prosím o kontrolu logu na starším notebooku

[marek2600]

Logfile of random's system information tool 1.07 (written by random/random)
Run by Lenka at 2010-06-04 21:56:51
Microsoft Windows 2000 Professional
System drive C: has 2 GB (42%) free of 6 GB
Total RAM: 127 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:57:31, on 4.6.2010
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\internat.exe
C:\WINDOWS\Application Data\QipGuard\QipGuard.exe
C:\WINDOWS\system32\xfgnp.exe
C:\WINDOWS\system32\drivers\Prcgd.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Dokumenty\Stažené soubory\RSIT(2).exe
C:\Program Files\trend micro\Lenka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\WINDOWS\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: Shell=Explorer.exe %windir%\system32\drivers\Prgds.exe
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\WINDOWS\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\system32\xfgnp.exe
O4 - HKLM\..\Run: [Prcgd] C:\WINDOWS\system32\drivers\Prcgd.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\WINDOWS\Application Data\QipGuard\QipGuard.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\system32\xfgnp.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\QIP\qip.exe (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://msn.atlas.cz
O14 - IERESET.INF: MS_START_PAGE_URL=http://msn.atlas.cz
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0453DF4-5687-499A-8464-9A7BCAA5658D}: NameServer = 79.127.144.4,212.71.133.6
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 4477 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Optimalizovat spouštiní aplikace.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\ctbr.dll [2010-06-01 1239912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\WINDOWS\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll [2010-04-12 149968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Rádio - C:\WINDOWS\System32\msdxm.ocx [2000-03-20 844560]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\ctbr.dll [2010-06-01 1239912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"=C:\WINDOWS\system32\SysTray.Exe [2000-03-20 3856]
"Microsoft Driver Setup"=C:\WINDOWS\system32\xfgnp.exe [2010-04-13 208896]
"Prcgd"=C:\WINDOWS\system32\drivers\Prcgd.exe [2010-04-28 442368]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-06-04 2176512]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Microsoft Driver Setup"=C:\WINDOWS\system32\xfgnp.exe [2010-04-13 208896]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"=C:\WINDOWS\system32\internat.exe [2000-03-20 20752]
"QIP Internet Guardian"=C:\WINDOWS\Application Data\QipGuard\QipGuard.exe [2010-04-12 181760]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=0xFFFFFFFF

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.inf - install -

======List of files/folders created in the last 1 months======

2010-06-04 21:36:43 ----D---- C:\Program Files\Crawler
2010-06-04 21:11:08 ----D---- C:\WINDOWS\Application Data\Spyware Terminator
2010-06-04 21:10:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-06-04 21:10:12 ----AD---- C:\Program Files\Spyware Terminator
2010-06-04 20:33:15 ----A---- C:\r6x5z5j9j5d3.exe
2010-06-04 17:28:29 ----D---- C:\Program Files\trend micro
2010-06-04 17:27:09 ----D---- C:\rsit
2010-06-02 15:47:38 ----A---- C:\ffff.exe
2010-05-31 18:14:16 ----D---- C:\WINDOWS\Application Data\GHISLER
2010-05-31 18:14:16 ----D---- C:\totalcmd
2010-05-31 16:13:43 ----RASHD---- C:\autorun.inf
2010-05-31 14:42:19 ----A---- C:\c8t3r6p3k6e8.exe
2010-05-21 17:50:04 ----D---- C:\WINDOWS\Application Data\QipGuard
2010-05-21 17:49:40 ----D---- C:\QIP
2010-05-20 17:50:52 ----A---- C:\WINDOWS\System32\qpl.dll
2010-05-20 17:50:52 ----A---- C:\WINDOWS\System32\LpCom.dll
2010-05-18 23:03:23 ----A---- C:\p6yah2b9q9d1.exe
2010-05-18 15:36:55 ----D---- C:\WINDOWS\Minidump
2010-05-13 17:52:46 ----A---- C:\p6z7h2b9q9d1.exe
2010-05-08 08:37:07 ----A---- C:\4x8q2y6t2e6.exe

======List of files/folders modified in the last 1 months======

2010-06-04 21:57:00 ----AD---- C:\WINDOWS\SYSTEM32
2010-06-04 21:54:48 ----AD---- C:\WINDOWS\TEMP
2010-06-04 21:54:48 ----AD---- C:\WINDOWS\Debug
2010-06-04 21:54:48 ----AD---- C:\WINDOWS
2010-06-04 21:36:43 ----RAD---- C:\Program Files
2010-06-04 21:30:31 ----D---- C:\Program Files\Mozilla Firefox
2010-06-04 21:29:44 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Internal V.90 Modem.txt
2010-06-04 21:16:51 ----AD---- C:\WINDOWS\System32\DRIVERS
2010-06-04 20:52:19 ----D---- C:\Program Files\CCleaner
2010-06-04 20:50:45 ----AD---- C:\WINDOWS\Application Data
2010-06-04 20:27:57 ----D---- C:\WINDOWS\System32\NtmsData
2010-06-04 20:24:52 ----N---- C:\WINDOWS\SchedLog.Txt
2010-05-31 18:18:25 ----SHD---- C:\WINDOWS\Installer
2010-05-20 17:02:17 ----D---- C:\Program Files\Maxthon2
2010-05-06 20:03:17 ----A---- C:\m6u6o6o4w1w2.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_2K;Cdr4_2K; C:\WINDOWS\System32\drivers\Cdr4_2K.sys [2009-04-28 9072]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\System32\drivers\Cdralw2k.sys [2009-04-28 9200]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\System32\drivers\sp_rsdrv2.sys []
R2 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2000-03-20 13904]
R2 irda;Protokol IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2000-03-20 57008]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [1999-09-25 9776]
R3 ds1;Yamaha DS1 Audio Driver (WDM); C:\WINDOWS\system32\drivers\ds1wdm.sys [1999-11-06 358928]
R3 ltmodem5;Toshiba Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmntt.sys [1999-10-23 410832]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2000-03-20 11664]
R3 OBOE;Toshiba FIR Port Type-DO; C:\WINDOWS\System32\DRIVERS\tos4mo.sys [1999-10-20 28432]
R3 Rasirda;WAN Miniport (IrDA Modem); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2000-03-20 19888]
R3 rtl8139;Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [1999-09-25 18704]
R3 S3GSavageMX;S3GSavageMX; C:\WINDOWS\System32\DRIVERS\S3Gsavm.sys [2005-02-25 88576]
R3 uhcd;Ovladač univerzálního hostitelského řadiče USB; C:\WINDOWS\System32\DRIVERS\uhcd.sys [2000-03-20 32144]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2000-03-20 40016]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [1999-10-01 19760]
S4 dmload;dmload; C:\WINDOWS\System32\drivers\dmload.sys [2000-03-20 7312]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\System32\svchost.exe [2000-03-20 7952]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-06-04 488960]
S3 WmdmPmSN;Portable Media Serial Number Service; C:\WINDOWS\System32\svchost.exe [2000-03-20 7952]

