Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
infikace
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
truskawiec
- Návštěvník
- Příspěvky: 44
- Registrován: 09 srp 2012 10:51
Re: infikace
omlouvam se za delsi odmlku, mno kspersky v grafickem modu vyrobil 2% za 3 hodiny prace, tak jsem ho spustil v textovem modu a v mc jsem dal moznost scan all objects. Nevim jestli a kam se to loguje, ale probiha to tak, ze prvni nalezeny zaznam v 1% je c:/program files/daemon tools lite/dtlite.exe detected virus win32.sality.aa a je moznost disinfect, delete a skip. Predpokladam, ze budes chtit skip...?
-
truskawiec
- Návštěvník
- Příspěvky: 44
- Registrován: 09 srp 2012 10:51
Re: infikace
myslel sem kvuli tomu potencialnimu logu, ok budu pokracovat
-
truskawiec
- Návštěvník
- Příspěvky: 44
- Registrován: 09 srp 2012 10:51
Re: infikace
dalsi z mnoha : c:/documents a setings/administator/local settings/temp/AVCback/esupdate.exe was saved in the backup storage
disinfect, delete or skip?
disinfect, delete or skip?
-
truskawiec
- Návštěvník
- Příspěvky: 44
- Registrován: 09 srp 2012 10:51
Re: infikace
tech zaznamu se sality tam bylo cca 60, u vsech sem dal disinfect (mezi nimi i taskmgr.exe, regedit, rsit atd.), nejspis to bude dost dlouho trvat, tak dam potom vedet jak sem dopadl. Zatim moc dekuju.
-
truskawiec
- Návštěvník
- Příspěvky: 44
- Registrován: 09 srp 2012 10:51
Re: infikace
no trvalo to opravdu dlouho...jsem v 98%. Ale je to i tim, ze jsem u toho nebyl porad a vzdy kdyz neco nasel, tak cekal az to odklepnu. Ted je otazka jestli detekoval vsechny napadene soubory....co kdyz ne? nabootovat do win bude asi dost riskantni...
-
truskawiec
- Návštěvník
- Příspěvky: 44
- Registrován: 09 srp 2012 10:51
Re: infikace
mno takze scan skoncil, na konci je statistika, kde je zajimava polozka Treats detected : 108, z toho untreated 6. a nejak nevim jaky prikaz dale pouzit, bud pro savenuti logu, pokud se tak uz nestalo, nebo pro spusteni midnight commanderu, nebo co vlastne vubec dal, protoze to nereaguje na zadny prikaz...?
-
truskawiec
- Návštěvník
- Příspěvky: 44
- Registrován: 09 srp 2012 10:51
Re: infikace
nasel 9 kousku, u neceho si vyzadal restart, ale tvari se ze je cisto
-
truskawiec
- Návštěvník
- Příspěvky: 44
- Registrován: 09 srp 2012 10:51
Re: infikace
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:07:03, on 12.8.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\zzz\RSIT.exe
C:\Program Files\trend micro\Spravce.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5183 bytes
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Spravce\Data aplikací\Mozilla\Firefox\Profiles\0xuygufp.default
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"=C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"=C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files\real\realplayer\Netscape6\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files\real\realplayer\Netscape6\nprjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732]
"Description"=6.0.12.732
"Path"=c:\program files\real\realplayer\Netscape6\nprpjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@sun.com/npsopluginmi;version=1.0]
"Description"=
"Path"=C:\Program Files\OpenOffice.org 3\program
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Documents and Settings\Spravce\Data aplikací\Mozilla\Firefox\Profiles\0xuygufp.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-31 341600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08 202144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll [2012-05-10 502200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL [2012-03-29 210360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08 1619352]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll [2012-05-10 502200]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2012-08-08 2508104]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2012-08-08 767312]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2012-08-08 421888]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-03-09 2847160]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-08-10 1305408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe:*:Enabled:ipsec"
