Prosím o preventivní kontrolu

Zpráva

pajik999 · #1 Příspěvek od **pajik999** » 02 srp 2010 21:56

Díky za preventivku

Logfile of random's system information tool 1.07 (written by random/random)
Run by Pavel at 2010-08-02 22:52:17
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 6 GB (8%) free of 76 GB
Total RAM: 766 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:52:34, on 2.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Seznam.cz\postak.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Pavel\Plocha\Download\RSIT(2).exe
C:\Program Files\trend micro\Pavel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2462d2d8-b36e-44ab-84bf-c5a9383d2429} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.2.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Update Service (gupdate1c9f761c4738244) (gupdate1c9f761c4738244) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe

--
End of file - 5743 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-15 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\core.2.dll [2010-03-01 1107608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-01-29 949376]
"COMODO Internet Security"=C:\Program Files\Comodo\COMODO Internet Security\cfp.exe [2010-01-28 1800464]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Seznam Postak"=C:\Program Files\Seznam.cz\postak.exe [2010-03-01 451224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2007-12-29 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-06-12 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nexus Radio]
C:\Program Files\Nexus Radio\Nexus Radio.exe -0 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime Alternative\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rapget]
C:\Documents and Settings\Pavel\Plocha\Download\Programy\rapget140\rapget.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2007-02-26 16125440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\WINDOWS\sm56hlpr.exe [2006-01-20 544768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Pinnacle Streaming Server.lnk]
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\STRMSE~1\STRMSE~1.EXE [2008-03-25 603408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pavel^Nabídka Start^Programy^Po spuštění^Secunia PSI.lnk]
C:\PROGRA~1\Secunia\PSI\psi.exe [2010-07-07 965176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-04 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-04-04 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\TrackMania Sunrise\TmSunrise.exe"="C:\Program Files\TrackMania Sunrise\TmSunrise.exe:*:Enabled:TmSunrise"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe"="C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe:LocalSubNet:Enabled:Pinnacle Streaming Server"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23b3c372-9360-11df-baa5-00c0a8b7c673}]
shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a07fc7e-3367-11df-b9ff-00c0a8b7c673}]
shell\AutoRun\command - G:\wdsync.exe

======List of files/folders created in the last 1 months======

2010-08-02 22:32:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-07-20 19:42:20 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Data Fax Modem.txt
2010-07-19 20:08:24 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2010-07-19 20:08:08 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Telefónica Móviles
2010-07-19 20:06:25 ----D---- C:\Program Files\O2
2010-07-15 21:45:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2010-07-15 21:44:32 ----A---- C:\WINDOWS\system32\javaws.exe
2010-07-15 21:44:32 ----A---- C:\WINDOWS\system32\javaw.exe
2010-07-15 21:44:32 ----A---- C:\WINDOWS\system32\java.exe
2010-07-15 21:44:32 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-07-15 21:24:07 ----D---- C:\Program Files\Secunia
2010-07-06 22:32:29 ----D---- C:\Documents and Settings\Pavel\Data aplikací\VitySoft
2010-07-04 23:19:15 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2010-07-04 23:19:13 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2010-07-04 23:19:13 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2010-07-04 23:19:11 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2010-07-04 23:19:05 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2010-07-04 23:19:00 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2010-07-04 23:19:00 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2010-07-04 23:18:57 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2010-07-04 23:18:56 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2010-07-04 23:18:56 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2010-07-04 23:18:53 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2010-07-04 23:18:53 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2010-07-04 23:18:50 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2010-07-04 23:18:46 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2010-07-04 23:18:42 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2010-07-04 23:18:38 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2010-07-04 23:18:38 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2010-07-04 23:18:33 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2010-07-04 23:18:33 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2010-07-04 23:18:32 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2010-07-04 23:18:31 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2010-07-04 23:18:31 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2010-07-04 23:18:31 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2010-07-04 23:18:30 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2010-07-04 23:18:30 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2010-07-04 23:18:29 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2010-07-04 23:18:29 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2010-07-04 23:18:28 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2010-07-04 23:18:28 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2010-07-04 23:18:17 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2010-07-04 23:18:16 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2010-07-04 23:18:16 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2010-07-04 23:18:15 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2010-07-04 23:18:15 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2010-07-04 23:18:14 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2010-07-04 23:18:14 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2010-07-04 23:18:13 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2010-07-04 23:14:10 ----D---- C:\Program Files\Break For Games
2010-07-03 21:39:03 ----D---- C:\Program Files\Common Files\Skype

