dokumenty\Downloads\RSIT.exe
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Dokumenty\Downloads\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60341
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: 299914 helper - {47DF236B-7D10-4C01-9820-50C0D54E7841} - C:\WINDOWS\system32\299914\299914.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.seznam.cz
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7984936889
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7985100801
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 9891 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-01-28 1230288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47DF236B-7D10-4C01-9820-50C0D54E7841}]
299914 Class - C:\WINDOWS\system32\299914\299914.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-02-12 119808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-06 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-06 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-01-28 1230288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-02-10 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-02-10 118784]
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-06 148888]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-01-28 2757512]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-02-08 2166784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"ICQ"=C:\Program Files\ICQ7.0\ICQ.exe [2010-01-12 133368]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-02-08 3037696]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-02-10 339968]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"Wallpaper"=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceActiveDesktopOn"=1
"NoActiveDesktop"=2

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe"="C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe:*:Enabled:jk2mp"
"C:\Program Files\EA GAMES\MOHAA\MOHAA.exe"="C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Disabled:Medal of Honor Allied Assault(tm)"
"C:\Program Files\Duke Nukem - Manhattan Project\prism3d.exe"="C:\Program Files\Duke Nukem - Manhattan Project\prism3d.exe:*:Disabled:prism3d"
"C:\Program Files\Namco\Street Racing Syndicate\Bin\SRS.EXE"="C:\Program Files\Namco\Street Racing Syndicate\Bin\SRS.EXE:*:Disabled:SRS"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Disabled:BitLord"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Q3Ademo\quake3.exe"="C:\Q3Ademo\quake3.exe:*:Disabled:quake3"
"C:\Program Files\SEZNAM\akcelerator\SEZNAMakc.exe"="C:\Program Files\SEZNAM\akcelerator\SEZNAMakc.exe:*:Enabled:Seznam internet akcelerátor"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE"="C:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE:*:Enabled:Microsoft® Motocross Madness 2"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Metin2_CZ\metin2.bin"="C:\Program Files\Metin2_CZ\metin2.bin:*:Enabled:metin2"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Turbine\DDO Unlimited\dndclient.exe"="C:\Program Files\Turbine\DDO Unlimited\dndclient.exe:*:Disabled:dndclient"
"C:\Program Files\Turbine\The Lord of the Rings Online - Mines of Moria\lotroclient.exe"="C:\Program Files\Turbine\The Lord of the Rings Online - Mines of Moria\lotroclient.exe:*:Enabled:lotroclient"
"C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe"="C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService"
"C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe"="C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Metin2_CZ\metin2client.bin"="C:\Program Files\Metin2_CZ\metin2client.bin:*:Enabled:metin2client"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c461675-ec50-11dd-ab8f-000f1fd53e34}]
shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70acbc44-f174-11de-b40d-001d7e0e800c}]
shell\AutoRun\command - J:\Launcher.exe
shell\install\command - J:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{793d869e-a0a8-11de-b35f-001d7e0e800c}]
shell\AutoRun\command - K:\MediaManager.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be5fe244-f017-11de-b40a-001d7e0e800c}]
shell\AutoRun\command - J:\autorun/asocrun.exe index.html


======List of files/folders created in the last 1 months======

2010-02-08 18:14:19 ----D---- C:\rsit
2010-02-08 11:15:16 ----D---- C:\Program Files\Crawler
2010-02-08 11:15:11 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Spyware Terminator
2010-02-08 11:15:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-02-08 11:15:05 ----D---- C:\Program Files\Spyware Terminator
2010-02-08 11:01:58 ----D---- C:\Program Files\Sunbelt Software
2010-02-02 00:03:11 ----D---- C:\Program Files\ICQ6Toolbar
2010-02-02 00:02:40 ----D---- C:\Documents and Settings\Administrator\Data aplikací\ICQ
2010-02-02 00:02:16 ----D---- C:\Program Files\ICQ7.0
2010-01-31 09:52:23 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Facebook
2010-01-30 18:17:04 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-01-30 18:16:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-01-30 17:51:12 ----D---- C:\instalace
2010-01-15 20:40:13 ----SHD---- C:\WINDOWS\ftpcache
2010-01-13 18:14:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 18:13:06 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-09 20:42:34 ----D---- C:\Documents and Settings\Administrator\Data aplikací\DAEMON Tools Lite
2010-01-09 20:42:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite

======List of files/folders modified in the last 1 months======

2010-02-08 18:14:47 ----D---- C:\WINDOWS\Prefetch
2010-02-08 15:07:38 ----D---- C:\WINDOWS\Temp
2010-02-08 11:15:16 ----RD---- C:\Program Files
2010-02-08 11:15:13 ----D---- C:\WINDOWS\system32\drivers
2010-02-08 11:05:10 ----D---- C:\WINDOWS\system32\ias
2010-02-08 11:05:06 ----D---- C:\WINDOWS
2010-02-08 11:05:01 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-08 11:03:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-08 11:02:43 ----SHD---- C:\WINDOWS\Installer
2010-02-08 11:02:43 ----D---- C:\Config.Msi
2010-02-08 11:02:12 ----HD---- C:\WINDOWS\inf
2010-02-08 11:02:10 ----D---- C:\WINDOWS\system32
2010-02-08 10:24:23 ----D---- C:\WINDOWS\system32\config
2010-02-08 10:23:19 ----D---- C:\WINDOWS\system32\wbem
2010-02-08 10:23:11 ----D---- C:\WINDOWS\Registration
2010-02-08 10:22:05 ----D---- C:\Program Files\Realtek AC97
2010-02-08 10:21:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-08 10:19:25 ----AC---- C:\WINDOWS\ntbtlog.txt
2010-02-06 18:20:14 ----D---- C:\7dd16289180c66623073e8e573a7
2010-02-02 00:03:05 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-02 00:03:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2010-02-01 23:53:59 ----RSD---- C:\WINDOWS\Fonts
2010-02-01 23:53:58 ----D---- C:\WINDOWS\Help
2010-01-30 18:17:13 ----D---- C:\WINDOWS\WinSxS
2010-01-30 18:16:57 ----D---- C:\Program Files\Alwil Software
2010-01-30 18:16:33 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-30 18:09:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg8
2010-01-30 17:24:11 ----AC---- C:\WINDOWS\control.ini
2010-01-30 17:19:31 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
2010-01-30 17:18:31 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2010-01-30 17:15:00 ----D---- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2010-01-30 17:14:03 ----D---- C:\Program Files\HP
2010-01-30 17:12:07 ----D---- C:\Program Files\Hewlett-Packard
2010-01-30 17:10:41 ----D---- C:\Program Files\Common Files
2010-01-30 12:09:50 ----HD---- C:\$AVG8.VAULT$
2010-01-23 23:11:33 ----D---- C:\Program Files\Internet Explorer
2010-01-23 23:10:14 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-13 18:24:19 ----D---- C:\WINDOWS\AppPatch
2010-01-13 18:14:26 ----A---- C:\WINDOWS\imsins.BAK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-01-28 28240]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-01-28 163280]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-01-28 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-01-28 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-01-28 100432]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-01-02 271360]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-01-02 18048]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-18 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-18 55936]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-01-28 23376]
R3 E1000;Intel(R) PRO/1000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2003-07-11 121856]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-02-10 681469]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-11-24 245248]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-04-25 4030144]
S3 aphl1hua;aphl1hua; C:\WINDOWS\system32\drivers\aphl1hua.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys []
S3 sermouse;Ovladač sériové myši; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-10-24 17664]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-06 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-03-25 66872]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-02-08 488960]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
S2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: Prosim skontrolujte mi log ..

#4 Příspěvek od Unlimited_Killer »

Jdeme na to. A omlouvám se za zdržení.

~~~

Stáhněte OTM na Plochu. Spusťte ho dvojklikem na OTM.exe, pokud máte Vistu, pravým tlačítkem na soubor -> Run as Administrator [spustit jako administrátor].
Do levého okna 'Paste Instructions for Items to be Moved' vkopírujte následující skript:

Kód: Vybrat vše

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47DF236B-7D10-4C01-9820-50C0D54E7841}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=-
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"=-
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be5fe244-f017-11de-b40a-001d7e0e800c}]

:files
C:\PROGRA~1\Crawler
C:\PROGRA~1\ICQTOO~1
C:\WINDOWS\system32\299914
C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
C:\Program Files\ICQ6Toolbar\
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk 

:services
ICQ Service
JavaQuickStarterService

:commands
[emptytemp]
[reboot]
Poté klikněte na červené tlačítko 'MoveIt!'.
V zeleném okně vpravo by se měl zobrazit log, ten vkopírujete sem do fóra. Pokud se zobrazí hláška k restartování, klikněte na Yes. Po restartu log najdete v C:\_OTM\MovedFiles

~~~

Fixnutí v HJT
  • Spusťte přejmenované HijackThis - C:\Program Files\Trend Micro\HijackThis\jmeno_uzivatele.exe
  • Klikněte na 'Do a system scan only'.
  • U níže uvedených položek udělejte fajfku do čtverečku a poté klikněte na 'Fix Checked'.

