Dobry den,
prosim o kontrolu logu. Na systemu win xp sp3. Nefunguji nektere internetove stranky. Napr. http://www.microsoft.com , http://www.eset.cz , http://www.malwarebyte.org. Dale je nefuncni sluzba windows update - hlasi ze stranku nelze nalezt. Predem diky za pomoc
Logfile of random's system information tool 1.06 (written by random/random)
Run by rtu at 2010-07-22 18:12:38
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (9%) free of 53 GB
Total RAM: 1534 MB (58% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:12:48, on 22.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Active Keys\akeys.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\All Users\Data aplikací\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\IBM\Bluetooth Software\BTTray.exe
C:\Documents and Settings\rtu\Local Settings\Data aplikací\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\rtu\Plocha\RSIT\RSIT.exe
C:\Program Files\trend micro\rtu.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://posta.konecna-safar.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Data aplikací\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = C:\Program Files\IBM\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Assign &hot key - C:\Program Files\Hot Keyboard Pro\IEScript.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_13\bin\npjpi142_13.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_13\bin\npjpi142_13.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O15 - Trusted Zone: http://www.euras.com
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} (EURAS_Portal.Gateway) - http://www.euras.com/euras/EIS/plugin/euras.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = akks.konecna-safar.local
O17 - HKLM\Software\..\Telephony: DomainName = akks.konecna-safar.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3527DF3-BC11-4F20-9E38-958F4FE354AA}: NameServer = 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = akks.konecna-safar.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = akks.konecna-safar.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = akks.konecna-safar.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Gemini Network Communication Manager (GNCM) - BSC Praha, spol. s r.o. - C:\Program Files\BSC Praha\NCM\GNCM.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Služba Windows Media Player Network Sharing (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
--
End of file - 11822 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3285082126-3824228645-3330861787-1199Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3285082126-3824228645-3330861787-1199UA.job
C:\WINDOWS\tasks\PMTask.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-06-29 94308]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-16 163840]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160]
"TPHOTKEY"=C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe [2005-03-03 94208]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor []
""= []
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-10-07 1461080]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2010-07-04 17408]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"ISUSPM"=C:\Documents and Settings\All Users\Data aplikací\Macrovision\FLEXnet Connect\6\ISUSPM.exe [2007-07-12 226904]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-03-14 486856]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
BTTray.lnk - C:\Program Files\IBM\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-06-21 118784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\system32\tphklock.dll [2004-08-12 24576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\My Mobile\MyMobiler\MyMobiler.exe"="C:\Program Files\My Mobile\MyMobiler\MyMobiler.exe:*:Enabled:My Mobile - My Mobiler"
"C:\my files\Files\files_PERSONAL\Warhammer Online - Age of Reckoning\warpatch.exe"="C:\my files\Files\files_PERSONAL\Warhammer Online - Age of Reckoning\warpatch.exe:*:Enabled:Warhammer Online - Age of Reckoning"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\ATECO\AccountiX\WTELS.EXE"="C:\Program Files\ATECO\AccountiX\WTELS.EXE:*:Enabled:Vyhodnocení telefonních hovorů"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\FileZilla FTP Client\filezilla.exe"="C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Alwil Software\Avast4\AvAgent.exe"="C:\Program Files\Alwil Software\Avast4\AvAgent.exe:*:Enabled:avast! NetAgent service"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Průzkumník Windows"
"C:\Program Files\Windows Mobile Developer Power Toys\ActiveSync_Remote_Display\ASRDisp.exe"="C:\Program Files\Windows Mobile Developer Power Toys\ActiveSync_Remote_Display\ASRDisp.exe:*:Enabled:ASRDisp"
"C:\my files\Files\files_PERSONAL\pda_files\install\software\My Mobile_ovladani_ppc_pres_pc_very good\MyMobiler\MyMobiler.exe"="C:\my files\Files\files_PERSONAL\pda_files\install\software\My Mobile_ovladani_ppc_pres_pc_very good\MyMobiler\MyMobiler.exe:*:Enabled:My Mobile - My Mobiler"
"C:\web-server\Web-Server.exe"="C:\web-server\Web-Server.exe:*:Enabled:Web-Server"
"C:\Program Files\radl\Radl.exe"="C:\Program Files\radl\Radl.exe:*:Enabled:Application MFC RadVC6"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Konzola Microsoft Management Console"
"C:\Documents and Settings\rtu\Plocha\My Mobile\MyMobiler\MyMobiler.exe"="C:\Documents and Settings\rtu\Plocha\My Mobile\MyMobiler\MyMobiler.exe:*:Enabled:My Mobile - My Mobiler"
"C:\Documents and Settings\rtu\Plocha\rapget141\rapget.exe"="C:\Documents and Settings\rtu\Plocha\rapget141\rapget.exe:*:Enabled:rapget"
"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe"="C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad"
