Logfile of random's system information tool 1.06 (written by random/random)
Run by ultramarin at 2010-02-01 12:19:33
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (25%) free of 30 GB
Total RAM: 2039 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:44, on 1.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Cobian Backup 8\Cobian.exe
C:\Program Files\ComInn\CiTisk\CITISK.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\smss32.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\UPS Widget\UPS_Widget.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ultramarin\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\ultramarin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe aqlb.hjo lhoweid
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {30F741C2-1230-4A1B-8F61-904DC786FDF9} - C:\WINDOWS\system32\mlJaWpnM.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: (no name) - {D976B84B-808C-4357-9CBB-55BF1F7CEBE7} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [UPS Widget] "C:\Program Files\UPS Widget\UPS_Widget.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Cobian Backup 8] "C:\Program Files\Cobian Backup 8\Cobian.exe"
O4 - HKLM\..\Run: [CiTisk] C:\Program Files\ComInn\CiTisk\CITISK.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Policies\Explorer\Run: [system] C:\WINDOWS\sys.exe f
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2649422F-51EB-4575-9511-71B4A10C0DBD}: NameServer = 192.168.1.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{2649422F-51EB-4575-9511-71B4A10C0DBD}: NameServer = 192.168.1.100
O17 - HKLM\System\CS3\Services\Tcpip\..\{2649422F-51EB-4575-9511-71B4A10C0DBD}: NameServer = 192.168.1.100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: jkkjiJBr - C:\WINDOWS\
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O24 - Desktop Component 0: (no name) - http://www2.jackdaniels.com/images/Engl ... nstc-b.jpg
--
End of file - 8706 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\User_Feed_Synchronization-{567FFAB9-6EE7-401E-90F9-1041C9D7B51E}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F741C2-1230-4A1B-8F61-904DC786FDF9}]
C:\WINDOWS\system32\mlJaWpnM.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-26 263280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-09 764912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D976B84B-808C-4357-9CBB-55BF1F7CEBE7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-26 263280]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UPS Widget"=C:\Program Files\UPS Widget\UPS_Widget.exe [2008-01-10 759728]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-10 16126464]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2006-08-16 94208]
"NWEReboot"= []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-07-24 63048]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2006-08-16 98304]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-08-16 114688]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"Cobian Backup 8"=C:\Program Files\Cobian Backup 8\Cobian.exe [2006-08-25 499200]
"CiTisk"=C:\Program Files\ComInn\CiTisk\CITISK.exe [2008-06-10 890880]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"smss32.exe"=C:\WINDOWS\system32\smss32.exe [2010-01-29 33280]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-08-16 39408]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"system"=C:\WINDOWS\sys.exe f []
C:\Documents and Settings\ultramarin\Nabídka Start\Programy\Po spuštění
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-08-16 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkjiJBr]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2009-10-02 87352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
"{D976B84B-808C-4357-9CBB-55BF1F7CEBE7}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\mlJaWpnM
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSetActiveDesktop"=1
"NoActiveDesktopChanges"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=
"NoResolveTrack"=
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\msupdate.exe"="C:\WINDOWS\system32\msupdate.exe:*:Enabled:msupdate"
"C:\Program Files\UPS Widget\UPS_Widget.exe"="C:\Program Files\UPS Widget\UPS_Widget.exe"
"C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe"="C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe:*:Enabled:fbserver.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\UPS Widget\UPS_Widget.exe"="C:\Program Files\UPS Widget\UPS_Widget.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1ce06ab-c3d4-11dd-b7fe-001e8c5e9cd9}]
shell\AutoRun\command - F:\LaunchU3.exe -a
======List of files/folders created in the last 1 months======
2010-02-01 12:19:33 ----D---- C:\rsit
2010-02-01 12:19:33 ----D---- C:\Program Files\trend micro
2010-02-01 12:10:16 ----A---- C:\WINDOWS\system32\6224.exe
2010-02-01 11:50:15 ----A---- C:\WINDOWS\system32\30303.exe
2010-02-01 11:30:10 ----A---- C:\WINDOWS\system32\22798.exe
2010-02-01 11:10:09 ----A---- C:\WINDOWS\system32\31556.exe
2010-02-01 10:50:09 ----A---- C:\WINDOWS\system32\16519.exe
2010-02-01 10:30:09 ----A---- C:\WINDOWS\system32\5249.exe
2010-02-01 10:10:09 ----A---- C:\WINDOWS\system32\20600.exe
2010-02-01 09:50:09 ----A---- C:\WINDOWS\system32\17451.exe
2010-02-01 09:30:09 ----A---- C:\WINDOWS\system32\18935.exe
2010-02-01 09:10:09 ----A---- C:\WINDOWS\system32\7616.exe
2010-02-01 08:50:09 ----A---- C:\WINDOWS\system32\14309.exe
2010-02-01 08:30:08 ----A---- C:\WINDOWS\system32\9514.exe
2010-02-01 08:10:08 ----A---- C:\WINDOWS\system32\22813.exe
2010-02-01 07:50:08 ----A---- C:\WINDOWS\system32\6617.exe
2010-02-01 07:30:08 ----A---- C:\WINDOWS\system32\14310.exe
2010-02-01 07:10:08 ----A---- C:\WINDOWS\system32\2421.exe
2010-02-01 06:50:08 ----A---- C:\WINDOWS\system32\17807.exe
