takže Security tool - na pokračovanie :)

Zpráva

laborcatko · #1 Příspěvek od **laborcatko** » 25 bře 2010 20:00

píšete vždy vytvoriť novú tému, tak som tu: reštartuje sa, vše zmizlo z plochy, nič nechcelo nainštalovať, tak som šla do núdzového a tu je log z rsit:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-03-25 19:50:06
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 45 GB (56%) free of 80 GB
Total RAM: 2047 MB (88% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50 :23 , on 25.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [15625322] C:\DOCUME~1\ALLUSE~1\APPLIC~1\15625322\15625322.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 5606 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-17 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-17 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-03-22 8425472]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-03-22 81920]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"InCD"=D:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-06-01 1057328]
"15625322"=C:\DOCUME~1\ALLUSE~1\APPLIC~1\15625322\15625322.exe [2010-03-25 1047040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2002-12-31 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GamerOSD]
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe [2007-02-14 380928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-06-20 451872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
D:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-06-01 1629744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-17 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Microsoft Office Groove Audit Service"=3
"gusvc"=3
"ose"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceClassicControlPanel"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\FlashAD2706\flashAD2706.exe"="C:\Program Files\FlashAD2706\flashAD2706.exe:*:Enabled:flash AD2706"
"C:\Program Files\Ubisoft\THE SETTLERS - Vzestup říše\base\bin\Settlers6.exe"="C:\Program Files\Ubisoft\THE SETTLERS - Vzestup říše\base\bin\Settlers6.exe:*:Enabled:THE SETTLERS - Vzestup říše"
"C:\Program Files\Ubisoft\THE SETTLERS - Vzestup říše\extra1\bin\Settlers6.exe"="C:\Program Files\Ubisoft\THE SETTLERS - Vzestup říše\extra1\bin\Settlers6.exe:*:Enabled:THE SETTLERS - Vzestup říše - Východní království"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfe6f21b-995d-11de-aa6d-0018f3b2784b}]
shell\AutoRun\command - F:\InstallTomTomHOME.exe

======List of files/folders created in the last 1 months======

2010-03-25 19:50:07 ----D---- C:\Program Files\trend micro
2010-03-25 19:50:06 ----D---- C:\rsit
2010-03-25 19:48:45 ----D---- C:\WINDOWS\CSC
2010-03-25 19:48:40 ----A---- C:\WINDOWS\ntbtlog.txt
2010-03-25 19:21:47 ----D---- C:\WINDOWS\RegLooks
2010-03-25 17:58:46 ----D---- C:\Documents and Settings\All Users\Application Data\15625322
2010-03-04 16:36:42 ----D---- C:\WINDOWS\system32\LogFiles

======List of files/folders modified in the last 1 months======

2010-03-25 19:50:07 ----RD---- C:\Program Files
2010-03-25 19:48:45 ----D---- C:\WINDOWS
2010-03-25 19:47:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-25 19:47:02 ----D---- C:\WINDOWS\Temp
2010-03-25 19:38:49 ----D---- C:\Program Files\Mozilla Firefox
2010-03-25 19:25:13 ----D---- C:\WINDOWS\Prefetch
2010-03-25 19:24:02 ----A---- C:\WINDOWS\WINCMD.INI
2010-03-25 18:55:06 ----D---- C:\WINDOWS\system32
2010-03-25 18:24:09 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-05 20:18:55 ----D---- C:\Documents and Settings\Administrator\Application Data\Vso
2010-03-02 14:40:31 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-06-01 37040]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-06-01 38576]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2002-12-31 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2002-12-31 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-07-27 83712]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-16 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2002-12-31 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2002-12-31 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-16 25856]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2002-12-31 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2002-12-31 20480]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
S1 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 12416]
S1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2007-02-14 11136]
S1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
S1 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2002-12-31 36096]
S1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
S2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-08-11 278984]
S2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-07-21 18048]
S3 a2jmsj6i;a2jmsj6i; C:\WINDOWS\system32\drivers\a2jmsj6i.sys []
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
S3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-06 93952]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-16 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-16 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-16 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-16 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-03-22 6704736]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-06-14 47360]
S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-16 11136]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-16 15360]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-16 15104]
S3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2006-09-29 10752]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-16 19328]
S4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-06-01 118704]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
S2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2006-11-15 258560]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
S2 InCDsrv;InCD Helper; D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-06-01 1551408]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-17 152984]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-28 79136]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-03-22 163908]
S2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-04-17 487424]
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

#2 Příspěvek od **Caroprd111** » 25 bře 2010 20:03

Zdravím

Na logu se pracuje, prosím o strpení.

