Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu logu
Tak MBAM nenašel nic..
Re: Prosím o kontrolu logu
A internet pořád vypadává?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu logu
on internet až tak ne, jako že se sekne celej server. Nebo tak zpomalí, že skoro nereaguje.
Při sledování zátěže není vidět, že by se procesor zatížil na 100%, je to dosti divný chování.
Při sledování zátěže není vidět, že by se procesor zatížil na 100%, je to dosti divný chování.
Re: Prosím o kontrolu logu
Dělali jsme AVPtool? Jestli ne, klikněte mi do podpisu na AVPtool a udělejte sken.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu logu
ano AVPTool jsem dělal.. 
Re: Prosím o kontrolu logu
Omlouvám se za zpoždění, zapoměla jsme na Vás 
.
Problém je, že je to server, nevím co za programby na tom mohlo ještě běžet. Já už nikde nic nevidím
.Problém je, že je to server, nevím co za programby na tom mohlo ještě běžet. Já už nikde nic nevidím
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu logu
prosím ještě o kontrolu logu MBAM:
díky moc
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 5079
Windows 5.2.3790 Service Pack 2
Internet Explorer 8.0.6001.18702
9.11.2010 12:33:45
mbam-log-2010-11-09 (12-33-45).txt
Typ skenu: Úplný sken (C:\|G:\|)
Skenované objekty: 452112
Uplynulý čas: 2 hodina(y), 38 minuta(y), 44 sekunda(y)
Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 1
Infikované procesy v paměti:
C:\Program Files\Microsoft Explorer\svchost.exe (Trojan.Clicker) -> No action taken.
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\microsoft .net framework com+ support (Trojan.Clicker) -> No action taken.
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\Program Files\Microsoft Explorer\svchost.exe (Trojan.Clicker) -> No action taken.
díky moc
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 5079
Windows 5.2.3790 Service Pack 2
Internet Explorer 8.0.6001.18702
9.11.2010 12:33:45
mbam-log-2010-11-09 (12-33-45).txt
Typ skenu: Úplný sken (C:\|G:\|)
Skenované objekty: 452112
Uplynulý čas: 2 hodina(y), 38 minuta(y), 44 sekunda(y)
Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 1
Infikované procesy v paměti:
C:\Program Files\Microsoft Explorer\svchost.exe (Trojan.Clicker) -> No action taken.
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\microsoft .net framework com+ support (Trojan.Clicker) -> No action taken.
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\Program Files\Microsoft Explorer\svchost.exe (Trojan.Clicker) -> No action taken.
Re: Prosím o kontrolu logu
A to jste zase chytl kde 
.
V mbamu vše smažte a poprosím o nový log z OTL.
.V mbamu vše smažte a poprosím o nový log z OTL.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu logu
aale.. byl tam jeden pc, který byl neustále zapnutý a uživatel chodil tam, kam nemá.. včera jsem ho trochu típl
zde je log OTL:
OTL logfile created on: 9.11.2010 12:50:51 - Run 4
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Administrator\Plocha
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 7,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 48,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 6,57 Gb Free Space | 26,90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 207,48 Gb Total Space | 91,93 Gb Free Space | 44,31% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SERVERSJG
Current User Name: administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.11.09 06:07:26 | 015,073,663 | ---- | M] (IniCom Networks, Inc.) -- C:\Program Files\Microsoft Explorer\svchost.exe
PRC - [2010.09.27 08:23:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
PRC - [2010.04.29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- G:\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010.03.30 10:16:16 | 001,820,040 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010.03.30 10:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010.02.18 10:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009.05.28 18:14:55 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wins.exe
PRC - [2009.02.17 09:19:33 | 000,449,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dns.exe
PRC - [2008.04.28 09:10:44 | 000,423,184 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe
PRC - [2008.04.28 09:08:34 | 000,552,208 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe
PRC - [2008.04.16 08:45:56 | 000,466,944 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\ServerView Agents\GlobalFlash\gf_agent.exe
PRC - [2008.04.15 07:55:12 | 000,016,384 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\RAID\amService.exe
PRC - [2007.05.21 19:39:26 | 001,415,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe
PRC - [2007.05.21 19:39:26 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.05.21 19:39:26 | 000,792,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntfrs.exe
PRC - [2007.05.21 19:39:26 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logon.scr
PRC - [2007.05.21 19:39:26 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dfssvc.exe
PRC - [2007.05.21 19:39:26 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\llssrv.exe
PRC - [2007.05.21 19:39:26 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2007.05.21 19:39:26 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