2010-02-01 06:30:08 ----A---- C:\WINDOWS\system32\22483.exe
2010-02-01 06:10:08 ----A---- C:\WINDOWS\system32\24648.exe
2010-02-01 05:50:07 ----A---- C:\WINDOWS\system32\14893.exe
2010-02-01 05:30:07 ----A---- C:\WINDOWS\system32\3728.exe
2010-02-01 05:10:07 ----A---- C:\WINDOWS\system32\467.exe
2010-02-01 04:50:07 ----A---- C:\WINDOWS\system32\18127.exe
2010-02-01 04:30:07 ----A---- C:\WINDOWS\system32\3788.exe
2010-02-01 04:10:07 ----A---- C:\WINDOWS\system32\6900.exe
2010-02-01 03:50:07 ----A---- C:\WINDOWS\system32\27938.exe
2010-02-01 03:30:06 ----A---- C:\WINDOWS\system32\26418.exe
2010-02-01 03:10:06 ----A---- C:\WINDOWS\system32\1999.exe
2010-02-01 02:50:06 ----A---- C:\WINDOWS\system32\53.exe
2010-02-01 02:30:06 ----A---- C:\WINDOWS\system32\4734.exe
2010-02-01 02:10:06 ----A---- C:\WINDOWS\system32\8281.exe
2010-02-01 01:50:05 ----A---- C:\WINDOWS\system32\24484.exe
2010-02-01 01:30:05 ----A---- C:\WINDOWS\system32\19668.exe
2010-02-01 01:10:05 ----A---- C:\WINDOWS\system32\23199.exe
2010-02-01 00:50:05 ----A---- C:\WINDOWS\system32\27348.exe
2010-02-01 00:30:05 ----A---- C:\WINDOWS\system32\24021.exe
2010-02-01 00:10:05 ----A---- C:\WINDOWS\system32\4596.exe
2010-01-31 23:50:04 ----A---- C:\WINDOWS\system32\11020.exe
2010-01-31 23:30:04 ----A---- C:\WINDOWS\system32\9374.exe
2010-01-31 23:10:04 ----A---- C:\WINDOWS\system32\30836.exe
2010-01-31 22:50:04 ----A---- C:\WINDOWS\system32\10291.exe
2010-01-31 22:30:04 ----A---- C:\WINDOWS\system32\24350.exe
2010-01-31 22:10:03 ----A---- C:\WINDOWS\system32\3602.exe
2010-01-31 21:50:03 ----A---- C:\WINDOWS\system32\4041.exe
2010-01-31 21:30:03 ----A---- C:\WINDOWS\system32\27595.exe
2010-01-31 21:10:02 ----A---- C:\WINDOWS\system32\6483.exe
2010-01-31 20:49:50 ----A---- C:\WINDOWS\system32\21548.exe
2010-01-31 20:29:33 ----A---- C:\WINDOWS\system32\20537.exe
2010-01-31 17:37:27 ----A---- C:\WINDOWS\system32\32591.exe
2010-01-31 17:17:27 ----A---- C:\WINDOWS\system32\900.exe
2010-01-31 16:57:27 ----A---- C:\WINDOWS\system32\29168.exe
2010-01-31 16:37:27 ----A---- C:\WINDOWS\system32\16413.exe
2010-01-31 16:17:26 ----A---- C:\WINDOWS\system32\13030.exe
2010-01-31 15:57:26 ----A---- C:\WINDOWS\system32\27506.exe
2010-01-31 15:37:26 ----A---- C:\WINDOWS\system32\24946.exe
2010-01-31 15:17:26 ----A---- C:\WINDOWS\system32\6422.exe
2010-01-31 14:57:26 ----A---- C:\WINDOWS\system32\18588.exe
2010-01-31 14:37:26 ----A---- C:\WINDOWS\system32\24221.exe
2010-01-31 14:17:25 ----A---- C:\WINDOWS\system32\9758.exe
2010-01-31 13:57:25 ----A---- C:\WINDOWS\system32\32209.exe
2010-01-31 13:37:25 ----A---- C:\WINDOWS\system32\8909.exe
2010-01-31 13:17:25 ----A---- C:\WINDOWS\system32\14945.exe
2010-01-31 12:57:25 ----A---- C:\WINDOWS\system32\10383.exe
2010-01-31 12:37:25 ----A---- C:\WINDOWS\system32\27753.exe
2010-01-31 12:17:25 ----A---- C:\WINDOWS\system32\12287.exe
2010-01-31 11:57:25 ----A---- C:\WINDOWS\system32\15457.exe
2010-01-31 11:37:24 ----A---- C:\WINDOWS\system32\11337.exe
2010-01-31 11:17:24 ----A---- C:\WINDOWS\system32\18007.exe
2010-01-31 10:57:24 ----A---- C:\WINDOWS\system32\30191.exe
2010-01-31 10:37:24 ----A---- C:\WINDOWS\system32\31107.exe
2010-01-31 10:17:23 ----A---- C:\WINDOWS\system32\3430.exe
2010-01-31 09:57:23 ----A---- C:\WINDOWS\system32\13966.exe
2010-01-31 09:37:23 ----A---- C:\WINDOWS\system32\21724.exe
2010-01-31 09:17:23 ----A---- C:\WINDOWS\system32\16941.exe
2010-01-31 08:57:23 ----A---- C:\WINDOWS\system32\1150.exe
2010-01-31 08:37:22 ----A---- C:\WINDOWS\system32\27350.exe
2010-01-31 08:17:22 ----A---- C:\WINDOWS\system32\12052.exe
2010-01-31 07:57:22 ----A---- C:\WINDOWS\system32\4031.exe
2010-01-31 07:37:22 ----A---- C:\WINDOWS\system32\15574.exe
2010-01-31 07:17:22 ----A---- C:\WINDOWS\system32\23655.exe
2010-01-31 06:57:22 ----A---- C:\WINDOWS\system32\24767.exe
2010-01-31 06:37:22 ----A---- C:\WINDOWS\system32\22355.exe
2010-01-31 06:17:22 ----A---- C:\WINDOWS\system32\18636.exe
2010-01-31 05:57:21 ----A---- C:\WINDOWS\system32\9161.exe
2010-01-31 05:37:21 ----A---- C:\WINDOWS\system32\13290.exe
2010-01-31 05:17:21 ----A---- C:\WINDOWS\system32\23986.exe
2010-01-31 04:57:21 ----A---- C:\WINDOWS\system32\16512.exe
2010-01-31 04:37:21 ----A---- C:\WINDOWS\system32\5097.exe
2010-01-31 04:17:21 ----A---- C:\WINDOWS\system32\15573.exe
2010-01-31 03:57:21 ----A---- C:\WINDOWS\system32\26777.exe
2010-01-31 03:37:21 ----A---- C:\WINDOWS\system32\5829.exe
2010-01-31 03:17:20 ----A---- C:\WINDOWS\system32\6270.exe
2010-01-31 02:57:20 ----A---- C:\WINDOWS\system32\19072.exe
2010-01-31 02:37:20 ----A---- C:\WINDOWS\system32\26924.exe
2010-01-31 02:17:20 ----A---- C:\WINDOWS\system32\28745.exe
2010-01-31 01:57:20 ----A---- C:\WINDOWS\system32\5021.exe
2010-01-31 01:37:20 ----A---- C:\WINDOWS\system32\22386.exe
2010-01-31 01:17:19 ----A---- C:\WINDOWS\system32\31673.exe
2010-01-31 00:57:19 ----A---- C:\WINDOWS\system32\2306.exe
2010-01-31 00:37:19 ----A---- C:\WINDOWS\system32\13977.exe
2010-01-31 00:17:19 ----A---- C:\WINDOWS\system32\9930.exe
2010-01-30 23:57:19 ----A---- C:\WINDOWS\system32\22704.exe
2010-01-30 23:37:18 ----A---- C:\WINDOWS\system32\29658.exe
2010-01-30 23:17:18 ----A---- C:\WINDOWS\system32\4639.exe
2010-01-30 22:57:18 ----A---- C:\WINDOWS\system32\31115.exe
2010-01-30 22:37:17 ----A---- C:\WINDOWS\system32\4833.exe
2010-01-30 22:17:17 ----A---- C:\WINDOWS\system32\16541.exe
2010-01-30 21:57:17 ----A---- C:\WINDOWS\system32\22929.exe
2010-01-30 21:37:17 ----A---- C:\WINDOWS\system32\2082.exe
2010-01-30 21:17:16 ----A---- C:\WINDOWS\system32\16118.exe
2010-01-30 20:57:15 ----A---- C:\WINDOWS\system32\21538.exe
2010-01-30 20:37:15 ----A---- C:\WINDOWS\system32\5537.exe
2010-01-30 20:17:15 ----A---- C:\WINDOWS\system32\11323.exe
2010-01-30 19:57:14 ----A---- C:\WINDOWS\system32\24626.exe