"C:\Program Files\QuickTime\qttask.exe"="C:\Program Files\QuickTime\qttask.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\nwiz.exe"="C:\WINDOWS\system32\nwiz.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\netsh.exe"="C:\WINDOWS\system32\netsh.exe:*:Enabled:ipsec"
"C:\Train Simulator\train.exe"="C:\Train Simulator\train.exe:*:Enabled:ipsec"
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe:*:Enabled:ipsec"
"C:\Program Files\Google\Update\GoogleUpdate.exe"="C:\Program Files\Google\Update\GoogleUpdate.exe:*:Enabled:ipsec"
"C:\Program Files\DAEMON Tools Lite\DTLite.exe"="C:\Program Files\DAEMON Tools Lite\DTLite.exe:*:Enabled:ipsec"
"C:\Program Files\Canon\MyPrinter\BJMyPrt.exe"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe:*:Enabled:ipsec"
"C:\Program Files\procexp.exe"="C:\Program Files\procexp.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\taskmgr.exe"="C:\WINDOWS\system32\taskmgr.exe:*:Enabled:ipsec"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:ipsec"
"c:\Documents and Settings\Spravce\Dokumenty\Stažené soubory\ComboFix.exe"="c:\Documents and Settings\Spravce\Dokumenty\Stažené soubory\ComboFix.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\wscntfy.exe"="C:\WINDOWS\system32\wscntfy.exe:*:Enabled:ipsec"
"C:\Program Files\HijackThis\HijackThis.exe"="C:\Program Files\HijackThis\HijackThis.exe:*:Enabled:ipsec"
"C:\ComboFix\CF5221.3XE"="C:\ComboFix\CF5221.3XE:*:Enabled:ipsec"
"C:\Program Files\ComboFix.exe"="C:\Program Files\ComboFix.exe:*:Enabled:ipsec"
"C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE"="C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE:*:Enabled:ipsec"
"C:\ComboFix\REGT.3XE"="C:\ComboFix\REGT.3XE:*:Enabled:ipsec"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"
"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"="C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE:*:Enabled:ipsec"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\System32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"vidc.ffds"=C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
======List of files/folders created in the last 1 month======
2012-08-12 00:03:10 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2012-08-12 00:03:10 ----A---- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2012-08-12 00:03:07 ----D---- C:\Program Files\Symantec
2012-08-11 23:59:21 ----D---- C:\WINDOWS\system32\drivers\NIS
2012-08-11 23:59:06 ----D---- C:\Program Files\Norton Internet Security
2012-08-11 23:59:05 ----D---- C:\Program Files\Windows Sidebar
2012-08-11 23:59:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2012-08-11 23:57:44 ----D---- C:\Program Files\NortonInstaller
2012-08-11 23:57:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
2012-08-10 18:56:46 ----AD---- C:\Kaspersky Rescue Disk 10.0
2012-08-10 13:01:00 ----A---- C:\TDSSKiller.2.7.48.0_10.08.2012_13.01.00_log.txt
2012-08-09 14:43:56 ----RA---- C:\Program Files\ComboFix.exe
2012-08-09 12:53:53 ----A---- C:\WINDOWS\system32\muweb.dll
2012-08-09 12:51:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-08-09 12:51:16 ----ASH---- C:\hiberfil.sys
2012-08-09 11:44:06 ----A---- C:\WINDOWS\ntbtlog.txt
2012-08-09 01:23:17 ----D---- C:\Program Files\trend micro
2012-08-09 01:23:15 ----D---- C:\rsit
2012-08-09 01:15:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-08-09 01:10:31 ----SD---- C:\WINDOWS\Tasks
