zasekavani kurzoru myši, prosim o kontrolu logu

[deziderdezo]

Logfile of random's system information tool 1.07 (written by random/random)
Run by BCD PC02 at 2010-06-02 21:43:22
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 11 GB (29%) free of 38 GB
Total RAM: 703 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:43:35, on 2.6.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\BCD PC02\Local Settings\Data aplikací\Opera\Opera\temporary_downloads\RSIT.exe
C:\Program Files\trend micro\BCD PC02.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bcd.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [tsnpstd] C:\WINDOWS\tsnpstd.exe
O4 - HKLM\..\Run: [snpstd2] C:\WINDOWS\vsnpstd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O24 - Desktop Component 0: (no name) - http://photo.box.sk/design/kvety02.jpg

--
End of file - 4976 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-16 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-16 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-05-06 2815192]
"tsnpstd"=C:\WINDOWS\tsnpstd.exe []
"snpstd2"=C:\WINDOWS\vsnpstd2.exe [2007-04-13 307200]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]
C:\Program Files\Anti Spyware-Ad-Aware 2007\AAWTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6\ICQ.exe silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
C:\Program Files\Eset\nod32kui.exe /WAITSERVICE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2010-01-16 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
C:\Program Files\Save\Save.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^BCD PC02^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.1.lnk]
C:\PROGRA~1\OPENOF~1.1\program\QUICKS~1.EXE [2006-12-01 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^BCD PC02^Nabídka Start^Programy^Po spuštění^Yahoo! Widget Engine.lnk]
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Disabled:Miranda IM"
"C:\Program Files\Opera\Opera.exe"="C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\DAEMON Tools\daemon.exe"="C:\Program Files\DAEMON Tools\daemon.exe:*:Enabled:DAEMON Tools"
"C:\software\strong dc++\StrongDC.exe"="C:\software\strong dc++\StrongDC.exe:*:Enabled:StrongDC++"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4abcc4e-cc3e-11dc-92aa-000b6a8fd21c}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\S-1-5-21-3666692665-148099885-633438025-500\regsvc32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5e79f08-4e80-11dc-921d-000b6a8fd21c}]
shell\AutoRun\command - F:\Autorun.exe