PRC - [2007.05.21 19:39:26 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2007.05.21 19:39:26 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sbscrexe.exe
PRC - [2007.05.21 19:39:26 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
PRC - [2007.05.21 19:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2007.05.21 19:39:26 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\w3wp.exe
PRC - [2007.04.19 13:08:48 | 000,031,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\web server extensions\60\BIN\OWSTIMER.EXE
PRC - [2007.02.09 10:34:02 | 000,024,576 | ---- | M] (Oki Data Corporation) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHILDCS.EXE
PRC - [2006.09.27 13:05:24 | 000,270,336 | ---- | M] () -- C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe
PRC - [2006.09.27 13:05:24 | 000,069,632 | ---- | M] (LSI Logic Corporation) -- C:\Program Files\Fujitsu Siemens\RAID\bin\mr2kserv.exe
PRC - [2006.05.12 14:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2005.10.14 02:53:50 | 000,087,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2005.10.14 02:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
PRC - [2005.10.14 02:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2005.10.14 02:51:14 | 000,239,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2005.10.04 20:17:18 | 005,227,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\store.exe
PRC - [2005.08.25 18:10:14 | 008,920,064 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\mad.exe
PRC - [2005.08.25 18:10:02 | 003,217,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\exmgmt.exe
PRC - [2005.05.25 01:43:16 | 000,033,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe
PRC - [2003.06.03 08:23:09 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\events.exe
========== Modules (SafeList) ==========
MOD - [2010.09.27 08:23:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
MOD - [2007.05.21 19:39:26 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007.05.21 19:39:26 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2007.02.17 08:28:52 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (WinHttpAutoProxySvc)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\WinHelp32.exe -- (WigfgnHelp32)
SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Storm\update\%SESSIONNAME%\udvre.cc3 -- (Themes)
SRV - File not found [Unknown | Running] -- -- (Microsoft .Net Framework COM+ Support)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\bits.dll -- (BITS)
SRV - [2010.03.30 10:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009.10.20 19:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.05.28 18:14:55 | 000,157,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wins.exe -- (WINS)
SRV - [2009.02.17 09:19:33 | 000,449,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dns.exe -- (DNS)
SRV - [2008.07.29 18:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.04.28 09:10:44 | 000,423,184 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe -- (RemoteConnector)
SRV - [2008.04.28 09:08:34 | 000,552,208 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe -- (SrvCtrl)
SRV - [2008.04.16 08:45:56 | 000,466,944 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\GlobalFlash\gf_agent.exe -- (OfflineFlash)
SRV - [2008.04.15 07:55:12 | 000,016,384 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\amService.exe -- (amService)
SRV - [2007.05.21 19:39:26 | 000,792,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)
SRV - [2007.05.21 19:39:26 | 000,216,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2007.05.21 19:39:26 | 000,164,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)
SRV - [2007.05.21 19:39:26 | 000,094,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)
SRV - [2007.05.21 19:39:26 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)
SRV - [2007.05.21 19:39:26 | 000,069,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe -- (MSSEARCH)
SRV - [2007.05.21 19:39:26 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)
SRV - [2007.05.21 19:39:26 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)
SRV - [2007.05.21 19:39:26 | 000,040,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2007.05.21 19:39:26 | 000,040,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)
SRV - [2007.05.21 19:39:26 | 000,037,888 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\WINDOWS\system32\sbscrexe.exe -- (SBCore)
SRV - [2007.05.21 19:39:26 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (DHCPServer)
SRV - [2007.05.21 19:39:26 | 000,014,848 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\\System32\\svchost.exe -- (Iprip)
SRV - [2007.05.21 19:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) SMTP (Simple Mail Transfer Protocol)
SRV - [2007.05.21 19:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (RESvc)
SRV - [2007.05.21 19:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (POP3Svc)
SRV - [2007.05.21 19:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (NntpSvc) NNTP (Network News Transfer Protocol)
SRV - [2007.05.21 19:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2007.05.21 19:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IMAP4Svc)
SRV - [2007.05.21 19:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007.05.21 19:39:26 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)
