Zdravim zacali mi vyskakovat okna na cizi starnky tak se mi na to mrknete dekuju
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23:24, on 21.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
H:\windows\System32\smss.exe
H:\windows\system32\winlogon.exe
H:\windows\system32\services.exe
H:\windows\system32\lsass.exe
H:\windows\system32\Ati2evxx.exe
H:\windows\system32\svchost.exe
H:\Program Files\Windows Defender\MsMpEng.exe
H:\windows\System32\svchost.exe
H:\windows\system32\svchost.exe
H:\windows\system32\Ati2evxx.exe
H:\Program Files\AVG\AVG8\avgrsx.exe
H:\windows\system32\spoolsv.exe
H:\windows\Explorer.EXE
H:\PROGRA~1\AVG\AVG8\avgtray.exe
H:\windows\RTHDCPL.EXE
H:\windows\system32\rundll32.exe
H:\Program Files\Windows Defender\MSASCui.exe
H:\Program Files\SweetIM\Messenger\SweetIM.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\windows\system32\ctfmon.exe
H:\Program Files\AskBarDis\bar\bin\AskService.exe
H:\Program Files\ICQ6Toolbar\ICQ Service.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\WINDOWS\system32\HPZipm12.exe
H:\windows\system32\PnkBstrA.exe
H:\windows\system32\svchost.exe
H:\windows\System32\TUProgSt.exe
H:\WINDOWS\system32\wbem\wmiapsrv.exe
H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\windows\System32\TuneUpDefragService.exe
H:\Program Files\PC Connectivity Solution\ServiceLayer.exe
H:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
H:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
H:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
H:\PROGRA~1\ICQ6.5\ICQ.exe
H:\Strong DC Ferrari edition\StrongDC.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1392740
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - H:\Program Files\MyPlayCity\tbMyPl.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - H:\Program Files\Media Access Startup\1.5.4.880\HPIEAddOn.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - H:\Program Files\Internet Saving Optimizer\3.6.1.4490\NPIEAddOn.dll
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - H:\Program Files\MyPlayCity\tbMyPl.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - H:\Program Files\System Search Dispatcher\1.3.4.940\ssd.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - H:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - H:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - H:\Program Files\MyPlayCity\tbMyPl.dll
O4 - HKLM\..\Run: [AVG8_TRAY] H:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "H:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SweetIM] H:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] H:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - H:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O12 - Plugin for .spop: H:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5136776796
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - H:\windows\SYSTEM32\avgrsstx.dll
O23 - Service: ASKService - Unknown owner - H:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - H:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ICQ Service - Unknown owner - H:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - H:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - H:\windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - H:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - H:\windows\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - H:\windows\System32\TUProgSt.exe
--
End of file - 9200 bytes
Prosim o preventivni Log Vyřešeno
Re: Prosim o preventivni Log
Nazdar.
1) Stiahni OTM. Do laveho policka skopiruj:
Klik na "Move It". Nasledne sa ti objavi v okne "Result" pokec, ktory sem cely skopiruj.
P.S.: Keby program ziadal restart, potvr ho. Nasledujuci log najdes v "C:\_OTM\MovedFiles\".
2) Stiahni MbAM. Uloz na plochu, otvor "mbam-setup.exe" a nainstaluj. Updatuj. Potom spravis kompletny scan - co program najde, zmaz. Nasledny log vloz sem.
3) Stiahni RSIT. Spust, klik na "Continue". Po dokoneceni by se ti mal otvorit textovy subor. Ten skopiruj sem.
Pokial by sa nieco stalo, najdes ho aj na adrese "C:\rsit\log.txt".
1) Stiahni OTM. Do laveho policka skopiruj:
Kód: Vybrat vše
:files
H:\Program Files\Media Access Startup
H:\Program Files\Internet Saving Optimizer
H:\Program Files\System Search Dispatcher
H:\Program Files\DoubleD
H:\Program Files\ICQ6Toolbar
H:\Program Files\AskBarDis
:services
ASKService
ASKUpgrade
:commands
[purity]
[emptytemp]
[reboot]Klik na "Move It". Nasledne sa ti objavi v okne "Result" pokec, ktory sem cely skopiruj.
P.S.: Keby program ziadal restart, potvr ho. Nasledujuci log najdes v "C:\_OTM\MovedFiles\".
2) Stiahni MbAM. Uloz na plochu, otvor "mbam-setup.exe" a nainstaluj. Updatuj. Potom spravis kompletny scan - co program najde, zmaz. Nasledny log vloz sem.
3) Stiahni RSIT. Spust, klik na "Continue". Po dokoneceni by se ti mal otvorit textovy subor. Ten skopiruj sem.
Pokial by sa nieco stalo, najdes ho aj na adrese "C:\rsit\log.txt".
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: Prosim o preventivni Log
All processes killed
========== FILES ==========
H:\Program Files\Media Access Startup\1.5.4.880\FF\components moved successfully.
H:\Program Files\Media Access Startup\1.5.4.880\FF\chrome\content moved successfully.
H:\Program Files\Media Access Startup\1.5.4.880\FF\chrome moved successfully.
H:\Program Files\Media Access Startup\1.5.4.880\FF moved successfully.
H:\Program Files\Media Access Startup\1.5.4.880\Data moved successfully.
H:\Program Files\Media Access Startup\1.5.4.880 moved successfully.
H:\Program Files\Media Access Startup\1.5.3.850\FF\components moved successfully.
H:\Program Files\Media Access Startup\1.5.3.850\FF\chrome\content moved successfully.
H:\Program Files\Media Access Startup\1.5.3.850\FF\chrome moved successfully.
H:\Program Files\Media Access Startup\1.5.3.850\FF moved successfully.
H:\Program Files\Media Access Startup\1.5.3.850\Data moved successfully.
H:\Program Files\Media Access Startup\1.5.3.850 moved successfully.
H:\Program Files\Media Access Startup moved successfully.
H:\Program Files\Internet Saving Optimizer\3.6.1.4490\FF\components moved successfully.
H:\Program Files\Internet Saving Optimizer\3.6.1.4490\FF\chrome\content moved successfully.
H:\Program Files\Internet Saving Optimizer\3.6.1.4490\FF\chrome moved successfully.
H:\Program Files\Internet Saving Optimizer\3.6.1.4490\FF moved successfully.
H:\Program Files\Internet Saving Optimizer\3.6.1.4490\Data moved successfully.
H:\Program Files\Internet Saving Optimizer\3.6.1.4490 moved successfully.
H:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\components moved successfully.
H:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\chrome\content moved successfully.
H:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\chrome moved successfully.
H:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF moved successfully.
H:\Program Files\Internet Saving Optimizer\3.6.0.4470\Data moved successfully.
H:\Program Files\Internet Saving Optimizer\3.6.0.4470 moved successfully.
H:\Program Files\Internet Saving Optimizer moved successfully.
H:\Program Files\System Search Dispatcher\1.3.4.940\Data moved successfully.
H:\Program Files\System Search Dispatcher\1.3.4.940 moved successfully.
H:\Program Files\System Search Dispatcher\1.3.3.840\Data moved successfully.
H:\Program Files\System Search Dispatcher\1.3.3.840 moved successfully.
H:\Program Files\System Search Dispatcher moved successfully.
H:\Program Files\DoubleD\JuicyAccess Toolbar moved successfully.
H:\Program Files\DoubleD moved successfully.
H:\Program Files\ICQ6Toolbar moved successfully.
H:\Program Files\AskBarDis\bar\Settings moved successfully.
H:\Program Files\AskBarDis\bar\History moved successfully.
H:\Program Files\AskBarDis\bar\Cache moved successfully.
H:\Program Files\AskBarDis\bar\bin moved successfully.
H:\Program Files\AskBarDis\bar moved successfully.
H:\Program Files\AskBarDis moved successfully.
========== SERVICES/DRIVERS ==========
Service\Driver ASKService deleted successfully.
Service\Driver ASKUpgrade deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 269157 bytes
User: NetworkService
->Temp folder emptied: 111782 bytes
->Temporary Internet Files folder emptied: 482153 bytes
User: standa
->Temp folder emptied: 1988707 bytes
->Temporary Internet Files folder emptied: 161138193 bytes
->Java cache emptied: 24921807 bytes
->FireFox cache emptied: 29301703 bytes
%systemdrive% .tmp files removed: 0 bytes
H:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP folder deleted successfully.
H:\windows\7104189AC5924A56AC9E7C0CA135DA3C.TMP folder deleted successfully.
H:\windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP folder deleted successfully.
%systemroot% .tmp files removed: 5170408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 5976736 bytes
RecycleBin emptied: 1657049245 bytes
Total Files Cleaned = 1799,05 mb
OTM by OldTimer - Version 3.0.0.6 log created on 08212009_223715
Files moved on Reboot...
Registry entries deleted on Reboot...
========== FILES ==========
H:\Program Files\Media Access Startup\1.5.4.880\FF\components moved successfully.
H:\Program Files\Media Access Startup\1.5.4.880\FF\chrome\content moved successfully.
H:\Program Files\Media Access Startup\1.5.4.880\FF\chrome moved successfully.
H:\Program Files\Media Access Startup\1.5.4.880\FF moved successfully.
H:\Program Files\Media Access Startup\1.5.4.880\Data moved successfully.
H:\Program Files\Media Access Startup\1.5.4.880 moved successfully.
H:\Program Files\Media Access Startup\1.5.3.850\FF\components moved successfully.
H:\Program Files\Media Access Startup\1.5.3.850\FF\chrome\content moved successfully.
H:\Program Files\Media Access Startup\1.5.3.850\FF\chrome moved successfully.
H:\Program Files\Media Access Startup\1.5.3.850\FF moved successfully.
H:\Program Files\Media Access Startup\1.5.3.850\Data moved successfully.
H:\Program Files\Media Access Startup\1.5.3.850 moved successfully.
H:\Program Files\Media Access Startup moved successfully.
H:\Program Files\Internet Saving Optimizer\3.6.1.4490\FF\components moved successfully.
H:\Program Files\Internet Saving Optimizer\3.6.1.4490\FF\chrome\content moved successfully.
H:\Program Files\Internet Saving Optimizer\3.6.1.4490\FF\chrome moved successfully.
H:\Program Files\Internet Saving Optimizer\3.6.1.4490\FF moved successfully.
H:\Program Files\Internet Saving Optimizer\3.6.1.4490\Data moved successfully.
H:\Program Files\Internet Saving Optimizer\3.6.1.4490 moved successfully.
H:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\components moved successfully.
H:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\chrome\content moved successfully.
H:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\chrome moved successfully.
H:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF moved successfully.
H:\Program Files\Internet Saving Optimizer\3.6.0.4470\Data moved successfully.
H:\Program Files\Internet Saving Optimizer\3.6.0.4470 moved successfully.
H:\Program Files\Internet Saving Optimizer moved successfully.
H:\Program Files\System Search Dispatcher\1.3.4.940\Data moved successfully.
H:\Program Files\System Search Dispatcher\1.3.4.940 moved successfully.
H:\Program Files\System Search Dispatcher\1.3.3.840\Data moved successfully.
H:\Program Files\System Search Dispatcher\1.3.3.840 moved successfully.
H:\Program Files\System Search Dispatcher moved successfully.
H:\Program Files\DoubleD\JuicyAccess Toolbar moved successfully.
H:\Program Files\DoubleD moved successfully.
H:\Program Files\ICQ6Toolbar moved successfully.
H:\Program Files\AskBarDis\bar\Settings moved successfully.
H:\Program Files\AskBarDis\bar\History moved successfully.
H:\Program Files\AskBarDis\bar\Cache moved successfully.
H:\Program Files\AskBarDis\bar\bin moved successfully.
H:\Program Files\AskBarDis\bar moved successfully.
H:\Program Files\AskBarDis moved successfully.
========== SERVICES/DRIVERS ==========
Service\Driver ASKService deleted successfully.
Service\Driver ASKUpgrade deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 269157 bytes
User: NetworkService
->Temp folder emptied: 111782 bytes
->Temporary Internet Files folder emptied: 482153 bytes
User: standa
->Temp folder emptied: 1988707 bytes
->Temporary Internet Files folder emptied: 161138193 bytes
->Java cache emptied: 24921807 bytes
->FireFox cache emptied: 29301703 bytes
%systemdrive% .tmp files removed: 0 bytes
H:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP folder deleted successfully.
H:\windows\7104189AC5924A56AC9E7C0CA135DA3C.TMP folder deleted successfully.
H:\windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP folder deleted successfully.
%systemroot% .tmp files removed: 5170408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 5976736 bytes
RecycleBin emptied: 1657049245 bytes
Total Files Cleaned = 1799,05 mb
OTM by OldTimer - Version 3.0.0.6 log created on 08212009_223715
Files moved on Reboot...
Registry entries deleted on Reboot...