2010-01-30 19:37:14 ----A---- C:\WINDOWS\system32\32439.exe
2010-01-30 19:17:14 ----A---- C:\WINDOWS\system32\16944.exe
2010-01-30 18:57:14 ----A---- C:\WINDOWS\system32\26308.exe
2010-01-30 18:37:13 ----A---- C:\WINDOWS\system32\13931.exe
2010-01-30 18:17:11 ----A---- C:\WINDOWS\system32\7376.exe
2010-01-30 17:57:11 ----A---- C:\WINDOWS\system32\4966.exe
2010-01-30 17:37:11 ----A---- C:\WINDOWS\system32\11840.exe
2010-01-30 17:17:11 ----A---- C:\WINDOWS\system32\18756.exe
2010-01-30 16:57:11 ----A---- C:\WINDOWS\system32\19954.exe
2010-01-30 16:37:11 ----A---- C:\WINDOWS\system32\24084.exe
2010-01-30 16:17:10 ----A---- C:\WINDOWS\system32\12623.exe
2010-01-30 15:57:10 ----A---- C:\WINDOWS\system32\19629.exe
2010-01-30 15:37:10 ----A---- C:\WINDOWS\system32\3548.exe
2010-01-30 15:17:10 ----A---- C:\WINDOWS\system32\24393.exe
2010-01-30 14:57:10 ----A---- C:\WINDOWS\system32\31101.exe
2010-01-30 14:37:10 ----A---- C:\WINDOWS\system32\15006.exe
2010-01-30 14:17:10 ----A---- C:\WINDOWS\system32\15350.exe
2010-01-30 13:57:10 ----A---- C:\WINDOWS\system32\24370.exe
2010-01-30 13:37:09 ----A---- C:\WINDOWS\system32\6729.exe
2010-01-30 13:17:09 ----A---- C:\WINDOWS\system32\15890.exe
2010-01-30 12:57:09 ----A---- C:\WINDOWS\system32\23805.exe
2010-01-30 12:37:09 ----A---- C:\WINDOWS\system32\27446.exe
2010-01-30 12:17:09 ----A---- C:\WINDOWS\system32\22648.exe
2010-01-30 11:57:09 ----A---- C:\WINDOWS\system32\19264.exe
2010-01-30 11:37:08 ----A---- C:\WINDOWS\system32\8942.exe
2010-01-30 11:17:08 ----A---- C:\WINDOWS\system32\9040.exe
2010-01-30 10:57:08 ----A---- C:\WINDOWS\system32\30106.exe
2010-01-30 10:37:08 ----A---- C:\WINDOWS\system32\288.exe
2010-01-30 10:17:07 ----A---- C:\WINDOWS\system32\1842.exe
2010-01-30 09:57:07 ----A---- C:\WINDOWS\system32\22190.exe
2010-01-30 09:37:07 ----A---- C:\WINDOWS\system32\3035.exe
2010-01-30 09:17:07 ----A---- C:\WINDOWS\system32\12316.exe
2010-01-30 08:57:07 ----A---- C:\WINDOWS\system32\778.exe
2010-01-30 08:37:07 ----A---- C:\WINDOWS\system32\27529.exe
2010-01-30 08:17:07 ----A---- C:\WINDOWS\system32\9741.exe
2010-01-30 07:57:07 ----A---- C:\WINDOWS\system32\8723.exe
2010-01-30 07:37:06 ----A---- C:\WINDOWS\system32\12859.exe
2010-01-30 07:17:06 ----A---- C:\WINDOWS\system32\20037.exe
2010-01-30 06:57:06 ----A---- C:\WINDOWS\system32\32757.exe
2010-01-30 06:37:06 ----A---- C:\WINDOWS\system32\32662.exe
2010-01-30 06:17:06 ----A---- C:\WINDOWS\system32\27644.exe
2010-01-30 05:57:06 ----A---- C:\WINDOWS\system32\25547.exe
2010-01-30 05:37:06 ----A---- C:\WINDOWS\system32\6868.exe
2010-01-30 05:17:06 ----A---- C:\WINDOWS\system32\28253.exe
2010-01-30 04:57:05 ----A---- C:\WINDOWS\system32\7711.exe
2010-01-30 04:37:05 ----A---- C:\WINDOWS\system32\15141.exe
2010-01-30 04:17:05 ----A---- C:\WINDOWS\system32\4664.exe
2010-01-30 03:57:05 ----A---- C:\WINDOWS\system32\17673.exe
2010-01-30 03:37:05 ----A---- C:\WINDOWS\system32\30333.exe
2010-01-30 03:17:05 ----A---- C:\WINDOWS\system32\31322.exe
2010-01-30 02:57:05 ----A---- C:\WINDOWS\system32\23811.exe
2010-01-30 02:37:05 ----A---- C:\WINDOWS\system32\28703.exe
2010-01-30 02:17:04 ----A---- C:\WINDOWS\system32\9894.exe
2010-01-30 01:57:04 ----A---- C:\WINDOWS\system32\17035.exe
2010-01-30 01:37:04 ----A---- C:\WINDOWS\system32\26299.exe
2010-01-30 01:17:04 ----A---- C:\WINDOWS\system32\25667.exe
2010-01-30 00:57:04 ----A---- C:\WINDOWS\system32\19912.exe
2010-01-30 00:37:04 ----A---- C:\WINDOWS\system32\1869.exe
2010-01-30 00:17:04 ----A---- C:\WINDOWS\system32\11538.exe
2010-01-29 23:57:03 ----A---- C:\WINDOWS\system32\14771.exe
2010-01-29 23:37:03 ----A---- C:\WINDOWS\system32\21726.exe
2010-01-29 23:17:03 ----A---- C:\WINDOWS\system32\5447.exe
2010-01-29 23:02:03 ----SHD---- C:\Config.Msi
2010-01-29 22:57:03 ----A---- C:\WINDOWS\system32\19895.exe
2010-01-29 22:37:03 ----A---- C:\WINDOWS\system32\19718.exe
2010-01-29 22:17:03 ----A---- C:\WINDOWS\system32\18716.exe
2010-01-29 21:57:02 ----A---- C:\WINDOWS\system32\17421.exe
2010-01-29 21:37:02 ----A---- C:\WINDOWS\system32\12382.exe
2010-01-29 21:17:02 ----A---- C:\WINDOWS\system32\292.exe
2010-01-29 20:57:02 ----A---- C:\WINDOWS\system32\153.exe
2010-01-29 20:37:02 ----A---- C:\WINDOWS\system32\3902.exe
2010-01-29 20:17:01 ----A---- C:\WINDOWS\system32\14604.exe
2010-01-29 19:57:01 ----A---- C:\WINDOWS\system32\32391.exe
2010-01-29 19:37:01 ----A---- C:\WINDOWS\system32\5436.exe
2010-01-29 19:17:01 ----A---- C:\WINDOWS\system32\4827.exe
2010-01-29 18:57:01 ----A---- C:\WINDOWS\system32\11942.exe
2010-01-29 18:37:01 ----A---- C:\WINDOWS\system32\2995.exe
2010-01-29 18:17:00 ----A---- C:\WINDOWS\system32\491.exe
2010-01-29 17:57:00 ----A---- C:\WINDOWS\system32\9961.exe
2010-01-29 17:36:59 ----A---- C:\WINDOWS\system32\16827.exe
2010-01-29 17:16:59 ----A---- C:\WINDOWS\system32\23281.exe
2010-01-29 16:56:59 ----A---- C:\WINDOWS\system32\28145.exe
2010-01-29 16:36:59 ----A---- C:\WINDOWS\system32\5705.exe
2010-01-29 16:16:59 ----A---- C:\WINDOWS\system32\24464.exe
2010-01-29 15:56:58 ----A---- C:\WINDOWS\system32\26962.exe
2010-01-29 15:36:58 ----A---- C:\WINDOWS\system32\29358.exe
2010-01-29 15:16:58 ----A---- C:\WINDOWS\system32\11478.exe
2010-01-29 14:56:58 ----A---- C:\WINDOWS\system32\15724.exe
2010-01-29 14:36:58 ----A---- C:\WINDOWS\system32\19169.exe
2010-01-29 14:16:58 ----A---- C:\WINDOWS\system32\26500.exe
2010-01-29 13:56:58 ----A---- C:\WINDOWS\system32\6334.exe
2010-01-29 13:36:57 ----A---- C:\WINDOWS\system32\18467.exe
2010-01-29 13:16:57 ----A---- C:\WINDOWS\system32\IS15.exe
2010-01-29 13:16:57 ----A---- C:\WINDOWS\system32\41.exe
2010-01-29 13:16:42 ----A---- C:\WINDOWS\system32\helper32.dll
2010-01-29 13:14:20 ----A---- C:\WINDOWS\system32\winlogon32.exe
2010-01-29 13:14:20 ----A---- C:\WINDOWS\system32\smss32.exe