"C:\Program Files\My Mobile\MyMobiler\MyMobiler.exe"="C:\Program Files\My Mobile\MyMobiler\MyMobiler.exe:*:Enabled:My Mobile - My Mobiler"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Disabled:FlashGet"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dd2499d-caa6-11dd-a368-000e2e245f4a}]
shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dd2499e-caa6-11dd-a368-000e2e245f4a}]
shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{132fbae8-3231-11dd-9a03-000e9bda68f1}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
shell\Explore\command - system.exe
shell\Open\command - system.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{216ae1da-afca-11dd-a34c-000e2e245f4a}]
shell\AutoRun\command - G:\InstallSeagateManager.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{364053cf-89ba-11df-a3a7-000e9bda68f1}]
shell\AutoRun\command - G:\setup_vmc_lite.exe /checkApplicationPresence
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{364053d0-89ba-11df-a3a7-000e9bda68f1}]
shell\AutoRun\command - G:\setup_vmc_lite.exe /checkApplicationPresence
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{364053d4-89ba-11df-a3a7-000e9bda68f1}]
shell\Auto\command - G:\AR2009.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AR2009.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{364053d5-89ba-11df-a3a7-000e9bda68f1}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a762988-6517-11dd-9a71-000ae4c1aad8}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b27dec1-b230-11dd-a353-000e2e245f4a}]
shell\AutoRun\command - G:\Launch.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d402ecd-77f6-11dd-a2d9-000ae4c1aad8}]
shell\AutoRun\command - G:\Xkey_launcher.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9213f150-acb7-11dd-a346-0013ce4104e4}]
shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2ca1fcf-8e58-11df-a3a8-000e9bda68f1}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a38dcde4-82a3-11df-a3a3-000e9bda68f1}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
======List of files/folders created in the last 1 months======
2010-07-22 18:12:39 ----D---- C:\Program Files\trend micro
2010-07-22 18:12:38 ----D---- C:\rsit
2010-07-21 16:48:48 ----D---- C:\rtu_tel_seznam_21_7_10
2010-07-20 14:33:51 ----SHD---- C:\Config.Msi
2010-07-20 09:25:54 ----D---- C:\DOKUMENTY
2010-07-19 18:39:02 ----D---- C:\Program Files\Unlocker
2010-07-19 14:09:31 ----D---- C:\archiv_nevim
2010-07-19 11:04:16 ----SHD---- C:\WINDOWS\Installer
2010-07-19 10:55:20 ----D---- C:\personal
2010-07-19 10:32:23 ----D---- C:\arhvi_mto
2010-07-19 10:20:43 ----D---- C:\archiv_mto
2010-07-14 16:28:15 ----D---- C:\archivace
2010-07-14 16:21:43 ----D---- C:\hse_mimoradny_archiv
2010-07-14 15:20:10 ----A---- C:\WINDOWS\system32\ifsdrives.dll
2010-07-12 16:16:48 ----D---- C:\Documents and Settings\rtu\Data aplikací\Malwarebytes
2010-07-12 16:16:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-12 16:16:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-07-12 16:02:51 ----D---- C:\Documents and Settings\rtu\Data aplikací\TeamViewer
2010-07-12 16:02:36 ----D---- C:\Program Files\TeamViewer
2010-07-09 16:15:15 ----A---- C:\WINDOWS\hpbafd.ini
2010-07-09 11:32:55 ----D---- C:\Documents and Settings\rtu\Data aplikací\Vodafone
2010-07-09 11:32:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Vodafone
2010-07-09 11:32:27 ----D---- C:\Program Files\Vodafone
2010-07-09 10:48:16 ----D---- C:\ost_test
2010-07-09 10:46:43 ----D---- C:\Program Files\Ontrack
2010-07-08 11:19:15 ----D---- C:\Documents and Settings\rtu\Data aplikací\WD
2010-07-08 11:13:37 ----D---- C:\Program Files\WD
2010-07-08 11:13:37 ----D---- C:\Program Files\Common Files\eSellerate
2010-07-08 11:11:40 ----D---- C:\Program Files\Western Digital Corporation
2010-07-08 11:11:27 ----D---- C:\Program Files\Western Digital
2010-07-08 11:11:11 ----A---- C:\WINDOWS\jestertb.dll
2010-07-07 14:54:54 ----D---- C:\canon_Fax
2010-06-30 18:02:08 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-06-30 18:00:17 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-06-29 18:27:33 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-29 18:27:02 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-06-29 18:26:53 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-06-29 18:26:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-06-29 18:26:01 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-06-29 18:25:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-06-29 18:23:41 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-29 18:23:32 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-06-29 18:23:16 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-06-29 18:23:07 ----HDC---- C:\WINDOWS\$NtUninstallKB970483$
2010-06-29 18:21:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-06-29 18:21:36 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-06-29 18:21:30 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-06-29 18:20:23 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-06-29 18:19:55 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-06-29 18:19:47 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-06-29 18:19:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-06-29 18:19:25 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-06-29 18:19:20 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-06-29 18:19:12 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-06-29 18:18:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-06-29 18:18:25 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-06-29 18:18:17 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2010-06-29 18:18:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-06-29 