Skontrolujte mi prosim log. Daukjem

Zpráva

nickthedick · #1 Příspěvek od **nickthedick** » 13 dub 2012 11:12

Logfile of random's system information tool 1.09 (written by random/random)
Run by klub103 at 2012-04-13 12:10:59
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 6 GB (34%) free of 18 GB
Total RAM: 2015 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:11:11, on 13.4.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\znovu\DiochiOnLine\Stredisko\SunSoft\SunLINE SDK Full\SunLINE Listener.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kerio\VPN Client\kvpnclient.exe
C:\znovu\DiochiOnLine\Stredisko\Stredisko.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\ZNOVU\DIOCHIONLINE\STREDISKO\SUNSOFT\SUNLINE SDK FULL\SunLINE Server.exe
C:\Documents and Settings\klub103\Desktop\RSIT.exe
C:\Program Files\trend micro\klub103.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Kerio VPN Client] "C:\Program Files\Kerio\VPN Client\kvpnclient.exe" /tryauto
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Sun Line.lnk = C:\znovu\DiochiOnLine\Stredisko\SunSoft\SunLINE SDK Full\SunLINE Listener.exe
O4 - Startup: SunLINE Full.lnk = C:\Program Files\SunSoft\SunLINE SDK Full\SunLINE Listener.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 8826575245
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O21 - SSODL: mtkle - {BBC3AED4-C5BD-455A-7C85-50652A29E8D9} - C:\WINDOWS\System32\ggpgub32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: DCService.exe - Unknown owner - C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 4916 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\klub103\Application Data\Mozilla\Firefox\Profiles\nhtznrey.default

prefs.js - "browser.startup.homepage" - "http://www.google.sk/"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\klub103\Application Data\Mozilla\Firefox\Profiles\nhtznrey.default\extensions\
LogMeInClient@logmein.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"=C:\Program Files\VIAudioi\SBADeck\ADeck.exe [2004-07-13 7937024]
"Kerio VPN Client"=C:\Program Files\Kerio\VPN Client\kvpnclient.exe [2007-08-28 2646016]
""= []
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2011-09-16 63048]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [2002-12-16 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]
C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe [2003-03-31 155648]

C:\Documents and Settings\klub103\Start Menu\Programs\Startup
Sun Line.lnk - C:\znovu\DiochiOnLine\Stredisko\SunSoft\SunLINE SDK Full\SunLINE Listener.exe
SunLINE Full.lnk - C:\Program Files\SunSoft\SunLINE SDK Full\SunLINE Listener.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2012-01-31 87424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
mtkle - {BBC3AED4-C5BD-455A-7C85-50652A29E8D9} - C:\WINDOWS\System32\ggpgub32.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\znovu\DiochiOnLine\Stredisko\SunSoft\SunLINE SDK Full\SunLINE Listener.exe"="C:\znovu\DiochiOnLine\Stredisko\SunSoft\SunLINE SDK Full\SunLINE Listener.exe:*:Enabled:SunLINE Listener"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\SunSoft\SunLINE SDK Full\SunLINE Listener.exe"="C:\Program Files\SunSoft\SunLINE SDK Full\SunLINE Listener.exe:*:Enabled:SunLINE Listener"
"C:\Program Files\Kerio\VPN Client\kvpnclient.exe"="C:\Program Files\Kerio\VPN Client\kvpnclient.exe:*:Enabled:Kerio VPN Client"
"C:\znovu\DiochiOnLine\Stredisko\Stredisko.exe"="C:\znovu\DiochiOnLine\Stredisko\Stredisko.exe:*:Enabled:Stredisko"
"C:\Program Files\Mozilla Firefox\plugin-container.exe"="C:\Program Files\Mozilla Firefox\plugin-container.exe:*:Enabled:Plugin Container for Firefox"
"C:\Program Files\SunSoft\SunLINE SDK Full\SunLINE Server.exe"="C:\Program Files\SunSoft\SunLINE SDK Full\SunLINE Server.exe:*:Enabled:SunLINE Server"
"C:\znovu\DiochiOnLine\Stredisko\SunSoft\SunLINE SDK Full\SunLINE Server.exe"="C:\znovu\DiochiOnLine\Stredisko\SunSoft\SunLINE SDK Full\SunLINE Server.exe:*:Enabled:SunLINE Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======List of files/folders created in the last 1 month======