SRV - [2007.04.19 13:08:48 | 000,031,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\BIN\OWSTIMER.EXE -- (SPTimer)
SRV - [2007.02.09 10:34:02 | 000,024,576 | ---- | M] (Oki Data Corporation) [Auto | Running] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHILDCS.EXE -- (OKI OPHI DCS Loader)
SRV - [2006.09.27 13:05:24 | 000,270,336 | ---- | M] () [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe -- (SpySer)
SRV - [2006.09.27 13:05:24 | 000,069,632 | ---- | M] (LSI Logic Corporation) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\bin\mr2kserv.exe -- (mr2kserv)
SRV - [2006.05.12 14:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2005.10.14 02:53:50 | 000,087,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005.10.14 02:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SQL Server (MSSQLSERVER)
SRV - [2005.10.14 02:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2005.10.14 02:51:14 | 000,239,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005.10.14 02:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005.10.04 20:17:18 | 005,227,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\store.exe -- (MSExchangeIS)
SRV - [2005.08.25 18:10:14 | 008,920,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\mad.exe -- (MSExchangeSA)
SRV - [2005.08.25 18:10:02 | 003,217,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\exmgmt.exe -- (MSExchangeMGMT)
SRV - [2005.08.25 17:34:34 | 003,592,704 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Exchsrvr\bin\emsmta.exe -- (MSExchangeMTA)
SRV - [2005.08.25 17:29:52 | 000,339,456 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Exchsrvr\bin\srsmain.exe -- (MSExchangeSRS)
SRV - [2005.05.25 01:43:16 | 000,033,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe -- (MSPOP3Connector)
SRV - [2003.06.03 08:23:09 | 000,094,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\events.exe -- (MSExchangeES)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\twju.sys -- (adjf)
DRV - [2009.10.22 12:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\40073382.sys -- (40073382)
DRV - [2009.10.20 19:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009.10.09 22:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\4007338.sys -- (setup_9.0.0.722_08.11.2010_16-14drv)
DRV - [2009.09.25 16:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\40073381.sys -- (40073381)
DRV - [2009.09.23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.04.28 09:09:34 | 000,025,104 | ---- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Stopped] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\ImbDrvNT.sys -- (ImbDrvNT)
DRV - [2008.04.28 09:09:32 | 000,089,104 | ---- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\ScSBB.sys -- (ScSBB)
DRV - [2007.09.14 16:15:00 | 000,392,192 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\MegaSR.sys -- (MegaSR)
DRV - [2007.06.24 23:00:00 | 000,041,216 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007.05.21 19:39:26 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ClusDisk.sys -- (ClusDisk)
DRV - [2007.05.21 19:39:26 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Dfs.sys -- (DfsDriver)
DRV - [2007.04.13 12:33:34 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007.02.17 07:45:56 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2005.12.06 22:44:42 | 001,379,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.08.25 16:29:06 | 000,196,192 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\exifs.sys -- (EXIFS)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2158042360-509897017-4234702055-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
IE - HKU\S-1-5-21-2158042360-509897017-4234702055-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
IE - HKU\S-1-5-21-2158042360-509897017-4234702055-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.08 15:51:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.08 15:51:12 | 000,000,000 | ---D | M]
[2010.03.03 16:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Extensions
[2010.11.08 14:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\4x73brg9.default\extensions
[2010.03.16 15:13:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\4x73brg9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.08 12:34:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.10.20 08:28:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.20 08:28:22 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.09.26 12:42:21 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.09.26 12:42:21 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.09.26 12:42:22 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.09.26 12:42:22 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.09.26 12:42:22 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
Hosts file not found
O4 - HKLM..\Run: [DWPersistentQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] G:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\setup_9.0.0.722_08.11.2010_16-14.lnk = G:\Virus Removal Tool\setup_9.0.0.722_08.11.2010_16-14\startup.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\Správa serverů.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\slapakova\Nabídka Start\Programy\Po spuštění\Správa serverů.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\stavinoha\Nabídka Start\Programy\Po spuštění\Správa serverů.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2158042360-509897017-4234702055-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SJGFinancial.local