    Kód: Vybrat vše

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60341
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
    O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
    O2 - BHO: 299914 helper - {47DF236B-7D10-4C01-9820-50C0D54E7841} - C:\WINDOWS\system32\299914\299914.dll (file missing)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
  • Pokud by tam nějaká položka nebyla, vynechte ji.
~~~

Malwarebytes' Anti-Malware
  • Stáhněte MbAM a postupujte podle popisu.
  • Zatím nic nemažte, MbAM má občas falešné detekce.
  • Poté mi sem vložte log ve formě textu.
inactive

sasa.eu
Návštěvník
Návštěvník
Příspěvky: 42
Registrován: 08 lis 2008 20:15

OTM log.

#5 Příspěvek od sasa.eu »

All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47DF236B-7D10-4C01-9820-50C0D54E7841}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47DF236B-7D10-4C01-9820-50C0D54E7841}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be5fe244-f017-11de-b40a-001d7e0e800c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be5fe244-f017-11de-b40a-001d7e0e800c}\ not found.
========== FILES ==========
C:\PROGRA~1\Crawler\Toolbar\Update folder moved successfully.
C:\PROGRA~1\Crawler\Toolbar\TBR5LanguageAct folder moved successfully.
C:\PROGRA~1\Crawler\Toolbar\STWSGLanguageAct folder moved successfully.
C:\PROGRA~1\Crawler\Toolbar\Languages folder moved successfully.
C:\PROGRA~1\Crawler\Toolbar\Cache folder moved successfully.
C:\PROGRA~1\Crawler\Toolbar folder moved successfully.
C:\PROGRA~1\Crawler\Download folder moved successfully.
C:\PROGRA~1\Crawler folder moved successfully.
File/Folder C:\PROGRA~1\ICQTOO~1 not found.
C:\WINDOWS\system32\299914 folder moved successfully.
C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll moved successfully.
C:\Program Files\ICQ6Toolbar folder moved successfully.
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk moved successfully.
========== SERVICES/DRIVERS ==========
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
Service JavaQuickStarterService stopped successfully!
Service JavaQuickStarterService deleted successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 232343326 bytes
->Temporary Internet Files folder emptied: 53458640 bytes
->Java cache emptied: 2059646 bytes
->Google Chrome cache emptied: 97484068 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Guest
->Temp folder emptied: 7734130 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2167051 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 49408 bytes
Windows Temp folder emptied: 39424412 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23453022 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 437.00 mb


OTM by OldTimer - Version 3.1.8.0 log created on 02102010_173500

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

sasa.eu
Návštěvník
Návštěvník
Příspěvky: 42
Registrován: 08 lis 2008 20:15

MBAM

#6 Příspěvek od sasa.eu »

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3720
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10.2.2010 18:18:25
mbam-log-2010-02-10 (18-18-04).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 120001
Uplynulý čas: 6 minute(s), 48 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 6
Infikované hodnoty registru: 1
Infikované datové položky registru: 2
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{343ce214-9998-4b21-a151-ffe970167297} (Rogue.Installer) -> No action taken.
HKEY_CLASSES_ROOT\e404.e404mgr (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.BHO) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\adp (Rogue.Multiple) -> No action taken.

Infikované datové položky registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn (Hijack.Desktop) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (2) Good: (0) -> No action taken.

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: Prosim skontrolujte mi log ..

#7 Příspěvek od Unlimited_Killer »

Nechte vše, co našel MbAM smazat a vložte nový RSIT log.
inactive

sasa.eu
Návštěvník
Návštěvník
Příspěvky: 42
Registrován: 08 lis 2008 20:15

Rist log.

#8 Příspěvek od sasa.eu »

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-02-10 19:34:11
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 58 GB (77%) free of 76 GB
Total RAM: 510 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:34:25, on 10.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ICQ7.0\ICQ.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\WINDOWS\system32\OSK.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Dokumenty\Downloads\RSIT.exe
C:\Documents and Settings\Administrator\Dokumenty\Downloads\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {95289393-33EA-4F8D-B952-483415B9C955} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.seznam.cz
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7984936889
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7985100801
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 5810 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-06 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-06 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-02-10 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-02-10 118784]
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-01-28 2757512]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-02-08 2166784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ICQ"=C:\Program Files\ICQ7.0\ICQ.exe [2010-01-12 133368]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-02-08 3037696]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-02-10 339968]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"Wallpaper"=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=2
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe"="C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe:*:Enabled:jk2mp"
"C:\Program Files\EA GAMES\MOHAA\MOHAA.exe"="C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Disabled:Medal of Honor Allied Assault(tm)"
"C:\Program Files\Duke Nukem - Manhattan Project\prism3d.exe"="C:\Program Files\Duke Nukem - Manhattan Project\prism3d.exe:*:Disabled:prism3d"
"C:\Program Files\Namco\Street Racing Syndicate\Bin\SRS.EXE"="C:\Program Files\Namco\Street Racing Syndicate\Bin\SRS.EXE:*:Disabled:SRS"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Disabled:BitLord"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Q3Ademo\quake3.exe"="C:\Q3Ademo\quake3.exe:*:Disabled:quake3"
"C:\Program Files\SEZNAM\akcelerator\SEZNAMakc.exe"="C:\Program Files\SEZNAM\akcelerator\SEZNAMakc.exe:*:Enabled:Seznam internet akcelerátor"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE"="C:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE:*:Enabled:Microsoft® Motocross Madness 2"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Metin2_CZ\metin2.bin"="C:\Program Files\Metin2_CZ\metin2.bin:*:Enabled:metin2"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Turbine\DDO Unlimited\dndclient.exe"="C:\Program Files\Turbine\DDO Unlimited\dndclient.exe:*:Disabled:dndclient"