#3 Příspěvek od **Caroprd111** » 25 bře 2010 20:05

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe

Spusťte program, poté klikněte na Run Scan
Po dokončení, sem vložte logy OTL.Txt a Extras.txt

laborcatko · #4 Příspěvek od **laborcatko** » 25 bře 2010 20:11

OTL.txt :

OTL logfile created on: 25.3.2010 20:08:19 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 84,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 96,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 43,67 Gb Free Space | 55,89% Space Free | Partition Type: NTFS
Drive D: | 219,95 Gb Total Space | 81,49 Gb Free Space | 37,05% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOMA-6A353039F3
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.03.25 20:07:16 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010.02.14 11:04:54 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2002.12.31 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010.03.25 20:07:16 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2002.12.31 13:00:00 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009.11.25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009.11.25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009.11.25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009.11.25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009.11.13 12:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009.04.17 11:52:28 | 000,487,424 | ---- | M] (Crawler.com) [Auto | Stopped] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2007.06.01 10:05:56 | 001,551,408 | ---- | M] (Nero AG) [Auto | Stopped] -- D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006.11.15 10:40:10 | 000,258,560 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Stopped] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)

========== Driver Services (SafeList) ==========

DRV - [2009.11.25 00:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009.11.25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009.11.25 00:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.11.25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009.11.25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009.11.25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009.08.11 20:39:42 | 000,278,984 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.08.09 17:59:46 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.07.21 10:44:29 | 000,018,048 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.04.17 11:52:28 | 000,142,592 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2007.06.01 10:05:56 | 000,038,576 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007.06.01 10:05:56 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007.06.01 10:05:46 | 000,118,704 | ---- | M] (Nero AG) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007.03.22 03:50:00 | 006,704,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007.02.14 15:09:08 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2007.01.16 02:09:06 | 000,293,888 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006.09.29 10:06:26 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D)
DRV - [2006.07.27 02:49:10 | 000,083,712 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006.06.14 13:44:30 | 000,012,288 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2006.03.17 10:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005.10.20 16:25:58 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\asusgsb32.sys -- (asusgsb)
DRV - [2004.12.09 16:25:49 | 000,047,104 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2004.12.03 11:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004.10.28 11:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004.10.27 15:21:36 | 000,138,240 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004.08.13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "VyhledĂˇvĂˇnĂ videĂ ve sluĹľbÄ› YouTube"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {daf44bf7-a45e-4450-979c-91cf07434c3d}:1.5.4
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100211.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {F645A8C9-E969-42D9-B3F3-F325537222FD}:1.1.6
FF - prefs.js..extensions.enabledItems: snaplinks@snaplinks.mozdev.org:1.0.8
FF - prefs.js..extensions.enabledItems: {51a291a4-e036-40f4-924c-b0c888fca6e8}:2.3b
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.3

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.14 11:05:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.02.14 11:05:02 | 000,000,000 | ---D | M]