======List of files/folders modified in the last 1 months======

2010-08-02 22:52:23 ----D---- C:\WINDOWS\Prefetch
2010-08-02 22:52:22 ----D---- C:\Program Files\trend micro
2010-08-02 22:52:20 ----D---- C:\WINDOWS\Temp
2010-08-02 22:42:36 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-02 22:42:34 ----D---- C:\WINDOWS
2010-08-02 22:42:16 ----D---- C:\WINDOWS\system32
2010-08-02 22:41:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-02 22:32:29 ----HD---- C:\WINDOWS\inf
2010-08-02 22:32:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-02 20:54:19 ----D---- C:\WINDOWS\system32\CatRoot
2010-08-02 20:52:40 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-01 22:00:21 ----D---- C:\Documents and Settings\Pavel\Data aplikací\ICQ
2010-08-01 20:09:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-01 19:43:02 ----D---- C:\WINDOWS\system32\config
2010-07-29 20:46:38 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Media Player Classic
2010-07-27 23:31:06 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Skype
2010-07-27 21:22:25 ----D---- C:\Documents and Settings\Pavel\Data aplikací\skypePM
2010-07-27 21:00:35 ----D---- C:\Program Files\Microsoft Bootvis
2010-07-27 08:30:31 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-26 19:38:19 ----D---- C:\Program Files\SUPERAntiSpyware
2010-07-24 22:42:32 ----D---- C:\Program Files\Mozilla Firefox
2010-07-20 19:47:10 ----RASH---- C:\boot.ini
2010-07-20 19:47:10 ----A---- C:\WINDOWS\win.ini
2010-07-20 19:47:10 ----A---- C:\WINDOWS\system.ini
2010-07-19 21:34:22 ----A---- C:\WINDOWS\NeroDigital.ini
2010-07-19 21:22:28 ----D---- C:\WINDOWS\pss
2010-07-19 20:07:03 ----D---- C:\WINDOWS\system32\drivers
2010-07-19 20:06:25 ----RD---- C:\Program Files
2010-07-15 21:49:00 ----SHD---- C:\WINDOWS\Installer
2010-07-15 21:48:34 ----D---- C:\Program Files\Opera
2010-07-15 21:44:58 ----D---- C:\Program Files\Common Files\Java
2010-07-14 20:42:10 ----D---- C:\WINDOWS\Debug
2010-07-14 20:06:13 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-07-04 23:19:17 ----D---- C:\WINDOWS\system32\DirectX
2010-07-04 23:18:27 ----RSD---- C:\WINDOWS\assembly
2010-07-04 23:18:19 ----D---- C:\WINDOWS\Microsoft.NET
2010-07-03 21:39:03 ----RD---- C:\Program Files\Skype
2010-07-03 21:39:03 ----D---- C:\Program Files\Common Files
2010-07-03 21:38:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-05-10 43008]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-02-02 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2010-01-28 25160]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-01-29 15424]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 tidnet;TID NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\tidnet.sys [2009-09-15 19200]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 ACEDRV07;ACEDRV07; \??\C:\WINDOWS\system32\drivers\ACEDRV07.sys []
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-01-29 512096]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-05-05 463168]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-04-04 1536000]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-01 4484608]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 pfc;PADUS ASPI SHELL; C:\WINDOWS\system32\drivers\pfc.sys [2002-06-13 14604]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-09-30 78720]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-01-20 862340]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys []
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter; \??\C:\WINDOWS\system32\drivers\AWRTRD.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 au93z6a7;au93z6a7; C:\WINDOWS\system32\drivers\au93z6a7.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\WINDOWS\system32\DRIVERS\ewdcsc.sys [2009-12-15 24448]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-12-15 102528]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys [2009-12-15 100736]
S3 Ltn_stk7070P;PCTV based TV tuner device; C:\WINDOWS\system32\DRIVERS\Ltn_stk7070P.sys [2007-06-14 466048]
S3 Ltn_stkrc;PCTV Infrared Receiver; C:\WINDOWS\system32\DRIVERS\Ltn_stkrc.sys [2007-06-13 13440]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 Nbdrv;NetBalancer Service; C:\WINDOWS\system32\DRIVERS\nbdrv.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2010-07-07 14904]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 Ser2pl;MAT Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-04-04 405504]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe [2010-01-28 723632]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-15 153376]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-01-29 552064]
R2 O2Flash;O2Micro Flash Memory; C:\WINDOWS\system32\o2flash.exe [2005-01-27 36864]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate1c9f761c4738244;Google Update Service (gupdate1c9f761c4738244); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-27 133104]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 03 srp 2010 09:31

Zdravim a pekne dopoledne preji

Tohle nebude jen preventivka, cosi tam videt je

Odinstalujte Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam. Mate SuperAntiSpyware coz je kvalitni scener.