2010-01-14 03:02:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-14 03:02:00 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-05 13:12:54 ----D---- C:\WINDOWS\system32\CatRoot_bak
======List of files/folders modified in the last 1 months======
2010-02-01 12:19:37 ----D---- C:\WINDOWS\Prefetch
2010-02-01 12:19:33 ----RD---- C:\Program Files
2010-02-01 12:18:39 ----D---- C:\Program Files\Mozilla Firefox
2010-02-01 12:10:16 ----D---- C:\WINDOWS\system32
2010-02-01 11:57:40 ----D---- C:\WINDOWS\Temp
2010-02-01 11:53:30 ----D---- C:\Program Files\LogMeIn
2010-01-29 23:13:45 ----SHD---- C:\WINDOWS\Installer
2010-01-29 23:13:43 ----D---- C:\WINDOWS\WinSxS
2010-01-29 23:12:43 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-29 20:50:34 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-27 23:46:24 ----D---- C:\Documents and Settings\ultramarin\Data aplikací\OpenOffice.org2
2010-01-27 23:45:55 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-27 23:44:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-26 11:53:08 ----SHD---- C:\WINDOWS\CSC
2010-01-23 15:54:58 ----D---- C:\WINDOWS
2010-01-23 03:16:51 ----D---- C:\Program Files\Internet Explorer
2010-01-23 03:00:54 ----HD---- C:\WINDOWS\inf
2010-01-23 03:00:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-23 03:00:44 ----D---- C:\WINDOWS\system32\cs-cz
2010-01-23 03:00:36 ----D---- C:\WINDOWS\ie7updates
2010-01-22 13:20:46 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-14 03:18:03 ----D---- C:\WINDOWS\AppPatch
2010-01-14 03:02:12 ----A---- C:\WINDOWS\imsins.BAK
2010-01-05 13:13:25 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-05 10:58:03 ----N---- C:\WINDOWS\system32\occache.dll
2010-01-05 10:58:03 ----A---- C:\WINDOWS\system32\wininet.dll
2010-01-05 10:58:03 ----A---- C:\WINDOWS\system32\webcheck.dll
2010-01-05 10:58:03 ----A---- C:\WINDOWS\system32\urlmon.dll
2010-01-05 10:58:03 ----A---- C:\WINDOWS\system32\url.dll
2010-01-05 10:58:03 ----A---- C:\WINDOWS\system32\pngfilt.dll
2010-01-05 10:58:02 ----N---- C:\WINDOWS\system32\mstime.dll
2010-01-05 10:58:02 ----A---- C:\WINDOWS\system32\msrating.dll
2010-01-05 10:58:02 ----A---- C:\WINDOWS\system32\mshtmled.dll
2010-01-05 10:58:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2010-01-05 10:58:01 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2010-01-05 10:58:01 ----A---- C:\WINDOWS\system32\msfeeds.dll
2010-01-05 10:58:00 ----N---- C:\WINDOWS\system32\jsproxy.dll
2010-01-05 10:58:00 ----N---- C:\WINDOWS\system32\iernonce.dll
2010-01-05 10:58:00 ----A---- C:\WINDOWS\system32\iertutil.dll
2010-01-05 10:58:00 ----A---- C:\WINDOWS\system32\iepeers.dll
2010-01-05 10:58:00 ----A---- C:\WINDOWS\system32\ieframe.dll
2010-01-05 10:57:59 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2010-01-05 10:57:59 ----A---- C:\WINDOWS\system32\ieencode.dll
2010-01-05 10:57:58 ----N---- C:\WINDOWS\system32\ieaksie.dll
2010-01-05 10:57:58 ----N---- C:\WINDOWS\system32\ieakeng.dll
2010-01-05 10:57:58 ----N---- C:\WINDOWS\system32\extmgr.dll
2010-01-05 10:57:58 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2010-01-05 10:57:58 ----A---- C:\WINDOWS\system32\icardie.dll
2010-01-05 10:57:58 ----A---- C:\WINDOWS\system32\dxtrans.dll
2010-01-05 10:57:58 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2010-01-05 10:57:58 ----A---- C:\WINDOWS\system32\corpol.dll
2010-01-05 10:57:58 ----A---- C:\WINDOWS\system32\advpack.dll
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-11-01 35840]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-08-16 1109568]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-10 4397568]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-14 5810]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 a9t9x28r;a9t9x28r; C:\WINDOWS\system32\drivers\a9t9x28r.sys []
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 RT73;D-Link USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\Dr71WU.sys [2005-11-03 245504]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2004-12-13 65536]
R2 Iprip;Naslouchání RIP; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2009-10-02 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-07-24 63040]
R2 SimpTcp;Jednoduché služby TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2007-10-29 19456]
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2004-12-13 1527893]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2005-10-19 49152]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-16 182768]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 p2pgasvc;Ověřování v síti skupiny rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Správce identit sítě rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Síť rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 PNRPSvc;Protokol PNRP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
nejde otevrit outlook a u hodin křížek kupte si antivirus
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: nejde otevrit outlook a u hodin křížek kupte si antivirus
v červenym kolečku křížek - odkaz sem http://buy-internet-security10.com/buy/?code=0001384
Re: nejde otevrit outlook a u hodin křížek kupte si antivirus
hroza hrozna
Presun ComboFix
na plochu (ak tam este nie je)
otvor si Poznamkovy blok - notepad
do neho zkopiruj skript z nasledujiceho okna:
uloz vytvoreny textovy soubor ako CFScript.txt na plochu
po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:
po aplikacii by mal vzniknut dalsi log, ten vloz sem
Presun ComboFix
na plochu (ak tam este nie je)
otvor si Poznamkovy blok - notepad
do neho zkopiruj skript z nasledujiceho okna:
Kód: Vybrat vše
File::
C:\WINDOWS\system32\smss32.exe
C:\WINDOWS\sys.exe
C:\WINDOWS\system32\winlogon32.exe
po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:
po aplikacii by mal vzniknut dalsi log, ten vloz sem
