Prosím o kontrolu LOGu

radovan zahor · Příspěvekod **radovan zahor** » 15 srp 2009 16:53

ahoj,

můj notebook je v posledni dobe velmi pomalý, obvzláště start někdy trval dokonce přes 15 minut.
je to acer travelmate 223, 248 MB RaM, intel(r) celeron(tm) CPU 1133 MHz..

kdybyste věděli co s tím, tak bude velmi rád.

Díky..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:36:35, on 15.8.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ZyAIR PCcard Utility\ZyAIR.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ZyAIR PCcard Utility.lnk = C:\Program Files\ZyAIR PCcard Utility\ZyAIR.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6690 bytes

Reklama

Damned · Příspěvekod **Damned** » 15 srp 2009 17:03

Odinstaluj si ZoneAlarm Spy Blocker včetně Ask Toolbaru.

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

radovan zahor · Příspěvekod **radovan zahor** » 15 srp 2009 19:37

ahoj,

omlouvám se za dlouhou reakci, ale 2 krát jsem restartoval počítač, a to bylo pokaždé 20 minut, stejně tak i ostatní úkony trvají velmi dlouho....

Níže posílám logy.

u toho hijackthis se mi neobjevily dva řádky týkající se zonealarmu, to ale asi proto, že jsem před dalším Hijackem restartoval "mašinu"..

Na disku mám momentálně 5GB volného místa (Dnes jsem smazal velké množství dat, neboť jsem už neměl na disku moc místa - Defragmentaci jsem dělal naposledy asi před půl rokem, v nevypadá to s ní nějak extrémně podezřele..)

hodně jsem řešil avast. tam už by ale měla být znovuregistrace v pořádku..

######################################################################################################################

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:29:32, on 15.8.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ZyAIR PCcard Utility\ZyAIR.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ZyAIR PCcard Utility.lnk = C:\Program Files\ZyAIR PCcard Utility\ZyAIR.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6422 bytes

##################################################################################################################

Malwarebytes' Anti-Malware 1.40
Verze databáze: 2630
Windows 5.1.2600 Service Pack 2

15.8.2009 19:25:25
mbam-log-2009-08-15 (19-25-25).txt

Typ skenu: Rychlý sken
Objektu skenováno: 90006
Uplynulý cas: 9 minute(s), 37 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

Damned · Příspěvekod **Damned** » 15 srp 2009 19:52

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

radovan zahor · Příspěvekod **radovan zahor** » 15 srp 2009 20:50

ahoj, tak tady to posílám..

ComboFix 09-08-10.06 - Radovan 15.08.2009 20:09.1.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.247.111 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jana\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 090814-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\etc\lmhosts

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-15 do 2009-08-15 )))))))))))))))))))))))))))))))
.

2009-08-15 15:35 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-15 15:35 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-15 15:35 . 2009-08-15 17:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-15 14:35 . 2009-08-15 14:35 -------- d-----w- c:\program files\Trend Micro
2009-08-15 11:20 . 2009-08-15 11:21 -------- d-----w- c:\program files\Safari
2009-08-15 11:19 . 2009-08-15 11:19 -------- d-----w- c:\program files\Bonjour
2009-08-15 11:18 . 2009-08-15 11:18 -------- d-----w- c:\program files\Apple Software Update
2009-08-13 06:41 . 2009-08-15 10:16 -------- d-----w- C:\Ploch
2009-08-12 23:17 . 2009-08-12 23:17 -------- d-----w- c:\windows\ServicePackFiles
2009-08-04 19:09 . 2009-08-04 19:35 -------- d-----w- C:\pojistkA
2009-07-27 17:39 . 2009-08-03 21:07 -------- d-----w- C:\EPL_NEW
2009-07-20 19:16 . 2009-07-20 19:22 -------- d-----w- C:\posuvnik
2009-07-17 18:56 . 2009-07-18 13:13 -------- d-----w- c:\program files\ICQ6.5