Re: Prosim o preventivni Log
Malwarebytes' Anti-Malware 1.40
Verze databáze: 2672
Windows 5.1.2600 Service Pack 3
21.8.2009 23:19:39
mbam-log-2009-08-21 (23-19-39).txt
Typ skenu: Úplný sken (H:\|I:\|J:\|)
Objektu skenováno: 169127
Uplynulý cas: 26 minute(s), 13 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 30
Infikované hodnoty registru: 3
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 2
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> Quarantined and deleted successfully.
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
H:\Program Files\ToGo Game\Crusaders Of Space 2\Cos2.RWG (Rogue.Crusader) -> Quarantined and deleted successfully.
J:\System Volume Information\_restore{654307D5-C4D9-495B-A043-347BE44D5BFF}\RP440\A0069233.exe (Adware.BHO) -> Quarantined and deleted successfully.
Verze databáze: 2672
Windows 5.1.2600 Service Pack 3
21.8.2009 23:19:39
mbam-log-2009-08-21 (23-19-39).txt
Typ skenu: Úplný sken (H:\|I:\|J:\|)
Objektu skenováno: 169127
Uplynulý cas: 26 minute(s), 13 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 30
Infikované hodnoty registru: 3
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 2
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> Quarantined and deleted successfully.
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
H:\Program Files\ToGo Game\Crusaders Of Space 2\Cos2.RWG (Rogue.Crusader) -> Quarantined and deleted successfully.
J:\System Volume Information\_restore{654307D5-C4D9-495B-A043-347BE44D5BFF}\RP440\A0069233.exe (Adware.BHO) -> Quarantined and deleted successfully.
Re: Prosim o preventivni Log
Logfile of random's system information tool 1.06 (written by random/random)
Run by standa at 2009-08-21 23:25:32
Systém Microsoft Windows XP Professional Service Pack 3
System drive H: has 47 GB (58%) free of 80 GB
Total RAM: 2047 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:25:39, on 21.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
H:\windows\System32\smss.exe
H:\windows\system32\winlogon.exe
H:\windows\system32\services.exe
H:\windows\system32\lsass.exe
H:\windows\system32\Ati2evxx.exe
H:\windows\system32\svchost.exe
H:\Program Files\Windows Defender\MsMpEng.exe
H:\windows\System32\svchost.exe
H:\windows\system32\svchost.exe
H:\windows\system32\Ati2evxx.exe
H:\Program Files\AVG\AVG8\avgrsx.exe
H:\windows\system32\spoolsv.exe
H:\windows\Explorer.EXE
H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\WINDOWS\system32\HPZipm12.exe
H:\windows\system32\PnkBstrA.exe
H:\windows\system32\svchost.exe
H:\windows\System32\TUProgSt.exe
H:\PROGRA~1\AVG\AVG8\avgtray.exe
H:\windows\RTHDCPL.EXE
H:\windows\system32\rundll32.exe
H:\Program Files\Windows Defender\MSASCui.exe
H:\Program Files\SweetIM\Messenger\SweetIM.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
H:\windows\system32\ctfmon.exe
H:\Program Files\DAEMON Tools Lite\daemon.exe
H:\WINDOWS\system32\wbem\wmiapsrv.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\windows\system32\wuauclt.exe
H:\WINDOWS\system32\msfeedssync.exe
H:\Documents and Settings\standa\Plocha\RSIT.exe
H:\Program Files\Trend Micro\HijackThis\standa.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1392740
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - H:\Program Files\MyPlayCity\tbMyPl.dll
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - H:\Program Files\MyPlayCity\tbMyPl.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - H:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - H:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - H:\Program Files\MyPlayCity\tbMyPl.dll
O4 - HKLM\..\Run: [AVG8_TRAY] H:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "H:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SweetIM] H:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] H:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - H:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O12 - Plugin for .spop: H:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5136776796
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - H:\windows\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ICQ Service - Unknown owner - H:\Program Files\ICQ6Toolbar\ICQ Service.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - H:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - H:\windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - H:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - H:\windows\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - H:\windows\System32\TUProgSt.exe
--
End of file - 8139 bytes
======Scheduled tasks folder======
H:\windows\tasks\1-Click Maintenance.job
H:\windows\tasks\AppleSoftwareUpdate.job
H:\windows\tasks\MP Scheduled Scan.job
H:\windows\tasks\User_Feed_Synchronization-{3EBAB4EC-9D1A-4F0C-8039-2EAFBF1CCB81}.job
H:\windows\tasks\User_Feed_Synchronization-{5CD35FF0-4962-472E-BB3F-DFFFD4184A76}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
MyPlayCity Toolbar - H:\Program Files\MyPlayCity\tbMyPl.dll [2009-01-20 1881112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - H:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-05-20 1258808]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - H:\Program Files\AskBarDis\bar\bin\askBar.dll []
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - H:\Program Files\ICQ6Toolbar\ICQToolBar.dll []
{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - MyPlayCity Toolbar - H:\Program Files\MyPlayCity\tbMyPl.dll [2009-01-20 1881112]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=H:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-13 2007832]
"RTHDCPL"=H:\windows\RTHDCPL.EXE [2008-04-10 16861184]
"Alcmtr"=H:\windows\ALCMTR.EXE [2005-05-03 69632]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Windows Defender"=H:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"NeroFilterCheck"=H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"SweetIM"=H:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-05-20 111928]
"SunJavaUpdateSched"=H:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]
"Adobe Reader Speed Launcher"=H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=H:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=H:\windows\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=H:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
H:\windows\system32\Ati2evxx.dll [2009-01-14 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
H:\windows\system32\avgrsstx.dll [2009-07-31 11952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
H:\windows\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-19 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=H:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\AVG\AVG8\avgam.exe"="H:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"H:\Program Files\AVG\AVG8\avgupd.exe"="H:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"H:\Program Files\AVG\AVG8\avgnsx.exe"="H:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"H:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="H:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"H:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="H:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"H:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="H:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"H:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="H:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"H:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="H:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"H:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="H:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"H:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="H:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"H:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="H:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"H:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="H:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"H:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe"="H:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
"H:\WINDOWS\system32\java.exe"="H:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"H:\Strong DC Ferrari edition\StrongDC.exe"="H:\Strong DC Ferrari edition\StrongDC.exe:*:Enabled:StrongDC++"
"G:\Dawn of War - Dark Crusade\DarkCrusade.exe"="G:\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade"
"H:\Program Files\Mozilla Firefox\firefox.exe"="H:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"H:\WINDOWS\system32\dplaysvr.exe"="H:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"H:\Program Files\Java\jre6\bin\javaw.exe"="H:\Program Files\Java\jre6\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary"
"H:\Program Files\Play+Smile\Texas Hold'em Poker 3D - Deluxe Edition\Poker3d.exe"="H:\Program Files\Play+Smile\Texas Hold'em Poker 3D - Deluxe Edition\Poker3d.exe:*:Disabled:Poker3d"
"H:\Program Files\ICQ6.5\ICQ.exe"="H:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"H:\WINDOWS\system32\PnkBstrA.exe"="H:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"H:\WINDOWS\system32\PnkBstrB.exe"="H:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"H:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="H:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"H:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="H:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"H:\Program Files\Skype\Phone\Skype.exe"="H:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2009-08-21 23:25:32 ----D---- H:\rsit
2009-08-21 22:42:43 ----D---- H:\Documents and Settings\standa\Data aplikací\Malwarebytes
2009-08-21 22:42:38 ----D---- H:\Program Files\Malwarebytes' Anti-Malware
2009-08-21 22:42:38 ----D---- H:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2009-08-21 22:37:15 ----D---- H:\_OTM
2009-08-21 21:21:36 ----D---- H:\Program Files\Trend Micro
2009-08-15 23:02:44 ----D---- H:\Program Files\MyPlayCity
2009-08-15 14:21:21 ----D---- H:\Documents and Settings\All Users\Data aplikací\Adobe
2009-08-15 12:20:26 ----SHD---- H:\Config.Msi
2009-08-14 14:49:05 ----HD---- H:\$AVG8.VAULT$
2009-08-12 05:16:48 ----HDC---- H:\windows\$NtUninstallKB960859$
2009-08-12 05:16:11 ----HDC---- H:\windows\$NtUninstallKB971657$
2009-08-12 05:16:07 ----HDC---- H:\windows\$NtUninstallKB971557$
2009-08-12 05:16:03 ----HDC---- H:\windows\$NtUninstallKB956744$
2009-08-12 05:15:59 ----HDC---- H:\windows\$NtUninstallKB973869$
2009-08-12 05:15:55 ----HDC---- H:\windows\$NtUninstallKB973507$
2009-08-12 05:15:51 ----HDC---- H:\windows\$NtUninstallKB973354$
2009-08-12 05:15:45 ----HDC---- H:\windows\$NtUninstallKB973540_WM9$
2009-08-12 05:13:42 ----HDC---- H:\windows\$NtUninstallKB973815$
2009-08-12 05:13:31 ----HDC---- H:\windows\$NtUninstallKB968389$
2009-08-05 22:07:23 ----D---- H:\Program Files\ICQ6.5
2009-08-01 16:16:42 ----A---- H:\windows\OEWABLog.txt
2009-07-31 23:41:05 ----HDC---- H:\windows\$NtUninstallKB973346$
2009-07-31 23:41:01 ----HDC---- H:\windows\$NtUninstallKB971633$
2009-07-31 23:38:39 ----HDC---- H:\windows\$NtUninstallKB961371$
2009-07-23 11:53:08 ----A---- H:\windows\system32\PnkBstrB.exe
2009-07-23 11:53:07 ----A---- H:\windows\system32\PnkBstrA.exe
2009-07-23 11:53:07 ----A---- H:\windows\system32\pbsvc.exe
2009-07-23 11:47:13 ----D---- H:\Program Files\Activision
======List of files/folders modified in the last 1 months======
2009-08-21 23:25:34 ----D---- H:\windows\system32\CatRoot2
2009-08-21 23:25:32 ----SD---- H:\windows\Tasks
2009-08-21 23:24:03 ----D---- H:\windows\Temp
2009-08-21 23:24:01 ----D---- H:\Program Files\Mozilla Firefox
2009-08-21 23:22:04 ----D---- H:\windows\system32\drivers
2009-08-21 23:21:36 ----A---- H:\windows\SchedLgU.Txt
2009-08-21 23:21:09 ----D---- H:\windows\Prefetch
2009-08-21 23:06:23 ----D---- H:\Strong DC Ferrari edition
2009-08-21 22:42:38 ----RD---- H:\Program Files
2009-08-21 22:37:54 ----D---- H:\WINDOWS
2009-08-21 22:37:21 ----D---- H:\windows\system32
2009-08-21 22:37:20 ----A---- H:\windows\system32\PerfStringBackup.INI
2009-08-21 16:17:30 ----D---- H:\Program Files\MyPlayCity.com
2009-08-21 14:58:55 ----D---- H:\Documents and Settings\standa\Data aplikací\Skype
2009-08-20 16:02:16 ----D---- H:\Documents and Settings\standa\Data aplikací\skypePM
2009-08-19 17:06:10 ----A---- H:\windows\NeroDigital.ini
2009-08-19 15:12:28 ----D---- H:\Documents and Settings\standa\Data aplikací\Vso
2009-08-15 18:31:25 ----SHD---- H:\windows\Installer
2009-08-14 15:38:41 ----D---- H:\Documents and Settings\standa\Data aplikací\Meridian93
2009-08-14 14:44:16 ----D---- H:\Documents and Settings\All Users\Data aplikací\avg8
2009-08-14 14:43:17 ----A---- H:\windows\win.ini
2009-08-13 18:29:30 ----D---- H:\Documents and Settings\standa\Data aplikací\EleFun Games
2009-08-12 05:16:51 ----HD---- H:\windows\inf
2009-08-12 05:16:50 ----RSHDC---- H:\windows\system32\dllcache
2009-08-12 05:16:13 ----A---- H:\windows\imsins.BAK
2009-08-12 05:16:02 ----HD---- H:\windows\$hf_mig$
2009-08-12 05:15:52 ----D---- H:\Program Files\Outlook Express
2009-08-08 22:42:49 ----RSD---- H:\windows\assembly
2009-08-08 22:42:49 ----D---- H:\windows\Microsoft.NET
2009-08-08 20:31:29 ----D---- H:\windows\WinSxS
2009-08-08 08:43:22 ----D---- H:\windows\system32\wbem
2009-08-07 15:30:29 ----D---- H:\Program Files\FreeGamePick.com
2009-08-06 16:48:49 ----D---- H:\Documents and Settings\All Users\Data aplikací\Meridian93
2009-08-06 16:18:37 ----D---- H:\Documents and Settings\All Users\Data aplikací\DivoGames
2009-08-06 01:16:53 ----SD---- H:\Documents and Settings\standa\Data aplikací\Microsoft
2009-08-05 22:11:31 ----D---- H:\Documents and Settings\standa\Data aplikací\ICQ
2009-08-05 22:08:09 ----D---- H:\Documents and Settings\All Users\Data aplikací\ICQ
2009-08-05 11:01:14 ----A---- H:\windows\system32\mswebdvd.dll
2009-08-03 18:07:18 ----D---- H:\Documents and Settings\standa\Data aplikací\URSE Games
2009-07-31 23:40:55 ----D---- H:\Program Files\Internet Explorer
2009-07-31 23:40:49 ----D---- H:\windows\ie8updates
2009-07-31 08:08:42 ----A---- H:\windows\system32\avgrsstx.dll
2009-07-30 02:49:14 ----A---- H:\windows\system32\MRT.exe
2009-07-24 01:32:51 ----D---- H:\Documents and Settings\standa\Data aplikací\PC Suite
2009-07-24 00:54:08 ----D---- H:\Program Files\Kyodai Mahjongg 2006
2009-07-23 11:54:18 ----D---- H:\windows\system32\DirectX
2009-07-22 06:53:51 ----AD---- H:\Documents and Settings\All Users\Data aplikací\TEMP
2009-07-22 06:47:19 ----D---- H:\Documents and Settings\standa\Data aplikací\Artogon
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Ovladač procesoru AMD; H:\windows\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 AvgLdx86;AVG AVI Loader Driver x86; H:\windows\System32\Drivers\avgldx86.sys [2009-07-31 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; H:\windows\System32\Drivers\avgmfx86.sys [2009-07-31 27784]
R1 AvgTdiX;AVG8 Network Redirector; H:\windows\System32\Drivers\avgtdix.sys [2009-04-27 108552]
R1 prodrv06;StarForce Protection Environment Driver v6; H:\windows\System32\drivers\prodrv06.sys [2004-09-03 54368]
R2 atksgt;atksgt; H:\windows\system32\DRIVERS\atksgt.sys [2009-05-26 279712]
R2 lirsgt;lirsgt; H:\windows\system32\DRIVERS\lirsgt.sys [2009-05-26 25888]
R3 ati2mtag;ati2mtag; H:\windows\system32\DRIVERS\ati2mtag.sys [2009-01-14 3455488]
R3 BthEnum;Služba Bluetooth Enumerator; H:\windows\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
R3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; H:\windows\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
R3 BthPan;Bluetooth Device (Personal Area Network); H:\windows\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; H:\windows\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; H:\windows\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; H:\windows\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; H:\windows\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); H:\windows\system32\drivers\RtkHDAud.sys [2008-04-17 4707328]
R3 mouhid;Ovladač myši standardu HID; H:\windows\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 pcouffin;VSO Software pcouffin; H:\windows\System32\Drivers\pcouffin.sys [2009-02-03 47360]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); H:\windows\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; H:\windows\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; H:\windows\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; H:\windows\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; H:\windows\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; H:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S1 Uim_IM;UIM Drive Backup Image Plugin; H:\windows\System32\Drivers\Uim_IM.sys []
S1 UimBus;Universal Image Mounter Controller; H:\windows\system32\DRIVERS\UimBus.sys []
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/06/19 12:07:13]; \??\H:\Program Files\CyberLink\PowerDVD9\000.fcl []
S3 alocoant;alocoant; H:\windows\system32\drivers\alocoant.sys []
S3 BTHPORT;Ovladač portu Bluetooth; H:\windows\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 ENTECH;ENTECH; \??\H:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; H:\windows\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; H:\windows\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; H:\windows\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 pccsmcfd;PCCS Mode Change Filter Driver; H:\windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; H:\windows\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; H:\windows\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; H:\windows\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; H:\windows\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; H:\windows\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; H:\windows\system32\Ati2evxx.exe [2009-01-14 598016]
R2 avg8wd;AVG8 WatchDog; H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-31 297752]
R2 BthServ;Bluetooth Support Service; H:\windows\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; H:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 Pml Driver HPZ12;Pml Driver HPZ12; H:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 PnkBstrA;PnkBstrA; H:\windows\system32\PnkBstrA.exe [2009-07-23 66872]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; H:\windows\System32\TUProgSt.exe [2009-03-02 603904]
R2 UxTuneUp;TuneUp Theme Extension; H:\windows\System32\svchost.exe [2008-04-14 14336]
R2 WinDefend;Windows Defender; H:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; H:\windows\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; H:\WINDOWS\system32\ati2sgag.exe [2009-01-13 593920]
S2 ICQ Service;ICQ Service; H:\Program Files\ICQ6Toolbar\ICQ Service.exe []
S3 aspnet_state;ASP.NET State Service; H:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; H:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; H:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; H:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-12-05 774144]
S3 NMIndexingService;NMIndexingService; H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S3 ose;Office Source Engine; H:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; H:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; H:\windows\System32\TuneUpDefragService.exe [2009-03-02 360192]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; H:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Run by standa at 2009-08-21 23:25:32
Systém Microsoft Windows XP Professional Service Pack 3
System drive H: has 47 GB (58%) free of 80 GB
Total RAM: 2047 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:25:39, on 21.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
H:\windows\System32\smss.exe
H:\windows\system32\winlogon.exe
H:\windows\system32\services.exe
H:\windows\system32\lsass.exe
H:\windows\system32\Ati2evxx.exe
H:\windows\system32\svchost.exe
H:\Program Files\Windows Defender\MsMpEng.exe
H:\windows\System32\svchost.exe
H:\windows\system32\svchost.exe
H:\windows\system32\Ati2evxx.exe
H:\Program Files\AVG\AVG8\avgrsx.exe
H:\windows\system32\spoolsv.exe
H:\windows\Explorer.EXE
H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\WINDOWS\system32\HPZipm12.exe
H:\windows\system32\PnkBstrA.exe
H:\windows\system32\svchost.exe
H:\windows\System32\TUProgSt.exe
H:\PROGRA~1\AVG\AVG8\avgtray.exe
H:\windows\RTHDCPL.EXE
H:\windows\system32\rundll32.exe
H:\Program Files\Windows Defender\MSASCui.exe
H:\Program Files\SweetIM\Messenger\SweetIM.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
H:\windows\system32\ctfmon.exe
H:\Program Files\DAEMON Tools Lite\daemon.exe
H:\WINDOWS\system32\wbem\wmiapsrv.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\windows\system32\wuauclt.exe
H:\WINDOWS\system32\msfeedssync.exe
H:\Documents and Settings\standa\Plocha\RSIT.exe
H:\Program Files\Trend Micro\HijackThis\standa.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1392740
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - H:\Program Files\MyPlayCity\tbMyPl.dll
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - H:\Program Files\MyPlayCity\tbMyPl.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - H:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - H:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - H:\Program Files\MyPlayCity\tbMyPl.dll
O4 - HKLM\..\Run: [AVG8_TRAY] H:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "H:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SweetIM] H:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] H:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - H:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O12 - Plugin for .spop: H:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5136776796
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - H:\windows\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ICQ Service - Unknown owner - H:\Program Files\ICQ6Toolbar\ICQ Service.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - H:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - H:\windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - H:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - H:\windows\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - H:\windows\System32\TUProgSt.exe
--
End of file - 8139 bytes
======Scheduled tasks folder======
H:\windows\tasks\1-Click Maintenance.job
H:\windows\tasks\AppleSoftwareUpdate.job
H:\windows\tasks\MP Scheduled Scan.job
H:\windows\tasks\User_Feed_Synchronization-{3EBAB4EC-9D1A-4F0C-8039-2EAFBF1CCB81}.job
H:\windows\tasks\User_Feed_Synchronization-{5CD35FF0-4962-472E-BB3F-DFFFD4184A76}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
MyPlayCity Toolbar - H:\Program Files\MyPlayCity\tbMyPl.dll [2009-01-20 1881112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - H:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-05-20 1258808]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - H:\Program Files\AskBarDis\bar\bin\askBar.dll []
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - H:\Program Files\ICQ6Toolbar\ICQToolBar.dll []
{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - MyPlayCity Toolbar - H:\Program Files\MyPlayCity\tbMyPl.dll [2009-01-20 1881112]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=H:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-13 2007832]
"RTHDCPL"=H:\windows\RTHDCPL.EXE [2008-04-10 16861184]
"Alcmtr"=H:\windows\ALCMTR.EXE [2005-05-03 69632]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Windows Defender"=H:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"NeroFilterCheck"=H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"SweetIM"=H:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-05-20 111928]
"SunJavaUpdateSched"=H:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]
"Adobe Reader Speed Launcher"=H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=H:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=H:\windows\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=H:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
H:\windows\system32\Ati2evxx.dll [2009-01-14 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
H:\windows\system32\avgrsstx.dll [2009-07-31 11952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
H:\windows\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-19 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=H:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\AVG\AVG8\avgam.exe"="H:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"H:\Program Files\AVG\AVG8\avgupd.exe"="H:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"H:\Program Files\AVG\AVG8\avgnsx.exe"="H:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"H:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="H:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"H:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="H:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"H:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="H:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"H:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="H:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"H:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="H:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"H:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="H:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"H:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="H:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"H:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="H:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"H:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="H:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"H:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe"="H:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
"H:\WINDOWS\system32\java.exe"="H:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"H:\Strong DC Ferrari edition\StrongDC.exe"="H:\Strong DC Ferrari edition\StrongDC.exe:*:Enabled:StrongDC++"
"G:\Dawn of War - Dark Crusade\DarkCrusade.exe"="G:\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade"
"H:\Program Files\Mozilla Firefox\firefox.exe"="H:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"H:\WINDOWS\system32\dplaysvr.exe"="H:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"H:\Program Files\Java\jre6\bin\javaw.exe"="H:\Program Files\Java\jre6\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary"
"H:\Program Files\Play+Smile\Texas Hold'em Poker 3D - Deluxe Edition\Poker3d.exe"="H:\Program Files\Play+Smile\Texas Hold'em Poker 3D - Deluxe Edition\Poker3d.exe:*:Disabled:Poker3d"
"H:\Program Files\ICQ6.5\ICQ.exe"="H:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"H:\WINDOWS\system32\PnkBstrA.exe"="H:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"H:\WINDOWS\system32\PnkBstrB.exe"="H:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"H:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="H:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"H:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="H:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"H:\Program Files\Skype\Phone\Skype.exe"="H:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2009-08-21 23:25:32 ----D---- H:\rsit
2009-08-21 22:42:43 ----D---- H:\Documents and Settings\standa\Data aplikací\Malwarebytes
2009-08-21 22:42:38 ----D---- H:\Program Files\Malwarebytes' Anti-Malware
2009-08-21 22:42:38 ----D---- H:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2009-08-21 22:37:15 ----D---- H:\_OTM
2009-08-21 21:21:36 ----D---- H:\Program Files\Trend Micro
2009-08-15 23:02:44 ----D---- H:\Program Files\MyPlayCity
2009-08-15 14:21:21 ----D---- H:\Documents and Settings\All Users\Data aplikací\Adobe
2009-08-15 12:20:26 ----SHD---- H:\Config.Msi
2009-08-14 14:49:05 ----HD---- H:\$AVG8.VAULT$
2009-08-12 05:16:48 ----HDC---- H:\windows\$NtUninstallKB960859$
2009-08-12 05:16:11 ----HDC---- H:\windows\$NtUninstallKB971657$
2009-08-12 05:16:07 ----HDC---- H:\windows\$NtUninstallKB971557$
2009-08-12 05:16:03 ----HDC---- H:\windows\$NtUninstallKB956744$
2009-08-12 05:15:59 ----HDC---- H:\windows\$NtUninstallKB973869$
2009-08-12 05:15:55 ----HDC---- H:\windows\$NtUninstallKB973507$
2009-08-12 05:15:51 ----HDC---- H:\windows\$NtUninstallKB973354$
2009-08-12 05:15:45 ----HDC---- H:\windows\$NtUninstallKB973540_WM9$
2009-08-12 05:13:42 ----HDC---- H:\windows\$NtUninstallKB973815$
2009-08-12 05:13:31 ----HDC---- H:\windows\$NtUninstallKB968389$
2009-08-05 22:07:23 ----D---- H:\Program Files\ICQ6.5
2009-08-01 16:16:42 ----A---- H:\windows\OEWABLog.txt
2009-07-31 23:41:05 ----HDC---- H:\windows\$NtUninstallKB973346$
2009-07-31 23:41:01 ----HDC---- H:\windows\$NtUninstallKB971633$
2009-07-31 23:38:39 ----HDC---- H:\windows\$NtUninstallKB961371$
2009-07-23 11:53:08 ----A---- H:\windows\system32\PnkBstrB.exe
2009-07-23 11:53:07 ----A---- H:\windows\system32\PnkBstrA.exe
2009-07-23 11:53:07 ----A---- H:\windows\system32\pbsvc.exe
2009-07-23 11:47:13 ----D---- H:\Program Files\Activision
======List of files/folders modified in the last 1 months======
2009-08-21 23:25:34 ----D---- H:\windows\system32\CatRoot2
2009-08-21 23:25:32 ----SD---- H:\windows\Tasks
2009-08-21 23:24:03 ----D---- H:\windows\Temp
2009-08-21 23:24:01 ----D---- H:\Program Files\Mozilla Firefox
2009-08-21 23:22:04 ----D---- H:\windows\system32\drivers
2009-08-21 23:21:36 ----A---- H:\windows\SchedLgU.Txt
2009-08-21 23:21:09 ----D---- H:\windows\Prefetch
2009-08-21 23:06:23 ----D---- H:\Strong DC Ferrari edition
2009-08-21 22:42:38 ----RD---- H:\Program Files
2009-08-21 22:37:54 ----D---- H:\WINDOWS
2009-08-21 22:37:21 ----D---- H:\windows\system32
2009-08-21 22:37:20 ----A---- H:\windows\system32\PerfStringBackup.INI
2009-08-21 16:17:30 ----D---- H:\Program Files\MyPlayCity.com
2009-08-21 14:58:55 ----D---- H:\Documents and Settings\standa\Data aplikací\Skype
2009-08-20 16:02:16 ----D---- H:\Documents and Settings\standa\Data aplikací\skypePM
2009-08-19 17:06:10 ----A---- H:\windows\NeroDigital.ini
2009-08-19 15:12:28 ----D---- H:\Documents and Settings\standa\Data aplikací\Vso
2009-08-15 18:31:25 ----SHD---- H:\windows\Installer
2009-08-14 15:38:41 ----D---- H:\Documents and Settings\standa\Data aplikací\Meridian93
2009-08-14 14:44:16 ----D---- H:\Documents and Settings\All Users\Data aplikací\avg8
2009-08-14 14:43:17 ----A---- H:\windows\win.ini
2009-08-13 18:29:30 ----D---- H:\Documents and Settings\standa\Data aplikací\EleFun Games
2009-08-12 05:16:51 ----HD---- H:\windows\inf
2009-08-12 05:16:50 ----RSHDC---- H:\windows\system32\dllcache
2009-08-12 05:16:13 ----A---- H:\windows\imsins.BAK
2009-08-12 05:16:02 ----HD---- H:\windows\$hf_mig$
2009-08-12 05:15:52 ----D---- H:\Program Files\Outlook Express
2009-08-08 22:42:49 ----RSD---- H:\windows\assembly
2009-08-08 22:42:49 ----D---- H:\windows\Microsoft.NET
2009-08-08 20:31:29 ----D---- H:\windows\WinSxS
2009-08-08 08:43:22 ----D---- H:\windows\system32\wbem
2009-08-07 15:30:29 ----D---- H:\Program Files\FreeGamePick.com
2009-08-06 16:48:49 ----D---- H:\Documents and Settings\All Users\Data aplikací\Meridian93
2009-08-06 16:18:37 ----D---- H:\Documents and Settings\All Users\Data aplikací\DivoGames
2009-08-06 01:16:53 ----SD---- H:\Documents and Settings\standa\Data aplikací\Microsoft
2009-08-05 22:11:31 ----D---- H:\Documents and Settings\standa\Data aplikací\ICQ
2009-08-05 22:08:09 ----D---- H:\Documents and Settings\All Users\Data aplikací\ICQ
2009-08-05 11:01:14 ----A---- H:\windows\system32\mswebdvd.dll
2009-08-03 18:07:18 ----D---- H:\Documents and Settings\standa\Data aplikací\URSE Games
2009-07-31 23:40:55 ----D---- H:\Program Files\Internet Explorer
2009-07-31 23:40:49 ----D---- H:\windows\ie8updates
2009-07-31 08:08:42 ----A---- H:\windows\system32\avgrsstx.dll
2009-07-30 02:49:14 ----A---- H:\windows\system32\MRT.exe
2009-07-24 01:32:51 ----D---- H:\Documents and Settings\standa\Data aplikací\PC Suite
2009-07-24 00:54:08 ----D---- H:\Program Files\Kyodai Mahjongg 2006
2009-07-23 11:54:18 ----D---- H:\windows\system32\DirectX
2009-07-22 06:53:51 ----AD---- H:\Documents and Settings\All Users\Data aplikací\TEMP
2009-07-22 06:47:19 ----D---- H:\Documents and Settings\standa\Data aplikací\Artogon
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Ovladač procesoru AMD; H:\windows\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 AvgLdx86;AVG AVI Loader Driver x86; H:\windows\System32\Drivers\avgldx86.sys [2009-07-31 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; H:\windows\System32\Drivers\avgmfx86.sys [2009-07-31 27784]
R1 AvgTdiX;AVG8 Network Redirector; H:\windows\System32\Drivers\avgtdix.sys [2009-04-27 108552]
R1 prodrv06;StarForce Protection Environment Driver v6; H:\windows\System32\drivers\prodrv06.sys [2004-09-03 54368]
R2 atksgt;atksgt; H:\windows\system32\DRIVERS\atksgt.sys [2009-05-26 279712]
R2 lirsgt;lirsgt; H:\windows\system32\DRIVERS\lirsgt.sys [2009-05-26 25888]
R3 ati2mtag;ati2mtag; H:\windows\system32\DRIVERS\ati2mtag.sys [2009-01-14 3455488]
R3 BthEnum;Služba Bluetooth Enumerator; H:\windows\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
R3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; H:\windows\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
R3 BthPan;Bluetooth Device (Personal Area Network); H:\windows\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; H:\windows\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; H:\windows\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; H:\windows\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; H:\windows\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); H:\windows\system32\drivers\RtkHDAud.sys [2008-04-17 4707328]
R3 mouhid;Ovladač myši standardu HID; H:\windows\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 pcouffin;VSO Software pcouffin; H:\windows\System32\Drivers\pcouffin.sys [2009-02-03 47360]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); H:\windows\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; H:\windows\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; H:\windows\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; H:\windows\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; H:\windows\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; H:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S1 Uim_IM;UIM Drive Backup Image Plugin; H:\windows\System32\Drivers\Uim_IM.sys []
S1 UimBus;Universal Image Mounter Controller; H:\windows\system32\DRIVERS\UimBus.sys []
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/06/19 12:07:13]; \??\H:\Program Files\CyberLink\PowerDVD9\000.fcl []
S3 alocoant;alocoant; H:\windows\system32\drivers\alocoant.sys []
S3 BTHPORT;Ovladač portu Bluetooth; H:\windows\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 ENTECH;ENTECH; \??\H:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; H:\windows\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; H:\windows\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; H:\windows\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 pccsmcfd;PCCS Mode Change Filter Driver; H:\windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; H:\windows\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; H:\windows\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; H:\windows\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; H:\windows\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; H:\windows\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; H:\windows\system32\Ati2evxx.exe [2009-01-14 598016]
R2 avg8wd;AVG8 WatchDog; H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-31 297752]
R2 BthServ;Bluetooth Support Service; H:\windows\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; H:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 Pml Driver HPZ12;Pml Driver HPZ12; H:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 PnkBstrA;PnkBstrA; H:\windows\system32\PnkBstrA.exe [2009-07-23 66872]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; H:\windows\System32\TUProgSt.exe [2009-03-02 603904]
R2 UxTuneUp;TuneUp Theme Extension; H:\windows\System32\svchost.exe [2008-04-14 14336]
R2 WinDefend;Windows Defender; H:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; H:\windows\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; H:\WINDOWS\system32\ati2sgag.exe [2009-01-13 593920]
S2 ICQ Service;ICQ Service; H:\Program Files\ICQ6Toolbar\ICQ Service.exe []
S3 aspnet_state;ASP.NET State Service; H:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; H:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; H:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; H:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-12-05 774144]
S3 NMIndexingService;NMIndexingService; H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S3 ose;Office Source Engine; H:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; H:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; H:\windows\System32\TuneUpDefragService.exe [2009-03-02 360192]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; H:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Re: Prosim o preventivni Log
Uz by to skakat nemalo...alebo sa mylim?
1)
2) Start -> Spustit ->(napis) "H:\Program Files\Trend Micro\HijackThis\standa.exe"
Otvori sa premenovany HJT, v nom fixni (zasrktni stvorcek pri danom riadku a stlac "Fix Checked"):
3) Start -> Spustit -> (napis) cmd
Do otvoreneho okna postupne zadaj tieto dva prikazy, za kazdym stlac Enter:
4) Updatuj Adobe Reader (poslednu verziu najdes tu).
1)
- Stiahni OTC. Spust, klik na "CleanUp", potvrd okna a restart.
- Precisti PC CCleanerom (vratane registrov).
- Pouzi TFC (spust program a klikni na "Start". Pozor, PC moze byt restartovane).
2) Start -> Spustit ->(napis) "H:\Program Files\Trend Micro\HijackThis\standa.exe"
Otvori sa premenovany HJT, v nom fixni (zasrktni stvorcek pri danom riadku a stlac "Fix Checked"):
Kód: Vybrat vše
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - H:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\R[code][code][/code][/code]unOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5136776796
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab3) Start -> Spustit -> (napis) cmd
Do otvoreneho okna postupne zadaj tieto dva prikazy, za kazdym stlac Enter:
Kód: Vybrat vše
sc stop ICQ ServiceKód: Vybrat vše
sc delete ICQ Service4) Updatuj Adobe Reader (poslednu verziu najdes tu).
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: Prosim o preventivni Log
Tak jsem udelal vse co jsi mi napsal a tady je pro jistotu novy log HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:51:59, on 22.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
H:\windows\System32\smss.exe
H:\windows\system32\winlogon.exe
H:\windows\system32\services.exe
H:\windows\system32\lsass.exe
H:\windows\system32\Ati2evxx.exe
H:\windows\system32\svchost.exe
H:\Program Files\Windows Defender\MsMpEng.exe
H:\windows\System32\svchost.exe
H:\windows\system32\svchost.exe
H:\windows\system32\Ati2evxx.exe
H:\Program Files\AVG\AVG8\avgrsx.exe
H:\windows\system32\spoolsv.exe
H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\WINDOWS\system32\HPZipm12.exe
H:\windows\system32\PnkBstrA.exe
H:\windows\system32\svchost.exe
H:\windows\System32\TUProgSt.exe
H:\WINDOWS\system32\wbem\wmiapsrv.exe
H:\windows\Explorer.EXE
H:\PROGRA~1\AVG\AVG8\avgtray.exe
H:\windows\RTHDCPL.EXE
H:\windows\system32\rundll32.exe
H:\Program Files\Windows Defender\MSASCui.exe
H:\Program Files\SweetIM\Messenger\SweetIM.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\windows\system32\ctfmon.exe
H:\Strong DC Ferrari edition\StrongDC.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1392740
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [AVG8_TRAY] H:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "H:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SweetIM] H:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - H:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O12 - Plugin for .spop: H:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - H:\windows\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ICQ Service - Unknown owner - H:\Program Files\ICQ6Toolbar\ICQ Service.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - H:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - H:\windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - H:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - H:\windows\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - H:\windows\System32\TUProgSt.exe
--
End of file - 6332 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:51:59, on 22.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
H:\windows\System32\smss.exe
H:\windows\system32\winlogon.exe
H:\windows\system32\services.exe
H:\windows\system32\lsass.exe
H:\windows\system32\Ati2evxx.exe
H:\windows\system32\svchost.exe
H:\Program Files\Windows Defender\MsMpEng.exe
H:\windows\System32\svchost.exe
H:\windows\system32\svchost.exe
H:\windows\system32\Ati2evxx.exe
H:\Program Files\AVG\AVG8\avgrsx.exe
H:\windows\system32\spoolsv.exe
H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\WINDOWS\system32\HPZipm12.exe
H:\windows\system32\PnkBstrA.exe
H:\windows\system32\svchost.exe
H:\windows\System32\TUProgSt.exe
H:\WINDOWS\system32\wbem\wmiapsrv.exe
H:\windows\Explorer.EXE
H:\PROGRA~1\AVG\AVG8\avgtray.exe
H:\windows\RTHDCPL.EXE
H:\windows\system32\rundll32.exe
H:\Program Files\Windows Defender\MSASCui.exe
H:\Program Files\SweetIM\Messenger\SweetIM.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\windows\system32\ctfmon.exe
H:\Strong DC Ferrari edition\StrongDC.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1392740
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [AVG8_TRAY] H:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "H:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SweetIM] H:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - H:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O12 - Plugin for .spop: H:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - H:\windows\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ICQ Service - Unknown owner - H:\Program Files\ICQ6Toolbar\ICQ Service.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - H:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - H:\windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - H:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - H:\windows\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - H:\windows\System32\TUProgSt.exe
--
End of file - 6332 bytes
Re: Prosim o preventivni Log
1) Fixni v HJT (zasrktni stvorcek pri danom riadku a stlac "Fix Checked"):
2) Start -> Spustit -> (napis) cmd
Do otvoreneho okna postupne zadaj tieto dva prikazy, za kazdym stlac Enter:
Kód: Vybrat vše
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)2) Start -> Spustit -> (napis) cmd
Do otvoreneho okna postupne zadaj tieto dva prikazy, za kazdym stlac Enter:
Kód: Vybrat vše
sc stop "ICQ Service"Kód: Vybrat vše
sc delete "ICQ Service"Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: Prosim o preventivni Log Vyřešeno
diky za pomoc az ted jsem se dostal k PC jeste jednou dekuju
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 6 hostů