-----------------EOF-----------------

[vyosek]

Zdravim,

no cisto tam rozhodne neni
Chybi Vam zakladni zabezpeceni - antivir+firewall - nainstalujte
Osobne Vam doporucuji kombinaci Avast+ZoneAlarm. Prehled antiviru mate ZDE a firewallu TADY.
Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy
Stahnete OTL (viz muj podpis) a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Zaskrtnete okenko Pro vsechny uzivatele
• Zaskrtnete okenko Kontrola na havet "LOP"
• Zaskrtnete okenko Kontrola na havet "Purity"
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  netsvcs
  drivers32
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
  c:\windows\*.* /U
  %SYSTEMDRIVE%\*.exe
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  nvstor32.sys
  ahcix86s.sys
  nvrd32.sys
  symmpi.sys
  adp3132.sys
  mv61xx.sys
  nvraid.sys
  ndis.sys
  winlogon.exe
  explorer.exe
  userinit.exe
  lsass.exe
  svchost.exe
  smss.exe
  hal.dll
  ws2_32.dll
  tcpip.sys
  cryptsvc.dll
  Changer.sys
  JakNDis.sys
  isapnp.sys
  cdrom.sys
  /md5stop
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.dll /lockedfiles
  reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
  reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
  reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
  %systemroot%\system32\drivers\*.sys /3
  %systemroot%\system32\*.* /3
  CREATERESTOREPOINT 

• Kliknete na tlacitko Prohledat
• Po dokonceni skenu (cca 5min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

[marek2600]

OTL logfile created on: 4.6.2010 22:21:45 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Lenka\Plocha
Windows 2000 Professional Edition (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 5.00.2920.0000)
Locale: 00000405 | Country: Czech Republic | Language: csy | Date Format: d.M.yyyy

127,00 Mb Total Physical Memory | 29,00 Mb Available Physical Memory | 22,00% Memory free
303,00 Mb Paging File | 116,00 Mb Available in Paging File | 38,00% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 5,59 Gb Total Space | 2,38 Gb Free Space | 42,60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: W6O6E5
Current User Name: Lenka
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.06.04 22:19:59 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lenka\Plocha\OTL.exe
PRC - [2010.06.04 21:11:10 | 000,488,960 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2010.06.01 22:52:48 | 002,484,072 | ---- | M] (Crawler.com) -- C:\Program Files\Crawler\CToolbar.exe
PRC - [2010.05.25 18:08:54 | 001,694,520 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2010.04.28 20:51:44 | 000,442,368 | RHS- | M] (Sir5eBJgcOL) -- C:\WINDOWS\SYSTEM32\DRIVERS\Prcgd.exe
PRC - [2010.04.13 15:34:56 | 000,208,896 | RHS- | M] (RBrx1o) -- C:\WINDOWS\SYSTEM32\xfgnp.exe
PRC - [2010.04.12 18:28:50 | 000,181,760 | ---- | M] () -- C:\WINDOWS\Application Data\QipGuard\QipGuard.exe
PRC - [2010.04.01 19:33:25 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2000.03.20 02:00:00 | 000,118,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\mstask.exe
PRC - [2000.03.20 01:00:00 | 000,238,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2000.03.20 01:00:00 | 000,192,567 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wbem\winmgmt.exe
PRC - [2000.03.20 01:00:00 | 000,020,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\internat.exe


========== Modules (SafeList) ==========

MOD - [2010.06.04 22:19:59 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lenka\Plocha\OTL.exe
MOD - [2000.03.20 01:00:00 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
MOD - [2000.03.20 01:00:00 | 000,023,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wsock32.dll
MOD - [2000.03.20 01:00:00 | 000,011,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\netrap.dll
MOD - [2000.03.20 01:00:00 | 000,011,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\indicdll.dll
MOD - [2000.03.20 01:00:00 | 000,010,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\lz32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010.06.04 21:11:10 | 000,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2000.03.20 02:00:00 | 000,118,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\mstask.exe -- (Schedule)
SRV - [2000.03.20 01:00:00 | 000,192,567 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\wbem\winmgmt.exe -- (WinMgmt)
SRV - [2000.03.20 01:00:00 | 000,147,728 | ---- | M] (VERITAS Software Corp.) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2000.03.20 01:00:00 | 000,097,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\faxsvc.exe -- (Fax)
SRV - [2000.03.20 01:00:00 | 000,066,832 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\regsvc.exe -- (RemoteRegistry)
SRV - [2000.03.20 01:00:00 | 000,022,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\utilman.exe -- (UtilMan)


========== Driver Services (SafeList) ==========

DRV - [2010.06.04 21:11:09 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2009.04.28 22:20:06 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys -- (Cdralw2k)
DRV - [2009.04.28 22:20:06 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_2k.sys -- (Cdr4_2K)
DRV - [2005.02.25 17:38:00 | 000,088,576 | R--- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\S3Gsavm.sys -- (S3GSavageMX)
DRV - [2000.03.20 01:00:00 | 000,368,240 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\dmboot.sys -- (dmboot)
DRV - [2000.03.20 01:00:00 | 000,135,984 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmio.sys -- (dmio)
DRV - [2000.03.20 01:00:00 | 000,060,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\parallel.sys -- (Parallel)
DRV - [2000.03.20 01:00:00 | 000,032,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\uhcd.sys -- (uhcd)
DRV - [2000.03.20 01:00:00 | 000,027,344 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\efs.sys -- (EFS)
DRV - [2000.03.20 01:00:00 | 000,021,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rca.sys -- (RCA)
DRV - [2000.03.20 01:00:00 | 000,009,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netdtect.sys -- (NetDetect)
DRV - [2000.03.20 01:00:00 | 000,007,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\diskperf.sys -- (Diskperf)
DRV - [2000.03.20 01:00:00 | 000,007,312 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\dmload.sys -- (dmload)
DRV - [1999.11.06 23:06:58 | 000,358,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ds1wdm.sys -- (ds1) Yamaha DS1 Audio Driver (WDM)
DRV - [1999.10.23 22:01:40 | 000,410,832 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ltmdmntt.sys -- (ltmodem5)
DRV - [1999.10.20 23:49:22 | 000,028,432 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Tos4mo.sys -- (OBOE)
DRV - [1999.09.25 19:35:58 | 000,009,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [1999.09.25 04:17:18 | 000,018,704 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.sys -- (rtl8139)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/?tbid=60076
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\WINDOWS\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "QIP Search"
FF - prefs.js..browser.startup.homepage: "www.seznam.cz"
FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3
FF - prefs.js..keyword.URL: "http://search.qip.ru/search?from=FF&query="

FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\firefox\ [2010.06.04 21:37:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.02 11:54:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.01 19:34:37 | 000,000,000 | ---D | M]

[2009.07.01 19:50:25 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\Mozilla\Extensions
[2010.03.28 16:14:04 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\tjr6balr.default\extensions
[2010.06.04 22:10:40 | 000,002,062 | ---- | M] () -- C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\tjr6balr.default\searchplugins\qip-search.xml
[2009.07.01 19:47:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.07.03 20:16:59 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2007.07.26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
[2009.11.03 16:32:21 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.11.03 16:32:21 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.11.03 16:32:21 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.11.03 16:32:21 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.11.03 16:32:21 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2000.03.20 01:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\WINDOWS\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3 - HKLM\..\Toolbar: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (&Rádio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx (Microsoft Corporation)
O4 - HKLM..\Run: [Microsoft Driver Setup] C:\WINDOWS\SYSTEM32\xfgnp.exe (RBrx1o)
O4 - HKLM..\Run: [Prcgd] C:\WINDOWS\SYSTEM32\DRIVERS\Prcgd.exe (Sir5eBJgcOL)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SystemTray] C:\WINDOWS\System32\systray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [internat.exe] C:\WINDOWS\System32\internat.exe (Microsoft Corporation)
O4 - HKCU..\Run: [QIP Internet Guardian] C:\WINDOWS\Application Data\QipGuard\QipGuard.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Microsoft Driver Setup = C:\WINDOWS\system32\xfgnp.exe (RBrx1o)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\WEB\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\WEB\related.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\rnr20.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\msafd.dll (Microsoft Corporation)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java file://C:\WINDOWS\SYSTEM\iejava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\SYSTEM32\msdxm.ocx (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler - No CLSID value found
O18 - Protocol\Filter\deflate - No CLSID value found
O18 - Protocol\Filter\gzip - No CLSID value found
O18 - Protocol\Filter\lzdhtml - No CLSID value found
O18 - Protocol\Filter\text/webviewhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (%windir%\system32\drivers\Prgds.exe) - C:\WINDOWS\System32\drivers\Prgds.exe File not found
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Dokumenty\Obrázky\download.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Zrnko kávy.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.07.01 18:47:44 | 000,000,252 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.05.31 16:13:43 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\SYSTEM32\ias [2009.07.01 19:15:28 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Nwsapagent - File not found

Drivers32: msacm.a3d - C:\WINDOWS\System32\a3d.dll (Sensaura Ltd)
Drivers32: msacm.divxa - C:\WINDOWS\System32\divxa32.acm (build Pinky.cz)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3radius - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.ogg - C:\WINDOWS\System32\ogg.dll ()
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: msacm.vorbisenc - C:\WINDOWS\System32\vorbisenc.dll ()
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.div3 - C:\WINDOWS\System32\divxc32.dll (build Pinky.cz)
Drivers32: vidc.div4 - C:\WINDOWS\System32\divxc32f.dll (Pinky.cz)
Drivers32: vidc.divx - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.VDOM - vdowave.drv File not found
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvid.dll ()
SystemRestore not available.