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-15 18:20 . 2009-08-15 18:20 2634175 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-08-05 09:07 . 2004-08-18 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:28 . 2008-01-17 10:00 -------- d-----w- c:\program files\ICQ6
2009-07-17 18:57 . 2004-08-18 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 08:08 . 2004-08-18 12:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-12 19:49 . 2009-07-13 17:34 500736 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2009-07-11 11:04 . 2009-07-11 11:05 1717248 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2009-07-03 16:59 . 2004-08-18 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-27 13:42 . 2009-06-27 13:42 -------- d-----w- c:\program files\Digital Guitar Tuner 2.3
2009-06-25 18:37 . 2004-08-18 12:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:37 . 2004-08-18 12:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:37 . 2004-08-18 12:00 489472 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:37 . 2004-08-18 12:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:37 . 2004-08-18 12:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:37 . 2004-08-18 12:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 18:37 . 2004-08-18 12:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:37 . 2004-08-18 12:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:37 . 2004-08-18 12:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:37 . 2004-08-18 12:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:37 . 2004-08-18 12:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:37 . 2004-08-18 12:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-22 11:49 . 2004-08-18 12:00 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-18 12:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-18 12:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-18 12:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-16 14:55 . 2004-08-18 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 11:33 . 2004-08-18 12:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 11:33 . 2004-08-18 12:00 81408 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:24 . 2004-08-18 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:31 . 2004-08-18 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:46 . 2007-03-20 18:35 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:27 . 2004-08-18 12:00 1293312 ----a-w- c:\windows\system32\quartz.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2001-10-09 151552]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2001-10-09 98304]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2001-08-01 94208]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2001-08-01 352256]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"AAWTray"="c:\program files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 88024]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"LTSMMSG"="LTSMMSG.exe" - c:\windows\LTSMMSG.exe [2001-09-03 45056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ZyAIR PCcard Utility.lnk - c:\program files\ZyAIR PCcard Utility\ZyAIR.exe [2009-1-26 405504]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14.8.2008 21:09 78416]
R1 dmiproxy;dmiproxy;c:\windows\system32\drivers\Dmiproxy.sys [20.3.2007 21:10 36680]
R1 NbmKmd;NbmKmd;c:\windows\system32\drivers\NBMKMD.SYS [20.3.2007 21:10 4160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.8.2008 21:09 20560]
R3 {A7E39B01-B403-11d4-BD18-00D0B7A1821E};AIM 3.0 Part 01 Codec Driver VCH-A;c:\windows\system32\drivers\vch.sys [20.3.2007 20:57 18487]
R3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [20.3.2007 21:01 806342]
R3 ZD1201C(ZyXEL);ZyAIR B-120 IEEE 802.11b Wireless LAN Driver (PCMCIA)(ZyXEL);c:\windows\system32\drivers\ZD1201C.sys [26.1.2009 22:00 49792]
R3 ZDNDIS5;ZDNDIS5 NDIS Protocol Driver;c:\windows\system32\ZDNDIS5.sys [26.1.2009 22:00 15872]
S3 ZD1201C;ZyAIR B-120 IEEE 802.11b Wireless LAN Driver (PCMCIA);c:\windows\system32\drivers\ZD1201C.sys [26.1.2009 22:00 49792]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\3ijxs04d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-15 20:26
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3652)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Celkový čas: 2009-08-15 20:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-15 18:37

Před spuštěním: 5 346 471 936
Po spuštění: 5 426 167 808

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

167 --- E O F --- 2009-08-12 23:23

Damned · Příspěvekod **Damned** » 15 srp 2009 21:01

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\Internet Logs\tvDebug.Zip
c:\windows\Internet Logs\xDB6.tmp
c:\windows\Internet Logs\xDB5.tmp

Folder::
c:\windows\Internet Logs\xDB6.tmp
c:\windows\Internet Logs\xDB5.tmp

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

radovan zahor · Příspěvekod **radovan zahor** » 15 srp 2009 21:58

ahoj,

tak jsem provedl vse, cos popsal.. Jinak pred restartartem, jez si vyzadal combofix, se objevila hlaska, ze aplikace nemuze byt ukoncena, nebot se restartuje system windows. Jen to bohuzel blesklo, takze podrobnosti nevim...

start systemu stale 20 minut, neli déle..

tady je log:

ComboFix 09-08-10.06 - Radovan 15.08.2009 21:19.2.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.247.93 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jana\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jana\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1229 [VPS 090814-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\windows\Internet Logs\tvDebug.Zip"
"c:\windows\Internet Logs\xDB5.tmp"
"c:\windows\Internet Logs\xDB6.tmp"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Internet Logs\tvDebug.Zip
c:\windows\Internet Logs\xDB5.tmp
c:\windows\Internet Logs\xDB6.tmp
c:\windows\system32\drivers\etc\lmhosts . . . . nemohl být smazán

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-15 do 2009-08-15 )))))))))))))))))))))))))))))))
.