[2009.08.28 18:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009.08.28 18:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010.03.20 13:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x9tmq5rs.default\extensions
[2010.03.17 09:42:20 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x9tmq5rs.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009.08.01 09:59:07 | 000,000,000 | ---D | M] (Supermode for utopia.lv) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x9tmq5rs.default\extensions\{51a291a4-e036-40f4-924c-b0c888fca6e8}
[2010.02.14 10:29:51 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x9tmq5rs.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2009.04.17 11:37:55 | 000,000,000 | ---D | M] (Abstract Zune) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x9tmq5rs.default\extensions\{7ef7f4d6-947d-11dc-8314-0800200c9a66}
[2009.07.15 18:04:24 | 000,000,000 | ---D | M] (Extended Statusbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x9tmq5rs.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}
[2010.02.14 10:30:06 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x9tmq5rs.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.01.11 09:06:40 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x9tmq5rs.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2010.03.03 08:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x9tmq5rs.default\extensions\personas@christopher.beard
[2009.04.17 11:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x9tmq5rs.default\extensions\smartbookmarksbar@remy.juteau
[2010.01.25 09:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x9tmq5rs.default\extensions\snaplinks@snaplinks.mozdev.org
[2010.02.14 10:29:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x9tmq5rs.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions
[2010.02.14 10:29:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x9tmq5rs.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
[2010.02.14 10:29:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x9tmq5rs.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions
[2010.02.14 10:29:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x9tmq5rs.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2009.05.23 15:29:21 | 000,001,976 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x9tmq5rs.default\searchplugins\rapidshare-google-arama.xml
[2009.08.29 15:58:58 | 000,000,986 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x9tmq5rs.default\searchplugins\vyhledvn-vide-ve-slub-youtube.xml
[2010.03.20 13:03:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.02.14 11:04:58 | 000,001,583 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\atlas-sk.xml
[2010.02.14 11:04:58 | 000,001,380 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\azet-sk.xml
[2010.02.14 11:04:58 | 000,001,479 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2010.02.14 11:04:58 | 000,001,473 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slovnik-sk.xml
[2010.02.14 11:04:58 | 000,001,104 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2010.02.14 11:04:58 | 000,000,830 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\zoznam-sk.xml

O1 HOSTS File: ([2009.12.10 15:57:11 | 000,000,898 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [15625322] C:\Documents and Settings\All Users\Application Data\15625322\15625322.exe ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [InCD] D:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.18 20:57:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{dfe6f21b-995d-11de-aa6d-0018f3b2784b}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.03.25 19:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.03.25 19:50:06 | 000,000,000 | ---D | C] -- C:\rsit
[2010.03.25 19:48:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010.03.25 19:35:13 | 000,510,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
[2010.03.25 19:23:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\avz4
[2010.03.25 19:22:08 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010.03.25 19:21:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegLooks
[2010.03.25 17:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\15625322
[2010.03.17 11:58:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010.03.04 16:36:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009.06.14 13:01:39 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
[2009.03.18 20:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009.03.18 20:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009.03.18 20:57:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009.03.18 20:57:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.03.25 20:07:16 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010.03.25 19:48:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.25 19:47:31 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010.03.25 19:47:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.03.25 19:46:51 | 000,000,870 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Security Tool.lnk
[2010.03.25 19:35:14 | 000,510,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
[2010.03.25 19:27:52 | 000,453,695 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Silent Runners.vbs