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
Spustte a kliknete na Deletion
Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

Stahnete OTM (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

Kód: Vybrat vše

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nexus Radio]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\Program Files\Lavasoft\Ad-Aware

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]

Kliknete na cervene tlacitko MoveIt!
Sem pote dejte obsah okna Results (pod zelenou carou)
Pokud budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles

pajik999 · #3 Příspěvek od **pajik999** » 03 srp 2010 19:50

Takže

Spyboot nepoužívám a nemám v PC...alespoň si myslim

Log UsbFix :
############################## | UsbFix 7.019 | [Deletion]

User: Pavel (Administrator) # NOTEWORKGROUP [ ]
Updated 03/08/10 by El Desaparecido / C_XX
Started at 20:17:33 | 03/08/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: Mobile AMD Sempron(tm) Processor 3200+
Microsoft Windows XP Home Edition (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Windows Firewall: Enabled
Antivirus: Eset NOD32 Antivirus 2.70 2.70 [Enabled | Updated]
Firewall: COMODO Firewall 3.9 [Enabled]
RAM -> 766 Mb
C:\ (%systemdrive%) -> Fixed drive # 75 Gb (6 Mb free - 8%) [] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Removable drive # 7 Gb (3 Mb free - 37%) [FLASHPEN] # FAT32

################## | Files # Infected Folders |

Deleted ! G:\HiJackThis.exe

################## | Registry |

################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{23b3c372-9360-11df-baa5-00c0a8b7c673}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{2a07fc7e-3367-11df-b9ff-00c0a8b7c673}

################## | Listing |

[14/05/2008 - 22:16:15 | D ] C:\!UnRARed
[09/12/2009 - 20:25:02 | A | 77848] C:\aaw7boot.log
[29/01/2008 - 23:15:26 | D ] C:\AddOn
[29/01/2008 - 23:09:23 | A | 0] C:\AUTOEXEC.BAT
[20/07/2010 - 19:47:10 | RASH | 210] C:\boot.ini
[30/01/2008 - 10:22:32 | A | 211] C:\boot.ini.comodofirewall
[18/08/2004 - 14:00:00 | RASH | 4952] C:\Bootfont.bin
[13/01/2010 - 21:05:18 | D ] C:\CM60S
[29/01/2008 - 23:09:23 | A | 0] C:\CONFIG.SYS
[30/06/2010 - 19:32:09 | D ] C:\Documents and Settings
[20/08/2008 - 21:19:43 | A | 733978624] C:\dum p2.avi
[20/03/2009 - 23:34:27 | D ] C:\e748c19962ce66d544c6d931dcebe722
[30/01/2008 - 00:20:11 | A | 1352] C:\FSC-DeskUpdate.txt
[30/01/2008 - 00:11:25 | D ] C:\fsc.tmp
[03/08/2010 - 20:06:36 | ASH | 803319808] C:\hiberfil.sys
[29/01/2008 - 23:09:23 | RASH | 0] C:\IO.SYS
[29/01/2008 - 23:09:23 | RASH | 0] C:\MSDOS.SYS
[10/02/2008 - 22:17:43 | RHD ] C:\MSOCache
[18/08/2004 - 14:00:00 | RASH | 47564] C:\NTDETECT.COM
[13/05/2008 - 23:21:36 | RASH | 250576] C:\ntldr
[03/08/2010 - 20:06:34 | ASH | 1409286144] C:\pagefile.sys
[19/07/2010 - 20:06:25 | RD ] C:\Program Files
[12/06/2009 - 22:21:29 | AH | 10] C:\qerzun.pkr
[03/08/2010 - 20:21:31 | SHD ] C:\RECYCLER
[30/01/2008 - 00:18:37 | A | 440] C:\RHDSetup.log
[18/09/2009 - 21:48:05 | D ] C:\rsit
[29/01/2008 - 23:19:23 | SHD ] C:\System Volume Information
[12/03/2008 - 22:41:28 | D ] C:\totalcmd
[12/02/2009 - 18:18:08 | H | 92085] C:\treeinfo.wc
[03/08/2010 - 20:21:31 | D ] C:\UsbFix
[03/08/2010 - 20:21:31 | A | 888] C:\UsbFix.txt
[09/10/2008 - 19:44:30 | D ] C:\VAG-COM-USB
[03/08/2010 - 20:11:58 | D ] C:\WINDOWS
[13/01/2010 - 10:15:10 | D ] G:\My
[13/01/2010 - 10:23:12 | D ] G:\Prodeje LINDE 7-9_2007
[13/01/2010 - 10:23:12 | D ] G:\Prodeje LINDE 10-12_2007
[13/01/2010 - 10:23:12 | D ] G:\Statistiky
[13/01/2010 - 10:23:24 | D ] G:\Prodeje 2008
[13/01/2010 - 10:23:28 | D ] G:\Prodeje 2009
[08/12/2008 - 08:57:08 | A | 69120] G:\inventura 1.12.2008.xls
[13/01/2010 - 10:24:18 | D ] G:\Provize
[13/01/2010 - 10:24:20 | D ] G:\Prodeje
[13/01/2010 - 10:24:26 | D ] G:\MS Office 2002
[13/01/2010 - 10:27:30 | D ] G:\PO
[11/01/2010 - 10:12:16 | A | 684] G:\nové ceny_MAX.rtf
[11/01/2010 - 10:36:28 | A | 919] G:\prodej2009.rtf
[20/05/2009 - 10:49:12 | A | 2926] G:\analýza lahví.rtf
[22/09/2009 - 09:21:44 | A | 26757] G:\Cenik.pdf
[13/01/2010 - 10:27:32 | D ] G:\Inventura_2009_HSH
[20/03/2009 - 11:52:28 | A | 105528] G:\zivnost.list.tif
[09/04/2009 - 05:07:48 | A | 2954301] G:\Dokument.rtf
[09/07/2009 - 09:29:12 | A | 816] G:\CEDULE.rtf
[01/07/2009 - 12:19:36 | A | 846] G:\ADR.rtf
[03/04/2009 - 07:13:10 | A | 7861626] G:\exáče.rtf
[08/01/2010 - 12:37:30 | A | 1139] G:\stav skladu dráty.rtf
[06/01/2010 - 12:07:46 | A | 309248] G:\F1607_14_2009.01a.doc
[14/04/2009 - 12:42:08 | A | 44032] G:\Přepočtová tabulka.xls
[02/07/2009 - 13:57:12 | A | 5611520] G:\ceník SVT7.xls
[13/01/2010 - 10:29:42 | D ] G:\Bezp.listy
[05/01/2010 - 10:40:48 | A | 396800] G:\F1607_14_2009.01.doc
[26/03/2009 - 13:47:14 | A | 104448] G:\Ceník HSH.doc
[10/03/2009 - 07:22:02 | A | 5137408] G:\ceník SVT1.xls
[20/01/2009 - 07:31:38 | A | 2194432] G:\ceník SVT.xls
[26/06/2007 - 10:37:12 | A | 3124736] G:\.xlt[1]
[25/11/2009 - 08:43:54 | A | 186368] G:\návrh F1202-14-A_ 2009.01.doc
[13/01/2010 - 10:29:46 | D ] G:\CCleaner
[18/05/2010 - 09:05:08 | D ] G:\Doklady HSH
[13/01/2010 - 10:31:44 | RD ] G:\Obrázky
[05/01/2010 - 15:11:06 | A | 6544] G:\hijackthis.log
[05/05/2010 - 20:31:52 | D ] G:\sk
[06/05/2010 - 15:47:48 | D ] G:\Nová složka
[18/05/2010 - 08:55:14 | A | 76994] G:\SKMBT_42010042608320.pdf
[27/04/2010 - 11:10:42 | A | 77824] G:\LINDE1 orfert A[1]code.xls
[18/05/2010 - 08:53:42 | A | 17408] G:\LINDE1 orfert A.xls
[06/06/2010 - 14:21:14 | A | 3362] G:\Ježek skladatel.rtf
[10/07/2010 - 18:36:10 | D ] G:\Call of J
[13/01/2010 - 10:24:20 | D ] G:\LINDE