2012-08-09 00:27:52 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2012-08-09 00:27:51 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2012-08-09 00:27:50 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2012-08-09 00:27:48 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2012-08-09 00:27:46 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2012-08-09 00:27:46 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2012-08-09 00:27:46 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2012-08-09 00:27:19 ----A---- C:\WINDOWS\system32\avastSS.scr
2012-08-09 00:27:19 ----A---- C:\WINDOWS\system32\aswBoot.exe
2012-08-08 21:48:01 ----A---- C:\Program Files\mwav.exe
2012-08-08 21:47:13 ----A---- C:\Program Files\kkkk.vbs
2012-08-08 20:13:15 ----D---- C:\Program Files\KZ
2012-08-08 17:20:58 ----A---- C:\WINDOWS\system32\msvcr80.dll
2012-08-08 17:20:56 ----A---- C:\WINDOWS\system32\msvcp80.dll
2012-08-08 17:20:54 ----A---- C:\WINDOWS\system32\msvcp90.dll
2012-08-08 17:20:53 ----A---- C:\WINDOWS\system32\msvcr90.dll
2012-08-08 17:20:42 ----A---- C:\WINDOWS\R.COM
2012-08-08 17:20:40 ----D---- C:\Program Files\Common Files\MicroWorld
2012-08-08 17:20:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2012-08-08 16:22:51 ----D---- C:\Program Files\UPM
2012-08-08 12:01:35 ----A---- C:\Program Files\SafeBootKeyRepair.exe
2012-08-07 14:01:45 ----D---- C:\ubuntu
2012-08-01 01:51:12 ----D---- C:\zzz
2012-08-01 01:48:51 ----D---- C:\Program Files\IsoBuster
2012-08-01 01:00:41 ----D---- C:\Program Files\HijackThis
2012-08-01 01:00:13 ----A---- C:\Boot.bak
2012-08-01 01:00:05 ----RASHD---- C:\cmdcons
2012-08-01 00:56:10 ----A---- C:\WINDOWS\zip.exe
2012-08-01 00:56:10 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-08-01 00:56:10 ----A---- C:\WINDOWS\SWSC.exe
2012-08-01 00:56:10 ----A---- C:\WINDOWS\SWREG.exe
2012-08-01 00:56:10 ----A---- C:\WINDOWS\sed.exe
2012-08-01 00:56:10 ----A---- C:\WINDOWS\PEV.exe
2012-08-01 00:56:10 ----A---- C:\WINDOWS\NIRCMD.exe
2012-08-01 00:56:10 ----A---- C:\WINDOWS\MBR.exe
2012-08-01 00:56:10 ----A---- C:\WINDOWS\grep.exe
2012-08-01 00:54:34 ----D---- C:\WINDOWS\ERDNT
2012-08-01 00:54:24 ----D---- C:\Qoobox
2012-07-29 13:10:53 ----D---- C:\zaloha_msts
2012-07-23 23:12:04 ----A---- C:\WINDOWS\d3dx.dat
2012-07-23 18:41:13 ----D---- C:\Documents and Settings\Spravce\Data aplikací\codeblocks
2012-07-23 18:40:04 ----D---- C:\Program Files\CodeBlocks
======List of files/folders modified in the last 1 month======
2012-08-12 14:06:31 ----D---- C:\WINDOWS\Temp
2012-08-12 14:06:30 ----D---- C:\WINDOWS\Prefetch
2012-08-12 13:59:53 ----D---- C:\WINDOWS\system32
2012-08-12 13:53:54 ----D---- C:\System Volume Information
2012-08-12 00:41:37 ----D---- C:\Program Files\Common Files\Symantec Shared
2012-08-12 00:34:12 ----A---- C:\WINDOWS\wincmd.ini
2012-08-12 00:03:10 ----D---- C:\WINDOWS\system32\drivers
2012-08-12 00:03:07 ----RD---- C:\Program Files
2012-08-11 12:10:44 ----A---- C:\WINDOWS\system32\WinFXDocObj.exe
2012-08-11 12:05:56 ----A---- C:\WINDOWS\system32\wscript.exe
2012-08-11 11:58:34 ----A---- C:\WINDOWS\system32\mmc.exe
2012-08-11 10:32:33 ----D---- C:\Train Store
2012-08-11 05:33:52 ----D---- C:\Train Simulator
2012-08-10 23:43:35 ----A---- C:\WINDOWS\regedit.exe
2012-08-10 23:42:36 ----A---- C:\WINDOWS\system32\taskmgr.exe
2012-08-10 23:39:15 ----A---- C:\WINDOWS\system32\zipfldr.dll
2012-08-10 13:01:41 ----D---- C:\WINDOWS\system32\CatRoot2
2012-08-10 12:35:39 ----D---- C:\WINDOWS\system32\Restore
2012-08-09 15:57:06 ----D---- C:\WINDOWS
2012-08-09 15:57:06 ----A---- C:\WINDOWS\system.ini
2012-08-09 15:51:18 ----D---- C:\WINDOWS\AppPatch
2012-08-09 15:51:10 ----D---- C:\Program Files\Common Files
2012-08-09 15:15:32 ----D---- C:\WINDOWS\system32\drivers\etc
2012-08-09 15:13:52 ----D---- C:\WINDOWS\system32\config
2012-08-09 12:52:44 ----D---- C:\WINDOWS\SoftwareDistribution
2012-08-09 00:27:37 ----SHD---- C:\WINDOWS\Installer