========== Files/Folders - Created Within 30 Days ==========

[2010.06.04 22:19:58 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lenka\Plocha\OTL.exe
[2010.06.04 21:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Crawler
[2010.06.04 21:11:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Application Data\Spyware Terminator
[2010.06.04 21:10:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
[2010.06.04 21:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2010.06.04 20:33:15 | 000,188,460 | ---- | C] (VGd1SN) -- C:\r6x5z5j9j5d3.exe
[2010.06.04 17:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.06.04 17:27:09 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.31 18:15:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenka\Local Settings\Data aplikací\GHISLER
[2010.05.31 18:14:16 | 000,000,000 | ---D | C] -- C:\totalcmd
[2010.05.31 18:14:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Application Data\GHISLER
[2010.05.31 16:13:43 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010.05.31 14:42:19 | 000,110,636 | ---- | C] (Apple Inc.) -- C:\c8t3r6p3k6e8.exe
[2010.05.25 20:12:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenka\Plocha\Informatika
[2010.05.21 17:50:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Application Data\QipGuard
[2010.05.21 17:49:40 | 000,000,000 | ---D | C] -- C:\QIP
[2010.05.20 17:50:52 | 000,215,000 | ---- | C] (Lipstream Networks, Inc.) -- C:\WINDOWS\System32\LpCom.dll
[2010.05.20 17:50:52 | 000,192,984 | ---- | C] (QUALCOMM, Inc.) -- C:\WINDOWS\System32\qpl.dll
[2010.05.20 17:50:52 | 000,075,224 | ---- | C] (Lipstream Networks, Inc.) -- C:\WINDOWS\System32\LPLips.ocx
[2010.05.20 17:34:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenka\Gadu-Gadu
[2010.05.18 23:03:23 | 000,266,240 | ---- | C] (QCyNw5cm) -- C:\p6yah2b9q9d1.exe
[2010.05.18 15:36:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010.05.18 15:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenka\Plocha\USB
[2010.05.13 17:52:46 | 000,098,348 | ---- | C] (I1TO) -- C:\p6z7h2b9q9d1.exe
[2010.05.08 08:37:07 | 000,253,996 | ---- | C] (Wc3gF8tqx) -- C:\4x8q2y6t2e6.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.06.04 22:28:21 | 000,806,912 | -H-- | M] () -- C:\Documents and Settings\Lenka\NTUSER.DAT
[2010.06.04 22:19:59 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lenka\Plocha\OTL.exe
[2010.06.04 22:10:30 | 000,188,460 | ---- | M] (VGd1SN) -- C:\r6x5z5j9j5d3.exe
[2010.06.04 22:09:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.04 22:07:55 | 000,000,180 | -HS- | M] () -- C:\Documents and Settings\Lenka\ntuser.ini
[2010.06.04 22:07:30 | 000,376,210 | -H-- | M] () -- C:\WINDOWS\ShellIconCache
[2010.06.04 21:56:00 | 000,006,488 | ---- | M] () -- C:\cc_20100604_215548.reg
[2010.06.04 21:16:51 | 000,002,820 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.06.04 21:11:09 | 000,142,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2010.06.03 11:50:17 | 000,110,636 | ---- | M] (Apple Inc.) -- C:\c8t3r6p3k6e8.exe
[2010.06.02 19:00:02 | 000,000,502 | ---- | M] () -- C:\WINDOWS\tasks\Optimalizovat spouštìní aplikace.job
[2010.06.02 15:52:54 | 002,904,413 | ---- | M] () -- C:\ffff.exe
[2010.06.02 14:53:38 | 000,102,400 | ---- | M] () -- C:\Documents and Settings\Lenka\Plocha\Tabulka telegrafního kódu.doc
[2010.06.01 09:04:45 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Lenka\Plocha\Základy práva.doc
[2010.05.21 17:50:04 | 000,000,418 | ---- | M] () -- C:\Documents and Settings\Lenka\Plocha\QIP 2005.lnk
[2010.05.20 16:48:32 | 000,098,348 | ---- | M] (I1TO) -- C:\p6z7h2b9q9d1.exe
[2010.05.18 23:06:17 | 000,266,240 | ---- | M] (QCyNw5cm) -- C:\p6yah2b9q9d1.exe
[2010.05.12 17:51:09 | 000,253,996 | ---- | M] (Wc3gF8tqx) -- C:\4x8q2y6t2e6.exe
[2010.05.06 20:03:17 | 000,180,268 | ---- | M] (Xe5EgbBqH) -- C:\m6u6o6o4w1w2.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.06.04 22:07:29 | 000,376,210 | -H-- | C] () -- C:\WINDOWS\ShellIconCache
[2010.06.04 21:55:58 | 000,006,488 | ---- | C] () -- C:\cc_20100604_215548.reg
[2010.06.04 21:11:09 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2010.06.02 15:47:38 | 002,904,413 | ---- | C] () -- C:\ffff.exe
[2010.06.02 14:37:50 | 000,102,400 | ---- | C] () -- C:\Documents and Settings\Lenka\Plocha\Tabulka telegrafního kódu.doc
[2010.05.31 18:14:17 | 000,000,545 | ---- | C] () -- C:\WINDOWS\UC.PIF
[2010.05.31 18:14:17 | 000,000,545 | ---- | C] () -- C:\WINDOWS\RAR.PIF
[2010.05.31 18:14:17 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKZIP.PIF
[2010.05.31 18:14:17 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKUNZIP.PIF
[2010.05.31 18:14:17 | 000,000,545 | ---- | C] () -- C:\WINDOWS\NOCLOSE.PIF
[2010.05.31 18:14:17 | 000,000,545 | ---- | C] () -- C:\WINDOWS\LHA.PIF
[2010.05.31 18:14:17 | 000,000,545 | ---- | C] () -- C:\WINDOWS\ARJ.PIF
[2010.05.21 17:50:04 | 000,000,418 | ---- | C] () -- C:\Documents and Settings\Lenka\Plocha\QIP 2005.lnk
[2010.02.16 18:39:42 | 000,000,400 | ---- | C] () -- C:\WINDOWS\T602.INI
[2009.07.02 10:32:59 | 000,001,035 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.07.01 20:21:14 | 000,000,127 | ---- | C] () -- C:\WINDOWS\_delis43.ini
[2009.07.01 19:27:01 | 000,303,354 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup_001.INI
[2009.07.01 18:48:11 | 000,012,327 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2009.07.01 18:48:11 | 000,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2009.07.01 18:48:11 | 000,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2009.07.01 18:48:11 | 000,000,865 | ---- | C] () -- C:\WINDOWS\DOSREP.INI
[2009.07.01 18:48:11 | 000,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2009.07.01 18:48:11 | 000,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2009.07.01 18:48:11 | 000,000,120 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009.07.01 18:48:11 | 000,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2009.07.01 18:48:11 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2009.07.01 18:48:11 | 000,000,028 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2009.07.01 18:48:11 | 000,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2009.07.01 18:48:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[2003.07.16 13:09:32 | 000,202,752 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2002.10.06 20:42:58 | 000,105,472 | ---- | C] () -- C:\WINDOWS\System32\oggds.dll
[2002.10.05 01:04:26 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002.10.05 01:04:26 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002.10.05 01:04:18 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002.05.17 22:18:30 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2000.03.20 01:00:00 | 000,176,400 | ---- | C] () -- C:\WINDOWS\System32\qcut.dll
[2000.03.20 01:00:00 | 000,033,552 | ---- | C] () -- C:\WINDOWS\System32\efsadu.dll
[2000.03.20 01:00:00 | 000,013,155 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
[2000.03.20 01:00:00 | 000,003,028 | ---- | C] () -- C:\WINDOWS\System32\faxperf.ini
[2000.03.20 01:00:00 | 000,000,023 | ---- | C] () -- C:\WINDOWS\welcome.ini
[1999.09.25 19:36:24 | 000,088,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcam.sys
[1999.09.25 19:36:22 | 000,017,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvsound.sys
[1999.05.05 23:22:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\MEMBG.DLL
[1999.05.05 23:22:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ICMFILTER.DLL
[1999.01.22 23:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010.06.02 19:00:02 | 000,000,502 | ---- | M] () -- C:\WINDOWS\Tasks\Optimalizovat spouštìní aplikace.job

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"internat.exe" = internat.exe -- [2000.03.20 01:00:00 | 000,020,752 | ---- | M] (Microsoft Corporation)
"QIP Internet Guardian" = C:\WINDOWS\Application Data\QipGuard\QipGuard.exe -- [2010.04.12 18:28:50 | 000,181,760 | ---- | M] ()

