vir conficeker.AA na windows server 2003

Zpráva

messiash13 · #1 Příspěvek od **messiash13** » 24 čer 2010 11:25

Dobry den, prosim o pomoc s odstranenim viru conficker.AA. Nod32 ho detekuje ale nedokaze odstranit. Nabizi mi lecbu po restartu, ale vzhledem k velkemu poctu uzivatelu bych se restartu rad vyhnul. Vir se nachazi dle Nodu na sdilene slozce ve slozce "recycler"

Zde postuji log z hijackthis , protoze "rsit" mi na serveru hlasi chybu a nezapne se. Predem diky za pomoc

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:20, on 24.6.2010
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
e:\aspi\aspiusrv.exe
C:\Program Files\ATLAS consulting\RegServer\RegSrv.exe
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBAttachServer.exe
C:\WINDOWS\system32\certsrv.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\Program Files\ESET\ESET Remote Administrator\Server\era.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Hewlett-Packard\WJA Update Service\HPWJAUpdateService.exe
C:\WINDOWS\System32\ismserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Quarantine Manager\bin\SAFeService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\Quarantine Manager\bin\RPCServ.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$AVAST\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\McAfee\MySQL for Quarantine Manager\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\ntfrs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Microsoft SQL Server\MSSQL$AVAST\Binn\sqlagent.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wins.exe
C:\WINDOWS\system32\tcpsvcs.exe
E:\Exchsrvr\bin\exmgmt.exe
E:\Exchsrvr\bin\mad.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
E:\Exchsrvr\bin\store.exe
E:\Exchsrvr\bin\emsmta.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryAgent.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BSC Praha\NCM\GNCMTray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Cobian Backup 6\cobui.exe
C:\Program Files\Common Files\McAfee\Talkback\TBMon.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Eset\nod32.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBConvert.exe
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBConvert.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBConvert.exe
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBConvert.exe
C:\Documents and Settings\Administrator\Plocha\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Gemini NCM Status] C:\Program Files\BSC Praha\NCM\GNCMTray.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Cobian Backup Interface 6] "C:\Program Files\Cobian Backup 6\cobui.exe" -service
O4 - HKLM\..\Run: [McAfeeTalkBackMonitor] "C:\Program Files\Common Files\McAfee\Talkback\TBMon.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3285082126-3824228645-3330861787-1260\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'blackberry')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O15 - ESC Trusted Zone: www.avast.cz
O15 - ESC Trusted Zone: http://www.ibm.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://www.thawte.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - ESC Trusted IP range: http://192.168.1.10
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4277345199
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5741245390
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
O17 - HKLM\Software\..\Telephony: DomainName =
O17 - HKLM\System\CCS\Services\Tcpip\..\{20FCA4F7-44B3-4E5E-93A9-E88BD71B884D}: NameServer = 192.168.1.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
O17 - HKLM\System\CS1\Services\Tcpip\..\{20FCA4F7-44B3-4E5E-93A9-E88BD71B884D}: NameServer = 192.168.1.10
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
O17 - HKLM\System\CS2\Services\Tcpip\..\{20FCA4F7-44B3-4E5E-93A9-E88BD71B884D}: NameServer = 192.168.1.10
O23 - Service: Aspi Server - Unknown owner - e:\aspi\aspiusrv.exe
O23 - Service: Atlas Registration Server (AtlasRegServer) - ATLAS consulting, spol. s r.o. - C:\Program Files\ATLAS consulting\RegServer\RegSrv.exe
O23 - Service: BlackBerry Attachment Service (BBAttachServer) - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBAttachServer.exe
O23 - Service: BlackBerry Controller - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryController.exe
O23 - Service: BlackBerry Dispatcher - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryDispatcher.exe
O23 - Service: BlackBerry MDS Connection Service - Research In Motion - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\bin\bmds.exe
O23 - Service: BlackBerry Policy Service - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\ITAdminServer.exe
O23 - Service: BlackBerry Router - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BypassRouter\BlackberryRouter.exe
O23 - Service: BlackBerry Alert (BlackBerry Server Alert) - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BESAlert.exe
O23 - Service: BlackBerry Synchronization Service (BlackBerry SyncServer) - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\SyncServer\BlackBerrySyncServer.exe
O23 - Service: Cobian Backup 6 service (CobBackup6) - Luis Cobian - C:\Program Files\Cobian Backup 6\cbs.exe
O23 - Service: ESET RA HTTP Server (ERA_HTTP_SERVER) - ESET - C:\Program Files\ESET\ESET Remote Administrator\Server\EHttpSrv.exe
O23 - Service: ESET Remote Administrator Server (ERA_SERVER) - ESET - C:\Program Files\ESET\ESET Remote Administrator\Server\era.exe
O23 - Service: Gemini Network Communication Manager (GNCM) - BSC Praha, spol. s r.o. - C:\Program Files\BSC Praha\NCM\GNCM.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: HPWJA Service (HPWJAService) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Web Jetadmin 10\bin\HPWJAService.exe
O23 - Service: HP WJA Update Service (HPWJAUpdateService) - Unknown owner - C:\Program Files\Common Files\Hewlett-Packard\WJA Update Service\HPWJAUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Quarantine Manager (McAfee TQM) - McAfee, Inc. - C:\Program Files\McAfee\Quarantine Manager\bin\SAFeService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: MySQL - Unknown owner - C:\Program Files\McAfee\MySQL for Quarantine Manager\bin\mysqld-nt.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 11045 bytes

#2 Příspěvek od **riffman** » 24 čer 2010 11:28

zdravim

RSIT by nam hodne pomohl, protoze potrebuju videt export klicu v registru, ale pokud nejde spustit (zkousel jste ho bud jako spravce, nebo v rezimu kompatibility pro WinXP, teda pokud to vubec jde?)

my si ovsem pomuzeme jinak

stahnete si OTL

v operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce"

po stazeni kliknete na tlacitko Prohledat, nechte to makat, az to dobehne, vysype to log, jeho obsah sem

messiash13 · #3 Příspěvek od **messiash13** » 24 čer 2010 11:46

Zdravim , tak v rezimu kompability pro win xp mi program spustit sel...vkladam log. Dekuji

Logfile of random's system information tool 1.07 (written by random/random)
Run by administrator at 2010-06-24 12:34:39
Microsoft(R) Windows(R) Server 2003, Standard Edition
System drive C: has 7 GB (18%) free of 40 GB
Total RAM: 4095 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:34:40, on 24.6.2010
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
e:\aspi\aspiusrv.exe
C:\Program Files\ATLAS consulting\RegServer\RegSrv.exe
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBAttachServer.exe
C:\WINDOWS\system32\certsrv.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\Program Files\ESET\ESET Remote Administrator\Server\era.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Hewlett-Packard\WJA Update Service\HPWJAUpdateService.exe
C:\WINDOWS\System32\ismserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Quarantine Manager\bin\SAFeService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\Quarantine Manager\bin\RPCServ.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$AVAST\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\McAfee\MySQL for Quarantine Manager\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\ntfrs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Microsoft SQL Server\MSSQL$AVAST\Binn\sqlagent.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wins.exe
C:\WINDOWS\system32\tcpsvcs.exe
E:\Exchsrvr\bin\exmgmt.exe
E:\Exchsrvr\bin\mad.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
E:\Exchsrvr\bin\store.exe
E:\Exchsrvr\bin\emsmta.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryAgent.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BSC Praha\NCM\GNCMTray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Cobian Backup 6\cobui.exe
C:\Program Files\Common Files\McAfee\Talkback\TBMon.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBConvert.exe
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBConvert.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBConvert.exe
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBConvert.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Program Files\trend micro\administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Gemini NCM Status] C:\Program Files\BSC Praha\NCM\GNCMTray.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Cobian Backup Interface 6] "C:\Program Files\Cobian Backup 6\cobui.exe" -service
O4 - HKLM\..\Run: [McAfeeTalkBackMonitor] "C:\Program Files\Common Files\McAfee\Talkback\TBMon.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3285082126-3824228645-3330861787-1260\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'blackberry')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O15 - ESC Trusted Zone: www.avast.cz
O15 - ESC Trusted Zone: http://www.ibm.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://www.thawte.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - ESC Trusted IP range: http://192.168.1.10
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4277345199
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5741245390
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
O17 - HKLM\Software\..\Telephony: DomainName =
O17 - HKLM\System\CCS\Services\Tcpip\..\{20FCA4F7-44B3-4E5E-93A9-E88BD71B884D}: NameServer = 192.168.1.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
O17 - HKLM\System\CS1\Services\Tcpip\..\{20FCA4F7-44B3-4E5E-93A9-E88BD71B884D}: NameServer = 192.168.1.10
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
O17 - HKLM\System\CS2\Services\Tcpip\..\{20FCA4F7-44B3-4E5E-93A9-E88BD71B884D}: NameServer = 192.168.1.10
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Aspi Server - Unknown owner - e:\aspi\aspiusrv.exe
O23 - Service: Atlas Registration Server (AtlasRegServer) - ATLAS consulting, spol. s r.o. - C:\Program Files\ATLAS consulting\RegServer\RegSrv.exe
O23 - Service: BlackBerry Attachment Service (BBAttachServer) - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBAttachServer.exe
O23 - Service: BlackBerry Controller - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryController.exe
O23 - Service: BlackBerry Dispatcher - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryDispatcher.exe
O23 - Service: BlackBerry MDS Connection Service - Research In Motion - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\bin\bmds.exe
O23 - Service: BlackBerry Policy Service - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\ITAdminServer.exe
O23 - Service: BlackBerry Router - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BypassRouter\BlackberryRouter.exe
O23 - Service: BlackBerry Alert (BlackBerry Server Alert) - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BESAlert.exe
O23 - Service: BlackBerry Synchronization Service (BlackBerry SyncServer) - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\SyncServer\BlackBerrySyncServer.exe
O23 - Service: Cobian Backup 6 service (CobBackup6) - Luis Cobian - C:\Program Files\Cobian Backup 6\cbs.exe
O23 - Service: ESET RA HTTP Server (ERA_HTTP_SERVER) - ESET - C:\Program Files\ESET\ESET Remote Administrator\Server\EHttpSrv.exe
O23 - Service: ESET Remote Administrator Server (ERA_SERVER) - ESET - C:\Program Files\ESET\ESET Remote Administrator\Server\era.exe
O23 - Service: Gemini Network Communication Manager (GNCM) - BSC Praha, spol. s r.o. - C:\Program Files\BSC Praha\NCM\GNCM.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: HPWJA Service (HPWJAService) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Web Jetadmin 10\bin\HPWJAService.exe
O23 - Service: HP WJA Update Service (HPWJAUpdateService) - Unknown owner - C:\Program Files\Common Files\Hewlett-Packard\WJA Update Service\HPWJAUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Quarantine Manager (McAfee TQM) - McAfee, Inc. - C:\Program Files\McAfee\Quarantine Manager\bin\SAFeService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: MySQL - Unknown owner - C:\Program Files\McAfee\MySQL for Quarantine Manager\bin\mysqld-nt.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 11362 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\RSYNC_01_backup_pondeli.job
C:\WINDOWS\tasks\RSYNC_02_backup_utery.job
C:\WINDOWS\tasks\RSYNC_03_backup_streda.job
C:\WINDOWS\tasks\RSYNC_04_backup_ctvrtek.job
C:\WINDOWS\tasks\RSYNC_05_backup_patek.job
C:\WINDOWS\tasks\RSYNC_06_backup_sobota.job
C:\WINDOWS\tasks\RSYNC_07_backup_nedele.job
C:\WINDOWS\tasks\TEST.job
C:\WINDOWS\tasks\USB_01_backup_pondeli.job
C:\WINDOWS\tasks\USB_02_backup_utery.job
C:\WINDOWS\tasks\USB_03_backup_streda.job
C:\WINDOWS\tasks\USB_04_backup_ctvrtek.job
C:\WINDOWS\tasks\USB_05_backup_patek.job
C:\WINDOWS\tasks\USB_06_backup_Sobota_Ocko.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Gemini NCM Status"=C:\Program Files\BSC Praha\NCM\GNCMTray.exe [2007-02-15 34816]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]
"Cobian Backup Interface 6"=C:\Program Files\Cobian Backup 6\cobui.exe [2005-01-28 1392640]
"McAfeeTalkBackMonitor"=C:\Program Files\Common Files\McAfee\Talkback\TBMon.exe [2006-02-01 159811]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2007-03-27 136768]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-12-19 951624]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2007-03-21 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=RASSFM
KDCSVC
WDIGEST
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, pwdssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"disablecad"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=0
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ShowSuperHidden"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb3cef47-06c5-11dd-93e5-001a64678428}]
shell\AutoRun\command - G:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ed4f460-e7a4-11dc-a66a-001a64678428}]
shell\AutoRun\command - F:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##pc045#E]
shell\AutoRun\command - U:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##pc045#D]
shell\AutoRun\command - Z:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Pc002#D-cd]
shell\AutoRun\command - W:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##192.168.1.30#aspidvd (d)]
shell\AutoRun\command - Z:\setup.exe