"C:\Program Files\Turbine\The Lord of the Rings Online - Mines of Moria\lotroclient.exe"="C:\Program Files\Turbine\The Lord of the Rings Online - Mines of Moria\lotroclient.exe:*:Enabled:lotroclient"
"C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe"="C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService"
"C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe"="C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Metin2_CZ\metin2client.bin"="C:\Program Files\Metin2_CZ\metin2client.bin:*:Enabled:metin2client"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c461675-ec50-11dd-ab8f-000f1fd53e34}]
shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70acbc44-f174-11de-b40d-001d7e0e800c}]
shell\AutoRun\command - J:\Launcher.exe
shell\install\command - J:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{793d869e-a0a8-11de-b35f-001d7e0e800c}]
shell\AutoRun\command - K:\MediaManager.exe


======List of files/folders created in the last 1 months======

2010-02-10 18:08:25 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
2010-02-10 18:08:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-02-10 18:08:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-10 17:35:00 ----D---- C:\_OTM
2010-02-10 12:54:35 ----D---- C:\Program Files\WinClamAVShield
2010-02-10 12:54:19 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 12:53:15 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 12:52:25 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 12:52:10 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 12:51:52 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 12:51:25 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 12:50:48 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 12:47:06 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 12:46:28 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-08 18:14:19 ----D---- C:\rsit
2010-02-08 11:15:11 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Spyware Terminator
2010-02-08 11:15:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-02-08 11:15:05 ----D---- C:\Program Files\Spyware Terminator
2010-02-08 11:01:58 ----D---- C:\Program Files\Sunbelt Software
2010-02-02 00:02:40 ----D---- C:\Documents and Settings\Administrator\Data aplikací\ICQ
2010-02-02 00:02:16 ----D---- C:\Program Files\ICQ7.0
2010-01-31 09:52:23 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Facebook
2010-01-30 18:17:04 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-01-30 18:16:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-01-30 17:51:12 ----D---- C:\instalace
2010-01-15 20:40:13 ----SHD---- C:\WINDOWS\ftpcache
2010-01-13 18:14:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 18:13:06 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$

======List of files/folders modified in the last 1 months======

2010-02-10 19:32:54 ----D---- C:\WINDOWS\Temp
2010-02-10 19:32:32 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-10 19:32:20 ----D---- C:\WINDOWS\system32\ias
2010-02-10 19:30:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-10 18:08:11 ----D---- C:\WINDOWS\system32\drivers
2010-02-10 18:08:05 ----RD---- C:\Program Files
2010-02-10 17:46:36 ----D---- C:\Program Files\Messenger
2010-02-10 17:36:06 ----D---- C:\WINDOWS\system32
2010-02-10 17:36:06 ----D---- C:\WINDOWS
2010-02-10 13:04:32 ----HD---- C:\WINDOWS\inf
2010-02-10 12:54:16 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-10 12:54:01 ----SHD---- C:\WINDOWS\Installer
2010-02-10 12:53:27 ----A---- C:\WINDOWS\imsins.BAK
2010-02-10 12:53:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-10 12:53:19 ----D---- C:\WINDOWS\Prefetch
2010-02-08 11:02:43 ----D---- C:\Config.Msi
2010-02-08 10:24:23 ----D---- C:\WINDOWS\system32\config
2010-02-08 10:23:19 ----D---- C:\WINDOWS\system32\wbem
2010-02-08 10:23:11 ----D---- C:\WINDOWS\Registration
2010-02-08 10:22:05 ----D---- C:\Program Files\Realtek AC97
2010-02-08 10:19:25 ----AC---- C:\WINDOWS\ntbtlog.txt
2010-02-06 18:20:14 ----D---- C:\7dd16289180c66623073e8e573a7
2010-02-02 00:03:05 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-02 00:03:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2010-02-01 23:53:59 ----RSD---- C:\WINDOWS\Fonts
2010-02-01 23:53:58 ----D---- C:\WINDOWS\Help
2010-02-01 11:26:22 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-30 18:17:13 ----D---- C:\WINDOWS\WinSxS
2010-01-30 18:16:57 ----D---- C:\Program Files\Alwil Software
2010-01-30 18:16:33 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-30 18:09:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg8
2010-01-30 17:24:11 ----AC---- C:\WINDOWS\control.ini
2010-01-30 17:19:31 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
2010-01-30 17:18:31 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2010-01-30 17:15:00 ----D---- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2010-01-30 17:14:03 ----D---- C:\Program Files\HP
2010-01-30 17:12:07 ----D---- C:\Program Files\Hewlett-Packard
2010-01-30 17:10:41 ----D---- C:\Program Files\Common Files
2010-01-30 12:09:50 ----HD---- C:\$AVG8.VAULT$
2010-01-23 23:11:33 ----D---- C:\Program Files\Internet Explorer
2010-01-13 18:24:19 ----D---- C:\WINDOWS\AppPatch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-01-28 28240]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-01-28 163280]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-01-28 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-01-28 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-01-28 100432]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-01-02 271360]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-01-02 18048]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-18 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-18 55936]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-01-28 23376]
R3 E1000;Intel(R) PRO/1000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2003-07-11 121856]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-02-10 681469]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-11-24 245248]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-04-25 4030144]
S3 apnyesib;apnyesib; C:\WINDOWS\system32\drivers\apnyesib.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys []
S3 sermouse;Ovladač sériové myši; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-10-24 17664]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-03-25 66872]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-02-08 488960]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
S2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: Prosim skontrolujte mi log ..

#9 Příspěvek od Unlimited_Killer »

Zdá se mi, že je čisto. Obrázek