2012-08-09 00:27:37 ----D---- C:\Config.Msi
2012-08-09 00:27:34 ----D---- C:\WINDOWS\WinSxS
2012-08-09 00:27:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2012-08-09 00:26:07 ----D---- C:\TEMP
2012-08-08 23:52:18 ----D---- C:\Program Files\CCleaner
2012-08-08 23:25:00 ----D---- C:\Program Files\Mozilla Firefox
2012-08-08 20:10:07 ----A---- C:\WINDOWS\win.ini
2012-08-08 18:11:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-08-08 18:08:35 ----A---- C:\Program Files\Uninstall_CDS.exe
2012-08-08 18:04:51 ----A---- C:\Program Files\procexp.exe
2012-08-08 17:24:38 ----A---- C:\WINDOWS\system32\nwiz.exe
2012-08-08 15:42:38 ----D---- C:\Documents and Settings
2012-08-08 12:04:41 ----D---- C:\WINDOWS\repair
2012-08-07 14:08:53 ----RASH---- C:\boot.ini
2012-08-07 13:52:14 ----D---- C:\WINDOWS\system32\wbem
2012-08-07 13:52:13 ----D---- C:\WINDOWS\Registration
2012-08-07 13:27:38 ----D---- C:\WINDOWS\system32\NtmsData
2012-08-06 12:05:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
2012-08-01 01:48:29 ----D---- C:\Program Files\Internet Explorer
2012-07-29 13:29:32 ----D---- C:\WINDOWS\Minidump
2012-07-23 13:46:18 ----D---- C:\totalcmd
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 SymDS;Symantec Data Store; C:\WINDOWS\system32\drivers\NIS\1307010.005\SYMDS.SYS [2011-08-16 340088]
R0 SymEFA;Symantec Extended File Attributes; C:\WINDOWS\system32\drivers\NIS\1307010.005\SYMEFA.SYS [2012-03-29 905336]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-03-09 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-03-09 162640]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-03-09 46672]
R1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120804.001\BHDrvx86.sys []
R1 ccSet_NIS;Norton Internet Security Settings Manager; C:\WINDOWS\system32\drivers\NIS\1307010.005\ccSetx86.sys [2011-11-30 132744]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-02-20 218688]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 P3;Ovladač procesoru Intel PentiumIII; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-14 46592]
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NIS\1307010.005\SRTSP.SYS [2012-03-29 574072]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NIS\1307010.005\SRTSPX.SYS [2012-03-29 32888]
R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\NIS\1307010.005\Ironx86.SYS [2012-03-29 149624]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NIS\1307010.005\SYMTDI.SYS [2012-03-29 388216]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-03-09 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-03-09 100432]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-10-24 117760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20120810.001\IDSxpx86.sys []
R3 LVHybrid;LVHybrid service; C:\WINDOWS\system32\DRIVERS\LVHybrid.sys [2005-10-21 660736]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120811.008\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120811.008\NAVEX15.SYS []
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 asc3360pr;asc3360pr; \??\C:\WINDOWS\system32\drivers\lsnplq.sys []
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-03-09 23376]
S3 catchme;catchme; \??\C:\DOCUME~1\Spravce\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys [2001-10-24 907456]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2012-08-10 116104]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2012-08-10 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-28 138232]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 SimpTcp;Jednoduché služby TCP/IP; C:\WINDOWS\System32\tcpsvcs.exe [2001-10-25 19456]
R2 SNMP;SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-14 32768]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2012-08-08 704864]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LPDSVC;Tiskový server TCP/IP; C:\WINDOWS\System32\tcpsvcs.exe [2001-10-25 19456]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2012-08-08 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2012-08-08 271920]