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
G:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_NOTEWORKGROUP.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution.

################## | E.O.F |

Log OTM :

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nexus Radio\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk\ deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\002778_.tmp moved successfully.
C:\WINDOWS\SET21.tmp moved successfully.
C:\WINDOWS\SET22.tmp moved successfully.
C:\WINDOWS\SET23.tmp moved successfully.
C:\WINDOWS\SET24.tmp moved successfully.
C:\WINDOWS\SET25.tmp moved successfully.
C:\WINDOWS\SET26.tmp moved successfully.
C:\WINDOWS\SET27.tmp moved successfully.
C:\WINDOWS\SET28.tmp moved successfully.
C:\WINDOWS\SET29.tmp moved successfully.
C:\WINDOWS\SET2A.tmp moved successfully.
C:\WINDOWS\SET2B.tmp moved successfully.
C:\WINDOWS\SET2C.tmp moved successfully.
C:\WINDOWS\SET2D.tmp moved successfully.
C:\WINDOWS\SET2E.tmp moved successfully.
C:\WINDOWS\SET2F.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET30.tmp moved successfully.
C:\WINDOWS\SET31.tmp moved successfully.
C:\WINDOWS\SET32.tmp moved successfully.
C:\WINDOWS\SET33.tmp moved successfully.
C:\WINDOWS\SET34.tmp moved successfully.
C:\WINDOWS\SET35.tmp moved successfully.
C:\WINDOWS\SET36.tmp moved successfully.
C:\WINDOWS\SET37.tmp moved successfully.
C:\WINDOWS\SET38.tmp moved successfully.
C:\WINDOWS\SET39.tmp moved successfully.
C:\WINDOWS\SET3A.tmp moved successfully.
C:\WINDOWS\SET3B.tmp moved successfully.
C:\WINDOWS\SET3C.tmp moved successfully.
C:\WINDOWS\SET3D.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP257.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2BB.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP336.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP33C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP39D.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3C4.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3DA.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP404.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP57.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6B4.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E6.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9EF.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPED2.tmp folder moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\system32\Com\COM3A3.tmp moved successfully.
File/Folder C:\Program Files\Lavasoft\Ad-Aware not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 184978 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: JooFoo

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33668 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Pavel
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65737 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 36283502 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 325167 bytes

%systemdrive% .tmp files removed: 406151230 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33661 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 423,00 mb

Restore points cleared and new OTM Restore Point set!