18:17:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-06-29 18:17:34 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-06-29 18:16:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-06-29 18:16:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-06-29 18:16:15 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-06-29 18:16:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-06-29 18:15:57 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-06-29 18:15:46 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-06-29 18:15:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-06-29 18:15:24 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-06-29 18:15:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-06-29 18:14:55 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-06-29 18:14:49 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-06-29 18:14:41 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-29 18:10:31 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-29 18:10:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-06-29 18:09:51 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-06-29 18:08:44 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-06-29 18:08:08 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-06-29 18:07:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2010-06-29 18:06:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2010-06-29 18:05:06 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-06-29 18:04:51 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-06-29 18:04:43 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-06-29 18:04:36 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-06-29 18:04:29 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-29 18:04:20 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-06-29 18:04:12 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-06-29 18:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-06-29 18:03:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-29 18:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-06-29 18:03:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-06-29 18:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-06-29 18:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-06-29 18:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-06-29 18:01:21 ----A---- C:\WINDOWS\imsins.BAK
2010-06-29 18:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-06-29 17:00:50 ----A---- C:\WINDOWS\system32\browserchoice.exe
2010-06-29 10:07:28 ----D---- C:\Program Files\Paragon Software
2010-06-29 09:45:43 ----D---- C:\Program Files\Smart PC Solutions
======List of files/folders modified in the last 1 months======
2010-07-22 18:12:39 ----RD---- C:\Program Files
2010-07-22 18:05:09 ----D---- C:\WINDOWS\system32
2010-07-22 18:04:47 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-22 18:02:33 ----D---- C:\WINDOWS\system32\inetsrv
2010-07-22 18:00:34 ----D---- C:\WINDOWS\Temp
2010-07-22 17:59:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-22 16:52:34 ----AC---- C:\WINDOWS\wincmd.ini
2010-07-22 15:52:26 ----D---- C:\Program Files\Mozilla Firefox
2010-07-22 15:48:12 ----D---- C:\Program Files\FlashGet
2010-07-22 15:46:49 ----D---- C:\WINDOWS\system32\drivers
2010-07-22 15:29:16 ----D---- C:\WINDOWS
2010-07-22 14:55:30 ----D---- C:\WINDOWS\Registration
2010-07-22 12:35:56 ----D---- C:\WINDOWS\Prefetch
2010-07-22 05:33:51 ----D---- C:\WINDOWS\security
2010-07-21 16:38:08 ----D---- C:\my files
2010-07-21 12:33:08 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-14 15:23:04 ----HD---- C:\WINDOWS\inf
2010-07-13 11:45:29 ----AC---- C:\WINDOWS\win.ini
2010-07-12 18:37:58 ----A---- C:\WINDOWS\system32\HPPDEVX.DLL.log
2010-07-12 01:33:47 ----SD---- C:\WINDOWS\Tasks
2010-07-09 16:17:43 ----AC---- C:\WINDOWS\NeroDigital.ini
2010-07-09 11:32:51 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-07-09 11:32:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\FLEXnet
2010-07-09 10:47:12 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-08 18:02:42 ----D---- C:\WINDOWS\Microsoft.NET
2010-07-08 16:13:56 ----D---- C:\KoSa
2010-07-08 16:13:19 ----D---- C:\web_upravy
2010-07-08 11:13:37 ----D---- C:\Program Files\Common Files
2010-07-07 13:43:14 ----D---- C:\Documents and Settings\rtu\Data aplikací\OpenOffice.org2
2010-07-02 12:18:43 ----D---- C:\Documents and Settings\rtu\Data aplikací\FileZilla
2010-06-30 18:02:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-30 13:36:00 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-30 08:56:35 ----D---- C:\WINDOWS\system32\wbem
2010-06-29 18:44:54 ----D---- C:\WINDOWS\AppPatch
2010-06-29 18:44:54 ----D---- C:\Program Files\Microsoft Silverlight
2010-06-29 18:25:18 ----D---- C:\WINDOWS\WinSxS
2010-06-29 18:21:27 ----D---- C:\Program Files\Microsoft ActiveSync
2010-06-29 18:16:59 ----D---- C:\Program Files\Movie Maker
2010-06-29 18:08:53 ----D---- C:\Program Files\Windows Media Player
2010-06-29 18:04:54 ----D---- C:\Program Files\Outlook Express
2010-06-29 18:03:18 ----D---- C:\WINDOWS\system32\cs-cz
2010-06-29 18:03:18 ----D---- C:\Program Files\Internet Explorer
2010-06-29 16:44:22 ----D---- C:\WINDOWS\Help
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2009-10-07 54184]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-10-07 35168]
R1 Ext2fs;Ext2fs; C:\WINDOWS\system32\DRIVERS\ext2fs.sys [2008-09-25 181120]
R1 IfsMount;IfsMount; C:\WINDOWS\system32\DRIVERS\ifsmount.sys [2008-08-28 51072]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2005-01-21 14848]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2005-01-21 9340]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2004-09-06 16370]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2005-01-21 4442]