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O27 - HKLM IFEO\cacls.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O27 - HKLM IFEO\ftp.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O27 - HKLM IFEO\reg.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O27 - HKLM IFEO\sethc.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.13 14:34:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0946dc2e-ca93-11dd-a646-0008543fac18}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDEULA.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.11.09 06:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Explorer
[2010.11.08 15:00:41 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\4007338.sys
[2010.11.08 15:00:41 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\40073381.sys
[2010.11.08 15:00:41 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\40073382.sys
[2010.10.26 12:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\Infineon
[2010.10.26 11:59:30 | 000,041,216 | ---- | C] (Infineon Technologies AG) -- C:\WINDOWS\System32\drivers\ifxtpm.sys
[2010.10.22 10:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Sun
[2010.10.22 10:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.10.20 08:28:38 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.10.20 08:28:38 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.10.20 08:28:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.10.20 08:28:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.10.20 08:28:38 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.10.20 08:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010.09.21 08:29:28 | 001,441,369 | ---- | C] (EFD Software ) -- C:\Documents and Settings\Administrator\Data aplikací\hdtunepro_460_trial.exe
========== Files - Modified Within 30 Days ==========
[2010.11.09 12:50:37 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\qexe.sys
[2010.11.09 12:49:26 | 000,002,586 | ---- | M] () -- C:\WINDOWS\System32\licstr.cpa
[2010.11.09 12:00:26 | 000,005,953 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010.11.09 12:00:00 | 000,000,750 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{040918b8-50ef-11dd-866e-806e6f6e6963}.job
[2010.11.09 08:43:29 | 000,001,218 | -H-- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\Default.rdp
[2010.11.08 21:00:14 | 000,000,812 | ---- | M] () -- C:\WINDOWS\tasks\Backup.job
[2010.11.08 18:27:45 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\utq0nze4.sys
[2010.11.08 18:26:40 | 000,000,800 | -HS- | M] () -- C:\WINDOWS\setup_9.0.0.722_08.11.2010_16-14drv.spi
[2010.11.08 15:38:12 | 000,000,163 | ---- | M] () -- C:\WINDOWS\System32\arcconfig.xml
[2010.11.08 15:36:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.11.08 15:36:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.11.08 15:35:17 | 002,359,296 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010.11.08 15:33:16 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010.11.08 15:33:13 | 002,541,420 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\IconCache.db
[2010.11.08 15:02:24 | 000,001,216 | ---- | M] () -- C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\setup_9.0.0.722_08.11.2010_16-14.lnk
[2010.11.08 10:18:34 | 001,087,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.11.08 10:18:33 | 001,095,518 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.11.08 10:18:33 | 000,330,820 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.11.08 10:18:33 | 000,308,132 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.11.08 10:18:32 | 002,876,270 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.11.06 20:52:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.29 08:42:58 | 000,003,818 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2010.10.28 16:50:24 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Ekonomický systém POHODA 2010 Komplet.lnk
[2010.10.20 08:28:21 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.10.20 08:28:21 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.10.20 08:28:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.10.20 08:28:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.10.20 08:28:21 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.10.13 09:03:25 | 000,006,570 | ---- | M] () -- C:\WINDOWS\imsins.BAK
========== Files Created - No Company Name ==========
[2010.11.09 12:50:37 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\qexe.sys
[2010.11.08 18:25:11 | 000,000,800 | -HS- | C] () -- C:\WINDOWS\setup_9.0.0.722_08.11.2010_16-14drv.spi
[2010.11.08 15:48:41 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utq0nze4.sys
[2010.11.08 15:02:24 | 000,001,216 | ---- | C] () -- C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\setup_9.0.0.722_08.11.2010_16-14.lnk
[2009.11.23 15:49:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NICSettingTool.INI
[2009.11.23 15:16:26 | 000,000,251 | ---- | C] () -- C:\WINDOWS\OPHI.INI