[2010.03.25 19:24:02 | 000,005,178 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2010.03.25 19:23:15 | 005,125,238 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\avz4.zip
[2010.03.25 19:21:09 | 000,330,519 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\reglooks.exe
[2010.03.25 19:18:58 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RSIT.exe
[2010.03.25 15:50:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.22 22:19:52 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rapidshare.doc
[2010.03.17 10:30:23 | 000,196,608 | ---- | M] () -- C:\WINDOWS\System32\drivers\nStandard.bin
[2010.03.04 08:39:12 | 000,187,392 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\skuška.doc
[2010.03.02 14:40:31 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.03.01 17:47:29 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.25 22:19:11 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\zahajeni studia.doc
[2010.02.24 12:23:19 | 000,000,659 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.03.25 19:38:31 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Security Tool.lnk
[2010.03.25 19:27:48 | 000,453,695 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Silent Runners.vbs
[2010.03.25 19:23:05 | 005,125,238 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\avz4.zip
[2010.03.25 19:21:09 | 000,330,519 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\reglooks.exe
[2010.03.25 19:18:57 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RSIT.exe
[2010.03.04 08:39:11 | 000,187,392 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\skuška.doc
[2010.02.25 22:19:11 | 000,073,216 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\zahajeni studia.doc
[2010.01.06 10:54:53 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.01.01 16:16:34 | 000,000,391 | ---- | C] () -- C:\WINDOWS\COVERE~1.INI
[2009.10.12 18:42:23 | 000,000,068 | -HS- | C] () -- C:\WINDOWS\System32\windzfa0.sys
[2009.10.12 18:05:46 | 000,009,141 | ---- | C] () -- C:\WINDOWS\System32\zvprtmon.dll
[2009.10.12 18:05:46 | 000,008,407 | ---- | C] () -- C:\WINDOWS\System32\zvprtmonui.dll
[2009.08.20 20:08:02 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2009.08.09 16:31:42 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.08.01 11:10:05 | 000,000,746 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2009.07.30 09:42:45 | 000,000,024 | ---- | C] () -- C:\WINDOWS\SW_Win2000X24.DLL
[2009.07.21 10:44:30 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009.07.21 10:44:29 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009.06.14 13:01:42 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.log
[2009.06.14 13:01:39 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\inst.exe
[2009.06.14 13:01:39 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
[2009.06.14 13:01:39 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
[2009.05.20 21:29:04 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.05 18:44:03 | 000,000,332 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP21.INI
[2009.04.17 11:52:28 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2009.03.22 22:05:07 | 000,000,384 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.03.22 21:15:32 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009.03.18 21:30:03 | 000,000,135 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2009.03.18 21:25:48 | 000,005,178 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2009.03.18 21:10:26 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009.03.18 21:10:24 | 000,014,682 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.03.18 21:10:14 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.03.18 21:07:20 | 000,639,046 | ---- | C] () -- C:\WINDOWS\aticlocklib.dll
[2009.03.18 21:07:20 | 000,110,592 | ---- | C] () -- C:\WINDOWS\R5ClkLib.dll
[2009.03.18 21:07:19 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2009.03.18 21:07:18 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2009.03.18 21:07:18 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2009.03.18 21:07:18 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2009.03.18 21:07:18 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2009.03.18 21:07:18 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2009.03.18 21:07:18 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2009.03.18 21:07:18 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2009.03.18 21:07:18 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2007.03.22 03:50:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007.03.22 03:50:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007.03.22 03:50:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007.03.22 03:50:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.03.22 03:50:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005.12.30 20:18:26 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005.12.30 20:10:30 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2003.09.30 10:47:39 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2003.09.30 10:47:39 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003.09.30 10:47:39 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2003.09.30 10:47:39 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2003.09.30 10:47:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002.12.31 13:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