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-04-10 17801]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-10-07 40824]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-07 11354]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-05-17 133200]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-06-21 2156032]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-05-02 161792]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2004-10-01 17024]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2004-10-01 30299]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2004-10-01 147896]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2007-06-01 21424]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-14 28672]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-02 5888]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-01 259648]
R3 TPM;Winbond Trusted Platform Module; C:\WINDOWS\system32\DRIVERS\tpm.sys [2005-10-09 17792]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
R3 w29n51;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2006-01-17 3325312]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 a9cxc2cf;a9cxc2cf; C:\WINDOWS\system32\drivers\a9cxc2cf.sys []
S3 ags63jya;ags63jya; C:\WINDOWS\system32\drivers\ags63jya.sys []
S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2004-10-01 54488]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 E1000;Intel(R) PRO/1000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\e1000nt5.sys [2001-10-24 51231]
S3 ewusbnet;HUAWEI USB-NDIS miniport; C:\WINDOWS\system32\DRIVERS\ewusbnet.sys [2009-06-29 112640]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-04-09 102400]
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys []
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys []
S3 lvselsus;Logitech Selective Suspend Filter; C:\WINDOWS\system32\DRIVERS\lvselsus.sys []
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys []
S3 LVUVC;QuickCam Orbit/Sphere AF(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nhcDriverDevice;Notebook Hardware Control Driver; \??\C:\WINDOWS\system32\drivers\nhcDriver.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 npkcrypt;npkcrypt; \??\c:\my files\Files\files_PERSONAL\media\movie\LineageII - Interlude_dragon\system\npkcrypt.sys []
S3 npkcusb;npkcusb; \??\c:\my files\Files\files_PERSONAL\media\movie\LineageII - Interlude_dragon\system\npkcusb.sys []
S3 npkycryp;npkycryp; \??\c:\my files\Files\files_PERSONAL\media\movie\LineageII - Interlude_dragon\system\npkycryp.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RimUsb;Zařízení BlackBerry; C:\WINDOWS\System32\Drivers\RimUsb.sys [2006-11-07 22272]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2008-05-12 11520]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-06-21 483328]
R2 btwdins;Bluetooth Service; C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe [2004-10-01 163840]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-10-07 472280]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-02-06 86016]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2007-06-01 36400]
R2 IISADMIN;Správa služby IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MemeoBackgroundService;MemeoBackgroundService; C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [2008-11-07 25824]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-02-06 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-02-06 372809]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 VMCService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-07-03 9216]
R2 W3SVC;Publikování na webu; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-10-24 102400]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2005-03-11 455632]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-04-22 359160]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-04-23 310008]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-04-23 166648]
S2 Tdjysmi;Tdjysmi; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-10-07 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 GNCM;Gemini Network Communication Manager; C:\Program Files\BSC Praha\NCM\GNCM.exe [2007-02-15 196608]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE [2004-04-16 77824]
S3 HP Status Server;HP Status Server; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE [2004-04-16 73728]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-04-22 88824]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-04-23 1010424]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosim o kontrolu logu - problem s microsoft servery.
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
messiash13
- Návštěvník
- Příspěvky: 20
- Registrován: 12 bře 2007 11:21
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosim o kontrolu logu - problem s microsoft servery.
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
messiash13
- Návštěvník
- Příspěvky: 20
- Registrován: 12 bře 2007 11:21
Re: prosim o kontrolu logu - problem s microsoft servery.
tady ho mate
ComboFix 10-07-22.01 - rtu 22.07.2010 19:08:02.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1534.1074 [GMT 2:00]
Spuštěný z: c:\documents and settings\rtu\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Thumbs.db
c:\windows\jestertb.dll
c:\windows\regedit.com
c:\windows\system\msvbvm60.dll
c:\windows\system\olepro32.dll
c:\windows\system32\Cache
c:\windows\system32\Ijl11.dll
c:\windows\system32\taskmgr.com
c:\windows\system32\vbpng1.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MPR_FREADER
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-22 do 2010-07-22 )))))))))))))))))))))))))))))))
.