======List of files/folders created in the last 1 months======

2010-06-24 11:21:15 ----D---- C:\rsit
2010-06-24 11:21:15 ----D---- C:\Program Files\trend micro
2010-06-24 08:31:58 ----SHD---- C:\Config.Msi
2010-06-23 09:03:09 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
2010-06-23 09:03:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-06-23 09:03:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-23 09:01:12 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
2010-06-23 09:01:07 ----D---- C:\Program Files\Mozilla Firefox
2010-06-22 08:00:07 ----HDC---- C:\WINDOWS\$NtUninstallKB979907$
2010-06-22 07:59:52 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-22 07:59:42 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-22 07:59:35 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-22 07:58:00 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-22 07:57:51 ----HDC---- C:\WINDOWS\$NtUninstallKB982666$
2010-06-22 07:57:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978695$
2010-06-22 07:57:36 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-05-28 07:53:10 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-05-28 07:51:02 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$

======List of files/folders modified in the last 1 months======

2010-06-24 12:34:40 ----D---- C:\WINDOWS\Temp
2010-06-24 12:16:23 ----D---- C:\WINDOWS\system32\inetsrv
2010-06-24 11:49:42 ----D---- C:\WINDOWS\system32\dhcp
2010-06-24 11:21:15 ----RD---- C:\Program Files
2010-06-24 10:38:12 ----D---- C:\AspiCli
2010-06-24 10:32:01 ----A---- C:\WINDOWS\wincmd.ini
2010-06-24 10:17:42 ----SHD---- C:\WINDOWS\Installer
2010-06-24 08:36:16 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-24 08:34:43 ----D---- C:\WINDOWS\system32
2010-06-24 08:34:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-24 08:33:57 ----RSD---- C:\WINDOWS\assembly
2010-06-24 08:33:13 ----D---- C:\WINDOWS\WinSxS
2010-06-24 06:14:51 ----D---- C:\WINDOWS\system32\NtmsData
2010-06-24 01:00:03 ----D---- C:\WINDOWS\tracing
2010-06-23 22:27:19 ----D---- C:\WINDOWS\security
2010-06-23 22:05:29 ----D---- C:\WINDOWS\NTDS
2010-06-23 17:04:56 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-23 13:26:51 ----D---- C:\WINDOWS\inf
2010-06-23 09:09:47 ----SHD---- C:\RECYCLER
2010-06-23 09:03:02 ----D---- C:\WINDOWS\system32\drivers
2010-06-23 09:01:13 ----D---- C:\WINDOWS
2010-06-22 17:11:03 ----A---- C:\WINDOWS\hpbafd.ini
2010-06-22 11:06:18 ----A---- C:\WINDOWS\system32\HPPDEVX.DLL.log
2010-06-22 08:50:07 ----D---- C:\WINDOWS\system32\ias
2010-06-22 08:49:15 ----D---- C:\WINDOWS\system32\wins
2010-06-22 08:49:12 ----D---- C:\WINDOWS\Debug
2010-06-22 08:49:11 ----D---- C:\WINDOWS\system32\CertLog
2010-06-22 08:48:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-22 08:00:05 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-22 07:59:56 ----A---- C:\WINDOWS\imsins.BAK
2010-06-22 07:57:21 ----D---- C:\WINDOWS\system32\cs-CZ
2010-06-22 07:57:21 ----D---- C:\Program Files\Internet Explorer
2010-06-22 07:57:16 ----D---- C:\WINDOWS\ie7updates
2010-05-28 21:37:34 ----A---- C:\WINDOWS\system32\MRT.exe
2010-05-28 07:53:12 ----D---- C:\Program Files\Outlook Express

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2007-03-21 17408]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-12-19 15160]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-12-19 511832]
R2 EXIFS;EXIFS; \??\C:\WINDOWS\system32\drivers\exifs.sys []
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2007-03-21 11776]
R3 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2007-03-21 40448]
R3 l2nd;Broadcom NetXtreme II BXND; C:\WINDOWS\system32\DRIVERS\bxnd52x.sys [2006-12-22 50688]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-03-21 13312]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2007-03-21 32128]
R3 usbehci;Ovladač Miniport vylepšeného hostitelského řadiče Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2007-02-17 27520]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-02-17 60416]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2007-03-21 28160]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2007-02-17 20864]
R3 vga;vga; C:\WINDOWS\system32\DRIVERS\vgapnp.sys [2007-02-17 24064]
S3 WLBS;Vyrovnávání zatížení sítě; C:\WINDOWS\system32\DRIVERS\wlbs.sys [2007-03-21 177152]
S4 adpu320;adpu320; C:\WINDOWS\system32\drivers\adpu320.sys []
S4 afcnt;afcnt; C:\WINDOWS\system32\drivers\afcnt.sys []
S4 AmdIde;AmdIde; C:\WINDOWS\system32\drivers\AmdIde.sys []
S4 arc;arc; C:\WINDOWS\system32\drivers\arc.sys []
S4 ClusDisk;Cluster Disk Driver; C:\WINDOWS\system32\DRIVERS\ClusDisk.sys [2007-03-21 69120]
S4 cpqarry2;cpqarry2; C:\WINDOWS\system32\drivers\cpqarry2.sys []
S4 cpqcissm;cpqcissm; C:\WINDOWS\system32\drivers\cpqcissm.sys []
S4 cpqfcalm;cpqfcalm; C:\WINDOWS\system32\drivers\cpqfcalm.sys []
S4 dellcerc;dellcerc; C:\WINDOWS\system32\drivers\dellcerc.sys []
S4 elxstor;elxstor; C:\WINDOWS\system32\drivers\elxstor.sys []
S4 hpcisss;hpcisss; C:\WINDOWS\system32\drivers\hpcisss.sys []
S4 iirsp;iirsp; C:\WINDOWS\system32\drivers\iirsp.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 ipsraidn;ipsraidn; C:\WINDOWS\system32\drivers\ipsraidn.sys []
S4 lp6nds35;lp6nds35; C:\WINDOWS\system32\drivers\lp6nds35.sys []
S4 nfrd960;nfrd960; C:\WINDOWS\system32\drivers\nfrd960.sys []
S4 ql2100;ql2100; C:\WINDOWS\system32\drivers\ql2100.sys []
S4 ql2200;ql2200; C:\WINDOWS\system32\drivers\ql2200.sys []
S4 ql2300;ql2300; C:\WINDOWS\system32\drivers\ql2300.sys []
S4 symmpi;symmpi; C:\WINDOWS\system32\drivers\symmpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AeLookupSvc;Služba vyhledávání zkušeností aplikací; C:\WINDOWS\system32\svchost.exe [2007-03-21 14848]
R2 Aspi Server;Aspi Server; e:\aspi\aspiusrv.exe [2010-03-05 81920]
R2 AtlasRegServer;Atlas Registration Server; C:\Program Files\ATLAS consulting\RegServer\RegSrv.exe [2007-06-04 447488]
R2 BBAttachServer;BlackBerry Attachment Service; C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBAttachServer.exe [2007-05-31 749703]
R2 BlackBerry Controller;BlackBerry Controller; C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryController.exe [2007-05-31 872576]
R2 BlackBerry Dispatcher;BlackBerry Dispatcher; C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryDispatcher.exe [2007-05-31 2609275]
R2 BlackBerry MDS Connection Service;BlackBerry MDS Connection Service; C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\bin\bmds.exe [2007-05-31 73728]
R2 BlackBerry Policy Service;BlackBerry Policy Service; C:\Program Files\Research In Motion\BlackBerry Enterprise Server\ITAdminServer.exe [2007-05-31 5644408]
R2 BlackBerry Router;BlackBerry Router; C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BypassRouter\BlackberryRouter.exe [2007-05-31 1056883]
R2 BlackBerry Server Alert;BlackBerry Alert; C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BESAlert.exe [2007-05-31 557176]
R2 BlackBerry SyncServer;BlackBerry Synchronization Service; C:\Program Files\Research In Motion\BlackBerry Enterprise Server\SyncServer\BlackBerrySyncServer.exe [2007-05-31 2105471]
R2 CertSvc;Certifikační služba; C:\WINDOWS\system32\certsrv.exe [2007-03-21 317440]
R2 CobBackup6;Cobian Backup 6 service; C:\Program Files\Cobian Backup 6\cbs.exe [2005-01-14 462848]
R2 Dfs;Systém souborů DFS; C:\WINDOWS\system32\Dfssvc.exe [2007-03-21 164864]
R2 DHCPServer;Server DHCP; C:\WINDOWS\system32\tcpsvcs.exe [2007-03-21 21504]
R2 DNS;Server DNS; C:\WINDOWS\System32\dns.exe [2009-02-17 449024]
R2 ERA_SERVER;ESET Remote Administrator Server; C:\Program Files\ESET\ESET Remote Administrator\Server\era.exe [2008-12-16 1821192]
R2 HPWJAService;HPWJA Service; C:\Program Files\Hewlett-Packard\Web Jetadmin 10\bin\HPWJAService.exe [2007-12-06 28672]
R2 HPWJAUpdateService;HP WJA Update Service; C:\Program Files\Common Files\Hewlett-Packard\WJA Update Service\HPWJAUpdateService.exe [2008-03-12 20480]
R2 IAS;Služba ověřování v Internetu; C:\WINDOWS\System32\svchost.exe [2007-03-21 14848]
R2 IISADMIN;Správa služby IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2007-03-21 14336]
R2 IsmServ;Mezisíťové zasílání zpráv; C:\WINDOWS\System32\ismserv.exe [2007-03-21 40448]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 kdc;Centrum distribuce klíčů modulu Kerberos; C:\WINDOWS\System32\lsass.exe [2007-03-21 16384]
R2 LicenseService;Protokolování licence; C:\WINDOWS\System32\llssrv.exe [2007-03-21 94720]
R2 McAfee TQM;McAfee Quarantine Manager; C:\Program Files\McAfee\Quarantine Manager\bin\SAFeService.exe [2008-02-13 40960]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2007-03-27 104000]
R2 MSExchangeIS;Microsoft Exchange Information Store; E:\Exchsrvr\bin\store.exe [2008-11-26 5266432]
R2 MSExchangeMGMT;Microsoft Exchange Management; E:\Exchsrvr\bin\exmgmt.exe [2005-08-25 3217408]
R2 MSExchangeMTA;Microsoft Exchange MTA Stacks; E:\Exchsrvr\bin\emsmta.exe [2008-11-26 3598848]
R2 MSExchangeSA;Microsoft Exchange System Attendant; E:\Exchsrvr\bin\mad.exe [2005-08-25 8920064]
R2 MSSEARCH;Microsoft Search; C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe [2005-08-17 69632]
R2 MSSQL$AVAST;MSSQL$AVAST; C:\Program Files\Microsoft SQL Server\MSSQL$AVAST\Binn\sqlservr.exe [2008-12-18 9158656]
R2 MSSQL$BLACKBERRY;SQL Server (BLACKBERRY); C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 MSSQL$HPWJA;SQL Server (HPWJA); C:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 MSSQLSERVER;MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2008-12-18 9158656]
R2 MySQL;MySQL; C:\Program Files\McAfee\MySQL for Quarantine Manager\bin\mysqld-nt.exe [2007-03-05 4554752]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2007-03-21 14848]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-12-19 554312]
R2 NtFrs;Služba replikace souborů; C:\WINDOWS\system32\ntfrs.exe [2007-03-21 792576]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2007-03-21 14848]
R2 POP3Svc;Microsoft Exchange POP3; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2007-03-21 14336]
R2 RESvc;Microsoft Exchange Routing Engine; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2007-03-21 14336]
R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2007-03-21 14336]
R2 SNMP;SNMP; C:\WINDOWS\System32\snmp.exe [2007-03-21 40448]
R2 SQLAgent$AVAST;SQLAgent$AVAST; C:\Program Files\Microsoft SQL Server\MSSQL$AVAST\Binn\sqlagent.EXE [2005-05-03 323584]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 SrmSvc;Správce prostředků souborového serveru; C:\WINDOWS\system32\svchost.exe [2007-03-21 14848]
R2 W3SVC;Služba Publikování na webu; C:\WINDOWS\System32\svchost.exe [2007-03-21 14848]
R2 WINS;WINS; C:\WINDOWS\System32\wins.exe [2009-05-28 157696]
S2 SQLSERVERAGENT;SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [2005-05-03 323584]
S2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 ERA_HTTP_SERVER;ESET RA HTTP Server; C:\Program Files\ESET\ESET Remote Administrator\Server\EHttpSrv.exe [2008-12-16 76296]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GNCM;Gemini Network Communication Manager; C:\Program Files\BSC Praha\NCM\GNCM.exe [2007-02-15 196608]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\HPBOID.EXE [2004-04-16 73728]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSExchangeES;Microsoft Exchange Event; E:\Exchsrvr\bin\events.exe [2003-06-24 94720]
S3 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S3 RSoPProv;Poskytovatel výsledné sady zásad; C:\WINDOWS\system32\RSoPProv.exe [2007-03-21 67072]
S3 sacsvr;Pomocník pro práci se speciální konzolou pro správu; C:\WINDOWS\System32\svchost.exe [2007-03-21 14848]
S3 SNMPTRAP;Zachytávání pro službu SNMP; C:\WINDOWS\System32\snmptrap.exe [2007-03-21 8704]
S3 SrmReports;Správce sestav úložišť souborového serveru; C:\WINDOWS\system32\srmhost.exe [2007-03-21 10752]
S3 UMWdf;Sada ovladačů pro uživatelský režim systému Windows; C:\WINDOWS\system32\wdfmgr.exe [2007-03-21 39424]
S3 vds;Virtual Disk Service; C:\WINDOWS\System32\vds.exe [2007-03-21 353280]
S3 WinHttpAutoProxySvc;Služba WinHTTP WPAD; C:\WINDOWS\system32\svchost.exe [2007-03-21 14848]
S4 BlackBerry Database Consistency Service;BlackBerry Database Consistency Service; C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\bin\DBConsistency.exe [2007-05-31 2629764]
S4 IMAP4Svc;Microsoft Exchange IMAP4; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2007-03-21 14336]
S4 MSExchangeSRS;Microsoft Exchange Site Replication Service; E:\Exchsrvr\bin\srsmain.exe [2005-08-25 339456]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NntpSvc;NNTP (Network News Transfer Protocol); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2007-03-21 14336]
S4 TrkSvr;Server sledování distribuovaného propojení; C:\WINDOWS\system32\svchost.exe [2007-03-21 14848]
S4 Tssdis;Terminal Services Session Directory; C:\WINDOWS\System32\tssdis.exe [2007-03-21 71168]