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: nejde otevrit outlook a u hodin křížek kupte si antivirus
spustel jsem combofix už předtím a zž je to v pohode
ComboFix 10-01-31.03 - ultramarin 01.02.2010 12:30:43.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2039.1646 [GMT 1:00]
Spuštěný z: c:\documents and settings\ultramarin\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\ultramarin\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
c:\documents and settings\ultramarin\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg
c:\documents and settings\ultramarin\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml
c:\documents and settings\ultramarin\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx
c:\documents and settings\ultramarin\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico
c:\documents and settings\ultramarin\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll
c:\documents and settings\ultramarin\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe
c:\documents and settings\ultramarin\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat
c:\windows\system32\10291.exe
c:\windows\system32\10383.exe
c:\windows\system32\11020.exe
c:\windows\system32\11323.exe
c:\windows\system32\11337.exe
c:\windows\system32\11478.exe
c:\windows\system32\1150.exe
c:\windows\system32\11538.exe
c:\windows\system32\11840.exe
c:\windows\system32\11942.exe
c:\windows\system32\12052.exe
c:\windows\system32\12287.exe
c:\windows\system32\12316.exe
c:\windows\system32\12382.exe
c:\windows\system32\12623.exe
c:\windows\system32\12859.exe
c:\windows\system32\13030.exe
c:\windows\system32\13290.exe
c:\windows\system32\13931.exe
c:\windows\system32\13966.exe
c:\windows\system32\13977.exe
c:\windows\system32\14309.exe
c:\windows\system32\14310.exe
c:\windows\system32\14604.exe
c:\windows\system32\14771.exe
c:\windows\system32\14893.exe
c:\windows\system32\14945.exe
c:\windows\system32\15006.exe
c:\windows\system32\15141.exe
c:\windows\system32\153.exe
c:\windows\system32\15350.exe
c:\windows\system32\15457.exe
c:\windows\system32\15573.exe
c:\windows\system32\15574.exe
c:\windows\system32\15724.exe
c:\windows\system32\15890.exe
c:\windows\system32\16118.exe
c:\windows\system32\16413.exe
c:\windows\system32\16512.exe
c:\windows\system32\16519.exe
c:\windows\system32\16541.exe
c:\windows\system32\16827.exe
c:\windows\system32\16941.exe
c:\windows\system32\16944.exe
c:\windows\system32\17035.exe
c:\windows\system32\17421.exe
c:\windows\system32\17451.exe
c:\windows\system32\17673.exe
c:\windows\system32\17807.exe
c:\windows\system32\18007.exe
c:\windows\system32\18127.exe
c:\windows\system32\1842.exe
c:\windows\system32\18467.exe
c:\windows\system32\18588.exe
c:\windows\system32\18636.exe
c:\windows\system32\1869.exe
c:\windows\system32\18716.exe
c:\windows\system32\18756.exe
c:\windows\system32\18935.exe
c:\windows\system32\19072.exe
c:\windows\system32\19169.exe
c:\windows\system32\19264.exe
c:\windows\system32\19629.exe
c:\windows\system32\19668.exe
c:\windows\system32\19718.exe
c:\windows\system32\19895.exe
c:\windows\system32\19912.exe
c:\windows\system32\19954.exe
c:\windows\system32\1999.exe
c:\windows\system32\20037.exe
c:\windows\system32\20537.exe
c:\windows\system32\20600.exe
c:\windows\system32\2082.exe
c:\windows\system32\21538.exe
c:\windows\system32\21548.exe
c:\windows\system32\21724.exe
c:\windows\system32\21726.exe
c:\windows\system32\22190.exe
c:\windows\system32\22355.exe
c:\windows\system32\22386.exe
c:\windows\system32\22483.exe
c:\windows\system32\22648.exe
c:\windows\system32\22704.exe
c:\windows\system32\22798.exe
c:\windows\system32\22813.exe
c:\windows\system32\22929.exe
c:\windows\system32\2306.exe
c:\windows\system32\23199.exe
c:\windows\system32\23281.exe
c:\windows\system32\23655.exe
c:\windows\system32\23805.exe
c:\windows\system32\23811.exe
c:\windows\system32\23986.exe
c:\windows\system32\24021.exe
c:\windows\system32\24084.exe
c:\windows\system32\2421.exe
c:\windows\system32\24221.exe
c:\windows\system32\24350.exe
c:\windows\system32\24370.exe
c:\windows\system32\24393.exe
c:\windows\system32\24464.exe
c:\windows\system32\24484.exe
c:\windows\system32\24626.exe
c:\windows\system32\24648.exe
c:\windows\system32\24767.exe
c:\windows\system32\24946.exe
c:\windows\system32\25547.exe
c:\windows\system32\25667.exe
c:\windows\system32\26299.exe
c:\windows\system32\26308.exe
c:\windows\system32\26418.exe
c:\windows\system32\26500.exe
c:\windows\system32\26777.exe
c:\windows\system32\26924.exe
c:\windows\system32\26962.exe
c:\windows\system32\27348.exe
c:\windows\system32\27350.exe
c:\windows\system32\27446.exe
c:\windows\system32\27506.exe
c:\windows\system32\27529.exe
c:\windows\system32\27595.exe
c:\windows\system32\27644.exe
c:\windows\system32\27753.exe
c:\windows\system32\27938.exe
c:\windows\system32\28145.exe
c:\windows\system32\28253.exe
c:\windows\system32\28703.exe
c:\windows\system32\28745.exe
c:\windows\system32\288.exe
c:\windows\system32\29168.exe
c:\windows\system32\292.exe
c:\windows\system32\29358.exe
c:\windows\system32\29658.exe
c:\windows\system32\2995.exe
c:\windows\system32\30106.exe
c:\windows\system32\30191.exe
c:\windows\system32\30303.exe
c:\windows\system32\30333.exe
c:\windows\system32\3035.exe
c:\windows\system32\30836.exe
c:\windows\system32\31101.exe
c:\windows\system32\31107.exe
c:\windows\system32\31115.exe
c:\windows\system32\31322.exe
c:\windows\system32\31556.exe
c:\windows\system32\31673.exe
c:\windows\system32\32209.exe
c:\windows\system32\32391.exe
c:\windows\system32\32439.exe
c:\windows\system32\32591.exe
c:\windows\system32\32662.exe
c:\windows\system32\32757.exe
c:\windows\system32\3430.exe
c:\windows\system32\3548.exe
c:\windows\system32\3602.exe
c:\windows\system32\3728.exe