2009-08-15 15:35 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-15 15:35 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-15 15:35 . 2009-08-15 17:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-15 14:35 . 2009-08-15 14:35 -------- d-----w- c:\program files\Trend Micro
2009-08-15 11:20 . 2009-08-15 11:21 -------- d-----w- c:\program files\Safari
2009-08-15 11:19 . 2009-08-15 11:19 -------- d-----w- c:\program files\Bonjour
2009-08-15 11:18 . 2009-08-15 11:18 -------- d-----w- c:\program files\Apple Software Update
2009-08-13 06:41 . 2009-08-15 10:16 -------- d-----w- C:\Ploch
2009-08-12 23:17 . 2009-08-12 23:17 -------- d-----w- c:\windows\ServicePackFiles
2009-08-04 19:09 . 2009-08-04 19:35 -------- d-----w- C:\pojistkA
2009-07-27 17:39 . 2009-08-03 21:07 -------- d-----w- C:\EPL_NEW
2009-07-20 19:16 . 2009-07-20 19:22 -------- d-----w- C:\posuvnik
2009-07-17 18:56 . 2009-07-18 13:13 -------- d-----w- c:\program files\ICQ6.5

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-05 09:07 . 2004-08-18 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:28 . 2008-01-17 10:00 -------- d-----w- c:\program files\ICQ6
2009-07-17 18:57 . 2004-08-18 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 08:08 . 2004-08-18 12:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 2004-08-18 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-27 13:42 . 2009-06-27 13:42 -------- d-----w- c:\program files\Digital Guitar Tuner 2.3
2009-06-25 18:37 . 2004-08-18 12:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:37 . 2004-08-18 12:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:37 . 2004-08-18 12:00 489472 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:37 . 2004-08-18 12:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:37 . 2004-08-18 12:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:37 . 2004-08-18 12:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 18:37 . 2004-08-18 12:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:37 . 2004-08-18 12:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:37 . 2004-08-18 12:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:37 . 2004-08-18 12:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:37 . 2004-08-18 12:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:37 . 2004-08-18 12:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-22 11:49 . 2004-08-18 12:00 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-18 12:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-18 12:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-18 12:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-16 14:55 . 2004-08-18 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 11:33 . 2004-08-18 12:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 11:33 . 2004-08-18 12:00 81408 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:24 . 2004-08-18 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:31 . 2004-08-18 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:46 . 2007-03-20 18:35 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:27 . 2004-08-18 12:00 1293312 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-15_18.29.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-15 19:33 . 2009-08-15 19:33 16384 c:\windows\Temp\Perflib_Perfdata_33c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2001-10-09 151552]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2001-10-09 98304]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2001-08-01 94208]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2001-08-01 352256]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"AAWTray"="c:\program files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 88024]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"LTSMMSG"="LTSMMSG.exe" - c:\windows\LTSMMSG.exe [2001-09-03 45056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ZyAIR PCcard Utility.lnk - c:\program files\ZyAIR PCcard Utility\ZyAIR.exe [2009-1-26 405504]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14.8.2008 21:09 78416]
R1 dmiproxy;dmiproxy;c:\windows\system32\drivers\Dmiproxy.sys [20.3.2007 21:10 36680]
R1 NbmKmd;NbmKmd;c:\windows\system32\drivers\NBMKMD.SYS [20.3.2007 21:10 4160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.8.2008 21:09 20560]
R3 {A7E39B01-B403-11d4-BD18-00D0B7A1821E};AIM 3.0 Part 01 Codec Driver VCH-A;c:\windows\system32\drivers\vch.sys [20.3.2007 20:57 18487]
R3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [20.3.2007 21:01 806342]
R3 ZD1201C(ZyXEL);ZyAIR B-120 IEEE 802.11b Wireless LAN Driver (PCMCIA)(ZyXEL);c:\windows\system32\drivers\ZD1201C.sys [26.1.2009 22:00 49792]
R3 ZDNDIS5;ZDNDIS5 NDIS Protocol Driver;c:\windows\system32\ZDNDIS5.sys [26.1.2009 22:00 15872]
S3 ZD1201C;ZyAIR B-120 IEEE 802.11b Wireless LAN Driver (PCMCIA);c:\windows\system32\drivers\ZD1201C.sys [26.1.2009 22:00 49792]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\3ijxs04d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-15 21:38
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2252)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Celkový čas: 2009-08-15 21:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-15 19:49
ComboFix2.txt 2009-08-15 18:37