2012-04-13 12:10:59 ----D---- C:\rsit
2012-04-13 12:10:59 ----D---- C:\Program Files\trend micro
2012-04-12 03:02:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2675157$
2012-04-12 03:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2653956$
2012-03-14 18:30:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2641653$
2012-03-14 18:29:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2621440$
2012-03-14 18:28:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2647518$

======List of files/folders modified in the last 1 month======

3427-09-28 15:29:01 ----D---- C:\WINDOWS\network diagnostic
2012-04-13 12:11:09 ----D---- C:\WINDOWS\Temp
2012-04-13 12:10:59 ----D---- C:\Program Files
2012-04-13 12:10:31 ----D---- C:\WINDOWS\Prefetch
2012-04-13 11:45:06 ----D---- C:\WINDOWS\system32\CatRoot2
2012-04-13 11:44:15 ----D---- C:\Program Files\Mozilla Firefox
2012-04-13 11:21:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-04-13 00:00:03 ----D---- C:\Documents and Settings\All Users\Application Data\LogMeIn
2012-04-12 03:19:12 ----D---- C:\WINDOWS
2012-04-12 03:18:42 ----D---- C:\WINDOWS\system32
2012-04-12 03:17:47 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2012-04-12 03:02:46 ----HD---- C:\WINDOWS\inf
2012-04-12 03:02:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-04-12 03:01:04 ----A---- C:\WINDOWS\system32\MRT.exe
2012-04-12 03:00:59 ----A---- C:\WINDOWS\imsins.BAK
2012-04-11 15:14:54 ----D---- C:\Program Files\OpenOffice.org1.1.3
2012-04-11 10:59:00 ----HD---- C:\WINDOWS\$hf_mig$
2012-04-10 14:27:34 ----SHD---- C:\WINDOWS\Installer
2012-04-10 14:27:21 ----D---- C:\Program Files\LogMeIn
2012-04-10 13:02:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-03-14 18:29:07 ----D---- C:\WINDOWS\system32\drivers

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ndisrd;ndisrd; C:\WINDOWS\system32\drivers\ndisrd.sys [2003-03-31 15338]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [2003-07-01 27904]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 37760]
R1 ehdrv;ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 epfwtdir;epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [2009-11-16 96408]
R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032]
R2 eamon;eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\System32\drivers\LMIRfsDriver.sys []
R3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\System32\DRIVERS\Dot4.sys [2008-04-14 206976]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\System32\DRIVERS\dot4usb.sys [2001-08-17 23808]
R3 ew_usbenumfilter;huawei_CompositeFilter; C:\WINDOWS\System32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 11136]
R3 ewusbnet;HUAWEI USB-NDIS miniport; C:\WINDOWS\System32\DRIVERS\ewusbnet.sys [2010-08-27 117504]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 huawei_enumerator;huawei_enumerator; C:\WINDOWS\System32\DRIVERS\ew_jubusenum.sys [2010-07-27 72832]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys [2010-08-07 106496]
R3 kvpndev;Kerio VPN adapter; C:\WINDOWS\System32\DRIVERS\kvpndrv.sys [2007-08-28 65024]
R3 LMImirr;LMImirr; C:\WINDOWS\System32\DRIVERS\LMImirr.sys [2011-09-16 10144]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-03-31 5888]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2003-12-24 133632]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudios.sys [2004-06-18 152192]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\WINDOWS\System32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SoC PC-Camera Service;Q-TEC WEBCAM 100 USB; C:\WINDOWS\System32\DRIVERS\pfc027.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [2008-11-11 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [2008-11-11 19968]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [2008-11-11 24832]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 DCService.exe;DCService.exe; C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe [2010-09-29 249856]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe [2012-01-31 374152]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2012-01-31 136584]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2011-09-16 390528]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-11-16 20680]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2002-08-01 65536]

#2 Příspěvek od **Mc_Murphy** » 13 dub 2012 11:23

Zdravím.