< c:\windows\*.* /U >
[1 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2010.05.12 17:51:09 | 000,253,996 | ---- | M] (Wc3gF8tqx) -- C:\4x8q2y6t2e6.exe
[2010.06.03 11:50:17 | 000,110,636 | ---- | M] (Apple Inc.) -- C:\c8t3r6p3k6e8.exe
[2010.06.02 15:52:54 | 002,904,413 | ---- | M] () -- C:\ffff.exe
[2010.05.06 20:03:17 | 000,180,268 | ---- | M] (Xe5EgbBqH) -- C:\m6u6o6o4w1w2.exe
[2010.05.18 23:06:17 | 000,266,240 | ---- | M] (QCyNw5cm) -- C:\p6yah2b9q9d1.exe
[2010.05.20 16:48:32 | 000,098,348 | ---- | M] (I1TO) -- C:\p6z7h2b9q9d1.exe
[2010.06.04 22:10:30 | 000,188,460 | ---- | M] (VGd1SN) -- C:\r6x5z5j9j5d3.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009.07.01 19:21:17 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\Adobe
[2009.07.03 20:17:15 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\Foxit
[2010.05.31 18:14:16 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\GHISLER
[2009.07.01 21:16:21 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\GRETECH
[2009.07.01 18:48:01 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\Identities
[2009.07.01 19:21:19 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\Macromedia
[2010.04.20 14:03:23 | 000,000,000 | --SD | M] -- C:\WINDOWS\Application Data\Microsoft
[2009.07.02 10:26:34 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\Microsoft Web Folders
[2009.07.01 19:49:43 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\Mozilla
[2010.04.23 19:00:46 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\MxBoost
[2010.04.20 18:16:17 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\PSpad
[2010.05.21 17:50:04 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\QipGuard
[2010.06.04 21:32:41 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\Spyware Terminator
[2010.01.26 18:49:40 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\Sun
[2009.07.23 18:04:54 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\Winamp
[2009.07.01 20:19:17 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\WinRAR

< %APPDATA%\*.exe /s >
[2010.04.12 18:28:50 | 000,181,760 | ---- | M] () -- C:\WINDOWS\Application Data\QipGuard\QipGuard.exe


< MD5 for: AGP440.SYS >
[1999.09.29 00:37:34 | 000,020,656 | ---- | M] (Microsoft Corporation) MD5=EF0B06C91C81FB3AF3D31CF9EA5B2591 -- C:\WINDOWS\SYSTEM32\DRIVERS\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2000.03.20 01:00:00 | 000,084,976 | ---- | M] (Microsoft Corporation) MD5=F4D5D4CC7B704608FC686D248981F461 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys

< MD5 for: CDROM.SYS >
[2000.03.20 01:00:00 | 000,027,376 | ---- | M] (Microsoft Corporation) MD5=43D40EE132E19C9101773D0EB4936B40 -- C:\WINDOWS\SYSTEM32\DRIVERS\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2000.03.20 01:00:00 | 000,063,248 | ---- | M] (Microsoft Corporation) MD5=2AD14BD5978593DCAD5030221EF33679 -- C:\WINDOWS\SYSTEM32\cryptsvc.dll
[2000.03.20 01:00:00 | 000,063,248 | ---- | M] (Microsoft Corporation) MD5=2AD14BD5978593DCAD5030221EF33679 -- C:\WINDOWS\SYSTEM32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2000.03.20 01:00:00 | 000,044,816 | ---- | M] (Microsoft Corporation) MD5=F8156F89260C46D7B953C9BE35E4C5E0 -- C:\WINDOWS\SYSTEM32\dllcache\eventlog.dll
[2000.03.20 01:00:00 | 000,044,816 | ---- | M] (Microsoft Corporation) MD5=F8156F89260C46D7B953C9BE35E4C5E0 -- C:\WINDOWS\SYSTEM32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2000.03.20 01:00:00 | 000,238,352 | ---- | M] (Microsoft Corporation) MD5=7239F54B7AA91553C38725F5B97C45C7 -- C:\WINDOWS\explorer.exe
[2000.03.20 01:00:00 | 000,238,352 | ---- | M] (Microsoft Corporation) MD5=7239F54B7AA91553C38725F5B97C45C7 -- C:\WINDOWS\SYSTEM32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2000.03.20 01:00:00 | 000,066,080 | ---- | M] (Microsoft Corporation) MD5=61C593FD115C8CFE6FE86C6E63EE5EF6 -- C:\WINDOWS\SYSTEM32\hal.dll

< MD5 for: ISAPNP.SYS >
[2000.03.20 01:00:00 | 000,046,736 | ---- | M] (Microsoft Corporation) MD5=9FCB5719CAEA062B12DFA388D12B0551 -- C:\WINDOWS\SYSTEM32\DRIVERS\isapnp.sys

< MD5 for: LSASS.EXE >
[2000.03.20 01:00:00 | 000,033,552 | ---- | M] (Microsoft Corporation) MD5=094FD9454DF468E39A42250093DA89BE -- C:\WINDOWS\SYSTEM32\dllcache\lsass.exe
[2000.03.20 01:00:00 | 000,033,552 | ---- | M] (Microsoft Corporation) MD5=094FD9454DF468E39A42250093DA89BE -- C:\WINDOWS\SYSTEM32\lsass.exe

< MD5 for: NDIS.SYS >
[2000.03.20 01:00:00 | 000,167,760 | ---- | M] (Microsoft Corporation) MD5=FBF289385E77176B5929975748ABD84B -- C:\WINDOWS\SYSTEM32\dllcache\ndis.sys
[2000.03.20 01:00:00 | 000,167,760 | ---- | M] (Microsoft Corporation) MD5=FBF289385E77176B5929975748ABD84B -- C:\WINDOWS\SYSTEM32\DRIVERS\ndis.sys

< MD5 for: NETLOGON.DLL >
[2000.03.20 01:00:00 | 000,356,112 | ---- | M] (Microsoft Corporation) MD5=13689FD40AC9D323BB6B71E78CE89709 -- C:\WINDOWS\SYSTEM32\dllcache\netlogon.dll
[2000.03.20 01:00:00 | 000,356,112 | ---- | M] (Microsoft Corporation) MD5=13689FD40AC9D323BB6B71E78CE89709 -- C:\WINDOWS\SYSTEM32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2000.03.20 01:00:00 | 000,110,352 | ---- | M] (Microsoft Corporation) MD5=D7213A69DF9B6790877DAE52D5F0B8E5 -- C:\WINDOWS\SYSTEM32\dllcache\scecli.dll
[2000.03.20 01:00:00 | 000,110,352 | ---- | M] (Microsoft Corporation) MD5=D7213A69DF9B6790877DAE52D5F0B8E5 -- C:\WINDOWS\SYSTEM32\scecli.dll

< MD5 for: SMSS.EXE >
[2000.03.20 01:00:00 | 000,045,328 | ---- | M] (Microsoft Corporation) MD5=3DFD01ED72186180317358C2FA741551 -- C:\WINDOWS\SYSTEM32\dllcache\smss.exe
[2000.03.20 01:00:00 | 000,045,328 | ---- | M] (Microsoft Corporation) MD5=3DFD01ED72186180317358C2FA741551 -- C:\WINDOWS\SYSTEM32\smss.exe