Před spuštěním: 5 439 569 920
Po spuštění: 5 428 805 632

166 --- E O F --- 2009-08-12 23:23
#############################################################################################################

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:55:47, on 15.8.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ZyAIR PCcard Utility\ZyAIR.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ZyAIR PCcard Utility.lnk = C:\Program Files\ZyAIR PCcard Utility\ZyAIR.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5739 bytes
###################################################################################################################

pres noc spustim tu defragmentaci, jestli to pomuze..

napada te jeste neco, co by mohlo zpusobovat takove zpomaleni compu??

to zapinani pocitace je o nervy :-/

díky..

R.

radovan zahor · Příspěvekod **radovan zahor** » 15 srp 2009 23:04

JInak se mi jeste docela casto objevuje hlaska o nedostatku volne virtualni pameti..

Damned · Příspěvekod **Damned** » 15 srp 2009 23:19

Tyto složky znáš?
C:\Ploch
C:\pojistkA
C:\EPL_NEW
C:\posuvnik

Stáhni si RSIT, klikni na "Continue" a nech ho provést sken.
Za chvíli se vygeneruje log se jménem log.txt (pokud nebude log vygenerován, najdeš jej v C:\rsit\log.txt); jeho obsah mi sem zkopíruj.

radovan zahor · Příspěvekod **radovan zahor** » 15 srp 2009 23:49

ahoj,

výše uvedené složky, na které jsi se ptal jsem zakládal já, a to normálním způsobem, takže tam by problém být neměl..

spustil jsem ten RSIT a log je nakopírován zde:

##############################################################################################################

Logfile of random's system information tool 1.06 (written by random/random)
Run by Radovan at 2009-08-15 23:41:26
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 5 GB (27%) free of 19 GB
Total RAM: 247 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:41:46, on 15.8.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ZyAIR PCcard Utility\ZyAIR.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jana\Plocha\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Radovan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ZyAIR PCcard Utility.lnk = C:\Program Files\ZyAIR PCcard Utility\ZyAIR.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5694 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-05-12 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-08-31 1312040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2001-10-10 151552]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2001-10-10 98304]
"LTSMMSG"=C:\WINDOWS\LTSMMSG.exe [2001-09-03 45056]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2001-08-01 94208]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2001-08-01 352256]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-16 981384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Jana\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2008-09-05 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2007-05-15 35328]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
ZyAIR PCcard Utility.lnk - C:\Program Files\ZyAIR PCcard Utility\ZyAIR.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2001-10-10 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-18 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Disabled:µTorrent"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - open -