OTM by OldTimer - Version 3.1.15.0 log created on 08032010_202738

noda jsem dal jen demo,jestli je tam ještě něco

,prosím nevím o tom
Jinak dík . Pavel

#4 Příspěvek od **vyosek** » 04 srp 2010 19:22

Jen Vas upozornim, ze pokud se zde opet objevi Vas log s nelegalnim zabezpecim, je velmi pravdepodobne, ze Vam bude pomoc ci rada odmitnuta

Takze zvazte spise free reseni v podobe Avastu ci Aviry

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

Provedte aktualizaci - treti zalozka
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

pajik999 · #5 Příspěvek od **pajik999** » 04 srp 2010 21:11

vyosek píše: Jen Vas upozornim, ze pokud se zde opet objevi Vas log s nelegalnim zabezpecim, je velmi pravdepodobne, ze Vam bude pomoc ci rada odmitnuta Takze zvazte spise free reseni v podobe Avastu ci Aviry

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)
Provedte aktualizaci - treti zalozka

Provedte uplny sken - nic nemazte

MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

.......

Prosím o radu zda lze z mých logů poznat nějaký nelegální soft.Noťas jsem kupoval z druhé ruky s některými naistalovanými programy od kamaráda.

Jinak vkládám log z MBAM :

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Verze databáze: 4390

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4.8.2010 21:56:52
mbam-log-2010-08-04 (21-56-52).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 204467
Uplynulý čas: 56 minuta(y), 48 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Documents and Settings\Pavel\Plocha\Download\Rapget.RS_Public_v1.0.4.0_cz\Phoenix_12_FiNAL\Phx_data\Res\EmuCfg.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Pavel\Plocha\Download\Rapget.RS_Public_v1.0.4.0_cz\Phoenix_12_FiNAL\Phx_data\Res\GCFMgr.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Pavel\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.

...
Dík.

#6 Příspěvek od **vyosek** » 04 srp 2010 21:24

Vse co nasel MBAM smazte

Stahnete na plochu CKScanner

Spustte a kliknete na Search for files
Po dokonceni skenu kliknete na Save List to File a nasledne OK
Na plose se Vam vytvori log s nazvem ckfiles.txt, jeho obsah mi sem vlozte

Cracknuty programy moc poznat nejdou, ovsem cracknute antiviry vetsinou ano - ovsem jak si necham pro sebe, abyste sem neprisel a ony "poznavadla" nebyly smazane

pajik999 · #7 Příspěvek od **pajik999** » 04 srp 2010 21:43

vyosek píše: Vse co nasel MBAM smazte

Stahnete na plochu CKScanner
Spustte a kliknete na Search for files

Po dokonceni skenu kliknete na Save List to File a nasledne OK

Na plose se Vam vytvori log s nazvem ckfiles.txt, jeho obsah mi sem vlozte

Cracknuty programy moc poznat nejdou, ovsem cracknute antiviry vetsinou ano - ovsem jak si necham pro sebe, abyste sem neprisel a ony "poznavadla" nebyly smazane