-----------------EOF-----------------

#4 Příspěvek od **riffman** » 24 čer 2010 11:58

ted se zas chvili budu ptat ja

ty vsechny disky, tj. G, F, U, Z a W pouzivate?

pokud je virus ve sdilene slozce Recycler, proc jednoduse nezkusite vysypat kos a neprovest znovu sken, ani tady totiz nic jineho krom tech disku (a prave proto se na ne ptam, abychom vyloucili jejich infekci) nevidim

messiash13 · #5 Příspěvek od **messiash13** » 24 čer 2010 12:12

Disk "C" je jasny - systemovy.
Disk "E" je druhy disk serveru ze ktereho jsou nasdilene slozky uzivatelu a k serveru jsou pripojeny jako sitove disky "K" "O" a "T"
Disk "Z" je pripojena sitova jednotka - cd rom z meho notebooku.

Kos jsem zamozrejme vysypat zkousel - hodi chybu ze soubor nelze odstranit. Klidne slozku "recycler" smazu/napr. pomoci unlockeru/ , jen jsem se chtel ujistit ze tim nic nezkazim, vzhledem k tomu , ze se jedna o server a jeho funkcnost je velmi dulezita.

#6 Příspěvek od **riffman** » 24 čer 2010 12:16

ja tam nikde nic nevidim, takze popravde netusim, co s tim...a standarni mechanismy zde pouzivane se mi na vas moc aplikovat nechce, protoze jde prave o server a mohli bychom neco omylem zastrelit

hele, zkuste jeste aplikovat ten OTL, o kterem jsem psal o par postu vys; nebojte se, je to ciste jenom skener

messiash13 · #7 Příspěvek od **messiash13** » 24 čer 2010 13:07

Dobry den, tady je onen log z OTL nevedel jsem jesltli chcete oba, mezitim je tu prvni /otl.txt/ Diky

OTL logfile created on: 24.6.2010 13:54:51 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Administrator\Plocha
Windows Server 2003 Server 2003 R2 Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 36,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 60,00% Paging File free
Paging file location(s): c:\pagefile.sys 4092 8184 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 7,06 Gb Free Space | 18,08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 798,83 Gb Total Space | 103,77 Gb Free Space | 12,99% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 777,07 Gb Free Space | 83,42% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 798,83 Gb Total Space | 103,77 Gb Free Space | 12,99% Space Free | Partition Type: NTFS
Drive O: | 798,83 Gb Total Space | 103,77 Gb Free Space | 12,99% Space Free | Partition Type: NTFS
Drive T: | 798,83 Gb Total Space | 103,77 Gb Free Space | 12,99% Space Free | Partition Type: NTFS

Computer Name: FS2
Current User Name: administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.06.24 13:38:15 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
PRC - [2010.03.05 11:57:50 | 000,081,920 | ---- | M] () -- e:\ASPI\aspiusrv.exe
PRC - [2009.12.17 12:28:08 | 000,344,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mspaint.exe
PRC - [2009.05.28 19:14:55 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wins.exe
PRC - [2009.05.27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe
PRC - [2009.05.27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
PRC - [2009.02.17 10:19:33 | 000,449,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dns.exe
PRC - [2008.12.19 07:09:56 | 000,951,624 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32kui.exe
PRC - [2008.12.19 07:09:56 | 000,554,312 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe
PRC - [2008.12.18 11:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
PRC - [2008.12.18 11:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$AVAST\Binn\sqlservr.exe
PRC - [2008.12.16 16:26:06 | 001,821,192 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Remote Administrator\Server\era.exe
PRC - [2008.11.26 06:59:27 | 005,266,432 | ---- | M] (Microsoft Corporation) -- E:\Exchsrvr\bin\store.exe
PRC - [2008.11.26 05:43:19 | 003,598,848 | ---- | M] (Microsoft Corporation) -- E:\Exchsrvr\bin\emsmta.exe
PRC - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008.05.02 06:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008.03.12 10:30:19 | 000,020,480 | ---- | M] () -- C:\Program Files\Common Files\Hewlett-Packard\WJA Update Service\HPWJAUpdateService.exe
PRC - [2008.02.13 20:31:48 | 000,040,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Quarantine Manager\bin\SAFeService.exe
PRC - [2008.02.13 20:31:48 | 000,016,384 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Quarantine Manager\bin\RPCServ.exe
PRC - [2007.12.06 02:15:00 | 000,028,672 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Web Jetadmin 10\bin\HPWJAService.exe
PRC - [2007.06.04 10:21:10 | 000,447,488 | ---- | M] (ATLAS consulting, spol. s r.o.) -- C:\Program Files\ATLAS consulting\RegServer\RegSrv.exe
PRC - [2007.05.31 16:13:46 | 001,056,883 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BypassRouter\BlackberryRouter.exe
PRC - [2007.05.31 16:13:44 | 002,105,471 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\SyncServer\BlackBerrySyncServer.exe
PRC - [2007.05.31 16:13:42 | 000,749,703 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBAttachServer.exe
PRC - [2007.05.31 16:13:42 | 000,659,585 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBConvert.exe
PRC - [2007.05.31 16:13:42 | 000,073,728 | ---- | M] (Research In Motion) -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\bin\bmds.exe
PRC - [2007.05.31 16:13:38 | 005,505,146 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryAgent.exe
PRC - [2007.05.31 16:13:38 | 000,872,576 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryController.exe
PRC - [2007.05.31 16:13:38 | 000,557,176 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BESAlert.exe
PRC - [2007.05.31 16:09:48 | 005,644,408 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\ITAdminServer.exe
PRC - [2007.05.31 16:09:46 | 002,609,275 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryDispatcher.exe
PRC - [2007.03.27 17:26:46 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2007.03.27 17:25:50 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2007.03.27 17:23:46 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2007.03.27 15:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2007.03.21 14:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.03.21 14:00:00 | 000,792,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntfrs.exe
PRC - [2007.03.21 14:00:00 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logon.scr
PRC - [2007.03.21 14:00:00 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\certsrv.exe
PRC - [2007.03.21 14:00:00 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dfssvc.exe
PRC - [2007.03.21 14:00:00 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\llssrv.exe
PRC - [2007.03.21 14:00:00 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2007.03.21 14:00:00 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2007.03.21 14:00:00 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ismserv.exe
PRC - [2007.03.21 14:00:00 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
PRC - [2007.03.21 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2007.03.21 14:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\w3wp.exe
PRC - [2007.03.05 21:58:16 | 004,554,752 | ---- | M] () -- C:\Program Files\McAfee\MySQL for Quarantine Manager\bin\mysqld-nt.exe
PRC - [2007.02.15 17:12:18 | 000,034,816 | ---- | M] (BSC Praha, spol. s r.o.) -- C:\Program Files\BSC Praha\NCM\GNCMTray.exe
PRC - [2006.02.01 10:32:12 | 000,159,811 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\TalkBack\TBMon.exe
PRC - [2005.08.25 20:10:14 | 008,920,064 | ---- | M] (Microsoft Corporation) -- E:\Exchsrvr\bin\mad.exe
PRC - [2005.08.25 20:10:02 | 003,217,408 | ---- | M] (Microsoft Corporation) -- E:\Exchsrvr\bin\exmgmt.exe
PRC - [2005.08.17 18:41:02 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
PRC - [2005.05.03 23:07:32 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
PRC - [2005.05.03 22:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$AVAST\Binn\sqlagent.EXE
PRC - [2005.01.28 10:41:22 | 001,392,640 | ---- | M] (Luis Cobian) -- C:\Program Files\Cobian Backup 6\cobui.exe
PRC - [2005.01.14 16:36:26 | 000,462,848 | ---- | M] (Luis Cobian) -- C:\Program Files\Cobian Backup 6\cbs.exe