S3 SNMPTRAP;Zachytávání pro službu SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2012-08-08 913920]
S4 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
-----------------EOF-----------------
Scan saved at 14:07:03, on 12.8.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\zzz\RSIT.exe
C:\Program Files\trend micro\Spravce.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5183 bytes
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Spravce\Data aplikací\Mozilla\Firefox\Profiles\0xuygufp.default
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"=C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"=C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files\real\realplayer\Netscape6\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files\real\realplayer\Netscape6\nprjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732]
"Description"=6.0.12.732
"Path"=c:\program files\real\realplayer\Netscape6\nprpjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@sun.com/npsopluginmi;version=1.0]
"Description"=
"Path"=C:\Program Files\OpenOffice.org 3\program
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Documents and Settings\Spravce\Data aplikací\Mozilla\Firefox\Profiles\0xuygufp.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-31 341600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08 202144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll [2012-05-10 502200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL [2012-03-29 210360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08 1619352]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll [2012-05-10 502200]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2012-08-08 2508104]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2012-08-08 767312]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2012-08-08 421888]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-03-09 2847160]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-08-10 1305408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe:*:Enabled:ipsec"
"C:\Program Files\QuickTime\qttask.exe"="C:\Program Files\QuickTime\qttask.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\nwiz.exe"="C:\WINDOWS\system32\nwiz.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\netsh.exe"="C:\WINDOWS\system32\netsh.exe:*:Enabled:ipsec"
"C:\Train Simulator\train.exe"="C:\Train Simulator\train.exe:*:Enabled:ipsec"
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe:*:Enabled:ipsec"
"C:\Program Files\Google\Update\GoogleUpdate.exe"="C:\Program Files\Google\Update\GoogleUpdate.exe:*:Enabled:ipsec"
"C:\Program Files\DAEMON Tools Lite\DTLite.exe"="C:\Program Files\DAEMON Tools Lite\DTLite.exe:*:Enabled:ipsec"
"C:\Program Files\Canon\MyPrinter\BJMyPrt.exe"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe:*:Enabled:ipsec"
"C:\Program Files\procexp.exe"="C:\Program Files\procexp.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\taskmgr.exe"="C:\WINDOWS\system32\taskmgr.exe:*:Enabled:ipsec"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:ipsec"
"c:\Documents and Settings\Spravce\Dokumenty\Stažené soubory\ComboFix.exe"="c:\Documents and Settings\Spravce\Dokumenty\Stažené soubory\ComboFix.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\wscntfy.exe"="C:\WINDOWS\system32\wscntfy.exe:*:Enabled:ipsec"
"C:\Program Files\HijackThis\HijackThis.exe"="C:\Program Files\HijackThis\HijackThis.exe:*:Enabled:ipsec"
"C:\ComboFix\CF5221.3XE"="C:\ComboFix\CF5221.3XE:*:Enabled:ipsec"
"C:\Program Files\ComboFix.exe"="C:\Program Files\ComboFix.exe:*:Enabled:ipsec"