c:\windows\system32\3788.exe
c:\windows\system32\3902.exe
c:\windows\system32\4031.exe
c:\windows\system32\4041.exe
c:\windows\system32\41.exe
c:\windows\system32\4596.exe
c:\windows\system32\4639.exe
c:\windows\system32\4664.exe
c:\windows\system32\467.exe
c:\windows\system32\4734.exe
c:\windows\system32\4827.exe
c:\windows\system32\4833.exe
c:\windows\system32\491.exe
c:\windows\system32\4966.exe
c:\windows\system32\5021.exe
c:\windows\system32\5097.exe
c:\windows\system32\5249.exe
c:\windows\system32\53.exe
c:\windows\system32\5436.exe
c:\windows\system32\5447.exe
c:\windows\system32\5537.exe
c:\windows\system32\5705.exe
c:\windows\system32\5829.exe
c:\windows\system32\6224.exe
c:\windows\system32\6270.exe
c:\windows\system32\6334.exe
c:\windows\system32\6422.exe
c:\windows\system32\6483.exe
c:\windows\system32\6617.exe
c:\windows\system32\6729.exe
c:\windows\system32\6868.exe
c:\windows\system32\6900.exe
c:\windows\system32\7376.exe
c:\windows\system32\7616.exe
c:\windows\system32\7711.exe
c:\windows\system32\778.exe
c:\windows\system32\8281.exe
c:\windows\system32\8723.exe
c:\windows\system32\8909.exe
c:\windows\system32\8942.exe
c:\windows\system32\900.exe
c:\windows\system32\9040.exe
c:\windows\system32\9161.exe
c:\windows\system32\9374.exe
c:\windows\system32\9514.exe
c:\windows\system32\9741.exe
c:\windows\system32\9758.exe
c:\windows\system32\9894.exe
c:\windows\system32\9930.exe
c:\windows\system32\9961.exe
c:\windows\system32\aqlb.hjo
c:\windows\system32\helper32.dll
c:\windows\system32\IS15.exe
c:\windows\system32\MnpWaJlm.ini
c:\windows\system32\MnpWaJlm.ini2
c:\windows\system32\smss32.exe
c:\windows\system32\winlogon32.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPRIP
-------\Service_Iprip
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-01 do 2010-02-01 )))))))))))))))))))))))))))))))
.
2010-01-13 06:32 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-05 12:12 . 2010-01-05 12:12 -------- d-----w- c:\windows\system32\CatRoot_bak
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-01 11:19 . 2010-02-01 11:19 -------- d-----w- c:\program files\trend micro
2010-02-01 10:53 . 2008-09-17 09:30 -------- d-----w- c:\program files\LogMeIn
2010-01-05 09:58 . 2007-10-29 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2007-10-29 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2007-10-29 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-10 02:20 . 2007-10-29 12:00 47386 ----a-w- c:\windows\system32\perfc005.dat
2009-12-10 02:20 . 2007-10-29 12:00 313244 ----a-w- c:\windows\system32\perfh005.dat
2009-12-07 17:17 . 2009-12-02 17:16 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-02 18:02 . 2009-12-02 18:02 0 ----a-w- c:\windows\nsreg.dat
2009-11-21 16:03 . 2007-10-29 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2008-09-11 14:27 . 2008-09-11 14:26 3946961 ----a-w- c:\program files\BullzipPDFPrinter_5_0_0_609.zip
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-16 39408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UPS Widget"="c:\program files\UPS Widget\UPS_Widget.exe" [2008-01-10 759728]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-08-16 94208]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-08-16 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-08-16 114688]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Cobian Backup 8"="c:\program files\Cobian Backup 8\Cobian.exe" [2006-08-25 499200]
"CiTisk"="c:\program files\ComInn\CiTisk\CITISK.exe" [2008-06-10 890880]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\ultramarin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-5-30 393216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-02 09:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\UPS Widget\UPS_Widget.exe"= c:\program files\UPS Widget\UPS_Widget.exe
"c:\\Program Files\\Firebird\\Firebird_1_5\\bin\\fbserver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31.7.2008 10:49 639224]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2.12.2009 18:16 108289]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24.7.2008 17:46 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [17.9.2008 10:31 47640]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [30.7.2008 12:55 35840]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Obsah adresáře 'Naplánované úlohy'
2010-02-01 c:\windows\Tasks\User_Feed_Synchronization-{567FFAB9-6EE7-401E-90F9-1041C9D7B51E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 16:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {2649422F-51EB-4575-9511-71B4A10C0DBD} = 192.168.1.100
FF - ProfilePath - c:\documents and settings\ultramarin\Data aplikací\Mozilla\Firefox\Profiles\my7epruo.default\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{30F741C2-1230-4A1B-8F61-904DC786FDF9} - c:\windows\system32\mlJaWpnM.dll
BHO-{D976B84B-808C-4357-9CBB-55BF1F7CEBE7} - (no file)
HKLM-Run-NWEReboot - (no file)
ShellExecuteHooks-{D976B84B-808C-4357-9CBB-55BF1F7CEBE7} - (no file)
Notify-jkkjiJBr - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-01 12:37
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x89DEF7AC]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9e90cb8
\Driver\atapi -> atapi.sys @ 0xb9e25b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9d2ebb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d3ba21
SendHandler -> NDIS.sys @ 0xb9d1987b
user & kernel MBR OK
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\LMIinit.dll
- - - - - - - > 'explorer.exe'(2056)
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\msimtf.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe
c:\windows\RTHDCPL.EXE
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Cobian Backup 8\cbInterface.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.BIN
.