~~~

1) Fixnutí v HJT
  • Spusťte přejmenované HijackThis - C:\Program Files\Trend Micro\HijackThis\jmeno_uzivatele.exe
  • Klikněte na 'Do a system scan only'.
  • U níže uvedených položek udělejte fajfku do čtverečku a poté klikněte na 'Fix Checked'.

    Kód: Vybrat vše

    R3 - URLSearchHook: (no name) - {95289393-33EA-4F8D-B952-483415B9C955} - (no file)
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
  • Pokud by tam nějaká položka nebyla, vynechte ji.

2) OTCleaner
  • Stáhněte OTC a dvojklikem ho spusťte.
  • Vyskočí okénko, kde kliknete na 'CleanUp!'.
  • Potvrdíte kliknutím na 'Yes'.
  • Poté se ještě zeptá, zda chcete restartovat PC - to proveďte opět kliknutím na 'Yes'.

3) CCleaner
  • Stáhněte si program jménem CCleaner.
  • Normálně nainstalujte, jen dávejte pozor a odškrtněte položku 'Instalovat Yahoo! Toolbar'.
  • Spusťte ho.
    • Záložka Čistič → nechte zatrženo vše, jak je, a klikněte na 'Spustit CCleaner'.
    • Záložka Registry → klikněte na 'Hledej problémy'. Vyhledá problémy v registru, až dokončí analyzování, klikněte na 'Opravit vybrané problémy'. Nabídne Vám vytvoření zálohy - pro jistotu ji vytvořte a uložte například na Plochu.
  • CCleaner doporučuji používat pravidelně, celkem rapidně dokáže zrychlit PC.

4) Defragmentace
  • Defragmentujte disk.
  • Lze to udělat několika způsoby ↓
    • Přes defragmentaci integrovanou ve Windows [Start → Spustit → dfrg.msc → Enter]. Toto není příliš účinný způsob.
    • Přes jednoduchý a přehledný program jménem Defraggler.
    • Přes geniální program, který se nemusí instalovat a je hodně jednoduchý - JKDefrag.

5) FileHippo.com UpdateChecker
  • Během procesu čištění jsem zvyklý odstraňovat zbytečné aplikace spouštěné po startu.
  • Mezi ně patří například Java Update. Nesmyslně užírá RAM paměť jelikož neustále sonduje, zda není novější verze.
  • Abyste měl/a přehled o aktualizacích, doporučuji stáhnout program FileHippo.com UpdateChecker.
    • Běžně ho nainstalujte.
    • Spouštějte ho například jednou až dvakrát týdně.
    • Přehledně zobrazí všechny programy, které jsou neaktualizované, nabídne stažení novější verze (což doporučuji).

6) Na závěr nový RSIT log
inactive

sasa.eu
Návštěvník
Návštěvník
Příspěvky: 42
Registrován: 08 lis 2008 20:15

RIST log.

#10 Příspěvek od sasa.eu »

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-02-11 08:26:37
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 60 GB (78%) free of 76 GB
Total RAM: 510 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:26:53, on 11.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Documents and Settings\Administrator\Dokumenty\Downloads\RSIT.exe
C:\Documents and Settings\Administrator\Dokumenty\Downloads\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.seznam.cz
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7984936889
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7985100801
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 5653 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-06 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-06 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-02-10 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-02-10 118784]
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-01-28 2757512]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-02-08 2166784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ICQ"=C:\Program Files\ICQ7.0\ICQ.exe [2010-01-12 133368]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-02-08 3037696]
"FileHippo.com"=C:\Program Files\FileHippo.com\UpdateChecker.exe [2010-02-05 155648]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-02-10 339968]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"Wallpaper"=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=2
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe"="C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe:*:Enabled:jk2mp"
"C:\Program Files\EA GAMES\MOHAA\MOHAA.exe"="C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Disabled:Medal of Honor Allied Assault(tm)"
"C:\Program Files\Duke Nukem - Manhattan Project\prism3d.exe"="C:\Program Files\Duke Nukem - Manhattan Project\prism3d.exe:*:Disabled:prism3d"
"C:\Program Files\Namco\Street Racing Syndicate\Bin\SRS.EXE"="C:\Program Files\Namco\Street Racing Syndicate\Bin\SRS.EXE:*:Disabled:SRS"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Disabled:BitLord"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Q3Ademo\quake3.exe"="C:\Q3Ademo\quake3.exe:*:Disabled:quake3"
"C:\Program Files\SEZNAM\akcelerator\SEZNAMakc.exe"="C:\Program Files\SEZNAM\akcelerator\SEZNAMakc.exe:*:Enabled:Seznam internet akcelerátor"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE"="C:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE:*:Enabled:Microsoft® Motocross Madness 2"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Metin2_CZ\metin2.bin"="C:\Program Files\Metin2_CZ\metin2.bin:*:Enabled:metin2"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Turbine\DDO Unlimited\dndclient.exe"="C:\Program Files\Turbine\DDO Unlimited\dndclient.exe:*:Disabled:dndclient"
"C:\Program Files\Turbine\The Lord of the Rings Online - Mines of Moria\lotroclient.exe"="C:\Program Files\Turbine\The Lord of the Rings Online - Mines of Moria\lotroclient.exe:*:Enabled:lotroclient"
"C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe"="C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService"
"C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe"="C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Metin2_CZ\metin2client.bin"="C:\Program Files\Metin2_CZ\metin2client.bin:*:Enabled:metin2client"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c461675-ec50-11dd-ab8f-000f1fd53e34}]
shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70acbc44-f174-11de-b40d-001d7e0e800c}]
shell\AutoRun\command - J:\Launcher.exe
shell\install\command - J:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{793d869e-a0a8-11de-b35f-001d7e0e800c}]
shell\AutoRun\command - K:\MediaManager.exe