"C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE"="C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE:*:Enabled:ipsec"
"C:\ComboFix\REGT.3XE"="C:\ComboFix\REGT.3XE:*:Enabled:ipsec"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"
"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"="C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE:*:Enabled:ipsec"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\System32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"vidc.ffds"=C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
======List of files/folders created in the last 1 month======
2012-08-12 00:03:10 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2012-08-12 00:03:10 ----A---- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2012-08-12 00:03:07 ----D---- C:\Program Files\Symantec
2012-08-11 23:59:21 ----D---- C:\WINDOWS\system32\drivers\NIS
2012-08-11 23:59:06 ----D---- C:\Program Files\Norton Internet Security
2012-08-11 23:59:05 ----D---- C:\Program Files\Windows Sidebar
2012-08-11 23:59:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2012-08-11 23:57:44 ----D---- C:\Program Files\NortonInstaller
2012-08-11 23:57:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
2012-08-10 18:56:46 ----AD---- C:\Kaspersky Rescue Disk 10.0
2012-08-10 13:01:00 ----A---- C:\TDSSKiller.2.7.48.0_10.08.2012_13.01.00_log.txt
2012-08-09 14:43:56 ----RA---- C:\Program Files\ComboFix.exe
2012-08-09 12:53:53 ----A---- C:\WINDOWS\system32\muweb.dll
2012-08-09 12:51:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-08-09 12:51:16 ----ASH---- C:\hiberfil.sys
2012-08-09 11:44:06 ----A---- C:\WINDOWS\ntbtlog.txt
2012-08-09 01:23:17 ----D---- C:\Program Files\trend micro
2012-08-09 01:23:15 ----D---- C:\rsit
2012-08-09 01:15:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-08-09 01:10:31 ----SD---- C:\WINDOWS\Tasks
2012-08-09 00:27:52 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2012-08-09 00:27:51 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2012-08-09 00:27:50 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2012-08-09 00:27:48 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2012-08-09 00:27:46 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2012-08-09 00:27:46 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2012-08-09 00:27:46 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2012-08-09 00:27:19 ----A---- C:\WINDOWS\system32\avastSS.scr
2012-08-09 00:27:19 ----A---- C:\WINDOWS\system32\aswBoot.exe
2012-08-08 21:48:01 ----A---- C:\Program Files\mwav.exe
2012-08-08 21:47:13 ----A---- C:\Program Files\kkkk.vbs
2012-08-08 20:13:15 ----D---- C:\Program Files\KZ
2012-08-08 17:20:58 ----A---- C:\WINDOWS\system32\msvcr80.dll
2012-08-08 17:20:56 ----A---- C:\WINDOWS\system32\msvcp80.dll
2012-08-08 17:20:54 ----A---- C:\WINDOWS\system32\msvcp90.dll
2012-08-08 17:20:53 ----A---- C:\WINDOWS\system32\msvcr90.dll
2012-08-08 17:20:42 ----A---- C:\WINDOWS\R.COM
2012-08-08 17:20:40 ----D---- C:\Program Files\Common Files\MicroWorld
2012-08-08 17:20:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2012-08-08 16:22:51 ----D---- C:\Program Files\UPM
2012-08-08 12:01:35 ----A---- C:\Program Files\SafeBootKeyRepair.exe
2012-08-07 14:01:45 ----D---- C:\ubuntu
2012-08-01 01:51:12 ----D---- C:\zzz
2012-08-01 01:48:51 ----D---- C:\Program Files\IsoBuster
2012-08-01 01:00:41 ----D---- C:\Program Files\HijackThis
2012-08-01 01:00:13 ----A---- C:\Boot.bak
2012-08-01 01:00:05 ----RASHD---- C:\cmdcons
2012-08-01 00:56:10 ----A---- C:\WINDOWS\zip.exe
2012-08-01 00:56:10 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-08-01 00:56:10 ----A---- C:\WINDOWS\SWSC.exe
2012-08-01 00:56:10 ----A---- C:\WINDOWS\SWREG.exe
2012-08-01 00:56:10 ----A---- C:\WINDOWS\sed.exe
2012-08-01 00:56:10 ----A---- C:\WINDOWS\PEV.exe
2012-08-01 00:56:10 ----A---- C:\WINDOWS\NIRCMD.exe
2012-08-01 00:56:10 ----A---- C:\WINDOWS\MBR.exe