======List of files/folders created in the last 1 months======

2010-06-02 21:43:23 ----D---- C:\Program Files\trend micro
2010-06-02 21:43:22 ----D---- C:\rsit
2010-06-02 14:06:28 ----D---- C:\WINDOWS\Downloaded Installations
2010-06-02 12:58:57 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2010-06-02 12:46:47 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-06-02 12:46:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-06-02 12:46:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-06-02 12:45:42 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-06-02 12:45:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-06-02 12:43:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-06-02 12:31:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-06-02 12:30:50 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-06-02 12:30:19 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-06-02 12:30:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-06-02 12:29:50 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-06-02 12:29:29 ----HDC---- C:\WINDOWS\$NtUninstallKB981350$
2010-06-02 12:28:40 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-06-02 12:28:18 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-06-02 12:27:54 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-06-02 12:25:31 ----D---- C:\WINDOWS\ie8updates
2010-06-02 12:21:54 ----D---- C:\WINDOWS\WBEM
2010-06-02 12:19:59 ----HDC---- C:\WINDOWS\ie8
2010-06-02 12:19:59 ----D---- C:\WINDOWS\system32\cs-CZ
2010-06-02 12:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-06-02 12:09:22 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-06-02 12:09:08 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-06-02 12:08:54 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-06-02 12:08:30 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-06-02 12:08:16 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-06-02 12:08:03 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-06-02 12:07:49 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-06-02 12:07:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-06-02 12:06:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-06-02 12:06:28 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-06-02 12:06:14 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-06-02 12:06:01 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-06-02 12:05:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2010-06-02 12:05:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-06-02 12:05:20 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-06-02 12:05:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-06-02 12:04:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-06-02 12:04:34 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-06-02 12:04:17 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-06-02 12:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-06-02 12:03:39 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-06-02 12:03:22 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-06-02 12:03:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-06-02 12:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB980182$
2010-06-02 12:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-06-02 12:01:14 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-06-02 12:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-06-02 12:00:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-06-02 12:00:09 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-06-02 11:59:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2010-06-02 11:59:24 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-06-02 11:58:57 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-06-02 11:58:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-06-02 11:57:38 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-06-02 11:57:18 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-06-02 11:56:49 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-06-02 11:56:26 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-06-02 11:56:09 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-06-02 11:55:41 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-06-02 11:55:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-06-02 11:55:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-06-02 11:54:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2010-06-02 11:54:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-06-02 11:53:42 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-06-02 11:53:26 ----A---- C:\WINDOWS\system32\wmpns.dll
2010-06-02 11:53:12 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9L$
2010-06-02 11:53:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-06-02 11:52:52 ----D---- C:\Program Files\MSXML 4.0
2010-06-02 11:52:22 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2010-06-02 11:51:54 ----D---- C:\Program Files\Common Files\i-Look 317
2010-06-02 11:51:17 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-06-02 11:50:59 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-06-02 11:50:44 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-06-02 11:50:22 ----A---- C:\WINDOWS\imsins.BAK
2010-06-02 11:50:13 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-06-02 11:42:18 ----D---- C:\Program Files\Common Files\snpstd2
2010-06-02 11:42:18 ----A---- C:\WINDOWS\vsnpstd2.exe
2010-06-02 11:42:18 ----A---- C:\WINDOWS\system32\vsnpstd2.dll
2010-06-02 11:42:18 ----A---- C:\WINDOWS\system32\rsnpstd2.dll
2010-06-02 11:42:18 ----A---- C:\WINDOWS\system32\csnpstd2.dll
2010-06-02 11:42:18 ----A---- C:\WINDOWS\snpstd2.ini
2010-06-02 11:42:18 ----A---- C:\WINDOWS\amcap.exe
2010-06-02 11:32:28 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-06-02 11:32:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-06-02 11:24:30 ----D---- C:\WINDOWS\system32\CatRoot_bak
2010-06-02 11:07:08 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-06-02 11:05:07 ----A---- C:\WINDOWS\system32\Remover.ini
2010-06-02 11:05:07 ----A---- C:\WINDOWS\system32\Remove.exe
2010-06-02 11:04:56 ----A---- C:\WINDOWS\system32\SP7302.ini
2010-06-02 11:04:52 ----A---- C:\WINDOWS\system32\P7302USD.dll
2010-06-02 11:04:49 ----D---- C:\WINDOWS\PixArt
2010-06-02 11:04:49 ----D---- C:\Program Files\Common Files\PAC7302
2010-06-02 10:45:30 ----D---- C:\WINDOWS\Album
2010-06-02 10:45:25 ----D---- C:\Program Files\KYE
2010-06-02 10:44:59 ----D---- C:\Documents and Settings\BCD PC02\Data aplikací\InstallShield
2010-06-02 09:02:13 ----D---- C:\Documents and Settings\BCD PC02\Data aplikací\skypePM
2010-06-02 09:01:17 ----D---- C:\Documents and Settings\BCD PC02\Data aplikací\Skype
2010-06-02 09:00:46 ----D---- C:\Program Files\Common Files\Skype
2010-06-02 09:00:37 ----RD---- C:\Program Files\Skype