======List of files/folders created in the last 1 months======

2010-02-11 08:26:37 ----D---- C:\rsit
2010-02-11 08:20:31 ----D---- C:\Program Files\FileHippo.com
2010-02-11 07:57:29 ----D---- C:\Program Files\CCleaner
2010-02-10 18:08:25 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
2010-02-10 18:08:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-02-10 18:08:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-10 12:54:35 ----D---- C:\Program Files\WinClamAVShield
2010-02-10 12:54:19 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 12:53:15 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 12:52:25 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 12:52:10 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 12:51:52 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 12:51:25 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 12:50:48 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 12:47:06 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 12:46:28 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-08 11:15:11 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Spyware Terminator
2010-02-08 11:15:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-02-08 11:15:05 ----D---- C:\Program Files\Spyware Terminator
2010-02-08 11:01:58 ----D---- C:\Program Files\Sunbelt Software
2010-02-02 00:02:40 ----D---- C:\Documents and Settings\Administrator\Data aplikací\ICQ
2010-02-02 00:02:16 ----D---- C:\Program Files\ICQ7.0
2010-01-31 09:52:23 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Facebook
2010-01-30 18:17:04 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-01-30 18:16:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-01-30 17:51:12 ----D---- C:\instalace
2010-01-15 20:40:13 ----SHD---- C:\WINDOWS\ftpcache
2010-01-13 18:14:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 18:13:06 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$

======List of files/folders modified in the last 1 months======

2010-02-11 08:20:31 ----RD---- C:\Program Files
2010-02-11 08:05:14 ----D---- C:\WINDOWS\Temp
2010-02-11 07:59:08 ----D---- C:\WINDOWS\Debug
2010-02-11 07:59:08 ----D---- C:\WINDOWS
2010-02-11 07:59:05 ----D---- C:\WINDOWS\Minidump
2010-02-11 07:57:46 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-11 07:50:44 ----D---- C:\WINDOWS\system32\ias
2010-02-11 07:49:26 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-02-11 00:42:13 ----SHD---- C:\WINDOWS\Installer
2010-02-11 00:42:13 ----D---- C:\Config.Msi
2010-02-10 18:08:11 ----D---- C:\WINDOWS\system32\drivers
2010-02-10 17:46:36 ----D---- C:\Program Files\Messenger
2010-02-10 17:36:06 ----D---- C:\WINDOWS\system32
2010-02-10 13:04:32 ----HD---- C:\WINDOWS\inf
2010-02-10 12:54:16 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-10 12:53:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-10 12:53:19 ----D---- C:\WINDOWS\Prefetch
2010-02-08 10:24:23 ----D---- C:\WINDOWS\system32\config
2010-02-08 10:23:19 ----D---- C:\WINDOWS\system32\wbem
2010-02-08 10:23:11 ----D---- C:\WINDOWS\Registration
2010-02-08 10:22:05 ----D---- C:\Program Files\Realtek AC97
2010-02-06 18:20:14 ----D---- C:\7dd16289180c66623073e8e573a7
2010-02-02 00:03:05 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-02 00:03:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2010-02-01 23:53:59 ----RSD---- C:\WINDOWS\Fonts
2010-02-01 23:53:58 ----D---- C:\WINDOWS\Help
2010-02-01 11:26:22 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-30 18:17:13 ----D---- C:\WINDOWS\WinSxS
2010-01-30 18:16:57 ----D---- C:\Program Files\Alwil Software
2010-01-30 18:16:33 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-30 18:09:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg8
2010-01-30 17:24:11 ----AC---- C:\WINDOWS\control.ini
2010-01-30 17:19:31 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
2010-01-30 17:18:31 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2010-01-30 17:15:00 ----D---- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2010-01-30 17:14:03 ----D---- C:\Program Files\HP
2010-01-30 17:12:07 ----D---- C:\Program Files\Hewlett-Packard
2010-01-30 17:10:41 ----D---- C:\Program Files\Common Files
2010-01-30 12:09:50 ----HD---- C:\$AVG8.VAULT$
2010-01-23 23:11:33 ----D---- C:\Program Files\Internet Explorer
2010-01-13 18:24:19 ----D---- C:\WINDOWS\AppPatch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-01-28 28240]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-01-28 163280]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-01-28 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-01-28 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-01-28 100432]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-01-02 271360]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-01-02 18048]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-18 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-18 55936]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-01-28 23376]
R3 E1000;Intel(R) PRO/1000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2003-07-11 121856]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-02-10 681469]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-11-24 245248]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys []
S3 aforf4o7;aforf4o7; C:\WINDOWS\system32\drivers\aforf4o7.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-04-25 4030144]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys []
S3 sermouse;Ovladač sériové myši; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-10-24 17664]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-03-25 66872]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-02-08 488960]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
S2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Prosim skontrolujte mi log ..

#11 Příspěvek od motji »

Dobrý večer :) , záskok za kolegu :)
Log vypadá v pořádku, pokud nejsou problémy, je to vše :)
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.

sasa.eu
Návštěvník
Návštěvník
Příspěvky: 42
Registrován: 08 lis 2008 20:15

Re: Prosim skontrolujte mi log ..

#12 Příspěvek od sasa.eu »

:D Dekji vám oboumje to v pořádku :closed:

Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: Prosim skontrolujte mi log ..