< MD5 for: SVCHOST.EXE >
[2000.03.20 01:00:00 | 000,007,952 | ---- | M] (Microsoft Corporation) MD5=9E64AD53CFD9DA2D22E8A924F8C6E62C -- C:\WINDOWS\SYSTEM32\dllcache\svchost.exe
[2000.03.20 01:00:00 | 000,007,952 | ---- | M] (Microsoft Corporation) MD5=9E64AD53CFD9DA2D22E8A924F8C6E62C -- C:\WINDOWS\SYSTEM32\svchost.exe

< MD5 for: TCPIP.SYS >
[2000.03.20 01:00:00 | 000,305,520 | ---- | M] (Microsoft Corporation) MD5=8072C7C242FB6D17FB61A01274F20217 -- C:\WINDOWS\SYSTEM32\dllcache\tcpip.sys
[2000.03.20 01:00:00 | 000,305,520 | ---- | M] (Microsoft Corporation) MD5=8072C7C242FB6D17FB61A01274F20217 -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys

< MD5 for: USERINIT.EXE >
[2000.03.20 01:00:00 | 000,017,168 | ---- | M] (Microsoft Corporation) MD5=457E9A31FE4FCEB6AE4DF4D957377A0A -- C:\WINDOWS\SYSTEM32\dllcache\userinit.exe
[2000.03.20 01:00:00 | 000,017,168 | ---- | M] (Microsoft Corporation) MD5=457E9A31FE4FCEB6AE4DF4D957377A0A -- C:\WINDOWS\SYSTEM32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2000.03.20 01:00:00 | 000,177,424 | ---- | M] (Microsoft Corporation) MD5=C92BD1022D04815F4D7A815E23F7267F -- C:\WINDOWS\SYSTEM32\dllcache\winlogon.exe
[2000.03.20 01:00:00 | 000,177,424 | ---- | M] (Microsoft Corporation) MD5=C92BD1022D04815F4D7A815E23F7267F -- C:\WINDOWS\SYSTEM32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2000.03.20 01:00:00 | 000,071,440 | ---- | M] (Microsoft Corporation) MD5=19A7D4674E582DA6EA87F9409B1C9567 -- C:\WINDOWS\SYSTEM32\dllcache\ws2_32.dll
[2000.03.20 01:00:00 | 000,071,440 | ---- | M] (Microsoft Corporation) MD5=19A7D4674E582DA6EA87F9409B1C9567 -- C:\WINDOWS\SYSTEM32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >
[2010.06.02 19:00:02 | 000,000,502 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\Tasks\Optimalizovat spouštìní aplikace.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009.07.01 19:21:48 | 000,081,920 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\default.sav
[2009.07.01 19:21:48 | 000,544,768 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\software.sav
[2009.07.01 19:21:46 | 000,360,448 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >

< %systemroot%\system32\drivers\*.sys /3 >
[2010.06.04 21:11:09 | 000,142,592 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\sp_rsdrv2.sys

< %systemroot%\system32\*.* /3 >
[2010.06.04 21:16:51 | 000,002,820 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG.NT
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >

EXTRAS

OTL Extras logfile created on: 4.6.2010 22:21:45 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Lenka\Plocha
Windows 2000 Professional Edition (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 5.00.2920.0000)
Locale: 00000405 | Country: Czech Republic | Language: csy | Date Format: d.M.yyyy

127,00 Mb Total Physical Memory | 29,00 Mb Available Physical Memory | 22,00% Memory free
303,00 Mb Paging File | 116,00 Mb Available in Paging File | 38,00% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 5,59 Gb Total Space | 2,38 Gb Free Space | 42,60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: W6O6E5
Current User Name: Lenka
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000405-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{6C28B15F-B09D-407E-BE92-AC928E1CE4E2}_is1" = Kodek 0.16 CZ
"{6F716DAC-398F-11D3-85E1-005004838609}" = WebFldrs
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard
"Defraggler" = Defraggler
"Foxit Reader" = Foxit Reader
"GOM Player" = GOM Player
"IrfanView" = IrfanView (remove only)
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Spyware Terminator_is1" = Spyware Terminator
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"WMP7" = Windows Media Player system update (9 Series)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP 2005" = QIP 2005 8095
"QipGuard" = QIP Internet Guardian

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4.6.2010 15:19:33 | Computer Name = W6O6E5 | Source = PerfNet | ID = 2002
Description = Nelze otevřít službu přesměrovače. Data o výkonu přesměrovače nejsou
k
dispozici.Vrácený chybový kód je v datech DWORD 0.

Error - 4.6.2010 15:19:34 | Computer Name = W6O6E5 | Source = WinMgmt | ID = 37
Description = Program WMI ADAP nemohl načíst knihovnu výkonu perfproc.dll z důvodu
neznámých potíží v rámci knihovny: 0x0

Error - 4.6.2010 15:19:34 | Computer Name = W6O6E5 | Source = rasctrs | ID = 2001
Description =

Error - 4.6.2010 15:19:34 | Computer Name = W6O6E5 | Source = WinMgmt | ID = 37
Description = Program WMI ADAP nemohl načíst knihovnu výkonu winspool.drv z důvodu
neznámých potíží v rámci knihovny: 0x0

Error - 4.6.2010 15:19:35 | Computer Name = W6O6E5 | Source = perfctrs | ID = 3101
Description = Ze zařízení NBT nelze číst informaci vstupně-výstupního řízení.

Error - 4.6.2010 15:27:11 | Computer Name = W6O6E5 | Source = PerfNet | ID = 2002
Description = Nelze otevřít službu přesměrovače. Data o výkonu přesměrovače nejsou
k
dispozici.Vrácený chybový kód je v datech DWORD 0.

Error - 4.6.2010 15:27:12 | Computer Name = W6O6E5 | Source = WinMgmt | ID = 37
Description = Program WMI ADAP nemohl načíst knihovnu výkonu perfproc.dll z důvodu
neznámých potíží v rámci knihovny: 0x0

Error - 4.6.2010 15:27:15 | Computer Name = W6O6E5 | Source = WinMgmt | ID = 37
Description = Program WMI ADAP nemohl načíst knihovnu výkonu winspool.drv z důvodu
neznámých potíží v rámci knihovny: 0x0

Error - 4.6.2010 15:27:15 | Computer Name = W6O6E5 | Source = perfctrs | ID = 3101
Description = Ze zařízení NBT nelze číst informaci vstupně-výstupního řízení.