2012-08-01 00:56:10 ----A---- C:\WINDOWS\grep.exe
2012-08-01 00:54:34 ----D---- C:\WINDOWS\ERDNT
2012-08-01 00:54:24 ----D---- C:\Qoobox
2012-07-29 13:10:53 ----D---- C:\zaloha_msts
2012-07-23 23:12:04 ----A---- C:\WINDOWS\d3dx.dat
2012-07-23 18:41:13 ----D---- C:\Documents and Settings\Spravce\Data aplikací\codeblocks
2012-07-23 18:40:04 ----D---- C:\Program Files\CodeBlocks
======List of files/folders modified in the last 1 month======
2012-08-12 14:06:31 ----D---- C:\WINDOWS\Temp
2012-08-12 14:06:30 ----D---- C:\WINDOWS\Prefetch
2012-08-12 13:59:53 ----D---- C:\WINDOWS\system32
2012-08-12 13:53:54 ----D---- C:\System Volume Information
2012-08-12 00:41:37 ----D---- C:\Program Files\Common Files\Symantec Shared
2012-08-12 00:34:12 ----A---- C:\WINDOWS\wincmd.ini
2012-08-12 00:03:10 ----D---- C:\WINDOWS\system32\drivers
2012-08-12 00:03:07 ----RD---- C:\Program Files
2012-08-11 12:10:44 ----A---- C:\WINDOWS\system32\WinFXDocObj.exe
2012-08-11 12:05:56 ----A---- C:\WINDOWS\system32\wscript.exe
2012-08-11 11:58:34 ----A---- C:\WINDOWS\system32\mmc.exe
2012-08-11 10:32:33 ----D---- C:\Train Store
2012-08-11 05:33:52 ----D---- C:\Train Simulator
2012-08-10 23:43:35 ----A---- C:\WINDOWS\regedit.exe
2012-08-10 23:42:36 ----A---- C:\WINDOWS\system32\taskmgr.exe
2012-08-10 23:39:15 ----A---- C:\WINDOWS\system32\zipfldr.dll
2012-08-10 13:01:41 ----D---- C:\WINDOWS\system32\CatRoot2
2012-08-10 12:35:39 ----D---- C:\WINDOWS\system32\Restore
2012-08-09 15:57:06 ----D---- C:\WINDOWS
2012-08-09 15:57:06 ----A---- C:\WINDOWS\system.ini
2012-08-09 15:51:18 ----D---- C:\WINDOWS\AppPatch
2012-08-09 15:51:10 ----D---- C:\Program Files\Common Files
2012-08-09 15:15:32 ----D---- C:\WINDOWS\system32\drivers\etc
2012-08-09 15:13:52 ----D---- C:\WINDOWS\system32\config
2012-08-09 12:52:44 ----D---- C:\WINDOWS\SoftwareDistribution
2012-08-09 00:27:37 ----SHD---- C:\WINDOWS\Installer
2012-08-09 00:27:37 ----D---- C:\Config.Msi
2012-08-09 00:27:34 ----D---- C:\WINDOWS\WinSxS
2012-08-09 00:27:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2012-08-09 00:26:07 ----D---- C:\TEMP
2012-08-08 23:52:18 ----D---- C:\Program Files\CCleaner
2012-08-08 23:25:00 ----D---- C:\Program Files\Mozilla Firefox
2012-08-08 20:10:07 ----A---- C:\WINDOWS\win.ini
2012-08-08 18:11:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-08-08 18:08:35 ----A---- C:\Program Files\Uninstall_CDS.exe
2012-08-08 18:04:51 ----A---- C:\Program Files\procexp.exe
2012-08-08 17:24:38 ----A---- C:\WINDOWS\system32\nwiz.exe
2012-08-08 15:42:38 ----D---- C:\Documents and Settings
2012-08-08 12:04:41 ----D---- C:\WINDOWS\repair
2012-08-07 14:08:53 ----RASH---- C:\boot.ini
2012-08-07 13:52:14 ----D---- C:\WINDOWS\system32\wbem
2012-08-07 13:52:13 ----D---- C:\WINDOWS\Registration
2012-08-07 13:27:38 ----D---- C:\WINDOWS\system32\NtmsData
2012-08-06 12:05:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
2012-08-01 01:48:29 ----D---- C:\Program Files\Internet Explorer
2012-07-29 13:29:32 ----D---- C:\WINDOWS\Minidump
2012-07-23 13:46:18 ----D---- C:\totalcmd
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 SymDS;Symantec Data Store; C:\WINDOWS\system32\drivers\NIS\1307010.005\SYMDS.SYS [2011-08-16 340088]
R0 SymEFA;Symantec Extended File Attributes; C:\WINDOWS\system32\drivers\NIS\1307010.005\SYMEFA.SYS [2012-03-29 905336]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-03-09 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-03-09 162640]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-03-09 46672]
R1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120804.001\BHDrvx86.sys []
R1 ccSet_NIS;Norton Internet Security Settings Manager; C:\WINDOWS\system32\drivers\NIS\1307010.005\ccSetx86.sys [2011-11-30 132744]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-02-20 218688]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 P3;Ovladač procesoru Intel PentiumIII; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-14 46592]