#13 Příspěvek od Unlimited_Killer »

Není zač i za kolegyni (+ díky jí).
Děkuji Vám za spolupráci a třeba se ještě někdy potkáme. :bye: :closed:
inactive

sasa.eu
Návštěvník
Návštěvník
Příspěvky: 42
Registrován: 08 lis 2008 20:15

zase se mi stahujou nesmyslne slozky typu mp3 pop

#14 Příspěvek od sasa.eu »

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-02-13 11:19:26
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 59 GB (78%) free of 76 GB
Total RAM: 510 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:55, on 13.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ICQ7.0\ICQ.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Dokumenty\Downloads\RSIT.exe
C:\Documents and Settings\Administrator\Dokumenty\Downloads\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.seznam.cz
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7984936889
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7985100801
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6542 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Norton Security Scan for Administrator.job
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-12 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-02-10 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-02-10 118784]
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-01-28 2757512]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-02-08 2166784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ICQ"=C:\Program Files\ICQ7.0\ICQ.exe [2010-01-12 133368]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-02-08 3037696]
"FileHippo.com"=C:\Program Files\FileHippo.com\UpdateChecker.exe [2010-02-05 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-02-10 339968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"Wallpaper"=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=2
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe"="C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe:*:Enabled:jk2mp"
"C:\Program Files\EA GAMES\MOHAA\MOHAA.exe"="C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Disabled:Medal of Honor Allied Assault(tm)"
"C:\Program Files\Duke Nukem - Manhattan Project\prism3d.exe"="C:\Program Files\Duke Nukem - Manhattan Project\prism3d.exe:*:Disabled:prism3d"
"C:\Program Files\Namco\Street Racing Syndicate\Bin\SRS.EXE"="C:\Program Files\Namco\Street Racing Syndicate\Bin\SRS.EXE:*:Disabled:SRS"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Disabled:BitLord"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Q3Ademo\quake3.exe"="C:\Q3Ademo\quake3.exe:*:Disabled:quake3"
"C:\Program Files\SEZNAM\akcelerator\SEZNAMakc.exe"="C:\Program Files\SEZNAM\akcelerator\SEZNAMakc.exe:*:Enabled:Seznam internet akcelerátor"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE"="C:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE:*:Enabled:Microsoft® Motocross Madness 2"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Metin2_CZ\metin2.bin"="C:\Program Files\Metin2_CZ\metin2.bin:*:Enabled:metin2"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Turbine\DDO Unlimited\dndclient.exe"="C:\Program Files\Turbine\DDO Unlimited\dndclient.exe:*:Disabled:dndclient"
"C:\Program Files\Turbine\The Lord of the Rings Online - Mines of Moria\lotroclient.exe"="C:\Program Files\Turbine\The Lord of the Rings Online - Mines of Moria\lotroclient.exe:*:Enabled:lotroclient"
"C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe"="C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService"
"C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe"="C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Metin2_CZ\metin2client.bin"="C:\Program Files\Metin2_CZ\metin2client.bin:*:Enabled:metin2client"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c461675-ec50-11dd-ab8f-000f1fd53e34}]
shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70acbc44-f174-11de-b40d-001d7e0e800c}]
shell\AutoRun\command - J:\Launcher.exe
shell\install\command - J:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{793d869e-a0a8-11de-b35f-001d7e0e800c}]
shell\AutoRun\command - K:\MediaManager.exe


======List of files/folders created in the last 1 months======

2010-02-12 01:46:34 ----D---- C:\Program Files\NortonInstaller
2010-02-12 01:42:59 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-02-12 01:42:49 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2010-02-12 01:42:08 ----A---- C:\WINDOWS\system32\wmpns.dll
2010-02-12 01:41:43 ----D---- C:\Program Files\Windows Media Connect 2
2010-02-12 01:41:26 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2010-02-12 01:39:18 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-02-12 01:37:45 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2010-02-12 01:34:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2010-02-12 01:34:43 ----D---- C:\Program Files\Common Files\Java
2010-02-12 01:33:23 ----A---- C:\WINDOWS\system32\javaws.exe
2010-02-12 01:33:23 ----A---- C:\WINDOWS\system32\javaw.exe
2010-02-12 01:33:23 ----A---- C:\WINDOWS\system32\java.exe
2010-02-12 01:32:38 ----D---- C:\Program Files\Java
2010-02-12 01:22:42 ----D---- C:\Program Files\Adobe
2010-02-11 08:26:37 ----D---- C:\rsit
2010-02-11 08:20:31 ----D---- C:\Program Files\FileHippo.com
2010-02-11 07:57:29 ----D---- C:\Program Files\CCleaner
2010-02-10 18:08:25 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
2010-02-10 18:08:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-02-10 18:08:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-10 12:54:35 ----D---- C:\Program Files\WinClamAVShield
2010-02-10 12:54:19 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 12:53:15 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 12:52:25 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 12:52:10 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 12:51:52 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 12:51:25 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 12:50:48 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 12:47:06 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 12:46:28 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-08 11:15:11 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Spyware Terminator
2010-02-08 11:15:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-02-08 11:15:05 ----D---- C:\Program Files\Spyware Terminator
2010-02-08 11:01:58 ----D---- C:\Program Files\Sunbelt Software
2010-02-02 00:02:40 ----D---- C:\Documents and Settings\Administrator\Data aplikací\ICQ
2010-02-02 00:02:16 ----D---- C:\Program Files\ICQ7.0
2010-01-31 09:52:23 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Facebook
2010-01-30 18:17:04 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-01-30 18:16:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-01-30 17:51:12 ----D---- C:\instalace
2010-01-18 07:30:48 ----A---- C:\WINDOWS\system32\msvcr71.dll
2010-01-18 07:30:46 ----A---- C:\WINDOWS\system32\msvcp71.dll
2010-01-15 20:40:13 ----SHD---- C:\WINDOWS\ftpcache