========== Files - Unicode (All) ==========
[2010.01.04 17:28:10 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\Application Data\???????sAppData) -- C:\Documents and Settings\Administrator\Application Data\敎潲䍄敔灭慬整sAppData
[2010.01.04 17:28:10 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\Application Data\???????sAppData) -- C:\Documents and Settings\Administrator\Application Data\敎潲䍄敔灭慬整sAppData
(C:\Documents and Settings\Administrator\Application Data\???????sAppData) -- C:\Documents and Settings\Administrator\Application Data\敎潲䍄敔灭慬整sAppData
< End of report >

Extras.txt :

OTL Extras logfile created on: 25.3.2010 20:08:19 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 84,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 96,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 43,67 Gb Free Space | 55,89% Space Free | Partition Type: NTFS
Drive D: | 219,95 Gb Total Space | 81,49 Gb Free Space | 37,05% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOMA-6A353039F3
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\FlashAD2706\flashAD2706.exe" = C:\Program Files\FlashAD2706\flashAD2706.exe:*:Enabled:flash AD2706 -- File not found
"C:\Program Files\Ubisoft\THE SETTLERS - Vzestup říše\base\bin\Settlers6.exe" = C:\Program Files\Ubisoft\THE SETTLERS - Vzestup říše\base\bin\Settlers6.exe:*:Enabled:THE SETTLERS - Vzestup říše -- (Blue Byte GmbH)
"C:\Program Files\Ubisoft\THE SETTLERS - Vzestup říše\extra1\bin\Settlers6.exe" = C:\Program Files\Ubisoft\THE SETTLERS - Vzestup říše\extra1\bin\Settlers6.exe:*:Enabled:THE SETTLERS - Vzestup říše - Východní království -- (Blue Byte GmbH)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{269DBC9C-CAFC-472d-B1F1-0D327C2FFA76}" = Canon MF3200 Series
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Gamer OSD
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{76A17C28-A6F7-4670-A09E-14CDAA66D964}" = ASUS nVidia Driver
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}" = THE SETTLERS - Heritage of Kings (all products)
"{90120000-0010-041B-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Slovak) 12
"{90120000-0015-041B-0000-0000000FF1CE}" = Microsoft Office Access MUI (Slovak) 2007
"{90120000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2007
"{90120000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2007
"{90120000-0019-041B-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Slovak) 2007
"{90120000-001A-041B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovak) 2007
"{90120000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-041B-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Slovak) 2007
"{90120000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2007
"{90120000-00A1-041B-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Slovak) 2007
"{90120000-00BA-041B-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Slovak) 2007
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258h
"{BC61F51E-8AF7-46B9-AF20-B33B5EE81051}" = Nero 7 Essentials
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE86A0E7-818D-43EC-A181-59BA9BD3EF2E}" = LightScribe 1.8.13.1
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = THE SETTLERS - Vzestup říše (všechny produkty)
"{E96BE1AC-D50C-4EE5-808F-95F25364F78B}" = ASUS GamerOSD AP
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Anno 1701 CZ_is1" = Pro verzi 1.02
"avast!" = avast! Antivirus
"BSPlayer1" = BS.player
"Call of Duty" = Call of Duty
"CCleaner" = CCleaner
"Cool's_Codec_pack_4.12" = Codec Pack - VobSub 5.0.4.7
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foxit Reader" = Foxit Reader
"Free PDF to Word Converter_is1" = Free PDF to Word Converter 1.5
"HijackThis" = HijackThis 2.0.2
"InstallShield_{E96BE1AC-D50C-4EE5-808F-95F25364F78B}" = ASUS GamerOSD AP
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"NVIDIA Drivers" = NVIDIA Drivers
"Pdf995" = Pdf995
"Picasa 3" = Picasa 3
"RaimaRadio_is1" = RaimaRadio 1.4
"Revo Uninstaller" = Revo Uninstaller 1.83
"SMPlayer_is1" = SMPlayer 0.5.62
"Spyware Terminator_is1" = Spyware Terminator
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Tukanas Files Converter" = Tukanas Files Converter
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR archivátor
"xvid" = XviD MPEG-4 Video Codec
"zvprt40" = Kst printer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP 2005" = QIP 2005 8092
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 8.11.2009 05:44:51 | Computer Name = DOMA-6A353039F3 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://clients1.google.sk/suggest?hl=sk ... ideos&cp=1
failed, 0000A413.

Error - 13.2.2010 17:36:57 | Computer Name = DOMA-6A353039F3 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://dl.s9.uloz.to/Ps;Hs;fid=1514922; ... 3436137&De
failed, 00000084.

[ Application Events ]
Error - 20.8.2009 15:10:58 | Computer Name = DOMA-6A353039F3 | Source = DeviceLink | ID = 13
Description =

Error - 20.8.2009 15:10:58 | Computer Name = DOMA-6A353039F3 | Source = DeviceLink | ID = 78
Description =

Error - 20.8.2009 15:11:00 | Computer Name = DOMA-6A353039F3 | Source = DeviceLink | ID = 13
Description =

Error - 20.8.2009 15:11:02 | Computer Name = DOMA-6A353039F3 | Source = DeviceLink | ID = 13
Description =

Error - 20.8.2009 15:11:04 | Computer Name = DOMA-6A353039F3 | Source = DeviceLink | ID = 13
Description =

Error - 20.8.2009 15:11:06 | Computer Name = DOMA-6A353039F3 | Source = DeviceLink | ID = 13
Description =

Error - 20.8.2009 15:11:08 | Computer Name = DOMA-6A353039F3 | Source = DeviceLink | ID = 13
Description =

Error - 28.8.2009 13:56:49 | Computer Name = DOMA-6A353039F3 | Source = TomTomHOMEService | ID = 10000
Description =

Error - 4.9.2009 10:18:54 | Computer Name = DOMA-6A353039F3 | Source = TomTomHOMEService | ID = 10000
Description =

Error - 4.9.2009 10:21:47 | Computer Name = DOMA-6A353039F3 | Source = TomTomHOMEService | ID = 10000
Description =

[ System Events ]
Error - 22.3.2010 08:58:09 | Computer Name = DOMA-6A353039F3 | Source = Dhcp | ID = 1002
Description = Server DHCP 192.168.2.1 odmietol prenájom 192.168.2.3 adresy IP pre
sieťovú kartu so sieťovou adresou 0018F3B2784B (server DHCP odoslal hlásenie DHCPNACK).

Error - 23.3.2010 03:08:10 | Computer Name = DOMA-6A353039F3 | Source = Dhcp | ID = 1002
Description = Server DHCP 192.168.2.1 odmietol prenájom 192.168.2.2 adresy IP pre
sieťovú kartu so sieťovou adresou 0018F3B2784B (server DHCP odoslal hlásenie DHCPNACK).

Error - 23.3.2010 10:15:04 | Computer Name = DOMA-6A353039F3 | Source = Dhcp | ID = 1002
Description = Server DHCP 192.168.2.1 odmietol prenájom 192.168.2.2 adresy IP pre
sieťovú kartu so sieťovou adresou 0018F3B2784B (server DHCP odoslal hlásenie DHCPNACK).

Error - 24.3.2010 02:53:20 | Computer Name = DOMA-6A353039F3 | Source = Dhcp | ID = 1002
Description = Server DHCP 192.168.2.1 odmietol prenájom 192.168.2.3 adresy IP pre
sieťovú kartu so sieťovou adresou 0018F3B2784B (server DHCP odoslal hlásenie DHCPNACK).

Error - 25.3.2010 13:13:00 | Computer Name = DOMA-6A353039F3 | Source = Dhcp | ID = 1002
Description = Server DHCP 192.168.2.1 odmietol prenájom 192.168.2.3 adresy IP pre
sieťovú kartu so sieťovou adresou 0018F3B2784B (server DHCP odoslal hlásenie DHCPNACK).

Error - 25.3.2010 14:06:23 | Computer Name = DOMA-6A353039F3 | Source = Dhcp | ID = 1002
Description = Server DHCP 192.168.2.1 odmietol prenájom 192.168.2.2 adresy IP pre
sieťovú kartu so sieťovou adresou 0018F3B2784B (server DHCP odoslal hlásenie DHCPNACK).

Error - 25.3.2010 14:07:56 | Computer Name = DOMA-6A353039F3 | Source = Dhcp | ID = 1002
Description = Server DHCP 192.168.2.1 odmietol prenájom 192.168.2.2 adresy IP pre
sieťovú kartu so sieťovou adresou 0018F3B2784B (server DHCP odoslal hlásenie DHCPNACK).

Error - 25.3.2010 14:48:58 | Computer Name = DOMA-6A353039F3 | Source = sfsync02 | ID = 262156
Description =

Error - 25.3.2010 14:49:06 | Computer Name = DOMA-6A353039F3 | Source = DCOM | ID = 10005
Description = Server DCOM zistil chybu %1084 pri pokuse spustiť službu EventSystem
s argumentmi potrebnú na spustenie servera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 25.3.2010 14:50:18 | Computer Name = DOMA-6A353039F3 | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: Aavmker4 asuskbnt aswSP EIO Fips intelppm sp_rsdrv2

< End of report >

stále som v núdzovom, povedzte, kedy reštart

#5 Příspěvek od **Caroprd111** » 25 bře 2010 20:19

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
O4 - HKLM..\Run: [15625322] C:\Documents and Settings\All Users\Application Data\15625322\15625322.exe ()

:Files
C:\Documents and Settings\All Users\Application Data\15625322
C:\WINDOWS\*.tmp
C:\WINDOWS\System32\*.tmp

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[RESETHOSTS] 
[CREATERESTOREPOINT]
[REBOOT]

Poté klikněte na Run fix, PC se restartuje, log vložte sem.

Obrázek

Tohle otestujte na http://www.virustotal.com/cs/
C:\WINDOWS\System32\windzfa0.sys
C:\Documents and Settings\Administrator\Application Data\???????sAppData
C:\Documents and Settings\Administrator\Application Data\敎潲䍄敔灭慬整sAppData

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)

laborcatko · #6 Příspěvek od **laborcatko** » 25 bře 2010 20:33

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\15625322 deleted successfully.
C:\Documents and Settings\All Users\Application Data\15625322\15625322.exe moved successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\15625322 folder moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 790 bytes
->Temporary Internet Files folder emptied: 616373 bytes
->Java cache emptied: 2669 bytes
->FireFox cache emptied: 40843004 bytes
->Flash cache emptied: 4329 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 81920 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 85350 bytes

Total Files Cleaned = 40,00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.1.37.3 log created on 03252010_202235

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

1. http://www.virustotal.com/cs/analisis/6 ... 1269545294

2. nie je v ňom nič na otestovanie...