Zde je log z CKSCANERU :
CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\pavel\plocha\download\gta\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r.neo-repack\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r.neo-repack\fed0r.neo-repack.nfo
c:\documents and settings\pavel\plocha\download\gta\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r.neo-repack\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r.neo-repack\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r.neo-repack.rar
c:\documents and settings\pavel\plocha\download\gta\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r.neo-repack\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r.neo-repack\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r.nfo
c:\documents and settings\pavel\plocha\download\gta\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r.neo-repack\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r.neo-repack\launchgtaiv.exe
c:\documents and settings\pavel\plocha\download\gta\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r.neo-repack\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r.neo-repack\paul.dll
c:\documents and settings\pavel\plocha\download\gta\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r.neo-repack\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r.neo-repack\offlineactivation\lang.ini
c:\documents and settings\pavel\plocha\download\gta\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r.neo-repack\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r.neo-repack\offlineactivation\offlineactivation.exe
c:\documents and settings\pavel\plocha\download\gta\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r.neo-repack\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r.neo-repack\offlineactivation\paul.dll
c:\documents and settings\pavel\plocha\download\hry\masrepiece_fishing2.3.21\masrepiece_fishing2.3.21\masrepiece.fishing2_v3.21\masrepiece.fishing2_v3.21\crack\crack.exe
c:\documents and settings\pavel\plocha\download\total_video_converter_3.50_with_crack_by_11lucifer111\thumbs.db
c:\documents and settings\pavel\plocha\download\total_video_converter_3.50_with_crack_by_11lucifer111\total video converter v3.50 setup.exe
c:\documents and settings\pavel\plocha\download\total_video_converter_3.50_with_crack_by_11lucifer111\crack\11lc111.nfo
c:\documents and settings\pavel\plocha\download\total_video_converter_3.50_with_crack_by_11lucifer111\crack\návod.txt
c:\documents and settings\pavel\plocha\download\total_video_converter_3.50_with_crack_by_11lucifer111\crack\readme.txt
c:\documents and settings\pavel\plocha\download\total_video_converter_3.50_with_crack_by_11lucifer111\crack\thumbs.db
c:\documents and settings\pavel\plocha\download\total_video_converter_3.50_with_crack_by_11lucifer111\crack\tvc.exe
c:\documents and settings\pavel\plocha\download\videore\videore\videoredo tvsuite v3.1.4.551\videoredo.tvsuite.v3.1.4.551.cracked-resurrection\resurrection.nfo
c:\documents and settings\pavel\plocha\download\videore\videore\videoredo tvsuite v3.1.4.551\videoredo.tvsuite.v3.1.4.551.cracked-resurrection\videoredotvs-3-1-4-551.exe
c:\documents and settings\pavel\plocha\download\videore\videore\videoredo tvsuite v3.1.4.551\videoredo.tvsuite.v3.1.4.551.cracked-resurrection\crack\armaccess.dll
c:\documents and settings\pavel\plocha\download\videore\videore\videoredo tvsuite v3.1.4.551\videoredo.tvsuite.v3.1.4.551.cracked-resurrection\crack\videoredo3.exe
c:\program files\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
c:\program files\stugroup\masterpiece fishing 2\crack.exe
scanner sequence 3.ZZ.11
----- EOF -----
..
No teda tady i já vidím nějaké cracky,ale žádný z těch programů nepoužívám,ani nevím že je mám v PC.
Hned se na to podívám a odinstaluji,nebo radši počkám co ty na to říkáš

V žádném případě nechci nic skrývat - ....

#8 Příspěvek od **vyosek** » 04 srp 2010 21:47

Vse smazat

Tohle melo byt jen na ukazku co tam vse je za cracky

Jinak neni treba citovat me prispevky do odpovedi

Ale zpet k PC, jak se chova

pajik999 · #9 Příspěvek od **pajik999** » 04 srp 2010 22:02

Takže v tuto chvíli bez problému.
Po zapnutí PC mám pocit,že trvá docela dlouho než se s ním dá pracovat.
Přitom ve správci úloh je vytížení procesů 1 - 5%,což si myslim,že je v pohodě.Ale kontrolka disku problikává jako,že pracuje.Zkoušel jsem bootvis a napadla mne defragmentace.
Děkuji.

#10 Příspěvek od **vyosek** » 04 srp 2010 22:07

MBAM muzete odinstalovat nebo nechat na obcasny sken - v pripade nalezu velmi doporucuji dat sem log na posouzeni, at si neodstrelite neco legitimniho

Znovu spusťte Usbfix a zvolte možnost Uninstall.

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u yahoo toolbaru
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

Doporucuji provest defragmentaci disku

Nejjednodussi (ale nejmene ucinny) zpusob je pomoci utility ve windowsech
- Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R
- Vyskoci na Vas okenko, do ktereho zkopirujte text nize
- Kód: Vybrat vše
```
dfrg.msc
```
- Kliknete na OK
Dalsi moznosti (a mnou doporucenou) je pres programek Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
- Program stahnete, nainstalujte (dejte fajfku pryc u yahoo toolbaru) a spustte
- Kliknete na Analyzovat
- Pokud je ve sloupci Fragmentováno vice jak 5%, doporucuji provest defragmentaci (klik na Defragmentovat)
- Postup provedte se vsemi disky
Posledni moznost je pres jednoduchy programek JKDefrag http://www.stahuj.centrum.cz/utility_a_ ... /jkdefrag/
- Vyhodou programku je, ze se neinstaluje
- Staci tedy jen stahnout dle verze vaseho OS a rozbalit
- Nasledne spustit pomoci souboru JKDefrag pripadne JKDefrag64
- Probehne analyza disku a nasledne i defragmentace

Vlozte novy log ze RSITu

pajik999 · #11 Příspěvek od **pajik999** » 05 srp 2010 06:45

Udělal jsem vše a zde je nový log :

Logfile of random's system information tool 1.07 (written by random/random)
Run by Pavel at 2010-08-05 07:40:13
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 9 GB (12%) free of 76 GB
Total RAM: 766 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:40:20, on 5.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Seznam.cz\postak.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Pavel\Plocha\Download\RSIT(2).exe
C:\Program Files\trend micro\Pavel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.2.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Update Service (gupdate1c9f761c4738244) (gupdate1c9f761c4738244) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe

--
End of file - 5696 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-15 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\core.2.dll [2010-03-01 1107608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-01-29 949376]
"COMODO Internet Security"=C:\Program Files\Comodo\COMODO Internet Security\cfp.exe [2010-01-28 1800464]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Seznam Postak"=C:\Program Files\Seznam.cz\postak.exe [2010-03-01 451224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rapget]
C:\Documents and Settings\Pavel\Plocha\Download\Programy\rapget140\rapget.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2007-02-26 16125440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\WINDOWS\sm56hlpr.exe [2006-01-20 544768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Pinnacle Streaming Server.lnk]
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\STRMSE~1\STRMSE~1.EXE [2008-03-25 603408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pavel^Nabídka Start^Programy^Po spuštění^Secunia PSI.lnk]
C:\PROGRA~1\Secunia\PSI\psi.exe [2010-07-07 965176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-04 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-04-04 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDriveAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\TrackMania Sunrise\TmSunrise.exe"="C:\Program Files\TrackMania Sunrise\TmSunrise.exe:*:Enabled:TmSunrise"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe"="C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe:LocalSubNet:Enabled:Pinnacle Streaming Server"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-08-04 20:41:26 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Malwarebytes
2010-08-04 20:40:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-08-04 20:40:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-04 19:27:14 ----A---- C:\WINDOWS\AviSplitter.INI
2010-08-03 20:27:38 ----D---- C:\_OTM
2010-08-03 20:21:37 ----RASHD---- C:\Autorun.inf
2010-08-03 20:17:11 ----D---- C:\UsbFix
2010-07-20 19:42:20 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Data Fax Modem.txt
2010-07-19 20:08:24 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2010-07-19 20:08:08 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Telefónica Móviles
2010-07-19 20:06:25 ----D---- C:\Program Files\O2
2010-07-15 21:45:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2010-07-15 21:44:32 ----A---- C:\WINDOWS\system32\javaws.exe
2010-07-15 21:44:32 ----A---- C:\WINDOWS\system32\javaw.exe
2010-07-15 21:44:32 ----A---- C:\WINDOWS\system32\java.exe
2010-07-15 21:44:32 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-07-15 21:24:07 ----D---- C:\Program Files\Secunia
2010-07-06 22:32:29 ----D---- C:\Documents and Settings\Pavel\Data aplikací\VitySoft

======List of files/folders modified in the last 1 months======

2010-08-05 07:40:15 ----D---- C:\Program Files\trend micro
2010-08-05 07:40:13 ----D---- C:\WINDOWS\Temp
2010-08-05 05:19:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-04 23:53:48 ----D---- C:\Program Files\Defraggler
2010-08-04 23:53:34 ----D---- C:\WINDOWS\Prefetch
2010-08-04 23:45:56 ----D---- C:\WINDOWS
2010-08-04 23:37:00 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-04 23:20:34 ----HDC---- C:\WINDOWS\ie8
2010-08-04 23:20:34 ----D---- C:\WINDOWS\system32\drivers
2010-08-04 20:40:40 ----RD---- C:\Program Files
2010-08-03 23:06:11 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-08-03 20:28:15 ----SHD---- C:\System Volume Information
2010-08-03 20:28:15 ----D---- C:\WINDOWS\system32\Restore
2010-08-03 20:27:43 ----D---- C:\WINDOWS\system32\Com
2010-08-03 20:27:43 ----D---- C:\WINDOWS\system32
2010-08-03 20:21:31 ----SHD---- C:\RECYCLER
2010-08-03 20:05:24 ----D---- C:\Program Files\ESET
2010-08-02 22:32:29 ----HD---- C:\WINDOWS\inf
2010-08-02 22:32:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-02 20:54:19 ----D---- C:\WINDOWS\system32\CatRoot
2010-08-02 20:52:40 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-01 22:00:21 ----D---- C:\Documents and Settings\Pavel\Data aplikací\ICQ
2010-08-01 20:09:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-01 19:43:02 ----D---- C:\WINDOWS\system32\config
2010-07-29 20:46:38 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Media Player Classic
2010-07-27 23:31:06 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Skype
2010-07-27 21:22:25 ----D---- C:\Documents and Settings\Pavel\Data aplikací\skypePM
2010-07-27 21:00:35 ----D---- C:\Program Files\Microsoft Bootvis
2010-07-27 08:30:31 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-26 19:38:19 ----D---- C:\Program Files\SUPERAntiSpyware
2010-07-24 22:42:32 ----D---- C:\Program Files\Mozilla Firefox
2010-07-20 19:47:10 ----RASH---- C:\boot.ini
2010-07-20 19:47:10 ----A---- C:\WINDOWS\win.ini
2010-07-20 19:47:10 ----A---- C:\WINDOWS\system.ini
2010-07-19 21:34:22 ----A---- C:\WINDOWS\NeroDigital.ini
2010-07-19 21:22:28 ----D---- C:\WINDOWS\pss
2010-07-15 21:49:00 ----SHD---- C:\WINDOWS\Installer
2010-07-15 21:48:34 ----D---- C:\Program Files\Opera
2010-07-15 21:44:58 ----D---- C:\Program Files\Common Files\Java
2010-07-14 20:42:10 ----D---- C:\WINDOWS\Debug
2010-07-14 20:06:13 ----D---- C:\Program Files\Common Files\Microsoft Shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-05-10 43008]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-02-02 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2010-01-28 25160]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-01-29 15424]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 tidnet;TID NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\tidnet.sys [2009-09-15 19200]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 ACEDRV07;ACEDRV07; \??\C:\WINDOWS\system32\drivers\ACEDRV07.sys []
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-01-29 512096]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-05-05 463168]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-04-04 1536000]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-01 4484608]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 pfc;PADUS ASPI SHELL; C:\WINDOWS\system32\drivers\pfc.sys [2002-06-13 14604]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-09-30 78720]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-01-20 862340]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 aawm50fl;aawm50fl; C:\WINDOWS\system32\drivers\aawm50fl.sys []
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys []
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter; \??\C:\WINDOWS\system32\drivers\AWRTRD.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\WINDOWS\system32\DRIVERS\ewdcsc.sys [2009-12-15 24448]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-12-15 102528]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys [2009-12-15 100736]
S3 Ltn_stk7070P;PCTV based TV tuner device; C:\WINDOWS\system32\DRIVERS\Ltn_stk7070P.sys [2007-06-14 466048]
S3 Ltn_stkrc;PCTV Infrared Receiver; C:\WINDOWS\system32\DRIVERS\Ltn_stkrc.sys [2007-06-13 13440]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 Nbdrv;NetBalancer Service; C:\WINDOWS\system32\DRIVERS\nbdrv.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2010-07-07 14904]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 Ser2pl;MAT Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-04-04 405504]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe [2010-01-28 723632]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-15 153376]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-01-29 552064]
R2 O2Flash;O2Micro Flash Memory; C:\WINDOWS\system32\o2flash.exe [2005-01-27 36864]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate1c9f761c4738244;Google Update Service (gupdate1c9f761c4738244); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-27 133104]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#12 Příspěvek od **vyosek** » 05 srp 2010 19:07