========== Modules (SafeList) ==========

MOD - [2010.06.24 13:38:15 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
MOD - [2008.05.02 06:15:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2007.03.21 14:00:00 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007.03.21 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2007.02.17 09:28:52 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010.03.05 11:57:50 | 000,081,920 | ---- | M] () [Auto | Running] -- e:\ASPI\aspiusrv.exe -- (Aspi Server)
SRV - [2009.05.28 19:14:55 | 000,157,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wins.exe -- (WINS)
SRV - [2009.05.27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe -- (MSSQL$HPWJA) SQL Server (HPWJA)
SRV - [2009.05.27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQL$BLACKBERRY) SQL Server (BLACKBERRY)
SRV - [2009.02.17 10:19:33 | 000,449,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dns.exe -- (DNS)
SRV - [2008.12.19 07:09:56 | 000,554,312 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn)
SRV - [2008.12.18 11:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER)
SRV - [2008.12.18 11:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL$AVAST\Binn\sqlservr.exe -- (MSSQL$AVAST)
SRV - [2008.12.16 16:26:06 | 001,821,192 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Remote Administrator\Server\era.exe -- (ERA_SERVER)
SRV - [2008.12.16 16:25:58 | 000,076,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Remote Administrator\Server\EHttpSrv.exe -- (ERA_HTTP_SERVER)
SRV - [2008.11.26 06:59:27 | 005,266,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- E:\Exchsrvr\bin\store.exe -- (MSExchangeIS)
SRV - [2008.11.26 05:43:19 | 003,598,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- E:\Exchsrvr\bin\emsmta.exe -- (MSExchangeMTA)
SRV - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008.11.24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008.07.29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.03.12 10:30:19 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Hewlett-Packard\WJA Update Service\HPWJAUpdateService.exe -- (HPWJAUpdateService)
SRV - [2008.02.13 20:31:48 | 000,040,960 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Quarantine Manager\bin\SAFeService.exe -- (McAfee TQM)
SRV - [2007.12.06 02:15:00 | 000,028,672 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Web Jetadmin 10\bin\HPWJAService.exe -- (HPWJAService)
SRV - [2007.06.04 10:21:10 | 000,447,488 | ---- | M] (ATLAS consulting, spol. s r.o.) [Auto | Running] -- C:\Program Files\ATLAS consulting\RegServer\RegSrv.exe -- (AtlasRegServer)
SRV - [2007.05.31 16:13:46 | 001,056,883 | ---- | M] (Research In Motion Limited) [Auto | Running] -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BypassRouter\BlackberryRouter.exe -- (BlackBerry Router)
SRV - [2007.05.31 16:13:44 | 002,105,471 | ---- | M] (Research In Motion Limited) [Auto | Running] -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\SyncServer\BlackBerrySyncServer.exe -- (BlackBerry SyncServer)
SRV - [2007.05.31 16:13:42 | 002,629,764 | ---- | M] (Research In Motion Limited) [Disabled | Stopped] -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\bin\DBConsistency.exe -- (BlackBerry Database Consistency Service)
SRV - [2007.05.31 16:13:42 | 000,749,703 | ---- | M] (Research In Motion Limited) [Auto | Running] -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBAttachServer.exe -- (BBAttachServer)
SRV - [2007.05.31 16:13:42 | 000,073,728 | ---- | M] (Research In Motion) [Auto | Running] -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\bin\bmds.exe -- (BlackBerry MDS Connection Service)
SRV - [2007.05.31 16:13:38 | 000,872,576 | ---- | M] (Research In Motion Limited) [Auto | Running] -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryController.exe -- (BlackBerry Controller)
SRV - [2007.05.31 16:13:38 | 000,557,176 | ---- | M] (Research In Motion Limited) [Auto | Running] -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BESAlert.exe -- (BlackBerry Server Alert)
SRV - [2007.05.31 16:09:48 | 005,644,408 | ---- | M] (Research In Motion Limited) [Auto | Running] -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\ITAdminServer.exe -- (BlackBerry Policy Service)
SRV - [2007.05.31 16:09:46 | 002,609,275 | ---- | M] (Research In Motion Limited) [Auto | Running] -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryDispatcher.exe -- (BlackBerry Dispatcher)
SRV - [2007.03.27 17:23:46 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2007.03.21 14:00:00 | 001,595,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srmsvc.dll -- (SrmSvc)
SRV - [2007.03.21 14:00:00 | 000,792,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)
SRV - [2007.03.21 14:00:00 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\certsrv.exe -- (CertSvc)
SRV - [2007.03.21 14:00:00 | 000,216,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2007.03.21 14:00:00 | 000,164,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)
SRV - [2007.03.21 14:00:00 | 000,094,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)
SRV - [2007.03.21 14:00:00 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)
SRV - [2007.03.21 14:00:00 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)
SRV - [2007.03.21 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)
SRV - [2007.03.21 14:00:00 | 000,040,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2007.03.21 14:00:00 | 000,040,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)
SRV - [2007.03.21 14:00:00 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (DHCPServer)
SRV - [2007.03.21 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) SMTP (Simple Mail Transfer Protocol)
SRV - [2007.03.21 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (RESvc)
SRV - [2007.03.21 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (POP3Svc)
SRV - [2007.03.21 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (NntpSvc) NNTP (Network News Transfer Protocol)
SRV - [2007.03.21 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IMAP4Svc)
SRV - [2007.03.21 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007.03.21 14:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)
SRV - [2007.03.21 14:00:00 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\srmhost.exe -- (SrmReports)
SRV - [2007.03.21 14:00:00 | 000,008,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ias.dll -- (IAS)
SRV - [2007.03.05 21:58:16 | 004,554,752 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\MySQL for Quarantine Manager\bin\mysqld-nt.exe -- (MySQL)
SRV - [2007.02.15 17:13:16 | 000,196,608 | ---- | M] (BSC Praha, spol. s r.o.) [On_Demand | Stopped] -- C:\Program Files\BSC Praha\NCM\GNCM.exe -- (GNCM)
SRV - [2005.08.25 20:10:14 | 008,920,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- E:\Exchsrvr\bin\mad.exe -- (MSExchangeSA)
SRV - [2005.08.25 20:10:02 | 003,217,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- E:\Exchsrvr\bin\exmgmt.exe -- (MSExchangeMGMT)
SRV - [2005.08.25 19:29:52 | 000,339,456 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- E:\Exchsrvr\bin\srsmain.exe -- (MSExchangeSRS)
SRV - [2005.08.17 18:41:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe -- (MSSEARCH)
SRV - [2005.05.03 22:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT)
SRV - [2005.05.03 22:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL$AVAST\Binn\sqlagent.EXE -- (SQLAgent$AVAST)
SRV - [2005.01.14 16:36:26 | 000,462,848 | ---- | M] (Luis Cobian) [Auto | Running] -- C:\Program Files\Cobian Backup 6\cbs.exe -- (CobBackup6)
SRV - [2003.06.24 09:00:00 | 000,094,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Exchsrvr\bin\events.exe -- (MSExchangeES)

========== Driver Services (SafeList) ==========

DRV - [2008.12.19 07:09:57 | 000,511,832 | ---- | M] (Eset ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)
DRV - [2008.12.19 07:09:56 | 000,015,160 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv)
DRV - [2007.03.21 14:00:00 | 000,177,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlbs.sys -- (WLBS)
DRV - [2007.03.21 14:00:00 | 000,088,064 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\quota.sys -- (Quota)
DRV - [2007.03.21 14:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ClusDisk.sys -- (ClusDisk)
DRV - [2007.03.21 14:00:00 | 000,048,640 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\datascrn.sys -- (Datascrn)
DRV - [2007.03.21 14:00:00 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Dfs.sys -- (DfsDriver)
DRV - [2007.01.02 22:41:42 | 000,374,784 | R--- | M] (Broadcom Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2006.12.22 17:23:34 | 000,050,688 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bxnd52x.sys -- (l2nd)
DRV - [2006.04.13 04:40:16 | 000,051,200 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2005.08.25 18:29:06 | 000,196,192 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\exifs.sys -- (EXIFS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.23 09:01:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.23 09:01:07 | 000,000,000 | ---D | M]