======List of files/folders modified in the last 1 months======

2010-06-02 21:43:23 ----RD---- C:\Program Files
2010-06-02 21:29:23 ----SHD---- C:\WINDOWS\Installer
2010-06-02 21:29:18 ----D---- C:\Program Files\Opera
2010-06-02 21:25:15 ----D---- C:\WINDOWS\temp
2010-06-02 21:24:05 ----D---- C:\WINDOWS
2010-06-02 21:19:10 ----D---- C:\WINDOWS\security
2010-06-02 21:19:08 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-02 21:16:21 ----DC---- C:\WINDOWS\system32\dllcache
2010-06-02 21:16:18 ----D---- C:\WINDOWS\system32
2010-06-02 21:16:15 ----D---- C:\WINDOWS\system32\drivers
2010-06-02 21:01:49 ----D---- C:\moje dokumenty
2010-06-02 20:20:58 ----D---- C:\WINDOWS\Minidump
2010-06-02 20:20:54 ----D---- C:\Program Files\Real Alternative
2010-06-02 20:20:54 ----D---- C:\Program Files\QuickTime Alternative
2010-06-02 16:54:13 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-06-02 14:26:39 ----D---- C:\Documents and Settings\BCD PC02\Data aplikací\OpenOffice.org2
2010-06-02 14:13:43 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-06-02 14:12:41 ----A---- C:\WINDOWS\win.ini
2010-06-02 12:56:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-02 12:52:33 ----D---- C:\WINDOWS\inf
2010-06-02 12:51:15 ----D---- C:\WINDOWS\system32\wbem
2010-06-02 12:51:15 ----D---- C:\WINDOWS\system32\Setup
2010-06-02 12:51:15 ----D---- C:\WINDOWS\Help
2010-06-02 12:51:15 ----D---- C:\WINDOWS\AppPatch
2010-06-02 12:51:15 ----D---- C:\Program Files\Internet Explorer
2010-06-02 12:49:28 ----A---- C:\WINDOWS\WINCMD.INI
2010-06-02 12:46:45 ----D---- C:\WINDOWS\$hf_mig$
2010-06-02 12:36:30 ----D---- C:\WINDOWS\system32\CatRoot
2010-06-02 12:30:22 ----D---- C:\WINDOWS\WinSxS
2010-06-02 12:22:00 ----D---- C:\WINDOWS\system32\config
2010-06-02 12:21:33 ----D---- C:\WINDOWS\Media
2010-06-02 12:17:44 ----D---- C:\WINDOWS\Debug
2010-06-02 12:06:04 ----D---- C:\Program Files\Movie Maker
2010-06-02 11:57:22 ----D---- C:\Program Files\Outlook Express
2010-06-02 11:55:44 ----D---- C:\WINDOWS\ServicePackFiles
2010-06-02 11:52:01 ----D---- C:\WINDOWS\twain_32
2010-06-02 11:51:54 ----D---- C:\Program Files\Common Files
2010-06-02 11:51:46 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-02 11:32:23 ----D---- C:\Program Files\Alwil Software
2010-06-02 11:26:18 ----D---- C:\Program Files\ESET
2010-06-02 11:21:50 ----D---- C:\Program Files\CCleaner
2010-06-02 09:00:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-05-06 28880]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-05-06 164048]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-05-06 46672]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2003-10-30 11264]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-05-06 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-05-06 100432]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-05-06 23376]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2003-10-17 754560]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2003-10-30 427776]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2004-08-03 32768]
R3 snpstd2;VideoCAM Look; C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2007-03-29 343680]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 catchme;catchme; \??\C:\DOCUME~1\BCDPC0~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\System32\DRIVERS\sr.sys [2004-08-17 73344]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-16 153376]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]

-----------------EOF-----------------

[Roli]

Zdravím, tohle fixni v HJT :

R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

HJT najdeš zde :

C:\Program Files\trend micro\BCD PC02.exe

Fix znamená že spustíš HJT

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Pak použij Mbam z mého podpisu.

[deziderdezo]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4165

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

2.6.2010 23:40:13
mbam-log-2010-06-02 (23-40-13).txt

Typ skenu: Rychlý sken
Skenované objekty: 115519
Uplynulý čas: 8 minuta(y), 58 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[Roli]

Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4abcc4e-cc3e-11dc-92aa-000b6a8fd21c}]

:files
C:\Program Files\Eset 
C:\Program Files\Save

:commands
[purity]
[emptytemp]
[start explorer]

klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\

[deziderdezo]

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4abcc4e-cc3e-11dc-92aa-000b6a8fd21c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b4abcc4e-cc3e-11dc-92aa-000b6a8fd21c}\ not found.
========== FILES ==========
C:\Program Files\ESET\updfiles folder moved successfully.
C:\Program Files\ESET\Install folder moved successfully.
C:\Program Files\ESET\cache folder moved successfully.
C:\Program Files\ESET folder moved successfully.
File/Folder C:\Program Files\Save not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: BCD PC02
->Temp folder emptied: 672448057 bytes
->Temporary Internet Files folder emptied: 42698221 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 91082895 bytes
->Flash cache emptied: 1926979 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33728 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1256993 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4423000 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34286 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 776,00 mb


OTM by OldTimer - Version 3.1.12.2 log created on 06042010_121156

Files moved on Reboot...
File C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...

[Roli]

Nepořádek je pryč.

Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

Čištění registru je třeba několikrát zopakovat !

Pak dej vědět jaký je stav PC.

[deziderdezo]

tak som to precistil a vypada to dobre.
Dekuji mnohokrat za pomoc.

[Roli]

Není zač.