======List of files/folders created in the last 3 months======

2009-08-15 23:41:26 ----D---- C:\rsit
2009-08-15 22:46:24 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-08-15 22:44:51 ----SHD---- C:\Config.Msi
2009-08-15 21:49:58 ----A---- C:\ComboFix.txt
2009-08-15 20:08:07 ----A---- C:\Boot.bak
2009-08-15 20:07:58 ----RASHD---- C:\cmdcons
2009-08-15 20:03:03 ----A---- C:\WINDOWS\zip.exe
2009-08-15 20:03:03 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-08-15 20:03:03 ----A---- C:\WINDOWS\SWSC.exe
2009-08-15 20:03:03 ----A---- C:\WINDOWS\SWREG.exe
2009-08-15 20:03:03 ----A---- C:\WINDOWS\sed.exe
2009-08-15 20:03:03 ----A---- C:\WINDOWS\PEV.exe
2009-08-15 20:03:03 ----A---- C:\WINDOWS\NIRCMD.exe
2009-08-15 20:03:03 ----A---- C:\WINDOWS\grep.exe
2009-08-15 20:02:41 ----D---- C:\WINDOWS\ERDNT
2009-08-15 20:02:33 ----D---- C:\Qoobox
2009-08-15 17:35:53 ----D---- C:\Documents and Settings\Jana\Data aplikací\Malwarebytes
2009-08-15 17:35:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2009-08-15 17:35:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-15 16:35:18 ----D---- C:\Program Files\Trend Micro
2009-08-15 13:22:07 ----D---- C:\Documents and Settings\Jana\Data aplikací\Apple Computer
2009-08-15 13:20:00 ----D---- C:\Program Files\Safari
2009-08-15 13:19:04 ----D---- C:\Program Files\Bonjour
2009-08-15 13:18:25 ----D---- C:\Program Files\Apple Software Update
2009-08-15 13:18:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple
2009-08-13 08:41:07 ----D---- C:\Ploch
2009-08-13 01:23:29 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-13 01:23:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-13 01:22:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-13 01:22:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-13 01:21:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-08-13 01:21:44 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-13 01:21:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-13 01:17:29 ----D---- C:\WINDOWS\ServicePackFiles
2009-08-13 01:17:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-08-13 01:16:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-13 01:16:12 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2009-08-04 21:09:52 ----D---- C:\pojistkA
2009-07-27 19:39:24 ----D---- C:\EPL_NEW
2009-07-20 21:16:13 ----D---- C:\posuvnik
2009-07-17 20:56:52 ----D---- C:\Program Files\ICQ6.5
2009-07-15 23:59:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 23:59:04 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 23:55:22 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-06-28 15:05:29 ----D---- C:\zaloha
2009-06-27 15:42:15 ----D---- C:\Program Files\Digital Guitar Tuner 2.3
2009-06-27 14:35:30 ----D---- C:\WINDOWS\ie8updates
2009-06-27 14:27:03 ----HDC---- C:\WINDOWS\ie8
2009-06-22 21:20:21 ----D---- C:\Epl
2009-06-13 18:23:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-13 18:22:38 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-13 15:26:05 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-13 15:19:34 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$