[2010.06.23 09:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Extensions
[2010.06.23 09:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\l8ktt4e3.default\extensions
[2010.06.23 09:01:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\l8ktt4e3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.23 09:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\l8ktt4e3.default\extensions\staged-xpis
[2010.06.23 09:01:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.06.12 01:52:09 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.06.12 01:52:09 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.06.12 01:52:09 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.06.12 01:52:09 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.06.12 01:52:09 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2007.03.21 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [Cobian Backup Interface 6] C:\Program Files\Cobian Backup 6\cobui.exe (Luis Cobian)
O4 - HKLM..\Run: [Gemini NCM Status] C:\Program Files\BSC Praha\NCM\GNCMTray.exe (BSC Praha, spol. s r.o.)
O4 - HKLM..\Run: [McAfeeTalkBackMonitor] C:\Program Files\Common Files\McAfee\Talkback\TBMon.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 4277345199 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 5741245390 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.02.29 09:51:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.04.28 11:41:41 | 000,000,000 | ---D | M] - F:\autorun -- [ NTFS ]
O32 - AutoRun File - [2008.07.10 14:19:04 | 000,000,036 | -H-- | M] () - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006.08.11 10:44:33 | 000,022,016 | ---- | M] () - K:\Autom.odp._DYO.doc -- [ NTFS ]
O32 - AutoRun File - [2010.05.03 17:18:16 | 000,095,034 | RHS- | M] () - K:\autorun.V00inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.04 12:05:02 | 000,095,034 | RHS- | M] () - K:\autorun.V01inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.05 08:52:05 | 000,095,034 | RHS- | M] () - K:\autorun.V02inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.05 08:58:53 | 000,095,034 | RHS- | M] () - K:\autorun.V03inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.06 08:55:50 | 000,095,034 | RHS- | M] () - K:\autorun.V04inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.06 09:03:21 | 000,095,034 | RHS- | M] () - K:\autorun.V05inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.07 08:49:22 | 000,095,034 | RHS- | M] () - K:\autorun.V06inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.07 08:57:02 | 000,095,034 | RHS- | M] () - K:\autorun.V07inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.10 08:59:55 | 000,095,034 | RHS- | M] () - K:\autorun.V08inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.10 09:05:10 | 000,095,034 | RHS- | M] () - K:\autorun.V09inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.11 09:01:30 | 000,095,034 | RHS- | M] () - K:\autorun.V10inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.11 09:07:15 | 000,095,034 | RHS- | M] () - K:\autorun.V11inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.12 09:04:06 | 000,095,034 | RHS- | M] () - K:\autorun.V12inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.12 09:07:48 | 000,095,034 | RHS- | M] () - K:\autorun.V13inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.13 09:09:34 | 000,095,034 | RHS- | M] () - K:\autorun.V14inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.14 09:28:06 | 000,095,034 | RHS- | M] () - K:\autorun.V15inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.18 18:39:32 | 000,095,034 | RHS- | M] () - K:\autorun.V16inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.19 09:16:44 | 000,095,034 | RHS- | M] () - K:\autorun.V17inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.21 09:02:05 | 000,095,034 | RHS- | M] () - K:\autorun.V18inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.24 09:14:30 | 000,095,034 | RHS- | M] () - K:\autorun.V19inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.26 09:09:22 | 000,095,034 | RHS- | M] () - K:\autorun.V20inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.27 09:18:18 | 000,095,034 | RHS- | M] () - K:\autorun.V21inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.29 11:32:28 | 000,095,034 | RHS- | M] () - K:\autorun.V22inf -- [ NTFS ]
O32 - AutoRun File - [2010.06.04 08:15:26 | 000,095,034 | RHS- | M] () - K:\autorun.V23inf -- [ NTFS ]
O32 - AutoRun File - [2010.06.07 09:05:23 | 000,095,034 | RHS- | M] () - K:\autorun.V24inf -- [ NTFS ]
O32 - AutoRun File - [2010.06.08 09:05:55 | 000,095,034 | RHS- | M] () - K:\autorun.V25inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.03 08:24:56 | 000,095,034 | RHS- | M] () - K:\autorun.Vinf -- [ NTFS ]
O32 - AutoRun File - [2010.05.03 08:25:02 | 000,095,034 | RHS- | M] () - O:\autorun.V00inf -- [ NTFS ]
O32 - AutoRun File - [2010.06.09 09:12:25 | 000,095,034 | RHS- | M] () - O:\autorun.V01inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.02 19:12:11 | 000,095,034 | RHS- | M] () - O:\autorun.Vinf -- [ NTFS ]
O33 - MountPoints2\##192.168.1.30#aspidvd (d)\Shell - "" = AutoRun
O33 - MountPoints2\##192.168.1.30#aspidvd (d)\Shell\AutoRun\command - "" = Z:\setup.exe -- File not found
O33 - MountPoints2\##Pc002#D-cd\Shell - "" = AutoRun
O33 - MountPoints2\##Pc002#D-cd\Shell\AutoRun\command - "" = W:\autorun.exe -- File not found
O33 - MountPoints2\##pc045#D\Shell - "" = AutoRun
O33 - MountPoints2\##pc045#D\Shell\AutoRun\command - "" = Z:\setup.exe -- File not found
O33 - MountPoints2\##pc045#E\Shell - "" = AutoRun
O33 - MountPoints2\##pc045#E\Shell\AutoRun\command - "" = U:\setup.exe -- File not found
O33 - MountPoints2\{6ed4f460-e7a4-11dc-a66a-001a64678428}\Shell\AutoRun\command - "" = F:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{fb3cef47-06c5-11dd-93e5-001a64678428}\Shell\AutoRun\command - "" = G:\Launch.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.06.24 13:39:12 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2010.06.24 11:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.06.24 11:21:15 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.24 11:18:09 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Plocha\HijackThis.exe
[2010.06.24 08:31:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.06.23 21:45:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dokumenty\vir
[2010.06.23 09:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
[2010.06.23 09:03:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.06.23 09:03:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.06.23 09:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.06.23 09:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.06.23 09:02:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dokumenty\Stažené soubory
[2010.06.23 09:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Mozilla
[2010.06.23 09:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
[2010.06.23 09:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010.06.21 16:07:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha\AccessEnum
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.06.24 13:38:15 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2010.06.24 12:15:03 | 000,824,681 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\RSIT.exe
[2010.06.24 11:15:50 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Plocha\HijackThis.exe
[2010.06.24 11:11:53 | 000,824,681 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\RSIT.exe
[2010.06.24 11:07:16 | 000,065,536 | ---- | M] () -- C:\WINDOWS\NETLOGON.CHG
[2010.06.24 10:32:01 | 000,002,803 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.06.24 08:34:43 | 001,193,298 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.06.24 08:34:43 | 001,167,836 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.24 08:34:43 | 000,374,788 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.06.24 08:34:43 | 000,344,638 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.24 08:34:42 | 003,142,454 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.24 06:14:22 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\USB_03_backup_streda.job
[2010.06.24 06:06:21 | 000,004,179 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010.06.23 22:55:23 | 000,000,856 | ---- | M] () -- C:\WINDOWS\tasks\USB_02_backup_utery.job
[2010.06.23 21:45:13 | 007,077,888 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010.06.23 09:01:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010.06.23 09:01:09 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
[2010.06.22 21:53:43 | 003,915,986 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\IconCache.db
[2010.06.22 17:11:03 | 000,000,184 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2010.06.22 12:21:35 | 000,243,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\prava_users.JPG
[2010.06.22 08:49:19 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.22 08:48:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.22 08:48:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.22 08:48:17 | 000,118,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.22 07:59:56 | 000,004,861 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.06.22 07:29:48 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\USB_01_backup_pondeli.job
[2010.06.20 12:29:24 | 000,000,846 | ---- | M] () -- C:\WINDOWS\tasks\USB_06_backup_Sobota_Ocko.job
[2010.06.19 06:20:30 | 000,000,854 | ---- | M] () -- C:\WINDOWS\tasks\USB_05_backup_patek.job
[2010.06.18 23:20:10 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\USB_04_backup_ctvrtek.job
[2010.06.18 15:42:31 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.06.24 12:14:56 | 000,824,681 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\RSIT.exe
[2010.06.24 11:21:11 | 000,824,681 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\RSIT.exe
[2010.06.23 09:01:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.06.23 09:01:09 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
[2010.06.22 12:21:34 | 000,243,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenty\prava_users.JPG
[2009.01.11 14:17:59 | 000,000,477 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2008.12.19 07:19:18 | 000,015,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2008.09.12 08:22:42 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008.07.29 16:57:33 | 000,002,803 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008.06.02 17:01:30 | 000,000,126 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.05.26 23:22:14 | 000,015,552 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 23:22:10 | 000,021,464 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 23:22:04 | 000,014,910 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.03.01 11:08:06 | 000,000,135 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008.03.01 11:05:10 | 000,000,184 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008.02.29 14:47:56 | 000,044,291 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008.02.29 14:47:56 | 000,035,920 | ---- | C] () -- C:\WINDOWS\System32\nntpctrs.ini
[2008.02.29 14:47:56 | 000,002,069 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008.02.29 14:40:17 | 000,078,484 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008.02.29 14:40:16 | 000,015,645 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008.02.29 14:40:15 | 000,018,184 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008.02.29 14:09:35 | 000,004,626 | ---- | C] () -- C:\WINDOWS\System32\dhcpctrs.ini
[2008.02.29 14:02:27 | 000,024,120 | ---- | C] () -- C:\WINDOWS\System32\dnsperf.ini
[2008.02.29 13:52:48 | 000,001,311 | ---- | C] () -- C:\WINDOWS\System32\dfsmgmt.dll.config
[2007.03.21 14:00:00 | 000,179,440 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
[2007.03.21 14:00:00 | 000,051,600 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
[2007.03.21 14:00:00 | 000,039,968 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
[2007.03.21 14:00:00 | 000,022,854 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
[2007.03.21 14:00:00 | 000,022,725 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
[2007.03.21 14:00:00 | 000,010,209 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
[2006.06.12 11:36:30 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.dll
[2003.02.07 18:24:20 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001.07.07 05:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
< End of report >

#8 Příspěvek od **riffman** » 24 čer 2010 13:36

nemam rad serverovy edice

O32 - AutoRun File - [2010.05.03 17:18:16 | 000,095,034 | RHS- | M] () - K:\autorun.V00inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.04 12:05:02 | 000,095,034 | RHS- | M] () - K:\autorun.V01inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.05 08:52:05 | 000,095,034 | RHS- | M] () - K:\autorun.V02inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.05 08:58:53 | 000,095,034 | RHS- | M] () - K:\autorun.V03inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.06 08:55:50 | 000,095,034 | RHS- | M] () - K:\autorun.V04inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.06 09:03:21 | 000,095,034 | RHS- | M] () - K:\autorun.V05inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.07 08:49:22 | 000,095,034 | RHS- | M] () - K:\autorun.V06inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.07 08:57:02 | 000,095,034 | RHS- | M] () - K:\autorun.V07inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.10 08:59:55 | 000,095,034 | RHS- | M] () - K:\autorun.V08inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.10 09:05:10 | 000,095,034 | RHS- | M] () - K:\autorun.V09inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.11 09:01:30 | 000,095,034 | RHS- | M] () - K:\autorun.V10inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.11 09:07:15 | 000,095,034 | RHS- | M] () - K:\autorun.V11inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.12 09:04:06 | 000,095,034 | RHS- | M] () - K:\autorun.V12inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.12 09:07:48 | 000,095,034 | RHS- | M] () - K:\autorun.V13inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.13 09:09:34 | 000,095,034 | RHS- | M] () - K:\autorun.V14inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.14 09:28:06 | 000,095,034 | RHS- | M] () - K:\autorun.V15inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.18 18:39:32 | 000,095,034 | RHS- | M] () - K:\autorun.V16inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.19 09:16:44 | 000,095,034 | RHS- | M] () - K:\autorun.V17inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.21 09:02:05 | 000,095,034 | RHS- | M] () - K:\autorun.V18inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.24 09:14:30 | 000,095,034 | RHS- | M] () - K:\autorun.V19inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.26 09:09:22 | 000,095,034 | RHS- | M] () - K:\autorun.V20inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.27 09:18:18 | 000,095,034 | RHS- | M] () - K:\autorun.V21inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.29 11:32:28 | 000,095,034 | RHS- | M] () - K:\autorun.V22inf -- [ NTFS ]
O32 - AutoRun File - [2010.06.04 08:15:26 | 000,095,034 | RHS- | M] () - K:\autorun.V23inf -- [ NTFS ]
O32 - AutoRun File - [2010.06.07 09:05:23 | 000,095,034 | RHS- | M] () - K:\autorun.V24inf -- [ NTFS ]
O32 - AutoRun File - [2010.06.08 09:05:55 | 000,095,034 | RHS- | M] () - K:\autorun.V25inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.03 08:24:56 | 000,095,034 | RHS- | M] () - K:\autorun.Vinf -- [ NTFS ]
O32 - AutoRun File - [2010.05.03 08:25:02 | 000,095,034 | RHS- | M] () - O:\autorun.V00inf -- [ NTFS ]
O32 - AutoRun File - [2010.06.09 09:12:25 | 000,095,034 | RHS- | M] () - O:\autorun.V01inf -- [ NTFS ]
O32 - AutoRun File - [2010.05.02 19:12:11 | 000,095,034 | RHS- | M] () - O:\autorun.Vinf -- [ NTFS ]

tyhle autoruny - vite o nich?

messiash13 · #9 Příspěvek od **messiash13** » 24 čer 2010 14:15

Techto autorunu jsem si vsimnul. Rekl bych , ze si je onen vir vytvoril automaticky...predpokladam ze je mohu smazat, ze?