2010-07-22 16:12 . 2010-07-22 16:12 -------- d-----w- c:\program files\trend micro
2010-07-22 16:12 . 2010-07-22 16:12 -------- d-----w- C:\rsit
2010-07-22 16:05 . 2010-07-22 16:05 124928 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-07-21 14:48 . 2010-07-21 14:49 -------- d-----w- C:\rtu_tel_seznam_21_7_10
2010-07-20 07:25 . 2010-07-20 07:25 -------- d-----w- C:\DOKUMENTY
2010-07-19 16:39 . 2010-07-19 16:40 -------- d-----w- c:\program files\Unlocker
2010-07-19 12:09 . 2010-07-19 12:09 -------- d-----w- C:\archiv_nevim
2010-07-19 09:04 . 2010-07-22 14:38 -------- d-sh--w- c:\windows\Installer
2010-07-19 08:55 . 2010-07-19 08:59 -------- d-----w- C:\personal
2010-07-19 08:32 . 2010-07-19 11:58 -------- d-----w- C:\arhvi_mto
2010-07-19 08:20 . 2010-07-19 08:32 -------- d-----w- C:\archiv_mto
2010-07-14 14:28 . 2010-07-19 10:38 -------- d-----w- C:\archivace
2010-07-14 14:21 . 2010-07-14 14:22 -------- d-----w- C:\hse_mimoradny_archiv
2010-07-14 13:20 . 2008-09-25 15:35 181120 ----a-w- c:\windows\system32\drivers\ext2fs.sys
2010-07-14 13:20 . 2008-08-28 20:45 51072 ----a-w- c:\windows\system32\drivers\ifsmount.sys
2010-07-14 13:20 . 2008-07-26 21:56 210432 ----a-w- c:\windows\system32\ifsdrives.dll
2010-07-12 14:16 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-12 14:16 . 2010-07-22 13:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-12 14:16 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-12 14:02 . 2010-07-12 14:02 -------- d-----w- c:\program files\TeamViewer
2010-07-09 09:33 . 2009-06-29 16:00 112640 ----a-r- c:\windows\system32\drivers\ewusbnet.sys
2010-07-09 09:33 . 2009-04-09 11:38 102400 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys
2010-07-09 09:32 . 2010-07-09 09:32 -------- d-----w- c:\program files\Vodafone
2010-07-09 08:48 . 2010-07-09 08:50 -------- d-----w- C:\ost_test
2010-07-09 08:46 . 2010-07-09 08:46 -------- d-----w- c:\program files\Ontrack
2010-07-08 09:13 . 2010-07-08 09:13 -------- d-----w- c:\program files\WD
2010-07-08 09:13 . 2010-07-08 09:13 -------- d-----w- c:\program files\Common Files\eSellerate
2010-07-08 09:11 . 2010-07-08 09:11 -------- d-----w- c:\program files\Western Digital Corporation
2010-07-08 09:11 . 2008-05-12 21:06 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2010-07-08 09:11 . 2010-07-08 09:40 -------- d-----w- c:\program files\Western Digital
2010-07-07 12:54 . 2010-07-07 12:54 -------- d-----w- C:\canon_Fax
2010-06-29 16:18 . 2010-06-29 16:18 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-29 15:08 . 2009-11-21 16:03 471552 -c--a-w- c:\windows\system32\dllcache\aclayers.dll
2010-06-29 15:04 . 2009-02-09 11:25 111104 -c--a-w- c:\windows\system32\dllcache\services.exe
2010-06-29 15:04 . 2009-02-09 10:56 401408 -c--a-w- c:\windows\system32\dllcache\rpcss.dll
2010-06-29 15:04 . 2009-02-09 10:56 684032 -c--a-w- c:\windows\system32\dllcache\advapi32.dll
2010-06-29 15:04 . 2009-02-09 10:56 473600 -c--a-w- c:\windows\system32\dllcache\fastprox.dll
2010-06-29 15:04 . 2009-02-09 10:56 709632 -c--a-w- c:\windows\system32\dllcache\ntdll.dll
2010-06-29 15:04 . 2009-02-09 10:56 453120 -c--a-w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-06-29 15:00 . 2010-02-12 10:03 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-06-29 15:00 . 2009-07-31 04:35 1172480 -c--a-w- c:\windows\system32\dllcache\msxml3.dll
2010-06-29 08:07 . 2008-11-05 03:59 40496 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2010-06-29 08:07 . 2010-06-29 09:57 -------- d-----w- c:\program files\Paragon Software
2010-06-29 07:45 . 2010-06-29 07:45 -------- d-----w- c:\program files\Smart PC Solutions
2010-06-28 10:43 . 2010-06-28 10:43 -------- d-----w- c:\documents and settings\administrator\Bluetooth Software
1601-01-01 00:00 . 1601-01-01 00:00 -------- d-----w- c:\program files\temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 16:59 . 2009-02-15 01:12 -------- d-----w- c:\program files\FlashGet
2010-07-22 16:05 . 2009-03-19 14:29 256 ----a-w- c:\windows\system32\pool.bin
2010-07-21 10:33 . 2006-03-02 12:00 94716 ----a-w- c:\windows\system32\perfc005.dat
2010-07-21 10:33 . 2006-03-02 12:00 478968 ----a-w- c:\windows\system32\perfh005.dat
2010-07-15 19:59 . 2008-10-29 07:44 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-09 08:47 . 2008-04-11 07:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-29 16:44 . 2008-04-11 12:00 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-29 16:21 . 2008-04-14 10:41 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-05-04 17:18 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:18 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:18 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 08:09 . 2006-03-02 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2008-04-19 13:44 . 2008-04-19 13:44 336 -c--a-w- c:\program files\temp995.bat
2006-05-06 16:42 . 2008-04-11 13:28 7260160 -c--a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