======List of files/folders modified in the last 3 months======

2009-08-15 23:34:07 ----A---- C:\WINDOWS\win.ini
2009-08-15 23:33:23 ----D---- C:\WINDOWS\Internet Logs
2009-08-15 23:25:08 ----D---- C:\Program Files\Mozilla Firefox
2009-08-15 22:53:18 ----D---- C:\WINDOWS\Temp
2009-08-15 22:51:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2009-08-15 22:50:03 ----SHD---- C:\WINDOWS\Installer
2009-08-15 22:50:01 ----D---- C:\WINDOWS
2009-08-15 22:47:33 ----D---- C:\WINDOWS\system32\drivers
2009-08-15 22:47:32 ----D---- C:\WINDOWS\system32
2009-08-15 22:47:32 ----D---- C:\Program Files\Lavasoft
2009-08-15 22:46:24 ----D---- C:\Program Files\Common Files
2009-08-15 21:42:00 ----A---- C:\WINDOWS\system.ini
2009-08-15 21:34:44 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-15 21:26:28 ----D---- C:\WINDOWS\AppPatch
2009-08-15 21:15:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-15 21:13:47 ----A---- C:\WINDOWS\WINCMD.INI
2009-08-15 20:36:04 ----SD---- C:\WINDOWS\Tasks
2009-08-15 20:35:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-15 20:08:07 ----RASH---- C:\boot.ini
2009-08-15 18:26:56 ----RD---- C:\Program Files
2009-08-15 16:35:02 ----D---- C:\Instalace programu
2009-08-15 16:06:04 ----SHD---- C:\WINDOWS\CSC
2009-08-15 14:19:17 ----D---- C:\WINDOWS\Debug
2009-08-15 13:19:57 ----D---- C:\WINDOWS\WinSxS
2009-08-15 13:19:28 ----D---- C:\WINDOWS\Prefetch
2009-08-15 12:46:15 ----D---- C:\Documents and Settings\Jana\Data aplikací\uTorrent
2009-08-14 22:04:57 ----D---- C:\Documents and Settings\Jana\Data aplikací\Skype
2009-08-13 08:29:27 ----D---- C:\WINDOWS\system32\Setup
2009-08-13 01:23:36 ----HD---- C:\WINDOWS\inf
2009-08-13 01:22:25 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-13 01:21:17 ----D---- C:\Program Files\Outlook Express
2009-08-05 11:07:44 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-04 22:33:47 ----A---- C:\WINDOWS\wcx_ftp.ini
2009-07-30 23:33:48 ----D---- C:\Program Files\Internet Explorer
2009-07-30 02:49:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-19 18:46:58 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-19 15:16:59 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-17 21:28:57 ----D---- C:\Program Files\ICQ6
2009-07-17 20:57:54 ----A---- C:\WINDOWS\system32\atl.dll
2009-07-13 10:08:14 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2009-07-13 10:08:12 ----A---- C:\WINDOWS\system32\wmp.dll
2009-07-03 18:59:42 ----A---- C:\WINDOWS\system32\wininet.dll
2009-07-03 18:59:42 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-07-03 18:59:42 ----A---- C:\WINDOWS\system32\occache.dll
2009-07-03 18:59:39 ----N---- C:\WINDOWS\system32\jsproxy.dll
2009-07-03 18:59:39 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-07-03 18:59:39 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-07-03 18:59:39 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-07-03 18:59:38 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-07-03 18:59:36 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-07-03 13:01:06 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-06-30 22:45:35 ----D---- C:\WINDOWS\Minidump
2009-06-27 16:39:48 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-27 14:46:56 ----D---- C:\WINDOWS\system32\cs-cz
2009-06-27 14:46:53 ----D---- C:\WINDOWS\Media
2009-06-27 14:46:53 ----D---- C:\WINDOWS\Help
2009-06-25 20:37:50 ----A---- C:\WINDOWS\system32\mqutil.dll
2009-06-25 20:37:50 ----A---- C:\WINDOWS\system32\mqupgrd.dll
2009-06-25 20:37:50 ----A---- C:\WINDOWS\system32\mqtrig.dll
2009-06-25 20:37:50 ----A---- C:\WINDOWS\system32\mqsnap.dll
2009-06-25 20:37:50 ----A---- C:\WINDOWS\system32\mqsec.dll
2009-06-25 20:37:50 ----A---- C:\WINDOWS\system32\mqrtdep.dll
2009-06-25 20:37:49 ----A---- C:\WINDOWS\system32\mqrt.dll
2009-06-25 20:37:49 ----A---- C:\WINDOWS\system32\mqqm.dll
2009-06-25 20:37:49 ----A---- C:\WINDOWS\system32\mqoa.dll
2009-06-25 20:37:49 ----A---- C:\WINDOWS\system32\mqise.dll
2009-06-25 20:37:49 ----A---- C:\WINDOWS\system32\mqdscli.dll
2009-06-25 20:37:49 ----A---- C:\WINDOWS\system32\mqad.dll
2009-06-22 21:20:08 ----D---- C:\Prezentace
2009-06-22 13:49:23 ----A---- C:\WINDOWS\system32\mqtgsvc.exe
2009-06-22 13:49:23 ----A---- C:\WINDOWS\system32\mqbkup.exe
2009-06-22 13:49:04 ----A---- C:\WINDOWS\system32\mqsvc.exe
2009-06-16 16:55:09 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 16:55:09 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-15 20:19:51 ----D---- C:\WINDOWS\ie7updates
2009-06-15 13:33:50 ----A---- C:\WINDOWS\system32\telnet.exe
2009-06-15 13:33:48 ----A---- C:\WINDOWS\system32\tlntsess.exe
2009-06-10 16:24:49 ----A---- C:\WINDOWS\system32\avifil32.dll
2009-06-10 08:31:43 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-06-05 09:46:32 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-06-03 21:27:53 ----A---- C:\WINDOWS\system32\quartz.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 dmiproxy;dmiproxy; C:\WINDOWS\system32\drivers\dmiproxy.sys [2001-10-24 36680]
R1 NbmKmd;NbmKmd; C:\WINDOWS\system32\drivers\NbmKmd.sys [2001-10-24 4160]
R1 P3;Ovladač procesoru Intel PentiumIII; C:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-18 46336]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-16 353672]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R3 {A7E39B01-B403-11d4-BD18-00D0B7A1821E};AIM 3.0 Part 01 Codec Driver VCH-A; C:\WINDOWS\system32\drivers\Vch.sys [2001-10-10 18487]
R3 ac97intc;Služba instalace zvukového ovladače Intel(r) (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 catchme;catchme; \??\C:\DOCUME~1\Jana\LOCALS~1\Temp\catchme.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2001-10-10 226813]
R3 LucentSoftModem;Lucent Technologies Soft Modem; C:\WINDOWS\system32\DRIVERS\LTSM.sys [2001-09-03 806342]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2001-08-01 239056]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-18 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-18 20480]
R3 ZD1201C(ZyXEL);ZyAIR B-120 IEEE 802.11b Wireless LAN Driver (PCMCIA)(ZyXEL); C:\WINDOWS\system32\DRIVERS\ZD1201C.SYS [2004-02-06 49792]
R3 ZDNDIS5;ZDNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\ZDNDIS5.SYS []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 odysseyIM4;Odyssey Network Agent Miniport; C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2004-06-15 173056]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2005-06-14 104576]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 ZD1201C;ZyAIR B-120 IEEE 802.11b Wireless LAN Driver (PCMCIA); C:\WINDOWS\system32\DRIVERS\zd1201c.sys [2004-02-06 49792]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-16 2402184]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]