3. http://www.virustotal.com/cs/analisis/1 ... 1269545393

#7 Příspěvek od **Caroprd111** » 25 bře 2010 20:33

Jak to vypadá s PC

laborcatko · #8 Příspěvek od **laborcatko** » 25 bře 2010 20:37

no vrátilo ikony na plochu, okrem tapety, namiesto nej modrá obrazovka, sec.tool už nie je v systemovej lište, ani nevyskakuje zatiaľ nič iné..

#9 Příspěvek od **Caroprd111** » 25 bře 2010 20:38

Tapetu si změňte.

Obrázek

Stáhněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

Podle návodu v odkazu nainstalujte, poté dejte úplný sken.
Nic nemažte MBAM má občas falešné detekce a mohl by smazat např. systémové soubory.
Log vložte sem.

laborcatko · #10 Příspěvek od **laborcatko** » 25 bře 2010 20:48

Malwarebytes' Anti-Malware 1.44
Verzia databázy: 3913
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

25.3.2010 20:47:53
mbam-log-2010-03-25 (20-47-44).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 117535
Uplynutý cas: 2 minute(s), 51 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 1
Infikovaných registracných údajov položiek: 3
Infikovaných priecinkov: 0
Infikovaných súborov: 2

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> No action taken.

Infikovaných registracných údajov položiek:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
C:\Documents and Settings\Administrator\Desktop\Security Tool.LNK (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Administrator\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> No action taken.

takže asi môžem mazať

#11 Příspěvek od **Caroprd111** » 25 bře 2010 20:52

Ano, můžete smazat. Poté dejte úplný sken.

laborcatko · #12 Příspěvek od **laborcatko** » 25 bře 2010 21:20

Malwarebytes' Anti-Malware 1.44
Verzia databázy: 3913
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

25.3.2010 21:13:24
mbam-log-2010-03-25 (21-13-14).txt

Typ kontroly: Úplná (C:\|D:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|N:\|O:\|P:\|Q:\|R:\|)
Objektov kontrolovaných: 169228
Uplynutý cas: 14 minute(s), 48 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 1

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
C:\_OTL\MovedFiles\03252010_202235\C_Documents and Settings\All Users\Application Data\15625322\15625322.exe (Rogue.SecurityTool) -> No action taken.

takže tiež zmazať...
a po prvom rýchlom skene, po reštarte, sa mi v lište ukázal červený erb - čiže spôsob akým ma má centrum zabezpečenia upozorňovať.. pričom som to mala vypnuté a bol vypnutý i firewal, ktorý sa asi na pol minútky zapol a potom vypol... tam som to vypla...

a ak smiem a tomuto problému je koniec, všimla som si v jednom príspevku, že sa mu nejdú načítať niektoré stránky, u mňa sa jedná napr. markíza.sk a potom https://addons.mozilla.org/ - stále iba načítava a načítava... pričom gmail.com mi načíta v pohode..

#13 Příspěvek od **Caroprd111** » 25 bře 2010 21:24

Ano, můžete smazat.

Obrázek

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
Vložte do PC všechny flash disky, které používáte.
Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
Během skenování může být počítač restartován.

laborcatko · #14 Příspěvek od **laborcatko** » 25 bře 2010 21:52

ComboFix 10-03-25.02 - Administrator 25.03.2010 21:43:35.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.2047.1605 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100325-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\inst.exe

c:\windows\system32\msgsvc.dll . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-02-25 to 2010-03-25 )))))))))))))))))))))))))))))))
.