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NIS\1307010.005\SRTSP.SYS [2012-03-29 574072]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NIS\1307010.005\SRTSPX.SYS [2012-03-29 32888]
R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\NIS\1307010.005\Ironx86.SYS [2012-03-29 149624]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NIS\1307010.005\SYMTDI.SYS [2012-03-29 388216]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-03-09 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-03-09 100432]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-10-24 117760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20120810.001\IDSxpx86.sys []
R3 LVHybrid;LVHybrid service; C:\WINDOWS\system32\DRIVERS\LVHybrid.sys [2005-10-21 660736]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120811.008\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120811.008\NAVEX15.SYS []
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 asc3360pr;asc3360pr; \??\C:\WINDOWS\system32\drivers\lsnplq.sys []
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-03-09 23376]
S3 catchme;catchme; \??\C:\DOCUME~1\Spravce\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys [2001-10-24 907456]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2012-08-10 116104]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2012-08-10 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-28 138232]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 SimpTcp;Jednoduché služby TCP/IP; C:\WINDOWS\System32\tcpsvcs.exe [2001-10-25 19456]
R2 SNMP;SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-14 32768]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2012-08-08 704864]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LPDSVC;Tiskový server TCP/IP; C:\WINDOWS\System32\tcpsvcs.exe [2001-10-25 19456]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2012-08-08 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2012-08-08 271920]
S3 SNMPTRAP;Zachytávání pro službu SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2012-08-08 913920]
S4 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
-----------------EOF-----------------
-
truskawiec
- Návštěvník
- Příspěvky: 44
- Registrován: 09 srp 2012 10:51
Re: infikace
restartoval sem, vypada to dobre, potom jsem spustil nouzovy rezim, spustil se, nicmene tam zustava disable regedit a taskmgr v hodnote 1 a userova slozka je nadale nepristupna. Ale dostal sem se do nouzaku i podruhe.
-
truskawiec
- Návštěvník
- Příspěvky: 44
- Registrován: 09 srp 2012 10:51
Re: infikace
ted bohuzel musim valit, tak snad vecer to jeste projedu a log sem hodim. O cf neni co resit, v podstate je jasne, ze radci jako vy maji v lecktere takove podobne utilite prsty. A to je fajn. Snazim se taky lidem v tehle problematice pomoci a co se tyce ztraty urcitych dat, tak jsou samozrejme bezpecne zalohovana. Zatim diky a pekne odpoledne.
-
truskawiec
- Návštěvník
- Příspěvky: 44
- Registrován: 09 srp 2012 10:51
Re: infikace
mno....combofix se zahryzava u prvni faze, nedokonci nic bohuzel nechal sem to celou noc a nic z toho. Ten stroj by dneska uz mel byt ok, tak i kdyz to nerad rikam, nevim jestli pokracovat, nebo to vzdat...
-
truskawiec
- Návštěvník
- Příspěvky: 44
- Registrován: 09 srp 2012 10:51
Re: infikace
ani prd...akurat vyhodilo hlasku ze nelze spustit PEV.exe, jinak zadna zmena. Do nouzoveho rezimu se da dostat ale jsou tam stale restrikce. Normalni rezim je ok.
-
truskawiec
- Návštěvník
- Příspěvky: 44
- Registrován: 09 srp 2012 10:51
-
truskawiec
- Návštěvník
- Příspěvky: 44
- Registrován: 09 srp 2012 10:51
Re: infikace
ted musim zase letet pryc, jeste vecer na to kouknu, zatim diky
Přispějete na provoz fóra?