======List of files/folders modified in the last 1 months======

2010-02-13 10:16:21 ----D---- C:\WINDOWS\Temp
2010-02-13 10:03:35 ----D---- C:\WINDOWS\Prefetch
2010-02-13 10:02:42 ----D---- C:\WINDOWS\system32\ias
2010-02-13 10:02:21 ----HD---- C:\WINDOWS\inf
2010-02-13 10:02:21 ----D---- C:\WINDOWS
2010-02-13 10:01:57 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-13 10:00:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-12 01:50:28 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-02-12 01:46:56 ----SD---- C:\WINDOWS\Tasks
2010-02-12 01:46:41 ----D---- C:\WINDOWS\system32\drivers
2010-02-12 01:46:41 ----D---- C:\Program Files\Norton Security Scan
2010-02-12 01:46:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2010-02-12 01:46:34 ----RD---- C:\Program Files
2010-02-12 01:43:00 ----D---- C:\WINDOWS\system32
2010-02-12 01:42:10 ----A---- C:\WINDOWS\win.ini
2010-02-12 01:41:42 ----D---- C:\Program Files\Windows Media Player
2010-02-12 01:41:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-12 01:41:36 ----D---- C:\WINDOWS\Help
2010-02-12 01:38:02 ----D---- C:\WINDOWS\system32\LogFiles
2010-02-12 01:34:48 ----SHD---- C:\WINDOWS\Installer
2010-02-12 01:34:47 ----D---- C:\Config.Msi
2010-02-12 01:34:43 ----D---- C:\Program Files\Common Files
2010-02-12 01:32:46 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-02-12 01:24:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-02-12 01:23:37 ----D---- C:\Program Files\Common Files\Adobe
2010-02-11 15:58:23 ----D---- C:\WINDOWS\Minidump
2010-02-11 07:59:08 ----D---- C:\WINDOWS\Debug
2010-02-10 17:46:36 ----D---- C:\Program Files\Messenger
2010-02-10 12:54:16 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-08 10:24:23 ----D---- C:\WINDOWS\system32\config
2010-02-08 10:23:19 ----D---- C:\WINDOWS\system32\wbem
2010-02-08 10:23:11 ----D---- C:\WINDOWS\Registration
2010-02-08 10:22:05 ----D---- C:\Program Files\Realtek AC97
2010-02-06 18:20:14 ----D---- C:\7dd16289180c66623073e8e573a7
2010-02-02 00:03:05 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-02 00:03:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2010-02-01 23:53:59 ----RSD---- C:\WINDOWS\Fonts
2010-02-01 11:26:22 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-30 18:17:13 ----D---- C:\WINDOWS\WinSxS
2010-01-30 18:16:57 ----D---- C:\Program Files\Alwil Software
2010-01-30 18:16:33 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-30 18:09:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg8
2010-01-30 17:24:11 ----AC---- C:\WINDOWS\control.ini
2010-01-30 17:19:31 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
2010-01-30 17:18:31 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2010-01-30 17:15:00 ----D---- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2010-01-30 17:14:03 ----D---- C:\Program Files\HP
2010-01-30 17:12:07 ----D---- C:\Program Files\Hewlett-Packard
2010-01-30 12:09:50 ----HD---- C:\$AVG8.VAULT$
2010-01-23 23:11:33 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-01-28 28240]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-01-28 163280]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-01-28 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-01-28 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-01-28 100432]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-01-02 271360]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-01-02 18048]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-18 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-18 55936]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-01-28 23376]
R3 E1000;Intel(R) PRO/1000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2003-07-11 121856]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-02-10 681469]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-11-24 245248]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys []
S3 afeqe0pm;afeqe0pm; C:\WINDOWS\system32\drivers\afeqe0pm.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-04-25 4030144]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys []
S3 sermouse;Ovladač sériové myši; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-10-24 17664]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-12 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-03-25 66872]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-02-08 488960]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
S2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: Prosim skontrolujte mi log ..

#15 Příspěvek od Unlimited_Killer »

Heh, jak jste updatoval, tak se tam vrátilo pár blbostí. :D Při každé instalaci si dávejte pozor, a odškrtávejte zbytečné součásti, jako například toolbary, jenž stejně nevyužijete.
Všechny je smažeme a rovnou dokončíme. :James008:
Log z OTM již dodávat nemusíte, stejně ho v dalších krocích celý smažeme. ;)
Jinak Vám vypnu autospouštění updateru - spouštějte ho manuálně např. jednou týdně.

~~~

1) OTMoveit3
  • Stáhněte OTM3 na Plochu.
  • Spusťte ho dvojklikem na OTM.exe, pokud to nepůjde, zkuste to s adminskými právy.
  • Do levého okna 'Paste Instructions for Items to be Moved' vkopírujte následující skript:

    Kód: Vybrat vše

    :reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"=-
    "SunJavaUpdateSched"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "FileHippo.com"=-
    
    :services
    JavaQuickStarterService
    
    :commands
    [emptytemp]
    [reboot]
  • Poté klikněte na červené tlačítko 'MoveIt!'.
  • V zeleném okně vpravo by se měl zobrazit log, ten vkopírujete sem do fóra.
  • Pokud se zobrazí hláška k restartování, klikněte na Yes.
  • Po restartu se log otevře sám, nebo ho najdete v C:\_OTM\MovedFiles

2) OTCleaner
  • Stáhněte OTC a dvojklikem ho spusťte.
  • Vyskočí okénko, kde kliknete na 'CleanUp!'.
  • Potvrdíte kliknutím na 'Yes'.
  • Poté se ještě zeptá, zda chcete restartovat PC - to proveďte opět kliknutím na 'Yes'.

3) To by mělo být vše
inactive

Odpovědět