2010-03-25 19:42 . 2010-03-25 19:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-03-25 19:42 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-25 19:42 . 2010-03-25 19:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-25 19:42 . 2010-03-25 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-25 19:42 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-25 19:22 . 2010-03-25 19:22 -------- d-----w- C:\_OTL
2010-03-25 18:50 . 2010-03-25 18:50 -------- d-----w- c:\program files\trend micro
2010-03-25 18:50 . 2010-03-25 18:50 -------- d-----w- C:\rsit
2010-03-25 18:21 . 2010-03-25 18:21 -------- d-----w- c:\windows\RegLooks
2010-03-04 15:36 . 2010-03-08 12:20 -------- d-----w- c:\windows\system32\LogFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-17 09:30 . 2009-03-18 20:07 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-03-05 19:18 . 2009-06-14 12:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Vso
2010-02-16 15:12 . 2009-11-24 20:18 -------- d-----w- c:\program files\ICQ6.5
2010-02-14 12:27 . 2009-04-17 18:59 -------- d-----w- c:\program files\RaimaRadio
2009-10-12 17:42 . 2009-10-12 17:42 68 --sha-w- c:\windows\system32\windzfa0.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-22 8425472]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-22 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"InCD"="d:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-01 1057328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2002-12-31 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:21 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GamerOSD]
2007-02-14 08:42 380928 ------w- c:\program files\ASUS\GamerOSD\GamerOSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 11:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 11:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-03-22 02:50 1622016 ------w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 18:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-06-01 09:06 1629744 ----a-w- d:\program files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2006-07-13 06:12 729088 ------w- c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2006-12-18 13:34 868352 ------r- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-17 15:39 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Microsoft Office Groove Audit Service"=3 (0x3)
"gusvc"=3 (0x3)
"ose"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ubisoft\\THE SETTLERS - Vzestup říše\\base\\bin\\Settlers6.exe"=
"c:\\Program Files\\Ubisoft\\THE SETTLERS - Vzestup říše\\extra1\\bin\\Settlers6.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.8.2009 16:31 721904]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [19.3.2009 18:06 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [17.4.2009 11:52 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.3.2009 18:06 20560]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13.11.2009 12:31 92008]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x9tmq5rs.default\
FF - prefs.js: browser.search.selectedEngine - VyhledĂˇvĂˇnĂ videĂ ve sluĹľbÄ› YouTube
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Pdf995 - c:\program files\pdf995\setup.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-25 21:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x89E531F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba8ecfc3
\Driver\ACPI -> ACPI.sys @ 0xba666cb8
\Driver\atapi -> sfsync02.sys @ 0xbab38d60
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xba505ba0
PacketIndicateHandler -> NDIS.sys @ 0xba512b21
SendHandler -> NDIS.sys @ 0xba4f087b
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2025429265-1935655697-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{61371254-F4D6-A937-85A8-831B8679857D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abdoldncddlimmpifglldpcoaidppcjdkl"=hex:70,61,6e,61,6a,6e,64,64,68,70,6b,67,
68,63,6c,6e,69,67,69,69,6a,61,68,65,6f,61,6c,66,6a,6e,62,6c,00,40
"maeoaelajkkklpjkiadlchlcjp"=hex:6f,61,64,6d,66,6d,6e,67,66,6f,63,6c,6d,6d,65,
6e,6c,6e,6b,6a,61,6b,69,70,65,63,61,67,66,6b,00,6c
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\ATKKBService.exe
d:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-03-25 21:48:09 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-25 20:48

Pre-Run: 48 176 431 104 bytes free
Post-Run: 10 adresárov, 48 143 745 024 voľných bajtov

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 758679AC0471F6D26C7834CCFCBD534A

spomínané stránky stále nenačitáva..

#15 Příspěvek od **Caroprd111** » 26 bře 2010 06:13

Stáhněte a uložte na plochu SystemLook http://jpshortstuff.247fixes.com/SystemLook.exe

Spusťte, do okénka zkopírujte text z bílého okna.

Kód: Vybrat vše

:filefind
msgsvc.dll

klikněte na Look, po dokončení skenu na Vás vyskočí log, zkopírujte ho sem.

Doporučuji odinstalovat:
c:\Program Files\uTorrent\uTorrent.exe

P2P sítě a jejich klienti jsou potenciálním bezpečnostním rizikem, prakticky neustále jsou zdrojem virů, zbytečně se vystavujete riziku.

VIRY.CZ

takže Security tool - na pokračovanie :)

takže Security tool - na pokračovanie :)

Re: takže Security tool - na pokračovanie :)

Re: takže Security tool - na pokračovanie :)

Re: takže Security tool - na pokračovanie :)

Re: takže Security tool - na pokračovanie :)

Re: takže Security tool - na pokračovanie :)

Re: takže Security tool - na pokračovanie :)

Re: takže Security tool - na pokračovanie :)

Re: takže Security tool - na pokračovanie :)

Re: takže Security tool - na pokračovanie :)

Re: takže Security tool - na pokračovanie :)

Re: takže Security tool - na pokračovanie :)

Re: takže Security tool - na pokračovanie :)

Re: takže Security tool - na pokračovanie :)

Re: takže Security tool - na pokračovanie :)