Diky

#10 Příspěvek od **riffman** » 24 čer 2010 15:07

ja to predpokladam taky, ale co to nejdriv pro jistotu protahnout sluzbou virustotal, abychom nezastrelili to, co nechceme?

jeden nebo dva z nich (pokud tam jsou) otestujte na VIRUSTOTALu

(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet, najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor, ignorujte pripadne hlasky, ze soubor byl jiz testovan a provedte sken znova; dejte skenerum nejakych deset minut; vysledek sem vlozte at uz zkopirovanim textu, nebo pripadne vlozenim odkazu po ukonceni skenu)

messiash13 · #11 Příspěvek od **messiash13** » 24 čer 2010 16:52

Zdravim ,zde jsou vysledky dvou testovanych souboru

http://www.virustotal.com/cs/analisis/d ... 1277390938

Antivirus Verze Poslední aktualizace Výsledek
a-squared 5.0.0.30 2010.06.24 Net-Worm.Win32.Kido!IK
AhnLab-V3 2010.06.24.01 2010.06.24 TextImage/Autorun
AntiVir 8.2.4.2 2010.06.24 BAT/Autorun.CA
Antiy-AVL 2.0.3.7 2010.06.24 Worm/Win32.Kido
Authentium 5.2.0.5 2010.06.24 -
Avast 4.8.1351.0 2010.06.24 BV:AutoRun-S
Avast5 5.0.332.0 2010.06.24 BV:AutoRun-S
AVG 9.0.0.836 2010.06.24 Worm/Generic_c.ZY
BitDefender 7.2 2010.06.24 Worm.Autorun.VHG
CAT-QuickHeal 10.00 2010.06.24 -
ClamAV 0.96.0.3-git 2010.06.24 Worm.Autorun-2191
Comodo 5203 2010.06.24 UnclassifiedMalware
DrWeb 5.0.2.03300 2010.06.24 Win32.HLLW.Autoruner.5601
eSafe 7.0.17.0 2010.06.24 -
eTrust-Vet 36.1.7664 2010.06.24 INF/Conficker
F-Prot 4.6.1.107 2010.06.24 -
F-Secure 9.0.15370.0 2010.06.24 Worm:W32/Downaduprun.A
Fortinet 4.1.133.0 2010.06.24 -
GData 21 2010.06.24 Worm.Autorun.VHG
Ikarus T3.1.1.84.0 2010.06.24 Net-Worm.Win32.Kido
Jiangmin 13.0.900 2010.06.15 -
Kaspersky 7.0.0.125 2010.06.24 Net-Worm.Win32.Kido.ir
McAfee 5.400.0.1158 2010.06.24 -
McAfee-GW-Edition 2010.1 2010.06.24 -
Microsoft 1.5902 2010.06.24 Worm:Win32/Conficker.B!inf
NOD32 5225 2010.06.24 -
Norman 6.05.10 2010.06.24 Text/Autorun.CTK
nProtect 2010-06-24.01 2010.06.24 Worm.Autorun.VHG
Panda 10.0.2.7 2010.06.23 W32/Conficker.C.worm
PCTools 7.0.3.5 2010.06.24 Malware.Downadup
Prevx 3.0 2010.06.24 -
Rising 22.53.03.04 2010.06.24 Hack.Exploit.Win32.MS08-067.bq
Sophos 4.54.0 2010.06.24 Mal/ConfInf-A
Sunbelt 6499 2010.06.24 -
Symantec 20101.1.0.89 2010.06.24 W32.Downadup!autorun
TheHacker 6.5.2.0.303 2010.06.24 W32/Conficker.autorunL
TrendMicro 9.120.0.1004 2010.06.24 TROJ_DOWNAD.AD
TrendMicro-HouseCall 9.120.0.1004 2010.06.24 TROJ_DOWNAD.AD
VBA32 3.12.12.5 2010.06.24 -
ViRobot 2010.6.21.3896 2010.06.24 Trojan.Win32.AutoRun.95034
VirusBuster 5.0.27.0 2010.06.24 INF.Conficker.F
Rozšiřující informace
File size: 95034 bytes
MD5 : 2f2b89dcae18d2cb5210d8174916674d
SHA1 : 3a87a5e1b8cc0afba17ba0af7dbdcfed37fe2d6a
SHA256: d2973d14d69c7ae79d6c425e9a19a7f0a8b97c63d3613bd96daa260555eef9ed
TrID : File type identification
Text - UTF-16 (LE) encoded (66.6%)
MP3 audio (33.3%)
ssdeep: 1536:113HWaC+OYeaeT1UPlxvbk3J6pzHnlIW1IG3VYSlXnSFTLTAEkR:jN4EPE65HneKI+lXnSFTdY
sigcheck: publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
packers (F-Prot): Unicode
RDS : NSRL Reference Data Set

http://www.virustotal.com/cs/analisis/d ... 1277394815

Soubor autorun.V01inf přijatý 2010.06.24 15:53:35 (UTC)
Antivirus Verze Poslední aktualizace Výsledek
a-squared 5.0.0.30 2010.06.24 Net-Worm.Win32.Kido!IK
AhnLab-V3 2010.06.24.01 2010.06.24 TextImage/Autorun
AntiVir 8.2.4.2 2010.06.24 BAT/Autorun.CA
Antiy-AVL 2.0.3.7 2010.06.24 Worm/Win32.Kido
Authentium 5.2.0.5 2010.06.24 -
Avast 4.8.1351.0 2010.06.24 BV:AutoRun-S
Avast5 5.0.332.0 2010.06.24 BV:AutoRun-S
AVG 9.0.0.836 2010.06.24 Worm/Generic_c.ZY
BitDefender 7.2 2010.06.24 Worm.Autorun.VHG
CAT-QuickHeal 10.00 2010.06.24 -
ClamAV 0.96.0.3-git 2010.06.24 Worm.Autorun-2191
Comodo 5203 2010.06.24 UnclassifiedMalware
DrWeb 5.0.2.03300 2010.06.24 Win32.HLLW.Autoruner.5601
eSafe 7.0.17.0 2010.06.24 -
eTrust-Vet 36.1.7664 2010.06.24 INF/Conficker
F-Prot 4.6.1.107 2010.06.24 -
F-Secure 9.0.15370.0 2010.06.24 Worm:W32/Downaduprun.A
Fortinet 4.1.133.0 2010.06.24 -
GData 21 2010.06.24 Worm.Autorun.VHG
Ikarus T3.1.1.84.0 2010.06.24 Net-Worm.Win32.Kido
Jiangmin 13.0.900 2010.06.15 -
Kaspersky 7.0.0.125 2010.06.24 Net-Worm.Win32.Kido.ir
McAfee 5.400.0.1158 2010.06.24 -
McAfee-GW-Edition 2010.1 2010.06.24 -
Microsoft 1.5902 2010.06.24 Worm:Win32/Conficker.B!inf
NOD32 5226 2010.06.24 -
Norman 6.05.10 2010.06.24 Text/Autorun.CTK
nProtect 2010-06-24.01 2010.06.24 Worm.Autorun.VHG
Panda 10.0.2.7 2010.06.23 W32/Conficker.C.worm
PCTools 7.0.3.5 2010.06.24 Malware.Downadup
Rising 22.53.03.04 2010.06.24 Hack.Exploit.Win32.MS08-067.bq
Sophos 4.54.0 2010.06.24 Mal/ConfInf-A
Sunbelt 6500 2010.06.24 -
Symantec 20101.1.0.89 2010.06.24 W32.Downadup!autorun
TheHacker 6.5.2.0.303 2010.06.24 W32/Conficker.autorunL
TrendMicro 9.120.0.1004 2010.06.24 TROJ_DOWNAD.AD
TrendMicro-HouseCall 9.120.0.1004 2010.06.24 TROJ_DOWNAD.AD
VBA32 3.12.12.5 2010.06.24 -
ViRobot 2010.6.21.3896 2010.06.24 Trojan.Win32.AutoRun.95034
VirusBuster 5.0.27.0 2010.06.24 INF.Conficker.F
Rozšiřující informace
File size: 95034 bytes
MD5...: 2f2b89dcae18d2cb5210d8174916674d
SHA1..: 3a87a5e1b8cc0afba17ba0af7dbdcfed37fe2d6a
SHA256: d2973d14d69c7ae79d6c425e9a19a7f0a8b97c63d3613bd96daa260555eef9ed
ssdeep: 1536:113HWaC+OYeaeT1UPlxvbk3J6pzHnlIW1IG3VYSlXnSFTLTAEkR:jN4EPE6 5HneKI+lXnSFTdY 
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set -
pdfid.: -
trid..: Text - UTF-16 (LE) encoded (66.6%) MP3 audio (33.3%)
sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned 
packers (F-Prot): Unicode

#12 Příspěvek od **riffman** » 24 čer 2010 18:07

tak je to jasny, vsechny autoruny z K a z O vystrilet

messiash13 · #13 Příspěvek od **messiash13** » 24 čer 2010 18:55

Autoruny jsou pryc..

mam smazat i ten detekovany conficker z te slozky recycler?

#14 Příspěvek od **riffman** » 24 čer 2010 20:00

urcite, prece si ho tam nebudete syslit

messiash13 · #15 Příspěvek od **messiash13** » 24 čer 2010 20:30

Dobra, je pryc...

Jinak myslite , ze je to v poradku? Pro jistotu prikladam novy log z RSIT.