[2009.10.20 19:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009.09.11 21:37:27 | 000,000,263 | ---- | C] () -- C:\WINDOWS\HELIQMR.INI
[2009.08.28 09:34:18 | 000,003,355 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2009.02.11 13:08:20 | 000,000,685 | ---- | C] () -- C:\WINDOWS\eporadce_0811.ini
[2009.01.23 13:41:41 | 000,000,272 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2008.07.16 18:46:59 | 000,003,818 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2008.07.13 15:57:31 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\fusioncache.dat
[2008.07.13 15:33:55 | 000,003,526 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008.07.13 15:24:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2008.07.13 15:23:07 | 000,044,291 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008.07.13 15:23:06 | 000,035,920 | ---- | C] () -- C:\WINDOWS\System32\nntpctrs.ini
[2008.07.13 15:23:06 | 000,002,069 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008.07.13 15:23:04 | 000,078,484 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008.07.13 15:23:04 | 000,015,645 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008.07.13 15:23:03 | 000,018,184 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008.07.13 15:17:34 | 000,024,120 | ---- | C] () -- C:\WINDOWS\System32\dnsperf.ini
[2008.07.13 15:14:25 | 000,004,626 | ---- | C] () -- C:\WINDOWS\System32\dhcpctrs.ini
[2008.07.13 14:07:03 | 000,179,577 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
[2008.07.13 14:06:50 | 000,051,600 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
[2008.07.13 14:06:50 | 000,039,968 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
[2008.07.13 14:06:50 | 000,010,209 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
[2008.07.13 14:06:25 | 000,022,725 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
[2008.07.13 14:06:21 | 000,022,854 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
========== LOP Check ==========
[2009.10.23 12:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Leadertech
[2009.12.30 16:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Wireshark
[2009.10.30 07:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Seagate
[2010.03.01 20:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\STORMWARE
[2010.10.13 20:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\remote\Data aplikací\STORMWARE
[2010.11.07 01:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\remote\Data aplikací\uTorrent
[2010.10.23 09:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\remote\Data aplikací\Zoiper
[2009.04.22 06:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stavinoha\Data aplikací\STORMWARE
[2010.11.08 21:00:14 | 000,000,812 | ---- | M] () -- C:\WINDOWS\Tasks\Backup.job
[2010.11.08 15:33:48 | 000,032,186 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt
[2010.11.09 12:00:00 | 000,000,750 | ---- | M] () -- C:\WINDOWS\Tasks\ShadowCopyVolume{040918b8-50ef-11dd-866e-806e6f6e6963}.job
========== Purity Check ==========
< End of report >
zde je log OTL:
OTL logfile created on: 9.11.2010 12:50:51 - Run 4
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Administrator\Plocha
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 7,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 48,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 6,57 Gb Free Space | 26,90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 207,48 Gb Total Space | 91,93 Gb Free Space | 44,31% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SERVERSJG
Current User Name: administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.11.09 06:07:26 | 015,073,663 | ---- | M] (IniCom Networks, Inc.) -- C:\Program Files\Microsoft Explorer\svchost.exe
PRC - [2010.09.27 08:23:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
PRC - [2010.04.29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- G:\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010.03.30 10:16:16 | 001,820,040 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010.03.30 10:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010.02.18 10:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009.05.28 18:14:55 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wins.exe
PRC - [2009.02.17 09:19:33 | 000,449,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dns.exe
PRC - [2008.04.28 09:10:44 | 000,423,184 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe
PRC - [2008.04.28 09:08:34 | 000,552,208 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe
PRC - [2008.04.16 08:45:56 | 000,466,944 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\ServerView Agents\GlobalFlash\gf_agent.exe
PRC - [2008.04.15 07:55:12 | 000,016,384 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\RAID\amService.exe
PRC - [2007.05.21 19:39:26 | 001,415,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe
PRC - [2007.05.21 19:39:26 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.05.21 19:39:26 | 000,792,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntfrs.exe
PRC - [2007.05.21 19:39:26 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logon.scr
PRC - [2007.05.21 19:39:26 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dfssvc.exe
PRC - [2007.05.21 19:39:26 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\llssrv.exe