2009-03-21 14:09 . 2006-03-02 12:00 161513 --sha-r- c:\windows\system32\tyukucni.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users\Data aplikací\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-03-14 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-03-03 94208]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-01-21 135168]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BTTray.lnk - c:\program files\IBM\Bluetooth Software\BTTray.exe [2004-10-1 565309]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-12 19:11 24576 ----a-w- c:\windows\system32\tphklock.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\My Mobile\\MyMobiler\\MyMobiler.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"21:TCP"= 21:TCP:ftp
"25:TCP"= 25:TCP:smtp
"115:TCP"= 115:TCP:pop
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [29.6.2010 10:07 40496]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [24.10.2008 21:53 35168]
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [14.7.2010 15:20 181120]
R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [14.7.2010 15:20 51072]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.10.2009 9:16 472280]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [7.11.2008 21:20 25824]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [3.7.2009 11:40 9216]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [24.10.2008 11:09 102400]
S2 crhdtq;Manager Microsoft;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 14:00 14336]
S2 Tdjysmi;Tdjysmi;c:\windows\System32\svchost.exe -k netsvcs [2.3.2006 14:00 14336]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [9.7.2010 11:33 112640]
S3 GNCM;Gemini Network Communication Manager;c:\program files\BSC Praha\NCM\GNCM.exe [15.2.2007 16:13 196608]
S3 npkycryp;npkycryp;\??\c:\my files\Files\files_PERSONAL\media\movie\LineageII - Interlude_dragon\system\npkycryp.sys --> c:\my files\Files\files_PERSONAL\media\movie\LineageII - Interlude_dragon\system\npkycryp.sys [?]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [14.2.2009 23:53 23600]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [8.7.2010 11:11 11520]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11.4.2008 16:02 717296]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Tdjysmi
crhdtq
.
Obsah adresáře 'Naplánované úlohy'
2010-07-22 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-05-01 00:00]
.
.
------- Doplňkový sken -------
.
uStart Page = https://posta.konecna-safar.com/
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Stáhnout &vše FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: Assign &hot key - c:\program files\Hot Keyboard Pro\IEScript.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: euras.com\www
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\go
Trusted Zone: o2shop.cz\konto
TCP: {F3527DF3-BC11-4F20-9E38-958F4FE354AA} = 8.8.8.8
FF - ProfilePath - c:\documents and settings\rtu\Data aplikací\Mozilla\Firefox\Profiles\ju4ivgpl.default\
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Java\j2re1.4.2_13\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_13\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_13\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_13\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_13\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_13\bin\NPJPI142_13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_13\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
AddRemove-ProInst - c:\windows\Installer\iProInst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-22 19:19
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\crhdtq]
"ServiceDll"="c:\windows\system32\tyukucni.dll"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{68BBC960-69F7-52E6-B778-F8A1B8EE619A}\InProcServer32*]
"oainfbjnemfiihjmlheomhhobepnal"=hex:6a,61,67,63,67,65,63,70,6f,70,6e,63,6b,67,
68,6c,66,61,66,6f,00,fa
"nainlphnffhceipncljkfpnpmdpn"=hex:6a,61,67,63,69,65,69,70,6b,61,6b,70,6f,68,
61,6e,70,6d,69,66,00,fa
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1464)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\tphklock.dll
c:\windows\system32\ACTIVEDS.dll
- - - - - - - > 'explorer.exe'(3024)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\IBM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Celkový čas: 2010-07-22 19:24:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-22 17:24
Před spuštěním: 4 751 589 376
Po spuštění: 5 255 487 488
- - End Of File - - 56A965DCF05A0F7006F3671747C278B5
ComboFix 10-07-22.01 - rtu 22.07.2010 19:08:02.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1534.1074 [GMT 2:00]
Spuštěný z: c:\documents and settings\rtu\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Thumbs.db
c:\windows\jestertb.dll
c:\windows\regedit.com
c:\windows\system\msvbvm60.dll
c:\windows\system\olepro32.dll
c:\windows\system32\Cache
c:\windows\system32\Ijl11.dll
c:\windows\system32\taskmgr.com
c:\windows\system32\vbpng1.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MPR_FREADER
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-22 do 2010-07-22 )))))))))))))))))))))))))))))))
.