Logfile of random's system information tool 1.07 (written by random/random)
Run by administrator at 2010-06-24 21:26:47
Microsoft(R) Windows(R) Server 2003, Standard Edition
System drive C: has 7 GB (18%) free of 40 GB
Total RAM: 4095 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:26:50, on 24.6.2010
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
e:\aspi\aspiusrv.exe
C:\Program Files\ATLAS consulting\RegServer\RegSrv.exe
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBAttachServer.exe
C:\WINDOWS\system32\certsrv.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\Program Files\ESET\ESET Remote Administrator\Server\era.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Hewlett-Packard\WJA Update Service\HPWJAUpdateService.exe
C:\WINDOWS\System32\ismserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Quarantine Manager\bin\SAFeService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\Quarantine Manager\bin\RPCServ.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$AVAST\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\McAfee\MySQL for Quarantine Manager\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\ntfrs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Microsoft SQL Server\MSSQL$AVAST\Binn\sqlagent.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wins.exe
C:\WINDOWS\system32\tcpsvcs.exe
E:\Exchsrvr\bin\exmgmt.exe
E:\Exchsrvr\bin\mad.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
E:\Exchsrvr\bin\store.exe
E:\Exchsrvr\bin\emsmta.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryAgent.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BSC Praha\NCM\GNCMTray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Cobian Backup 6\cobui.exe
C:\Program Files\Common Files\McAfee\Talkback\TBMon.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\mstsc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBConvert.exe
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBConvert.exe
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBConvert.exe
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBConvert.exe
C:\Program Files\Eset\nod32.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Program Files\trend micro\administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Gemini NCM Status] C:\Program Files\BSC Praha\NCM\GNCMTray.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Cobian Backup Interface 6] "C:\Program Files\Cobian Backup 6\cobui.exe" -service
O4 - HKLM\..\Run: [McAfeeTalkBackMonitor] "C:\Program Files\Common Files\McAfee\Talkback\TBMon.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3285082126-3824228645-3330861787-1260\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'blackberry')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O15 - ESC Trusted Zone: www.avast.cz
O15 - ESC Trusted Zone: http://www.ibm.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://www.thawte.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - ESC Trusted IP range: http://192.168.1.10
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4277345199
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5741245390
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
O17 - HKLM\Software\..\Telephony: DomainName =
O17 - HKLM\System\CCS\Services\Tcpip\..\{20FCA4F7-44B3-4E5E-93A9-E88BD71B884D}: NameServer = 192.168.1.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
O17 - HKLM\System\CS1\Services\Tcpip\..\{20FCA4F7-44B3-4E5E-93A9-E88BD71B884D}: NameServer = 192.168.1.10
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
O17 - HKLM\System\CS2\Services\Tcpip\..\{20FCA4F7-44B3-4E5E-93A9-E88BD71B884D}: NameServer = 192.168.1.10
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Aspi Server - Unknown owner - e:\aspi\aspiusrv.exe
O23 - Service: Atlas Registration Server (AtlasRegServer) - ATLAS consulting, spol. s r.o. - C:\Program Files\ATLAS consulting\RegServer\RegSrv.exe
O23 - Service: BlackBerry Attachment Service (BBAttachServer) - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBAttachServer.exe
O23 - Service: BlackBerry Controller - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryController.exe
O23 - Service: BlackBerry Dispatcher - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryDispatcher.exe
O23 - Service: BlackBerry MDS Connection Service - Research In Motion - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\bin\bmds.exe
O23 - Service: BlackBerry Policy Service - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\ITAdminServer.exe
O23 - Service: BlackBerry Router - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BypassRouter\BlackberryRouter.exe
O23 - Service: BlackBerry Alert (BlackBerry Server Alert) - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BESAlert.exe
O23 - Service: BlackBerry Synchronization Service (BlackBerry SyncServer) - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\SyncServer\BlackBerrySyncServer.exe
O23 - Service: Cobian Backup 6 service (CobBackup6) - Luis Cobian - C:\Program Files\Cobian Backup 6\cbs.exe
O23 - Service: ESET RA HTTP Server (ERA_HTTP_SERVER) - ESET - C:\Program Files\ESET\ESET Remote Administrator\Server\EHttpSrv.exe
O23 - Service: ESET Remote Administrator Server (ERA_SERVER) - ESET - C:\Program Files\ESET\ESET Remote Administrator\Server\era.exe
O23 - Service: Gemini Network Communication Manager (GNCM) - BSC Praha, spol. s r.o. - C:\Program Files\BSC Praha\NCM\GNCM.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: HPWJA Service (HPWJAService) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Web Jetadmin 10\bin\HPWJAService.exe
O23 - Service: HP WJA Update Service (HPWJAUpdateService) - Unknown owner - C:\Program Files\Common Files\Hewlett-Packard\WJA Update Service\HPWJAUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Quarantine Manager (McAfee TQM) - McAfee, Inc. - C:\Program Files\McAfee\Quarantine Manager\bin\SAFeService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: MySQL - Unknown owner - C:\Program Files\McAfee\MySQL for Quarantine Manager\bin\mysqld-nt.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 11110 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\RSYNC_01_backup_pondeli.job
C:\WINDOWS\tasks\RSYNC_02_backup_utery.job
C:\WINDOWS\tasks\RSYNC_03_backup_streda.job
C:\WINDOWS\tasks\RSYNC_04_backup_ctvrtek.job
C:\WINDOWS\tasks\RSYNC_05_backup_patek.job
C:\WINDOWS\tasks\RSYNC_06_backup_sobota.job
C:\WINDOWS\tasks\RSYNC_07_backup_nedele.job
C:\WINDOWS\tasks\TEST.job
C:\WINDOWS\tasks\USB_01_backup_pondeli.job
C:\WINDOWS\tasks\USB_02_backup_utery.job
C:\WINDOWS\tasks\USB_03_backup_streda.job
C:\WINDOWS\tasks\USB_04_backup_ctvrtek.job
C:\WINDOWS\tasks\USB_05_backup_patek.job
C:\WINDOWS\tasks\USB_06_backup_Sobota_Ocko.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Gemini NCM Status"=C:\Program Files\BSC Praha\NCM\GNCMTray.exe [2007-02-15 34816]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]
"Cobian Backup Interface 6"=C:\Program Files\Cobian Backup 6\cobui.exe [2005-01-28 1392640]
"McAfeeTalkBackMonitor"=C:\Program Files\Common Files\McAfee\Talkback\TBMon.exe [2006-02-01 159811]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2007-03-27 136768]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-12-19 951624]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2007-03-21 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=RASSFM
KDCSVC
WDIGEST
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, pwdssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"disablecad"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=0
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ShowSuperHidden"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb3cef47-06c5-11dd-93e5-001a64678428}]
shell\AutoRun\command - G:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ed4f460-e7a4-11dc-a66a-001a64678428}]
shell\AutoRun\command - F:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##pc045#E]
shell\AutoRun\command - U:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##pc045#D]
shell\AutoRun\command - Z:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Pc002#D-cd]
shell\AutoRun\command - W:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##192.168.1.30#aspidvd (d)]
shell\AutoRun\command - Z:\setup.exe

======List of files/folders created in the last 1 months======

2010-06-24 11:21:15 ----D---- C:\rsit
2010-06-24 11:21:15 ----D---- C:\Program Files\trend micro
2010-06-24 08:31:58 ----SHD---- C:\Config.Msi
2010-06-23 09:03:09 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
2010-06-23 09:03:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-06-23 09:03:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-23 09:01:12 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
2010-06-23 09:01:07 ----D---- C:\Program Files\Mozilla Firefox
2010-06-22 08:00:07 ----HDC---- C:\WINDOWS\$NtUninstallKB979907$
2010-06-22 07:59:52 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-22 07:59:42 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-22 07:59:35 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-22 07:58:00 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-22 07:57:51 ----HDC---- C:\WINDOWS\$NtUninstallKB982666$
2010-06-22 07:57:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978695$
2010-06-22 07:57:36 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-05-28 07:53:10 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-05-28 07:51:02 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$

======List of files/folders modified in the last 1 months======

2010-06-24 21:26:50 ----D---- C:\WINDOWS\Temp
2010-06-24 21:23:49 ----A---- C:\WINDOWS\wincmd.ini
2010-06-24 21:23:46 ----D---- C:\WINDOWS\system32\inetsrv
2010-06-24 20:49:44 ----D---- C:\WINDOWS\system32\dhcp
2010-06-24 19:50:57 ----D---- C:\Program Files\Unlocker
2010-06-24 18:00:49 ----D---- C:\WINDOWS\tracing
2010-06-24 14:32:53 ----D---- C:\WINDOWS\security
2010-06-24 11:21:15 ----RD---- C:\Program Files
2010-06-24 10:38:12 ----D---- C:\AspiCli
2010-06-24 10:17:42 ----SHD---- C:\WINDOWS\Installer
2010-06-24 08:36:30 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-24 08:36:28 ----RSD---- C:\WINDOWS\assembly
2010-06-24 08:34:43 ----D---- C:\WINDOWS\system32
2010-06-24 08:34:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-24 08:33:13 ----D---- C:\WINDOWS\WinSxS
2010-06-24 06:14:51 ----D---- C:\WINDOWS\system32\NtmsData
2010-06-23 22:05:29 ----D---- C:\WINDOWS\NTDS
2010-06-23 17:04:56 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-23 13:26:51 ----D---- C:\WINDOWS\inf
2010-06-23 09:09:47 ----SHD---- C:\RECYCLER
2010-06-23 09:03:02 ----D---- C:\WINDOWS\system32\drivers
2010-06-23 09:01:13 ----D---- C:\WINDOWS
2010-06-22 17:11:03 ----A---- C:\WINDOWS\hpbafd.ini
2010-06-22 11:06:18 ----A---- C:\WINDOWS\system32\HPPDEVX.DLL.log
2010-06-22 08:50:07 ----D---- C:\WINDOWS\system32\ias
2010-06-22 08:49:15 ----D---- C:\WINDOWS\system32\wins
2010-06-22 08:49:12 ----D---- C:\WINDOWS\Debug
2010-06-22 08:49:11 ----D---- C:\WINDOWS\system32\CertLog
2010-06-22 08:48:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-22 08:00:05 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-22 07:59:56 ----A---- C:\WINDOWS\imsins.BAK
2010-06-22 07:57:21 ----D---- C:\WINDOWS\system32\cs-CZ
2010-06-22 07:57:21 ----D---- C:\Program Files\Internet Explorer
2010-06-22 07:57:16 ----D---- C:\WINDOWS\ie7updates
2010-05-28 21:37:34 ----A---- C:\WINDOWS\system32\MRT.exe
2010-05-28 07:53:12 ----D---- C:\Program Files\Outlook Express