**************************************************************************
.
Celkový čas: 2010-02-01 12:40:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-01 11:40
Před spuštěním: 8 282 304 512
Po spuštění: 8 458 756 096
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 93BD5563BC18120998191B979B15211E
ComboFix 10-01-31.03 - ultramarin 01.02.2010 12:30:43.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2039.1646 [GMT 1:00]
Spuštěný z: c:\documents and settings\ultramarin\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\ultramarin\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
c:\documents and settings\ultramarin\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg
c:\documents and settings\ultramarin\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml
c:\documents and settings\ultramarin\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx
c:\documents and settings\ultramarin\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico
c:\documents and settings\ultramarin\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll
c:\documents and settings\ultramarin\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe
c:\documents and settings\ultramarin\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat
c:\windows\system32\10291.exe
c:\windows\system32\10383.exe
c:\windows\system32\11020.exe
c:\windows\system32\11323.exe
c:\windows\system32\11337.exe
c:\windows\system32\11478.exe
c:\windows\system32\1150.exe
c:\windows\system32\11538.exe
c:\windows\system32\11840.exe
c:\windows\system32\11942.exe
c:\windows\system32\12052.exe
c:\windows\system32\12287.exe
c:\windows\system32\12316.exe
c:\windows\system32\12382.exe
c:\windows\system32\12623.exe
c:\windows\system32\12859.exe
c:\windows\system32\13030.exe
c:\windows\system32\13290.exe
c:\windows\system32\13931.exe
c:\windows\system32\13966.exe
c:\windows\system32\13977.exe
c:\windows\system32\14309.exe
c:\windows\system32\14310.exe
c:\windows\system32\14604.exe
c:\windows\system32\14771.exe
c:\windows\system32\14893.exe
c:\windows\system32\14945.exe
c:\windows\system32\15006.exe
c:\windows\system32\15141.exe
c:\windows\system32\153.exe
c:\windows\system32\15350.exe
c:\windows\system32\15457.exe
c:\windows\system32\15573.exe
c:\windows\system32\15574.exe
c:\windows\system32\15724.exe
c:\windows\system32\15890.exe
c:\windows\system32\16118.exe
c:\windows\system32\16413.exe
c:\windows\system32\16512.exe
c:\windows\system32\16519.exe
c:\windows\system32\16541.exe
c:\windows\system32\16827.exe
c:\windows\system32\16941.exe
c:\windows\system32\16944.exe
c:\windows\system32\17035.exe
c:\windows\system32\17421.exe
c:\windows\system32\17451.exe
c:\windows\system32\17673.exe
c:\windows\system32\17807.exe
c:\windows\system32\18007.exe
c:\windows\system32\18127.exe
c:\windows\system32\1842.exe
c:\windows\system32\18467.exe
c:\windows\system32\18588.exe
c:\windows\system32\18636.exe
c:\windows\system32\1869.exe
c:\windows\system32\18716.exe
c:\windows\system32\18756.exe
c:\windows\system32\18935.exe
c:\windows\system32\19072.exe
c:\windows\system32\19169.exe
c:\windows\system32\19264.exe
c:\windows\system32\19629.exe
c:\windows\system32\19668.exe
c:\windows\system32\19718.exe
c:\windows\system32\19895.exe
c:\windows\system32\19912.exe
c:\windows\system32\19954.exe
c:\windows\system32\1999.exe
c:\windows\system32\20037.exe
c:\windows\system32\20537.exe
c:\windows\system32\20600.exe
c:\windows\system32\2082.exe
c:\windows\system32\21538.exe
c:\windows\system32\21548.exe
c:\windows\system32\21724.exe
c:\windows\system32\21726.exe
c:\windows\system32\22190.exe
c:\windows\system32\22355.exe
c:\windows\system32\22386.exe
c:\windows\system32\22483.exe
c:\windows\system32\22648.exe
c:\windows\system32\22704.exe
c:\windows\system32\22798.exe
c:\windows\system32\22813.exe
c:\windows\system32\22929.exe
c:\windows\system32\2306.exe
c:\windows\system32\23199.exe
c:\windows\system32\23281.exe
c:\windows\system32\23655.exe
c:\windows\system32\23805.exe
c:\windows\system32\23811.exe
c:\windows\system32\23986.exe
c:\windows\system32\24021.exe
c:\windows\system32\24084.exe
c:\windows\system32\2421.exe
c:\windows\system32\24221.exe
c:\windows\system32\24350.exe
c:\windows\system32\24370.exe
c:\windows\system32\24393.exe
c:\windows\system32\24464.exe
c:\windows\system32\24484.exe
c:\windows\system32\24626.exe
c:\windows\system32\24648.exe
c:\windows\system32\24767.exe
c:\windows\system32\24946.exe
c:\windows\system32\25547.exe
c:\windows\system32\25667.exe
c:\windows\system32\26299.exe
c:\windows\system32\26308.exe
c:\windows\system32\26418.exe
c:\windows\system32\26500.exe
c:\windows\system32\26777.exe
c:\windows\system32\26924.exe
c:\windows\system32\26962.exe
c:\windows\system32\27348.exe
c:\windows\system32\27350.exe
c:\windows\system32\27446.exe
c:\windows\system32\27506.exe
c:\windows\system32\27529.exe
c:\windows\system32\27595.exe
c:\windows\system32\27644.exe
c:\windows\system32\27753.exe
c:\windows\system32\27938.exe
c:\windows\system32\28145.exe
c:\windows\system32\28253.exe
c:\windows\system32\28703.exe
c:\windows\system32\28745.exe
c:\windows\system32\288.exe
c:\windows\system32\29168.exe
c:\windows\system32\292.exe
c:\windows\system32\29358.exe
c:\windows\system32\29658.exe
c:\windows\system32\2995.exe
c:\windows\system32\30106.exe
c:\windows\system32\30191.exe
c:\windows\system32\30303.exe
c:\windows\system32\30333.exe
c:\windows\system32\3035.exe
c:\windows\system32\30836.exe
c:\windows\system32\31101.exe
c:\windows\system32\31107.exe
c:\windows\system32\31115.exe
c:\windows\system32\31322.exe
c:\windows\system32\31556.exe
c:\windows\system32\31673.exe
c:\windows\system32\32209.exe
c:\windows\system32\32391.exe
c:\windows\system32\32439.exe
c:\windows\system32\32591.exe
c:\windows\system32\32662.exe
c:\windows\system32\32757.exe
c:\windows\system32\3430.exe
c:\windows\system32\3548.exe
c:\windows\system32\3602.exe
c:\windows\system32\3728.exe
c:\windows\system32\3788.exe
c:\windows\system32\3902.exe
c:\windows\system32\4031.exe
c:\windows\system32\4041.exe
c:\windows\system32\41.exe
c:\windows\system32\4596.exe