To je jiný počítač, než byl minule. Copak to je zač, nějaká pracovní stanice nebo?

nickthedick · #3 Příspěvek od **nickthedick** » 13 dub 2012 11:52

presne tak, druhy pc.

taky kancelarsky

#4 Příspěvek od **Mc_Murphy** » 13 dub 2012 13:08

I ten předchozí byl pracovní?

To se mi ale vůbec nelíbí, tos mě mírně řečeno naštval...

Podle pravidel fóra, v tomto případě hlavně bod č.6, se firemními PC nezybýváme.

6. Fórum viry.cz se nezabývá odvirováním firemních PC - na toto jsou ve firmách placení (a někdy až hodně nadstandardně) IT technici, případně si je firma může najmou. My jsme tu zdarma a ve svém volném čase, nehodláme dělat práci za někoho jiného, kdo si pak jen slízne smetánku a plat. Taktéž ani neposkytujeme poradenství v oblasti zabezpečení firemních sítí či nastavení firemních sítí. Zkrátka a jednoduše, naše fórum poskytuje podporu domácím uživatelům.

Takže zde poprosím moderátory o

.

nickthedick · #5 Příspěvek od **nickthedick** » 13 dub 2012 13:39

Ale ten bol sestrin, tento je mamin. Ona je zivnostnicka a nema zrovna zbitocne vydavky na zaplatenie it technika.

#6 Příspěvek od **vyosek** » 13 dub 2012 14:26

Zdravim

Pro tentokrate to kolega doresi, ale priste pekne technika...ono nejde jen o vydaje, ale jsou tam urcite i dulezita data (faktury, danovky, evidence nevim ceho) a my neneseme zodpovednostr za pripadnou ztratu, ale technik ano, jelikoz dela pod smlouvou...

Navic jeho faktura se da dat do nakladu na podnikani (omlouvam se pokud to nejsou presne ekonomicke vyrazy)

#7 Příspěvek od **Mc_Murphy** » 13 dub 2012 15:35

Takže jak psal kolega - pro tentokrát se na to podívám. A budu velice rád, když pro příště budeš respektovat pravidla tohoto fóra.

Fixni v HJT níže uvedené položky.

Fixnout znamená, že spustíš HJT, zvolíš možnost [Do a system scan only] a zaškrtneš čtvereček vlevo od mnou vypsaných položek.
Poté klikneš na [Fix checked] a odsouhlasíš [ANO].
Položky, které v seznamu nenajdeš, prostě přeskoč.
HJT najdeš zde: C:\Program Files\trend micro\klub103.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: mtkle - {BBC3AED4-C5BD-455A-7C85-50652A29E8D9} - C:\WINDOWS\System32\ggpgub32.dll (file missing)

Dále stáhni utilitu OTM z jednoho z těchto odkazů:

Ulož ji na Plochu a dvojklikem spusť.

Do levého okna Paste Instructions for Items to be Moved zkopíruj tento script (pouze zelená písmenka v bílém poli!):

Kód: Vybrat vše

:Commands
[ClearAllRestorePoints]
[ResetHosts]
[Purity]
[EmptyTemp]
[EmptyFlash]

:Files
C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"=-
""=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]

Nyní klikni na tlačítko [MoveIt!], čímž vše spustíš.
Po restartu mi sem hoď log, který najdeš v C:\_OTM\MovedFiles\

VIRY.CZ

Skontrolujte mi prosim log. Daukjem

Skontrolujte mi prosim log. Daukjem

Re: Skontrolujte mi prosim log. Daukjem

Re: Skontrolujte mi prosim log. Daukjem

Re: Skontrolujte mi prosim log. Daukjem

Re: Skontrolujte mi prosim log. Daukjem

Re: Skontrolujte mi prosim log. Daukjem

Re: Skontrolujte mi prosim log. Daukjem