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2007-03-21 17408]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-12-19 15160]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-12-19 511832]
R2 EXIFS;EXIFS; \??\C:\WINDOWS\system32\drivers\exifs.sys []
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2007-03-21 11776]
R3 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2007-03-21 40448]
R3 l2nd;Broadcom NetXtreme II BXND; C:\WINDOWS\system32\DRIVERS\bxnd52x.sys [2006-12-22 50688]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-03-21 13312]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2007-03-21 32128]
R3 usbehci;Ovladač Miniport vylepšeného hostitelského řadiče Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2007-02-17 27520]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-02-17 60416]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2007-03-21 28160]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2007-02-17 20864]
R3 vga;vga; C:\WINDOWS\system32\DRIVERS\vgapnp.sys [2007-02-17 24064]
S3 WLBS;Vyrovnávání zatížení sítě; C:\WINDOWS\system32\DRIVERS\wlbs.sys [2007-03-21 177152]
S4 adpu320;adpu320; C:\WINDOWS\system32\drivers\adpu320.sys []
S4 afcnt;afcnt; C:\WINDOWS\system32\drivers\afcnt.sys []
S4 AmdIde;AmdIde; C:\WINDOWS\system32\drivers\AmdIde.sys []
S4 arc;arc; C:\WINDOWS\system32\drivers\arc.sys []
S4 ClusDisk;Cluster Disk Driver; C:\WINDOWS\system32\DRIVERS\ClusDisk.sys [2007-03-21 69120]
S4 cpqarry2;cpqarry2; C:\WINDOWS\system32\drivers\cpqarry2.sys []
S4 cpqcissm;cpqcissm; C:\WINDOWS\system32\drivers\cpqcissm.sys []
S4 cpqfcalm;cpqfcalm; C:\WINDOWS\system32\drivers\cpqfcalm.sys []
S4 dellcerc;dellcerc; C:\WINDOWS\system32\drivers\dellcerc.sys []
S4 elxstor;elxstor; C:\WINDOWS\system32\drivers\elxstor.sys []
S4 hpcisss;hpcisss; C:\WINDOWS\system32\drivers\hpcisss.sys []
S4 iirsp;iirsp; C:\WINDOWS\system32\drivers\iirsp.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 ipsraidn;ipsraidn; C:\WINDOWS\system32\drivers\ipsraidn.sys []
S4 lp6nds35;lp6nds35; C:\WINDOWS\system32\drivers\lp6nds35.sys []
S4 nfrd960;nfrd960; C:\WINDOWS\system32\drivers\nfrd960.sys []
S4 ql2100;ql2100; C:\WINDOWS\system32\drivers\ql2100.sys []
S4 ql2200;ql2200; C:\WINDOWS\system32\drivers\ql2200.sys []
S4 ql2300;ql2300; C:\WINDOWS\system32\drivers\ql2300.sys []
S4 symmpi;symmpi; C:\WINDOWS\system32\drivers\symmpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AeLookupSvc;Služba vyhledávání zkušeností aplikací; C:\WINDOWS\system32\svchost.exe [2007-03-21 14848]
R2 Aspi Server;Aspi Server; e:\aspi\aspiusrv.exe [2010-03-05 81920]
R2 AtlasRegServer;Atlas Registration Server; C:\Program Files\ATLAS consulting\RegServer\RegSrv.exe [2007-06-04 447488]
R2 BBAttachServer;BlackBerry Attachment Service; C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBAttachServer.exe [2007-05-31 749703]
R2 BlackBerry Controller;BlackBerry Controller; C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryController.exe [2007-05-31 872576]
R2 BlackBerry Dispatcher;BlackBerry Dispatcher; C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryDispatcher.exe [2007-05-31 2609275]
R2 BlackBerry MDS Connection Service;BlackBerry MDS Connection Service; C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\bin\bmds.exe [2007-05-31 73728]
R2 BlackBerry Policy Service;BlackBerry Policy Service; C:\Program Files\Research In Motion\BlackBerry Enterprise Server\ITAdminServer.exe [2007-05-31 5644408]
R2 BlackBerry Router;BlackBerry Router; C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BypassRouter\BlackberryRouter.exe [2007-05-31 1056883]
R2 BlackBerry Server Alert;BlackBerry Alert; C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BESAlert.exe [2007-05-31 557176]
R2 BlackBerry SyncServer;BlackBerry Synchronization Service; C:\Program Files\Research In Motion\BlackBerry Enterprise Server\SyncServer\BlackBerrySyncServer.exe [2007-05-31 2105471]
R2 CertSvc;Certifikační služba; C:\WINDOWS\system32\certsrv.exe [2007-03-21 317440]
R2 CobBackup6;Cobian Backup 6 service; C:\Program Files\Cobian Backup 6\cbs.exe [2005-01-14 462848]
R2 Dfs;Systém souborů DFS; C:\WINDOWS\system32\Dfssvc.exe [2007-03-21 164864]
R2 DHCPServer;Server DHCP; C:\WINDOWS\system32\tcpsvcs.exe [2007-03-21 21504]
R2 DNS;Server DNS; C:\WINDOWS\System32\dns.exe [2009-02-17 449024]
R2 ERA_SERVER;ESET Remote Administrator Server; C:\Program Files\ESET\ESET Remote Administrator\Server\era.exe [2008-12-16 1821192]
R2 HPWJAService;HPWJA Service; C:\Program Files\Hewlett-Packard\Web Jetadmin 10\bin\HPWJAService.exe [2007-12-06 28672]
R2 HPWJAUpdateService;HP WJA Update Service; C:\Program Files\Common Files\Hewlett-Packard\WJA Update Service\HPWJAUpdateService.exe [2008-03-12 20480]
R2 IAS;Služba ověřování v Internetu; C:\WINDOWS\System32\svchost.exe [2007-03-21 14848]
R2 IISADMIN;Správa služby IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2007-03-21 14336]
R2 IsmServ;Mezisíťové zasílání zpráv; C:\WINDOWS\System32\ismserv.exe [2007-03-21 40448]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 kdc;Centrum distribuce klíčů modulu Kerberos; C:\WINDOWS\System32\lsass.exe [2007-03-21 16384]
R2 LicenseService;Protokolování licence; C:\WINDOWS\System32\llssrv.exe [2007-03-21 94720]
R2 McAfee TQM;McAfee Quarantine Manager; C:\Program Files\McAfee\Quarantine Manager\bin\SAFeService.exe [2008-02-13 40960]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2007-03-27 104000]
R2 MSExchangeIS;Microsoft Exchange Information Store; E:\Exchsrvr\bin\store.exe [2008-11-26 5266432]
R2 MSExchangeMGMT;Microsoft Exchange Management; E:\Exchsrvr\bin\exmgmt.exe [2005-08-25 3217408]
R2 MSExchangeMTA;Microsoft Exchange MTA Stacks; E:\Exchsrvr\bin\emsmta.exe [2008-11-26 3598848]
R2 MSExchangeSA;Microsoft Exchange System Attendant; E:\Exchsrvr\bin\mad.exe [2005-08-25 8920064]
R2 MSSEARCH;Microsoft Search; C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe [2005-08-17 69632]
R2 MSSQL$AVAST;MSSQL$AVAST; C:\Program Files\Microsoft SQL Server\MSSQL$AVAST\Binn\sqlservr.exe [2008-12-18 9158656]
R2 MSSQL$BLACKBERRY;SQL Server (BLACKBERRY); C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 MSSQL$HPWJA;SQL Server (HPWJA); C:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 MSSQLSERVER;MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2008-12-18 9158656]
R2 MySQL;MySQL; C:\Program Files\McAfee\MySQL for Quarantine Manager\bin\mysqld-nt.exe [2007-03-05 4554752]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2007-03-21 14848]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-12-19 554312]
R2 NtFrs;Služba replikace souborů; C:\WINDOWS\system32\ntfrs.exe [2007-03-21 792576]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2007-03-21 14848]
R2 POP3Svc;Microsoft Exchange POP3; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2007-03-21 14336]
R2 RESvc;Microsoft Exchange Routing Engine; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2007-03-21 14336]
R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2007-03-21 14336]
R2 SNMP;SNMP; C:\WINDOWS\System32\snmp.exe [2007-03-21 40448]
R2 SQLAgent$AVAST;SQLAgent$AVAST; C:\Program Files\Microsoft SQL Server\MSSQL$AVAST\Binn\sqlagent.EXE [2005-05-03 323584]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 SrmSvc;Správce prostředků souborového serveru; C:\WINDOWS\system32\svchost.exe [2007-03-21 14848]
R2 W3SVC;Služba Publikování na webu; C:\WINDOWS\System32\svchost.exe [2007-03-21 14848]
R2 WINS;WINS; C:\WINDOWS\System32\wins.exe [2009-05-28 157696]
S2 SQLSERVERAGENT;SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [2005-05-03 323584]
S2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 ERA_HTTP_SERVER;ESET RA HTTP Server; C:\Program Files\ESET\ESET Remote Administrator\Server\EHttpSrv.exe [2008-12-16 76296]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GNCM;Gemini Network Communication Manager; C:\Program Files\BSC Praha\NCM\GNCM.exe [2007-02-15 196608]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\HPBOID.EXE [2004-04-16 73728]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSExchangeES;Microsoft Exchange Event; E:\Exchsrvr\bin\events.exe [2003-06-24 94720]
S3 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S3 RSoPProv;Poskytovatel výsledné sady zásad; C:\WINDOWS\system32\RSoPProv.exe [2007-03-21 67072]
S3 sacsvr;Pomocník pro práci se speciální konzolou pro správu; C:\WINDOWS\System32\svchost.exe [2007-03-21 14848]
S3 SNMPTRAP;Zachytávání pro službu SNMP; C:\WINDOWS\System32\snmptrap.exe [2007-03-21 8704]
S3 SrmReports;Správce sestav úložišť souborového serveru; C:\WINDOWS\system32\srmhost.exe [2007-03-21 10752]
S3 UMWdf;Sada ovladačů pro uživatelský režim systému Windows; C:\WINDOWS\system32\wdfmgr.exe [2007-03-21 39424]
S3 vds;Virtual Disk Service; C:\WINDOWS\System32\vds.exe [2007-03-21 353280]
S3 WinHttpAutoProxySvc;Služba WinHTTP WPAD; C:\WINDOWS\system32\svchost.exe [2007-03-21 14848]
S4 BlackBerry Database Consistency Service;BlackBerry Database Consistency Service; C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\bin\DBConsistency.exe [2007-05-31 2629764]
S4 IMAP4Svc;Microsoft Exchange IMAP4; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2007-03-21 14336]
S4 MSExchangeSRS;Microsoft Exchange Site Replication Service; E:\Exchsrvr\bin\srsmain.exe [2005-08-25 339456]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NntpSvc;NNTP (Network News Transfer Protocol); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2007-03-21 14336]
S4 TrkSvr;Server sledování distribuovaného propojení; C:\WINDOWS\system32\svchost.exe [2007-03-21 14848]
S4 Tssdis;Terminal Services Session Directory; C:\WINDOWS\System32\tssdis.exe [2007-03-21 71168]

-----------------EOF-----------------

VIRY.CZ

vir conficeker.AA na windows server 2003

vir conficeker.AA na windows server 2003

Re: vir conficeker.AA na windows server 2003

Re: vir conficeker.AA na windows server 2003

Re: vir conficeker.AA na windows server 2003

Re: vir conficeker.AA na windows server 2003

Re: vir conficeker.AA na windows server 2003

Re: vir conficeker.AA na windows server 2003

Re: vir conficeker.AA na windows server 2003

Re: vir conficeker.AA na windows server 2003

Re: vir conficeker.AA na windows server 2003

Re: vir conficeker.AA na windows server 2003

Re: vir conficeker.AA na windows server 2003

Re: vir conficeker.AA na windows server 2003

Re: vir conficeker.AA na windows server 2003

Re: vir conficeker.AA na windows server 2003