Error - 4.6.2010 16:09:33 | Computer Name = W6O6E5 | Source = PerfNet | ID = 2002
Description = Nelze otevřít službu přesměrovače. Data o výkonu přesměrovače nejsou
k
dispozici.Vrácený chybový kód je v datech DWORD 0.

[ System Events ]
Error - 4.6.2010 15:21:37 | Computer Name = W6O6E5 | Source = Service Control Manager | ID = 7001
Description = Služba Správce vzdáleného přístupu závisí na službě Telefonní subsystém,
jejíž spuštění se nezdařilo z důvodu chyby: %%1077

Error - 4.6.2010 15:22:19 | Computer Name = W6O6E5 | Source = Service Control Manager | ID = 7001
Description = Služba Správce vzdáleného přístupu závisí na službě Telefonní subsystém,
jejíž spuštění se nezdařilo z důvodu chyby: %%1077

Error - 4.6.2010 15:23:05 | Computer Name = W6O6E5 | Source = Service Control Manager | ID = 7001
Description = Služba Správce vzdáleného přístupu závisí na službě Telefonní subsystém,
jejíž spuštění se nezdařilo z důvodu chyby: %%1077

Error - 4.6.2010 15:25:45 | Computer Name = W6O6E5 | Source = DCOM | ID = 10010
Description = Server {1BE1F766-5536-11D1-B726-00C04FB926AF} se v daném časovém limitu
neregistroval u služby DCOM.

Error - 4.6.2010 15:26:59 | Computer Name = W6O6E5 | Source = NetBT | ID = 4311
Description = Inicializace se nezdařila, protože ovladač zařízení nemohl být vytvořen.

Error - 4.6.2010 15:26:59 | Computer Name = W6O6E5 | Source = NetBT | ID = 4311
Description = Inicializace se nezdařila, protože ovladač zařízení nemohl být vytvořen.

Error - 4.6.2010 15:26:59 | Computer Name = W6O6E5 | Source = NetBT | ID = 4311
Description = Inicializace se nezdařila, protože ovladač zařízení nemohl být vytvořen.

Error - 4.6.2010 16:09:21 | Computer Name = W6O6E5 | Source = NetBT | ID = 4311
Description = Inicializace se nezdařila, protože ovladač zařízení nemohl být vytvořen.

Error - 4.6.2010 16:09:21 | Computer Name = W6O6E5 | Source = NetBT | ID = 4311
Description = Inicializace se nezdařila, protože ovladač zařízení nemohl být vytvořen.

Error - 4.6.2010 16:09:21 | Computer Name = W6O6E5 | Source = NetBT | ID = 4311
Description = Inicializace se nezdařila, protože ovladač zařízení nemohl být vytvořen.


< End of report >

[vyosek]

To jste dokazal sam nebo Vam nekdo s temi viry pomahal Uz na prvni pohled tam toho neni pomalo...
Bude to na dyl, dneska jdu uz ale spat, opravny skript bude zitra dopoledne...

[marek2600]

Dobře.. Díky moc.. No nevím

[vyosek]

Zatim nemate zac, hlavni boj nas jeste ceka...

[vyosek]

Urodilo se Vam tam toho opravdu hodne

Spustte znovu OTL

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  :otl
  PRC - [2010.04.28 20:51:44 | 000,442,368 | RHS- | M] (Sir5eBJgcOL) -- C:\WINDOWS\SYSTEM32\DRIVERS\Prcgd.exe
  PRC - [2010.04.13 15:34:56 | 000,208,896 | RHS- | M] (RBrx1o) -- C:\WINDOWS\SYSTEM32\xfgnp.exe
  PRC - [2010.04.12 18:28:50 | 000,181,760 | ---- | M] () -- C:\WINDOWS\Application Data\QipGuard\QipGuard.exe
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/?tbid=60076
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
  IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
  IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\WINDOWS\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
  FF - prefs.js..browser.search.defaultenginename: "QIP Search"
  FF - prefs.js..browser.search.order.1: "Crawler Search"
  FF - prefs.js..browser.search.selectedEngine: "QIP Search"
  FF - prefs.js..keyword.URL: "http://search.qip.ru/search?from=FF&query="
  [2010.06.04 22:10:40 | 000,002,062 | ---- | M] () -- C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\tjr6balr.default\searchplugins\qip-search.xml
  O4 - HKCU..\Run: [QIP Internet Guardian] C:\WINDOWS\Application Data\QipGuard\QipGuard.exe ()
  O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
  O16 - DPF: Internet Explorer Classes for Java file://C:\WINDOWS\SYSTEM\iejava.cab (Reg Error: Key error.)
  O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
  O18 - Protocol\Filter\Class Install Handler - No CLSID value found
  O18 - Protocol\Filter\deflate - No CLSID value found
  O18 - Protocol\Filter\gzip - No CLSID value found
  O18 - Protocol\Filter\lzdhtml - No CLSID value found
  O18 - Protocol\Filter\text/webviewhtml - No CLSID value found
  O20 - HKLM Winlogon: Shell - (%windir%\system32\drivers\Prgds.exe) - C:\WINDOWS\System32\drivers\Prgds.exe File not found
  [2010.06.04 20:33:15 | 000,188,460 | ---- | C] (VGd1SN) -- C:\r6x5z5j9j5d3.exe
  [2010.05.31 14:42:19 | 000,110,636 | ---- | C] (Apple Inc.) -- C:\c8t3r6p3k6e8.exe
  [2010.05.18 23:03:23 | 000,266,240 | ---- | C] (QCyNw5cm) -- C:\p6yah2b9q9d1.exe
  [2010.05.13 17:52:46 | 000,098,348 | ---- | C] (I1TO) -- C:\p6z7h2b9q9d1.exe
  [2010.05.08 08:37:07 | 000,253,996 | ---- | C] (Wc3gF8tqx) -- C:\4x8q2y6t2e6.exe
  [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
  [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
  [2010.05.06 20:03:17 | 000,180,268 | ---- | M] (Xe5EgbBqH) -- C:\m6u6o6o4w1w2.exe
  [2010.06.02 15:47:38 | 002,904,413 | ---- | C] () -- C:\ffff.exe
  [2010.06.02 19:00:02 | 000,000,502 | ---- | M] () -- C:\WINDOWS\Tasks\Optimalizovat spouštìní aplikace.job
  