-----------------EOF-----------------

Damned · Příspěvekod **Damned** » 16 srp 2009 02:23

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
C:\DOCUME~1\Jana\LOCALS~1\Temp\catchme.sys
C:\WINDOWS\system32\ZDNDIS5.SYS

Driver::
catchme;catchme
catchme
ZDNDIS5;ZDNDIS5 NDIS Protocol Driver
ZDNDIS5

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

radovan zahor · Příspěvekod **radovan zahor** » 16 srp 2009 12:16

ahoj,

tak tentokrat mi to od preneseni souboru s opravami na combofix trvalo cca 45 minut...

Nekolikrat jsem jiz disk defragmentoval.

nize prikladam logy..

##############################################################################

ComboFix 09-08-10.06 - Radovan 16.08.2009 11:29.3.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.247.105 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jana\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jana\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1229 [VPS 090815-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\docume~1\Jana\LOCALS~1\Temp\catchme.sys"
"c:\windows\system32\ZDNDIS5.SYS"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ZDNDIS5.SYS
c:\windows\system32\drivers\etc\lmhosts . . . . nemohl být smazán

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CATCHME
-------\Legacy_ZDNDIS5
-------\Service_catchme
-------\Service_ZDNDIS5

((((((((((((((((((((((((( Soubory vytvořené od 2009-07-16 do 2009-08-16 )))))))))))))))))))))))))))))))
.

2009-08-15 21:41 . 2009-08-15 21:41 -------- d-----w- C:\rsit
2009-08-15 20:46 . 2009-08-15 20:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-15 15:35 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-15 15:35 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-15 15:35 . 2009-08-15 17:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-15 14:35 . 2009-08-15 14:35 -------- d-----w- c:\program files\Trend Micro
2009-08-15 11:20 . 2009-08-15 11:21 -------- d-----w- c:\program files\Safari
2009-08-15 11:19 . 2009-08-15 11:19 -------- d-----w- c:\program files\Bonjour
2009-08-15 11:18 . 2009-08-15 11:18 -------- d-----w- c:\program files\Apple Software Update
2009-08-13 06:41 . 2009-08-15 10:16 -------- d-----w- C:\Ploch
2009-08-12 23:17 . 2009-08-12 23:17 -------- d-----w- c:\windows\ServicePackFiles
2009-08-04 19:09 . 2009-08-04 19:35 -------- d-----w- C:\pojistkA
2009-07-27 17:39 . 2009-08-03 21:07 -------- d-----w- C:\EPL_NEW
2009-07-20 19:16 . 2009-07-20 19:22 -------- d-----w- C:\posuvnik
2009-07-17 18:56 . 2009-07-18 13:13 -------- d-----w- c:\program files\ICQ6.5