2010-07-22 16:12 . 2010-07-22 16:12 -------- d-----w- c:\program files\trend micro
2010-07-22 16:12 . 2010-07-22 16:12 -------- d-----w- C:\rsit
2010-07-22 16:05 . 2010-07-22 16:05 124928 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-07-21 14:48 . 2010-07-21 14:49 -------- d-----w- C:\rtu_tel_seznam_21_7_10
2010-07-20 07:25 . 2010-07-20 07:25 -------- d-----w- C:\DOKUMENTY
2010-07-19 16:39 . 2010-07-19 16:40 -------- d-----w- c:\program files\Unlocker
2010-07-19 12:09 . 2010-07-19 12:09 -------- d-----w- C:\archiv_nevim
2010-07-19 09:04 . 2010-07-22 14:38 -------- d-sh--w- c:\windows\Installer
2010-07-19 08:55 . 2010-07-19 08:59 -------- d-----w- C:\personal
2010-07-19 08:32 . 2010-07-19 11:58 -------- d-----w- C:\arhvi_mto
2010-07-19 08:20 . 2010-07-19 08:32 -------- d-----w- C:\archiv_mto
2010-07-14 14:28 . 2010-07-19 10:38 -------- d-----w- C:\archivace
2010-07-14 14:21 . 2010-07-14 14:22 -------- d-----w- C:\hse_mimoradny_archiv
2010-07-14 13:20 . 2008-09-25 15:35 181120 ----a-w- c:\windows\system32\drivers\ext2fs.sys
2010-07-14 13:20 . 2008-08-28 20:45 51072 ----a-w- c:\windows\system32\drivers\ifsmount.sys
2010-07-14 13:20 . 2008-07-26 21:56 210432 ----a-w- c:\windows\system32\ifsdrives.dll
2010-07-12 14:16 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-12 14:16 . 2010-07-22 13:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-12 14:16 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-12 14:02 . 2010-07-12 14:02 -------- d-----w- c:\program files\TeamViewer
2010-07-09 09:33 . 2009-06-29 16:00 112640 ----a-r- c:\windows\system32\drivers\ewusbnet.sys
2010-07-09 09:33 . 2009-04-09 11:38 102400 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys
2010-07-09 09:32 . 2010-07-09 09:32 -------- d-----w- c:\program files\Vodafone
2010-07-09 08:48 . 2010-07-09 08:50 -------- d-----w- C:\ost_test
2010-07-09 08:46 . 2010-07-09 08:46 -------- d-----w- c:\program files\Ontrack
2010-07-08 09:13 . 2010-07-08 09:13 -------- d-----w- c:\program files\WD
2010-07-08 09:13 . 2010-07-08 09:13 -------- d-----w- c:\program files\Common Files\eSellerate
2010-07-08 09:11 . 2010-07-08 09:11 -------- d-----w- c:\program files\Western Digital Corporation
2010-07-08 09:11 . 2008-05-12 21:06 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2010-07-08 09:11 . 2010-07-08 09:40 -------- d-----w- c:\program files\Western Digital
2010-07-07 12:54 . 2010-07-07 12:54 -------- d-----w- C:\canon_Fax
2010-06-29 16:18 . 2010-06-29 16:18 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-29 15:08 . 2009-11-21 16:03 471552 -c--a-w- c:\windows\system32\dllcache\aclayers.dll
2010-06-29 15:04 . 2009-02-09 11:25 111104 -c--a-w- c:\windows\system32\dllcache\services.exe
2010-06-29 15:04 . 2009-02-09 10:56 401408 -c--a-w- c:\windows\system32\dllcache\rpcss.dll
2010-06-29 15:04 . 2009-02-09 10:56 684032 -c--a-w- c:\windows\system32\dllcache\advapi32.dll
2010-06-29 15:04 . 2009-02-09 10:56 473600 -c--a-w- c:\windows\system32\dllcache\fastprox.dll
2010-06-29 15:04 . 2009-02-09 10:56 709632 -c--a-w- c:\windows\system32\dllcache\ntdll.dll
2010-06-29 15:04 . 2009-02-09 10:56 453120 -c--a-w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-06-29 15:00 . 2010-02-12 10:03 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-06-29 15:00 . 2009-07-31 04:35 1172480 -c--a-w- c:\windows\system32\dllcache\msxml3.dll
2010-06-29 08:07 . 2008-11-05 03:59 40496 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2010-06-29 08:07 . 2010-06-29 09:57 -------- d-----w- c:\program files\Paragon Software
2010-06-29 07:45 . 2010-06-29 07:45 -------- d-----w- c:\program files\Smart PC Solutions
2010-06-28 10:43 . 2010-06-28 10:43 -------- d-----w- c:\documents and settings\administrator\Bluetooth Software
1601-01-01 00:00 . 1601-01-01 00:00 -------- d-----w- c:\program files\temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 16:59 . 2009-02-15 01:12 -------- d-----w- c:\program files\FlashGet
2010-07-22 16:05 . 2009-03-19 14:29 256 ----a-w- c:\windows\system32\pool.bin
2010-07-21 10:33 . 2006-03-02 12:00 94716 ----a-w- c:\windows\system32\perfc005.dat
2010-07-21 10:33 . 2006-03-02 12:00 478968 ----a-w- c:\windows\system32\perfh005.dat
2010-07-15 19:59 . 2008-10-29 07:44 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-09 08:47 . 2008-04-11 07:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-29 16:44 . 2008-04-11 12:00 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-29 16:21 . 2008-04-14 10:41 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-05-04 17:18 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:18 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:18 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 08:09 . 2006-03-02 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2008-04-19 13:44 . 2008-04-19 13:44 336 -c--a-w- c:\program files\temp995.bat
2006-05-06 16:42 . 2008-04-11 13:28 7260160 -c--a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
2009-03-21 14:09 . 2006-03-02 12:00 161513 --sha-r- c:\windows\system32\tyukucni.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users\Data aplikací\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-03-14 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-03-03 94208]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-01-21 135168]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BTTray.lnk - c:\program files\IBM\Bluetooth Software\BTTray.exe [2004-10-1 565309]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-12 19:11 24576 ----a-w- c:\windows\system32\tphklock.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\My Mobile\\MyMobiler\\MyMobiler.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"21:TCP"= 21:TCP:ftp