  :files
  C:\WINDOWS\SYSTEM32\DRIVERS\Prcgd.exe
  C:\WINDOWS\SYSTEM32\xfgnp.exe
  C:\WINDOWS\Application Data\QipGuard\
  C:\c8t3r6p3k6e8.exe
  C:\r6x5z5j9j5d3.exe
  
  :reg
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "QIP Internet Guardian"=-
  
  :commands
  [EMPTYTEMP]
  [EMPTYFLASH]
  [CLEARALLRESTOREPOINTS]
  [CREATERESTOREPOINT]

• Nasledne kliknete na Opravit
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[marek2600]

All processes killed
========== OTL ==========
Process Prcgd.exe killed successfully!
No active process named xfgnp.exe was found!
No active process named QipGuard.exe was found!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ not found.
File C:\Program Files\Crawler\ctbr.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
C:\WINDOWS\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll moved successfully.
Prefs.js: "QIP Search" removed from browser.search.defaultenginename
Prefs.js: "Crawler Search" removed from browser.search.order.1
Prefs.js: "QIP Search" removed from browser.search.selectedEngine
Prefs.js: "http://search.qip.ru/search?from=FF&query=" removed from keyword.URL
C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\tjr6balr.default\searchplugins\qip-search.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\QIP Internet Guardian deleted successfully.
C:\WINDOWS\Application Data\QipGuard\QipGuard.exe moved successfully.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File et Explorer Classes for Java file://C:\WINDOWS\SYSTEM\iejava.cab not found.
Starting removal of ActiveX control Internet Explorer Classes for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Internet Explorer Classes for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Internet Explorer Classes for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Internet Explorer Classes for Java\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ deleted successfully.
File Protocol\Filter\Class Install Handler - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:%windir%\system32\drivers\Prgds.exe deleted successfully.
C:\r6x5z5j9j5d3.exe moved successfully.
C:\c8t3r6p3k6e8.exe moved successfully.
C:\p6yah2b9q9d1.exe moved successfully.
C:\p6z7h2b9q9d1.exe moved successfully.
C:\4x8q2y6t2e6.exe moved successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\SET38.tmp deleted successfully.
C:\m6u6o6o4w1w2.exe moved successfully.
C:\ffff.exe moved successfully.
C:\WINDOWS\Tasks\Optimalizovat spouštìní aplikace.job moved successfully.
========== FILES ==========
C:\WINDOWS\SYSTEM32\DRIVERS\Prcgd.exe moved successfully.
C:\WINDOWS\SYSTEM32\xfgnp.exe moved successfully.
C:\WINDOWS\Application Data\QipGuard folder moved successfully.
File\Folder C:\c8t3r6p3k6e8.exe not found.
File\Folder C:\r6x5z5j9j5d3.exe not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\QIP Internet Guardian not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33219 bytes

User: Lenka
->Temp folder emptied: 5601650 bytes
->Temporary Internet Files folder emptied: 1319758 bytes
->FireFox cache emptied: 41161893 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
Session Manager Temp folder emptied: 0 bytes
Session Manager Tmp folder emptied: 0 bytes
RecycleBin emptied: shell32.dll unable to determine bytes removed.

Total Files Cleaned = 46,00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: Lenka

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.5.3 log created on 06052010_073639

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[vyosek]

Dobre rano,
tak viditelna havet by byla pryc Ale jeste udelame pro jistotu test na rootkity...

Odinstalujte vsechny emulatory virtualnich jednotek (Deamon Tools, Alcohol 120%, PowerISO apod)

Stahnete SPTD http://www.duplexsecure.com/en/downloads

• Vyberte z uvedene stranky verzi dle sveho operacniho systemu (32(x86)bit ci 64(x64)bit)
• Ulozte na plochu a spustte
• Zvolte moznost Uninstall a restartujte PC

Stahnete Defogger http://www.jpshortstuff.247fixes.com/Defogger.exe

• Ulozte na plochu a spustte
• Kliknete na Disable a restartujte PC

Stahnete MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

• Vyskoci na Vas okenko, do ktereho zkopirujte text nize

• Kód: Vybrat vše

  "%userprofile%\plocha\mbr" -t

• Kliknete na OK
• Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte

Dejte log z Gmer - viz muj podpis

[marek2600]

MBR
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS SbFw.sys
kernel: MBR read successfully
user & kernel MBR OK

1 log
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-06-05 09:04:35
Windows 5.0.2195 Service Pack 4
Running: gmer.exe; Driver: C:\DOCUME~1\Lenka\LOCALS~1\Temp\uftdqpow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)

---- EOF - GMER 1.0.15 ----

2 log
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-05 09:13:19
Windows 5.0.2195 Service Pack 4
Running: gmer.exe; Driver: C:\DOCUME~1\Lenka\LOCALS~1\Temp\uftdqpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwClose [0xBFC2A160]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateFile [0xBFC29868]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateKey [0xBFC26320]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcess [0xBFC28E90]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateThread [0xBFC293FC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteFile [0xBFC2A210]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteKey [0xBFC26786]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteValueKey [0xBFC26846]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwLoadDriver [0xF053201C]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwMapViewOfSection [0xF0532168]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenFile [0xBFC29B54]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenKey [0xBFC265CA]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwResumeThread [0xBFC294EC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetInformationFile [0xBFC29E8C]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetValueKey [0xBFC269BC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwWriteFile [0xBFC29DE0]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)

---- EOF - GMER 1.0.15 ----

[vyosek]

Takze testy dopadly vyborne, jak se chova PC
TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u yahoo toolbaru
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni
V uvodnim logu nebyl antivir ani firewall - oboji doinstalujte - osobne Vam doporucuji kombinaci Avast+ZoneAlarm. Prehled antiviru mate ZDE a firewallu TADY.
Vloze novy log z RSITu

[marek2600]

Ted nebudu per dni u toho notebooku.. Ale moc díky za skvělou pomoc !!

[vyosek]

Ja si myslel ze to neni vas ntb, ale kamaradky\pritelkyne Lenky Myslite ze ona by mnou popsane kroky nezvladla Zbyva uz jen udelat tohle = uklid a je hotovo, tedy pokud nejsou problemy

Nemate zac, od toho jsme tady

[marek2600]

Přesně tak přítelkyně, ovšem jsme oba teď pryč, tak snad by to zvládla třeba zítra až bude doma:) napíše zatím díky moc

[vyosek]

OK v pohode...Kdyby necemu nerozumela at se zepta - vysvetlim...