c:\windows\system32\4639.exe
c:\windows\system32\4664.exe
c:\windows\system32\467.exe
c:\windows\system32\4734.exe
c:\windows\system32\4827.exe
c:\windows\system32\4833.exe
c:\windows\system32\491.exe
c:\windows\system32\4966.exe
c:\windows\system32\5021.exe
c:\windows\system32\5097.exe
c:\windows\system32\5249.exe
c:\windows\system32\53.exe
c:\windows\system32\5436.exe
c:\windows\system32\5447.exe
c:\windows\system32\5537.exe
c:\windows\system32\5705.exe
c:\windows\system32\5829.exe
c:\windows\system32\6224.exe
c:\windows\system32\6270.exe
c:\windows\system32\6334.exe
c:\windows\system32\6422.exe
c:\windows\system32\6483.exe
c:\windows\system32\6617.exe
c:\windows\system32\6729.exe
c:\windows\system32\6868.exe
c:\windows\system32\6900.exe
c:\windows\system32\7376.exe
c:\windows\system32\7616.exe
c:\windows\system32\7711.exe
c:\windows\system32\778.exe
c:\windows\system32\8281.exe
c:\windows\system32\8723.exe
c:\windows\system32\8909.exe
c:\windows\system32\8942.exe
c:\windows\system32\900.exe
c:\windows\system32\9040.exe
c:\windows\system32\9161.exe
c:\windows\system32\9374.exe
c:\windows\system32\9514.exe
c:\windows\system32\9741.exe
c:\windows\system32\9758.exe
c:\windows\system32\9894.exe
c:\windows\system32\9930.exe
c:\windows\system32\9961.exe
c:\windows\system32\aqlb.hjo
c:\windows\system32\helper32.dll
c:\windows\system32\IS15.exe
c:\windows\system32\MnpWaJlm.ini
c:\windows\system32\MnpWaJlm.ini2
c:\windows\system32\smss32.exe
c:\windows\system32\winlogon32.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPRIP
-------\Service_Iprip
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-01 do 2010-02-01 )))))))))))))))))))))))))))))))
.
2010-01-13 06:32 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-05 12:12 . 2010-01-05 12:12 -------- d-----w- c:\windows\system32\CatRoot_bak
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-01 11:19 . 2010-02-01 11:19 -------- d-----w- c:\program files\trend micro
2010-02-01 10:53 . 2008-09-17 09:30 -------- d-----w- c:\program files\LogMeIn
2010-01-05 09:58 . 2007-10-29 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2007-10-29 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2007-10-29 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-10 02:20 . 2007-10-29 12:00 47386 ----a-w- c:\windows\system32\perfc005.dat
2009-12-10 02:20 . 2007-10-29 12:00 313244 ----a-w- c:\windows\system32\perfh005.dat
2009-12-07 17:17 . 2009-12-02 17:16 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-02 18:02 . 2009-12-02 18:02 0 ----a-w- c:\windows\nsreg.dat
2009-11-21 16:03 . 2007-10-29 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2008-09-11 14:27 . 2008-09-11 14:26 3946961 ----a-w- c:\program files\BullzipPDFPrinter_5_0_0_609.zip
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-16 39408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UPS Widget"="c:\program files\UPS Widget\UPS_Widget.exe" [2008-01-10 759728]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-08-16 94208]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-08-16 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-08-16 114688]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Cobian Backup 8"="c:\program files\Cobian Backup 8\Cobian.exe" [2006-08-25 499200]
"CiTisk"="c:\program files\ComInn\CiTisk\CITISK.exe" [2008-06-10 890880]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\ultramarin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-5-30 393216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-02 09:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\UPS Widget\UPS_Widget.exe"= c:\program files\UPS Widget\UPS_Widget.exe
"c:\\Program Files\\Firebird\\Firebird_1_5\\bin\\fbserver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31.7.2008 10:49 639224]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2.12.2009 18:16 108289]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24.7.2008 17:46 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [17.9.2008 10:31 47640]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [30.7.2008 12:55 35840]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Obsah adresáře 'Naplánované úlohy'
2010-02-01 c:\windows\Tasks\User_Feed_Synchronization-{567FFAB9-6EE7-401E-90F9-1041C9D7B51E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 16:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {2649422F-51EB-4575-9511-71B4A10C0DBD} = 192.168.1.100
FF - ProfilePath - c:\documents and settings\ultramarin\Data aplikací\Mozilla\Firefox\Profiles\my7epruo.default\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{30F741C2-1230-4A1B-8F61-904DC786FDF9} - c:\windows\system32\mlJaWpnM.dll
BHO-{D976B84B-808C-4357-9CBB-55BF1F7CEBE7} - (no file)
HKLM-Run-NWEReboot - (no file)
ShellExecuteHooks-{D976B84B-808C-4357-9CBB-55BF1F7CEBE7} - (no file)
Notify-jkkjiJBr - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-01 12:37
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x89DEF7AC]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9e90cb8
\Driver\atapi -> atapi.sys @ 0xb9e25b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9d2ebb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d3ba21
SendHandler -> NDIS.sys @ 0xb9d1987b
user & kernel MBR OK
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\LMIinit.dll
- - - - - - - > 'explorer.exe'(2056)
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\msimtf.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe
c:\windows\RTHDCPL.EXE
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Cobian Backup 8\cbInterface.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.BIN
.
**************************************************************************
.
Celkový čas: 2010-02-01 12:40:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-01 11:40
Před spuštěním: 8 282 304 512
Po spuštění: 8 458 756 096
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 93BD5563BC18120998191B979B15211E
Re: nejde otevrit outlook a u hodin křížek kupte si antivirus
kazdopadne doporucujem prescanovat este s AVPTool
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Přispějete na provoz fóra?