"25:TCP"= 25:TCP:smtp
"115:TCP"= 115:TCP:pop
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [29.6.2010 10:07 40496]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [24.10.2008 21:53 35168]
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [14.7.2010 15:20 181120]
R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [14.7.2010 15:20 51072]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.10.2009 9:16 472280]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [7.11.2008 21:20 25824]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [3.7.2009 11:40 9216]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [24.10.2008 11:09 102400]
S2 crhdtq;Manager Microsoft;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 14:00 14336]
S2 Tdjysmi;Tdjysmi;c:\windows\System32\svchost.exe -k netsvcs [2.3.2006 14:00 14336]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [9.7.2010 11:33 112640]
S3 GNCM;Gemini Network Communication Manager;c:\program files\BSC Praha\NCM\GNCM.exe [15.2.2007 16:13 196608]
S3 npkycryp;npkycryp;\??\c:\my files\Files\files_PERSONAL\media\movie\LineageII - Interlude_dragon\system\npkycryp.sys --> c:\my files\Files\files_PERSONAL\media\movie\LineageII - Interlude_dragon\system\npkycryp.sys [?]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [14.2.2009 23:53 23600]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [8.7.2010 11:11 11520]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11.4.2008 16:02 717296]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Tdjysmi
crhdtq
.
Obsah adresáře 'Naplánované úlohy'
2010-07-22 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-05-01 00:00]
.
.
------- Doplňkový sken -------
.
uStart Page = https://posta.konecna-safar.com/
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Stáhnout &vše FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: Assign &hot key - c:\program files\Hot Keyboard Pro\IEScript.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: euras.com\www
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\go
Trusted Zone: o2shop.cz\konto
TCP: {F3527DF3-BC11-4F20-9E38-958F4FE354AA} = 8.8.8.8
FF - ProfilePath - c:\documents and settings\rtu\Data aplikací\Mozilla\Firefox\Profiles\ju4ivgpl.default\
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Java\j2re1.4.2_13\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_13\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_13\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_13\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_13\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_13\bin\NPJPI142_13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_13\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
AddRemove-ProInst - c:\windows\Installer\iProInst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-22 19:19
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\crhdtq]
"ServiceDll"="c:\windows\system32\tyukucni.dll"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{68BBC960-69F7-52E6-B778-F8A1B8EE619A}\InProcServer32*]
"oainfbjnemfiihjmlheomhhobepnal"=hex:6a,61,67,63,67,65,63,70,6f,70,6e,63,6b,67,
68,6c,66,61,66,6f,00,fa
"nainlphnffhceipncljkfpnpmdpn"=hex:6a,61,67,63,69,65,69,70,6b,61,6b,70,6f,68,
61,6e,70,6d,69,66,00,fa
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1464)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\tphklock.dll
c:\windows\system32\ACTIVEDS.dll
- - - - - - - > 'explorer.exe'(3024)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\IBM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Celkový čas: 2010-07-22 19:24:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-22 17:24
Před spuštěním: 4 751 589 376
Po spuštění: 5 255 487 488
- - End Of File - - 56A965DCF05A0F7006F3671747C278B5
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosim o kontrolu logu - problem s microsoft servery.
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Collect::
c:\program files\temp995.bat
c:\windows\system32\tyukucni.dll
Driver::
crhdtq
Tdjysmi
Regnull::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{68BBC960-69F7-52E6-B778-F8A1B8EE619A}\InProcServer32*]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
messiash13
- Návštěvník
- Příspěvky: 20
- Registrován: 12 bře 2007 11:21
Re: prosim o kontrolu logu - problem s microsoft servery.
Tak uz se to zda byt v pořádku...Dekuji Vam mnohokrate
Jeste otazka - mam techto problemu v siti vice. Mohu na ne aplikovat tento script nebo se to pc od pc lisi? Jeste jednou dekuji
Jeste otazka - mam techto problemu v siti vice. Mohu na ne aplikovat tento script nebo se to pc od pc lisi? Jeste jednou dekuji
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosim o kontrolu logu - problem s microsoft servery.
1. Aplikovat stejný skript na více PC v síti není možné, neboť jeden každý PC může být napaden různou nákazou.
2. Pokud se jedná o firemní síť, toto fórum není od toho, aby suplovalo placený IT servis. Všichni, co zde působí to dělají zdarma a ve svém volném čase a neslučuje se s dobrými mravy, abychom zdarma dělali to, na co mají firmy fondy.
Nemáte zač!
2. Pokud se jedná o firemní síť, toto fórum není od toho, aby suplovalo placený IT servis. Všichni, co zde působí to dělají zdarma a ve svém volném čase a neslučuje se s dobrými mravy, abychom zdarma dělali to, na co mají firmy fondy.
Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?