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

C:\WINDOWS\system32\DRIVERS\61883.sys
Kliknete na Prochazet
Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
Pokud napise Soubor byl jiz testovan, dejte otestovat znovu
Kliknete na Otestovat soubor
Vysledek analyzy sem vlozte (jako odkaz)

Doporucuji odinstalovat Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam

Nahrady za Spybota:
- Spyware Terminator - info o nem http://www.viry.cz/forum/viewtopic.php?f=29&t=44730
- SuperAntiSpyare - info o nem http://www.viry.cz/forum/viewtopic.php?f=29&t=51359
Samozrejme pouzivejte jen jeden z nich

pajik999 · #13 Příspěvek od **pajik999** » 05 srp 2010 20:24

Zdravím,
zde je odkaz na výsledek VirusTotalu :
http://www.virustotal.com/cs/analisis/3 ... 1281035481

Mám ještě prosbu ohledně Spybota.
V PC je sice jeho složka,ale mám pocit že jsem ho kdysi odinstaloval.Nyní není ani v "Přidat a odebrat programy",ani mi ho CCleaner nenabízí k odinstalování.Jak se ho tedy zbavit nadobro ???
Děkuji

#14 Příspěvek od **vyosek** » 05 srp 2010 20:34

Stahnete OTM (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

Kód: Vybrat vše

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\Program Files\Spybot - Search & Destroy

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]

Kliknete na cervene tlacitko MoveIt!
Sem pote dejte obsah okna Results (pod zelenou carou)
Pokud budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles

pajik999 · #15 Příspěvek od **pajik999** » 05 srp 2010 20:50

Zde je log z OTM :

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer\ deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
C:\Program Files\Spybot - Search & Destroy\Updates folder moved successfully.
C:\Program Files\Spybot - Search & Destroy\Plugins folder moved successfully.
C:\Program Files\Spybot - Search & Destroy\Languages folder moved successfully.
C:\Program Files\Spybot - Search & Destroy\Includes folder moved successfully.
C:\Program Files\Spybot - Search & Destroy\Help folder moved successfully.
C:\Program Files\Spybot - Search & Destroy folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: JooFoo

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Pavel
->Temp folder emptied: 395264 bytes
->Temporary Internet Files folder emptied: 50310 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 36962889 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 36,00 mb

Restore points cleared and new OTM Restore Point set!

OTM by OldTimer - Version 3.1.15.0 log created on 08052010_213843

Files moved on Reboot...

Registry entries deleted on Reboot...

VIRY.CZ

Prosím o preventivní kontrolu

Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu