Ahoj
Chtěl bych zdejší komunitu požádat o pomoc s následujícím problémem.
Při psaní velkých písmen s háčkem se při stihnutí SHIFT + HÁČEK okamžitě napíše 2x háček.
PC zkontrolován Forefront client security + Unhackme. Oba nalezli a odstranili nějaké infikované položky.
Předem děkuji všem, kteří se na to kouknou.
Přikládám log:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-12-2014 01
Ran by petrova (administrator) on B1K010P03 on 17-12-2014 15:08:34
Running from C:\Documents and Settings\petrova\Plocha
Loaded Profile: petrova (Available profiles: Administrator & petrova & _backup)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
(Software602 a.s.) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Vema, a. s. Okružní 871/3a, 638 00 Brno, CZ) C:\Program Files\Vema\AdminS\4.21.02\NV3ServerSrv.exe
(RealVNC Ltd.) C:\Program Files\RealVNC\VNC4\winvnc4.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Rainbow Technologies, Inc.) C:\Program Files\Rainbow Technologies\iKey Components\Bin\iKeyACR.exe
(Rainbow Technologies, Inc.) C:\Program Files\Rainbow Technologies\iKey Components\Bin\iKeyTU.exe
(ALL.COM software s.r.o.) C:\allcom\ALLWIN.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Software602) C:\Program Files\Software602\Print2PDF\Print2PDF.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Microsoft (R) Corporation) C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(forum.viry.cz) C:\Documents and Settings\petrova\Plocha\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16377344 2007-06-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [iKeyACR.exe] => C:\Program Files\Rainbow Technologies\iKey Components\Bin\iKeyACR.exe [83080 2002-08-02] (Rainbow Technologies, Inc.)
HKLM\...\Run: [iKeyTU.exe] => C:\Program Files\Rainbow Technologies\iKey Components\Bin\iKeyTU.exe [83080 2002-07-29] (Rainbow Technologies, Inc.)
HKLM\...\Run: [ALLGet_54C2A851] => C:\ALLCOM\ALLWIN.EXE [2046120 2007-08-03] (ALL.COM software s.r.o.)
HKLM\...\Run: [Print2PDF Print Monitor] => C:\Program Files\Software602\Print2PDF\Print2PDF.exe [220992 2011-10-04] (Software602)
HKLM\...\Run: [Microsoft Forefront Client Security Antimalware Service] => c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe [1033600 2011-02-02] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-847338567-3509305527-294077556-1821\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-847338567-3509305527-294077556-1821\...\Run: [crtdacct] => C:\WINDOWS\getucplc.exe [549376 2014-12-05] (Duplex Secure Ltd.)
HKU\S-1-5-21-847338567-3509305527-294077556-1821\...\Policies\Explorer: [DisablePersonalDirChange] 1
HKU\S-1-5-21-847338567-3509305527-294077556-1821\...\MountPoints2: {0dc0e24f-f660-11e1-b892-001cc0482ecb} - E:\LaunchU3.exe -a
HKU\S-1-5-21-847338567-3509305527-294077556-1821\...\MountPoints2: {10df3888-4637-11e0-b73a-001cc0482ecb} - E:\urDrive.exe
HKU\S-1-5-21-847338567-3509305527-294077556-1821\...\MountPoints2: {a8e6a70b-dafe-11e1-b881-001cc0482ecb} - E:\ActivateWarranty(JF).exe
HKU\S-1-5-21-847338567-3509305527-294077556-1821\...\MountPoints2: {c430416a-1f45-11e1-b7f6-001cc0482ecb} - E:\urDrive.exe
HKU\S-1-5-18\...\RunOnce: [TSClientMSIUninstaller] => cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
HKU\S-1-5-18\...\RunOnce: [TSClientAXDisabler] => C:\WINDOWS\Installer\TSClientMsiTrans\tscdsbl.bat [2247 2008-01-18] ()
HKU\S-1-5-18\...\RunOnce: [MPlayer2_FixUp] => C:\WINDOWS\inf\unregmp2.exe [317952 2007-06-27] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [WMC_WMPDBExport] => C:\Program Files\Windows Media Player\wmdbexport.exe [493568 2006-10-18] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Firewall Client Management.lnk
ShortcutTarget: Microsoft Firewall Client Management.lnk -> C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe (Microsoft (R) Corporation)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\petrova\Nabídka Start\Programy\Po spuštění\Zástupce - mapovani.lnk
ShortcutTarget: Zástupce - mapovani.lnk -> C:\Program Files\mapovani.cmd ()
BootExecute: autocheck autochk * Partizan
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-847338567-3509305527-294077556-1821] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-847338567-3509305527-294077556-1821] => b1s12:8080
AutoConfigURL: [S-1-5-21-847338567-3509305527-294077556-1821] => http://b1s12:8080/array.dll?Get.Routing.Script
HKU\S-1-5-21-847338567-3509305527-294077556-1821\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/?utm_source=ch-se ... paign=home
HKU\S-1-5-21-847338567-3509305527-294077556-1821\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
URLSearchHook: HKU\S-1-5-21-847338567-3509305527-294077556-1821 - (No Name) - {327f75ed-061b-4339-8cc6-5dd45ad1396d} - C:\Program Files\MarineAquarium3Free_57\bar\1.bin\57SrcAs.dll No File
SearchScopes: HKU\S-1-5-21-847338567-3509305527-294077556-1821 -> DefaultScope {1C17FDF6-CCF3-41DF-AA6D-CC26A233ED37} URL = http://search.centrum.cz/index.php?char ... x&kibitz=0
SearchScopes: HKU\S-1-5-21-847338567-3509305527-294077556-1821 -> {1C17FDF6-CCF3-41DF-AA6D-CC26A233ED37} URL = http://search.centrum.cz/index.php?char ... x&kibitz=0
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-847338567-3509305527-294077556-1821 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 01 C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll [197440] (Microsoft (R) Corporation)
Winsock: Catalog9 01 C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll [197440] (Microsoft (R) Corporation)
Winsock: Catalog9 03 C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll [197440] (Microsoft (R) Corporation)
Winsock: Catalog9 06 C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll [197440] (Microsoft (R) Corporation)
Winsock: Catalog9 08 C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll [197440] (Microsoft (R) Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.100.2.6
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @MarineAquarium3Free_57.com/Plugin -> C:\Program Files\MarineAquarium3Free_57\bar\1.bin\NP57Stub.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @software602.cz/602XML Filler -> C:\Program Files\Software602\602XML\Filler\npfiller.dll (Software602 a.s.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-04]
Chrome:
=======
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
R2 FCSAM; c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [16896 2011-01-08] (Microsoft Corporation)
R2 FcsSas; C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [73120 2007-04-06] (Microsoft Corporation)
R2 FwcAgent; C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe [128832 2006-12-09] (Microsoft (R) Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-11-07] (Oracle Corporation)
R2 MOM; C:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe [134656 2005-07-21] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-01-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-01-18] (Hewlett-Packard) [File not signed]
R2 VemaAdminService; C:\Program Files\Vema\AdminS\4.21.02\NV3ServerSrv.exe [1896448 2014-12-01] (Vema, a. s. Okružní 871/3a, 638 00 Brno, CZ) [File not signed]
R2 WinVNC4; C:\Program Files\RealVNC\VNC4\winvnc4.exe [380928 2004-06-15] (RealVNC Ltd.) [File not signed]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 HPFXBULK; C:\WINDOWS\System32\drivers\hpfxbulk.sys [17432 2007-07-16] (Hewlett Packard)
R3 iKeyEnum; C:\WINDOWS\System32\DRIVERS\ikeyenum.sys [11256 2003-11-19] (Rainbow Technologies Inc.)
R3 iKeyIFD; C:\WINDOWS\System32\DRIVERS\ikeyifd.sys [16696 2003-11-19] (Rainbow Technologies Inc.)
R3 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [71296 2011-02-02] (Microsoft Corporation)
S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [32512 2005-08-02] (CACE Technologies) [File not signed]
U3 Partizan; C:\WINDOWS\System32\drivers\Partizan.sys [35864 2014-12-16] (Greatis Software)
R3 RnbToken; C:\WINDOWS\System32\DRIVERS\rnbtoken.sys [18328 2003-11-19] (Rainbow Technologies Inc.)
S3 tap0801; C:\WINDOWS\System32\DRIVERS\tap0801.sys [23552 2004-06-24] (The OpenVPN Project) [File not signed]
S3 Huawei; system32\DRIVERS\ewdcsc.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-17 15:08 - 2014-12-17 15:09 - 00014142 _____ () C:\Documents and Settings\petrova\Plocha\FRST.txt
2014-12-17 15:07 - 2014-12-05 12:17 - 00549376 _____ (Duplex Secure Ltd.) C:\WINDOWS\getucplc.exe
2014-12-17 14:36 - 2014-12-17 15:08 - 00000000 ____D () C:\FRST
2014-12-17 14:29 - 2014-12-17 14:33 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\petrova\Plocha\FRSTLauncher.exe
2014-12-17 14:28 - 2014-12-17 14:29 - 01111040 _____ (Farbar) C:\Documents and Settings\petrova\Plocha\FRST.exe
2014-12-16 16:01 - 2014-12-17 15:06 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\RegRun
2014-12-16 16:01 - 2014-12-16 16:01 - 00013178 _____ () C:\WINDOWS\Partizan.log
2014-12-16 16:00 - 2014-12-17 15:04 - 00000372 _____ () C:\WINDOWS\system32\PARTIZAN.TXT
2014-12-16 15:54 - 2014-12-16 15:54 - 00040720 _____ (Greatis Software) C:\WINDOWS\system32\Partizan.exe
2014-12-16 15:40 - 2014-12-16 15:56 - 00035864 _____ (Greatis Software) C:\WINDOWS\system32\Drivers\Partizan.sys
2014-12-16 15:40 - 2014-12-16 15:40 - 00000002 RSHOT () C:\WINDOWS\winstart.bat
2014-12-16 15:39 - 2014-12-16 15:42 - 00000000 ____D () C:\Program Files\UnHackMe
2014-12-16 15:39 - 2014-12-16 15:39 - 00000682 _____ () C:\Documents and Settings\libor\Plocha\UnHackMe.lnk
2014-12-16 15:39 - 2014-12-16 15:39 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\UnHackMe
2014-12-16 15:39 - 2014-12-11 18:41 - 00012800 _____ (Greatis Software, LLC.) C:\WINDOWS\system32\Drivers\UnHackMeDrv.sys
2014-12-16 12:59 - 2014-12-17 14:28 - 00000000 ____D () C:\Documents and Settings\petrova\Plocha\Autoruns
2014-12-11 17:45 - 2014-12-11 17:45 - 00000000 ____D () C:\Documents and Settings\libor\Data aplikací\SUPERAntiSpyware.com
2014-12-11 17:37 - 2014-12-11 17:37 - 00000000 ____D () C:\Documents and Settings\borc\Data aplikací\Windows Desktop Search
2014-12-11 17:36 - 2014-12-11 17:36 - 00000000 ____D () C:\Documents and Settings\borc\Local Settings\Data aplikací\Google
2014-12-10 19:21 - 2014-12-10 19:21 - 00007730 _____ () C:\Documents and Settings\libor\Plocha\hijackthis.log
2014-12-10 19:03 - 2014-12-10 19:05 - 00015872 ___SH () C:\WINDOWS\Thumbs.db
2014-12-09 13:34 - 2008-04-14 08:51 - 00021504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidserv.dll
2014-12-09 13:34 - 2008-04-14 08:51 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
2014-12-09 13:34 - 2008-04-14 07:59 - 00014592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhid.sys
2014-12-09 13:34 - 2008-04-14 07:59 - 00014592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2014-12-09 13:34 - 2008-04-14 00:15 - 00010368 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidusb.sys
2014-12-09 13:34 - 2008-04-14 00:15 - 00010368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2014-12-08 16:25 - 2014-12-08 16:25 - 00000706 _____ () C:\Documents and Settings\All Users\Plocha\PDFCreator.lnk
2014-12-08 16:25 - 2014-12-08 16:25 - 00000000 ____D () C:\Program Files\PDFCreator
2014-12-08 16:25 - 2014-12-08 16:25 - 00000000 ____D () C:\Documents and Settings\libor\Data aplikací\pdfforge
2014-12-08 16:25 - 2014-12-08 16:25 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\PDFCreator
2014-12-08 15:42 - 2014-12-08 15:42 - 00000000 ____D () C:\Program Files\National Instruments
2014-12-08 15:42 - 2014-12-08 15:42 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\IVI Foundation
2014-12-08 15:41 - 2014-12-12 11:22 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\National Instruments
2014-12-08 15:41 - 2014-12-08 15:41 - 00000000 ___RD () C:\Documents and Settings\LocalService\Dokumenty
2014-11-25 13:40 - 2014-11-25 13:40 - 00000000 ____D () C:\Documents and Settings\petrova\Data aplikací\Windows Search
2014-11-24 13:24 - 2014-11-24 13:24 - 00000000 ____D () C:\Documents and Settings\petrova\Data aplikací\WinRAR
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-17 15:09 - 2008-09-15 12:41 - 00000000 ____D () C:\Documents and Settings\petrova\Local Settings\Temp
2014-12-17 15:09 - 2008-09-15 09:56 - 02514013 _____ () C:\WINDOWS\pfirewall.log
2014-12-17 15:08 - 2008-09-15 12:41 - 00000000 ___HD () C:\Documents and Settings\petrova\Local Settings\Data aplikací
2014-12-17 15:08 - 2008-09-15 12:41 - 00000000 ____D () C:\Documents and Settings\petrova\Plocha
2014-12-17 15:07 - 2014-11-07 16:53 - 00000412 ____H () C:\WINDOWS\Tasks\MP Scheduled Signature Update.job
2014-12-17 15:07 - 2014-11-07 16:53 - 00000406 ____H () C:\WINDOWS\Tasks\MP Scheduled Scan.job
2014-12-17 15:07 - 2009-04-01 13:27 - 00000430 ____H () C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job
2014-12-17 15:07 - 2009-02-03 13:43 - 00000000 ____D () C:\allcom
2014-12-17 15:06 - 2008-09-15 12:34 - 07056054 _____ () C:\WINDOWS\BGInfo.bmp
2014-12-17 15:06 - 2008-09-15 09:49 - 01576493 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-17 15:06 - 2006-08-04 12:01 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-17 15:05 - 2014-11-07 23:04 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-17 15:05 - 2014-11-07 17:49 - 00000216 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-12-17 15:05 - 2008-12-02 15:39 - 00000898 __RSH () C:\Documents and Settings\petrova\ntuser.pol
2014-12-17 15:05 - 2008-09-15 12:41 - 00000000 ____D () C:\Documents and Settings\petrova
2014-12-17 15:05 - 2008-09-15 11:46 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-12-17 15:05 - 2008-09-15 11:46 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-12-17 15:05 - 2008-09-15 09:56 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2014-12-17 15:05 - 2008-09-15 09:48 - 00000120 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2014-12-17 15:04 - 2008-09-15 09:56 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-17 14:47 - 2008-09-15 12:41 - 00000272 ___SH () C:\Documents and Settings\petrova\ntuser.ini
2014-12-17 14:47 - 2008-09-15 09:56 - 00032598 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-17 14:37 - 2009-01-28 14:16 - 00000272 ___SH () C:\Documents and Settings\libor\ntuser.ini
2014-12-17 14:37 - 2009-01-28 14:16 - 00000000 ___HD () C:\Documents and Settings\libor\Local Settings\Data aplikací
2014-12-17 14:37 - 2009-01-28 14:16 - 00000000 ____D () C:\Documents and Settings\libor\Plocha
2014-12-17 14:37 - 2009-01-28 14:16 - 00000000 ____D () C:\Documents and Settings\libor\Local Settings\Temp
2014-12-17 14:19 - 2014-11-07 23:04 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-17 11:35 - 2008-09-15 09:56 - 04194400 _____ () C:\WINDOWS\pfirewall.log.old
2014-12-17 04:44 - 2008-09-15 11:41 - 00000000 ____D () C:\WINDOWS\security
2014-12-16 16:20 - 2008-09-15 12:41 - 00000000 __RHD () C:\Documents and Settings\petrova\Data aplikací
2014-12-16 16:01 - 2008-09-15 11:44 - 01040172 _____ () C:\WINDOWS\setupapi.log
2014-12-16 16:01 - 2008-09-15 11:44 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-12-16 15:54 - 2013-04-04 16:17 - 00000000 ____D () C:\Program Files\MARINE~2.del
2014-12-16 15:44 - 2008-09-15 12:41 - 00000000 ___RD () C:\Documents and Settings\petrova\Nabídka Start\Programy
2014-12-16 15:40 - 2008-09-15 11:44 - 00001592 _____ () C:\WINDOWS\system32\AUTOEXEC.NT
2014-12-16 15:40 - 2008-09-15 09:50 - 00002504 _____ () C:\WINDOWS\system32\CONFIG.NT
2014-12-16 15:39 - 2008-09-15 11:44 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-12-16 15:39 - 2008-09-15 11:44 - 00000000 ___RD () C:\Documents and Settings\All Users\Dokumenty
2014-12-16 13:04 - 2008-09-15 12:41 - 00000000 ___RD () C:\Documents and Settings\petrova\Nabídka Start\Programy\Po spuštění
2014-12-16 12:06 - 2010-06-18 06:15 - 00000178 ___SH () C:\Documents and Settings\_backup\ntuser.ini
2014-12-12 14:01 - 2008-09-15 11:44 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start
2014-12-12 14:01 - 2008-09-15 11:44 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-12-12 11:14 - 2010-04-20 16:57 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-12-12 08:04 - 2009-01-28 14:16 - 00001370 __RSH () C:\Documents and Settings\libor\ntuser.pol
2014-12-12 08:04 - 2009-01-28 14:16 - 00000000 ____D () C:\Documents and Settings\libor
2014-12-11 20:59 - 2008-09-15 12:21 - 00000000 ____D () C:\Program Files\OpenVPN
2014-12-11 19:23 - 2014-11-07 23:05 - 00001813 _____ () C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2014-12-11 17:48 - 2012-03-28 09:39 - 00000000 ____D () C:\Documents and Settings\PetrLu18\Local Settings\Temp
2014-12-11 17:48 - 2010-04-20 17:03 - 00000000 ____D () C:\Documents and Settings\borc\Local Settings\Temp
2014-12-11 17:48 - 2009-07-14 08:26 - 00000000 ____D () C:\Documents and Settings\zikmundova\Local Settings\Temp
2014-12-11 17:48 - 2009-05-19 21:48 - 00000000 ____D () C:\Documents and Settings\pavel\Local Settings\Temp
2014-12-11 17:48 - 2009-01-15 07:59 - 00000000 ____D () C:\Documents and Settings\kutnerova\Local Settings\Temp
2014-12-11 17:48 - 2008-09-19 09:09 - 00000000 ____D () C:\Documents and Settings\klima\Local Settings\Temp
2014-12-11 17:48 - 2008-09-15 12:33 - 00000000 ____D () C:\Documents and Settings\Hroch\Local Settings\Temp
2014-12-11 17:48 - 2008-09-15 09:56 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-12-11 17:48 - 2008-09-15 09:56 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-12-11 17:45 - 2009-01-28 14:16 - 00000000 __RHD () C:\Documents and Settings\libor\Data aplikací
2014-12-11 17:41 - 2010-04-20 17:03 - 00000178 ___SH () C:\Documents and Settings\borc\ntuser.ini
2014-12-11 17:41 - 2010-04-20 17:03 - 00000000 ____D () C:\Documents and Settings\borc
2014-12-11 17:37 - 2010-04-20 17:03 - 00000000 ___HD () C:\Documents and Settings\borc\Local Settings\Data aplikací
2014-12-11 17:36 - 2010-04-20 17:03 - 00000898 __RSH () C:\Documents and Settings\borc\ntuser.pol
2014-12-11 17:04 - 2011-05-24 07:46 - 00002521 _____ () C:\Documents and Settings\petrova\Plocha\Microsoft Office Outlook 2007.lnk
2014-12-10 19:25 - 2011-01-03 12:50 - 00046592 ___SH () C:\Documents and Settings\petrova\Plocha\Thumbs.db
2014-12-10 08:38 - 2008-09-15 09:56 - 00083728 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2014-12-10 07:53 - 2012-02-01 13:08 - 00000000 ____D () C:\Program Files\WinZápočet
2014-12-10 07:40 - 2008-09-15 12:47 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Vema
2014-12-10 07:39 - 2012-11-28 11:02 - 00000000 ____D () C:\Program Files\Vema
2014-12-10 07:29 - 2012-11-28 10:25 - 00000718 _____ () C:\Documents and Settings\All Users\Plocha\Vema - V4 Cloud.lnk
2014-12-09 21:47 - 2014-11-07 23:12 - 00002347 _____ () C:\Documents and Settings\All Users\Nabídka Start\Programy\Adobe Reader XI.lnk
2014-12-09 21:47 - 2014-11-07 23:12 - 00001734 _____ () C:\Documents and Settings\All Users\Plocha\Adobe Reader XI.lnk
2014-12-09 13:34 - 2008-09-15 11:44 - 00219767 _____ () C:\WINDOWS\setupact.log
2014-12-08 16:24 - 2014-11-07 23:06 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-12-08 15:43 - 2011-10-26 11:36 - 00414368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-12-08 15:41 - 2008-09-15 09:56 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-12-08 15:41 - 2008-09-15 09:51 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Adobe
2014-12-08 15:04 - 2008-09-15 09:52 - 00000000 ____D () C:\Program Files\Codec Pack - All In 1
2014-12-08 15:00 - 2014-11-07 17:49 - 00000210 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-11-27 16:11 - 2014-11-07 23:09 - 00097464 _____ (pdfforge GmbH) C:\WINDOWS\system32\pdfcmon.dll
Some content of TEMP:
====================
C:\Documents and Settings\libor\Local Settings\Temp\DataCard_Setup.exe
C:\Documents and Settings\libor\Local Settings\Temp\ResetDevice.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job => c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\MP Scheduled Signature Update.job => c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\Documents and Settings\petrova\Plocha\Autoruns:com.dropbox.attributes
==================== Security Center ==================
AV: Microsoft Forefront Client Security (Disabled - Up to date) {926A3D4F-E4E7-4F47-9902-4EDD55FFE1AF}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Documents and Settings\petrova\Plocha" je 13443 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Disabled:Pr�zkumn�k Windows"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\Common Files\\soft602\\langserv.exe"="C:\\Program Files\\Common Files\\soft602\\langserv.exe:*:Enabled:Software602 Spell Checker"
"C:\\Program Files\\Microsoft Office\\Office12\\WINWORD.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\WINWORD.EXE:*:Disabled:Microsoft Office Word"
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe:*:Enabled:Google Chrome"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
"5985:TCP"="5985:TCP:*:Disabled:Vzd�len� spr�va syst�mu Windows "
"80:TCP"="80:TCP:*:Disabled:Vzd�len� spr�va syst�mu Windows - re�im kompatibility (HTTP-In) "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Nelze napsat velké písmeno s háčkem
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Nelze napsat velké písmeno s háčkem
- Přílohy
-
- Addition.zip
- (10.24 KiB) Staženo 44 x
Re: Nelze napsat velké písmeno s háčkem
Zdravim
Jen se zeptam, jedna se o domaci PC nebo nejaky pracovni\firemni??
Jen se zeptam, jedna se o domaci PC nebo nejaky pracovni\firemni??
Re: Nelze napsat velké písmeno s háčkem
Jde o PC zaměstnance ve škole.
Re: Nelze napsat velké písmeno s háčkem
Tak on bude asi v te skole nekdo placen za spravu vsech PC nebo se mylim
Re: Nelze napsat velké písmeno s háčkem
Ok, omlouvám se.
Re: Nelze napsat velké písmeno s háčkem
Pokud je za to placen, tak je asi nevhodne, abychom to delali my za nej zdarma...
Pokud na to nestaci, muze vyuzit nasi sluzby vzdalene pomoci www.neslape.cz
Pokud na to nestaci, muze vyuzit nasi sluzby vzdalene pomoci www.neslape.cz