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-15 20:47 . 2007-08-31 08:53 -------- d-----w- c:\program files\Lavasoft
2009-08-05 09:07 . 2004-08-18 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:28 . 2008-01-17 10:00 -------- d-----w- c:\program files\ICQ6
2009-07-17 18:57 . 2004-08-18 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 08:08 . 2004-08-18 12:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 2004-08-18 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-27 13:42 . 2009-06-27 13:42 -------- d-----w- c:\program files\Digital Guitar Tuner 2.3
2009-06-25 18:37 . 2004-08-18 12:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:37 . 2004-08-18 12:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:37 . 2004-08-18 12:00 489472 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:37 . 2004-08-18 12:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:37 . 2004-08-18 12:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:37 . 2004-08-18 12:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 18:37 . 2004-08-18 12:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:37 . 2004-08-18 12:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:37 . 2004-08-18 12:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:37 . 2004-08-18 12:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:37 . 2004-08-18 12:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:37 . 2004-08-18 12:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-22 11:49 . 2004-08-18 12:00 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-18 12:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-18 12:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-18 12:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-16 14:55 . 2004-08-18 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 11:33 . 2004-08-18 12:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 11:33 . 2004-08-18 12:00 81408 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:24 . 2004-08-18 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:31 . 2004-08-18 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:46 . 2007-03-20 18:35 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:27 . 2004-08-18 12:00 1293312 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-15_18.29.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-16 07:36 . 2009-08-16 07:36 16384 c:\windows\Temp\Perflib_Perfdata_b4.dat
+ 2009-08-16 09:43 . 2009-08-16 09:43 16384 c:\windows\Temp\Perflib_Perfdata_4b0.dat
+ 2008-05-16 09:58 . 2008-05-16 09:58 12632 c:\windows\system32\lsdelete.exe
+ 2008-04-29 09:20 . 2008-04-29 09:20 15648 c:\windows\system32\drivers\NSDriver.sys
+ 2008-04-29 09:19 . 2008-04-29 09:19 15648 c:\windows\system32\drivers\Awrtrd.sys
+ 2008-04-29 09:19 . 2008-04-29 09:19 12960 c:\windows\system32\drivers\Awrtpd.sys
+ 2009-08-16 09:39 . 2009-08-16 09:39 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-16 09:39 . 2009-08-16 09:39 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-08-16 09:39 . 2009-08-16 09:39 225280 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-16 09:39 . 2009-08-16 09:39 229376 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
+ 2009-08-16 09:39 . 2009-08-16 09:39 229376 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-15 20:48 . 2009-08-15 20:48 1947648 c:\windows\Installer\431675.msi
+ 2009-08-16 09:39 . 2009-08-16 09:39 4620288 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2001-10-09 151552]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2001-10-09 98304]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2001-08-01 94208]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2001-08-01 352256]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"LTSMMSG"="LTSMMSG.exe" - c:\windows\LTSMMSG.exe [2001-09-03 45056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14.8.2008 21:09 78416]
R1 dmiproxy;dmiproxy;c:\windows\system32\drivers\Dmiproxy.sys [20.3.2007 21:10 36680]
R1 NbmKmd;NbmKmd;c:\windows\system32\drivers\NBMKMD.SYS [20.3.2007 21:10 4160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.8.2008 21:09 20560]
R3 {A7E39B01-B403-11d4-BD18-00D0B7A1821E};AIM 3.0 Part 01 Codec Driver VCH-A;c:\windows\system32\drivers\vch.sys [20.3.2007 20:57 18487]
R3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [20.3.2007 21:01 806342]
R3 ZD1201C(ZyXEL);ZyAIR B-120 IEEE 802.11b Wireless LAN Driver (PCMCIA)(ZyXEL);c:\windows\system32\drivers\ZD1201C.sys [26.1.2009 22:00 49792]
S3 ZD1201C;ZyAIR B-120 IEEE 802.11b Wireless LAN Driver (PCMCIA);c:\windows\system32\drivers\ZD1201C.sys [26.1.2009 22:00 49792]
S3 ZDNDIS5;ZDNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\ZDNDIS5.SYS --> c:\windows\system32\ZDNDIS5.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\3ijxs04d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-16 11:47
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1280)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\wdfmgr.exe
c:\program files\ZyAIR PCcard Utility\ZyAIR.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Celkový čas: 2009-08-16 12:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-16 10:09
ComboFix2.txt 2009-08-15 19:49
ComboFix3.txt 2009-08-15 18:37

Před spuštěním: 9 149 698 048
Po spuštění: 9 088 626 688

185 --- E O F --- 2009-08-12 23:23

#############################################################################################################

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:20, on 16.8.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ZyAIR PCcard Utility\ZyAIR.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ZyAIR PCcard Utility.lnk = C:\Program Files\ZyAIR PCcard Utility\ZyAIR.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5596 bytes

###############################################################################

D.

Prosím o kontrolu LOGu

Prosím o kontrolu LOGu

Re: Prosím o kontrolu LOGu

logy

Re: Prosím o kontrolu LOGu

combo

Re: Prosím o kontrolu LOGu

dalsi logy

pozn.:

Re: Prosím o kontrolu LOGu

RSIT

Re: Prosím o kontrolu LOGu

logy

Kdo je online