PRC - [2007.05.21 19:39:26 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2007.05.21 19:39:26 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
PRC - [2007.05.21 19:39:26 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2007.05.21 19:39:26 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sbscrexe.exe
PRC - [2007.05.21 19:39:26 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
PRC - [2007.05.21 19:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2007.05.21 19:39:26 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\w3wp.exe
PRC - [2007.04.19 13:08:48 | 000,031,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\web server extensions\60\BIN\OWSTIMER.EXE
PRC - [2007.02.09 10:34:02 | 000,024,576 | ---- | M] (Oki Data Corporation) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHILDCS.EXE
PRC - [2006.09.27 13:05:24 | 000,270,336 | ---- | M] () -- C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe
PRC - [2006.09.27 13:05:24 | 000,069,632 | ---- | M] (LSI Logic Corporation) -- C:\Program Files\Fujitsu Siemens\RAID\bin\mr2kserv.exe
PRC - [2006.05.12 14:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2005.10.14 02:53:50 | 000,087,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2005.10.14 02:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
PRC - [2005.10.14 02:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2005.10.14 02:51:14 | 000,239,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2005.10.04 20:17:18 | 005,227,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\store.exe
PRC - [2005.08.25 18:10:14 | 008,920,064 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\mad.exe
PRC - [2005.08.25 18:10:02 | 003,217,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\exmgmt.exe
PRC - [2005.05.25 01:43:16 | 000,033,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe
PRC - [2003.06.03 08:23:09 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\events.exe
========== Modules (SafeList) ==========
MOD - [2010.09.27 08:23:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
MOD - [2007.05.21 19:39:26 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007.05.21 19:39:26 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2007.02.17 08:28:52 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (WinHttpAutoProxySvc)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\WinHelp32.exe -- (WigfgnHelp32)
SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Storm\update\%SESSIONNAME%\udvre.cc3 -- (Themes)
SRV - File not found [Unknown | Running] -- -- (Microsoft .Net Framework COM+ Support)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\bits.dll -- (BITS)
SRV - [2010.03.30 10:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009.10.20 19:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.05.28 18:14:55 | 000,157,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wins.exe -- (WINS)
SRV - [2009.02.17 09:19:33 | 000,449,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dns.exe -- (DNS)
SRV - [2008.07.29 18:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.04.28 09:10:44 | 000,423,184 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe -- (RemoteConnector)
SRV - [2008.04.28 09:08:34 | 000,552,208 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe -- (SrvCtrl)
SRV - [2008.04.16 08:45:56 | 000,466,944 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\GlobalFlash\gf_agent.exe -- (OfflineFlash)
SRV - [2008.04.15 07:55:12 | 000,016,384 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\amService.exe -- (amService)
SRV - [2007.05.21 19:39:26 | 000,792,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)
SRV - [2007.05.21 19:39:26 | 000,216,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2007.05.21 19:39:26 | 000,164,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)
SRV - [2007.05.21 19:39:26 | 000,094,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)
SRV - [2007.05.21 19:39:26 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)
SRV - [2007.05.21 19:39:26 | 000,069,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe -- (MSSEARCH)
SRV - [2007.05.21 19:39:26 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)
SRV - [2007.05.21 19:39:26 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)
SRV - [2007.05.21 19:39:26 | 000,040,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2007.05.21 19:39:26 | 000,040,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)
SRV - [2007.05.21 19:39:26 | 000,037,888 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\WINDOWS\system32\sbscrexe.exe -- (SBCore)
SRV - [2007.05.21 19:39:26 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (DHCPServer)
SRV - [2007.05.21 19:39:26 | 000,014,848 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\\System32\\svchost.exe -- (Iprip)
SRV - [2007.05.21 19:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) SMTP (Simple Mail Transfer Protocol)
SRV - [2007.05.21 19:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (RESvc)
SRV - [2007.05.21 19:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (POP3Svc)
SRV - [2007.05.21 19:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (NntpSvc) NNTP (Network News Transfer Protocol)
SRV - [2007.05.21 19:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2007.05.21 19:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IMAP4Svc)
SRV - [2007.05.21 19:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007.05.21 19:39:26 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)
SRV - [2007.04.19 13:08:48 | 000,031,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\BIN\OWSTIMER.EXE -- (SPTimer)
SRV - [2007.02.09 10:34:02 | 000,024,576 | ---- | M] (Oki Data Corporation) [Auto | Running] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHILDCS.EXE -- (OKI OPHI DCS Loader)
SRV - [2006.09.27 13:05:24 | 000,270,336 | ---- | M] () [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe -- (SpySer)
SRV - [2006.09.27 13:05:24 | 000,069,632 | ---- | M] (LSI Logic Corporation) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\bin\mr2kserv.exe -- (mr2kserv)
SRV - [2006.05.12 14:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2005.10.14 02:53:50 | 000,087,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005.10.14 02:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SQL Server (MSSQLSERVER)
SRV - [2005.10.14 02:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2005.10.14 02:51:14 | 000,239,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005.10.14 02:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005.10.04 20:17:18 | 005,227,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\store.exe -- (MSExchangeIS)
SRV - [2005.08.25 18:10:14 | 008,920,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\mad.exe -- (MSExchangeSA)
SRV - [2005.08.25 18:10:02 | 003,217,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\exmgmt.exe -- (MSExchangeMGMT)
SRV - [2005.08.25 17:34:34 | 003,592,704 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Exchsrvr\bin\emsmta.exe -- (MSExchangeMTA)
SRV - [2005.08.25 17:29:52 | 000,339,456 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Exchsrvr\bin\srsmain.exe -- (MSExchangeSRS)
SRV - [2005.05.25 01:43:16 | 000,033,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe -- (MSPOP3Connector)
SRV - [2003.06.03 08:23:09 | 000,094,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\events.exe -- (MSExchangeES)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\twju.sys -- (adjf)
DRV - [2009.10.22 12:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\40073382.sys -- (40073382)
DRV - [2009.10.20 19:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009.10.09 22:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\4007338.sys -- (setup_9.0.0.722_08.11.2010_16-14drv)
DRV - [2009.09.25 16:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\40073381.sys -- (40073381)
DRV - [2009.09.23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.04.28 09:09:34 | 000,025,104 | ---- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Stopped] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\ImbDrvNT.sys -- (ImbDrvNT)
DRV - [2008.04.28 09:09:32 | 000,089,104 | ---- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\ScSBB.sys -- (ScSBB)
DRV - [2007.09.14 16:15:00 | 000,392,192 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\MegaSR.sys -- (MegaSR)
DRV - [2007.06.24 23:00:00 | 000,041,216 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007.05.21 19:39:26 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ClusDisk.sys -- (ClusDisk)
DRV - [2007.05.21 19:39:26 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Dfs.sys -- (DfsDriver)
DRV - [2007.04.13 12:33:34 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007.02.17 07:45:56 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2005.12.06 22:44:42 | 001,379,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.08.25 16:29:06 | 000,196,192 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\exifs.sys -- (EXIFS)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2158042360-509897017-4234702055-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
IE - HKU\S-1-5-21-2158042360-509897017-4234702055-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
IE - HKU\S-1-5-21-2158042360-509897017-4234702055-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.08 15:51:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.08 15:51:12 | 000,000,000 | ---D | M]
[2010.03.03 16:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Extensions
[2010.11.08 14:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\4x73brg9.default\extensions
[2010.03.16 15:13:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\4x73brg9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.08 12:34:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.10.20 08:28:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.20 08:28:22 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.09.26 12:42:21 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.09.26 12:42:21 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.09.26 12:42:22 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.09.26 12:42:22 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.09.26 12:42:22 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
Hosts file not found
O4 - HKLM..\Run: [DWPersistentQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] G:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\setup_9.0.0.722_08.11.2010_16-14.lnk = G:\Virus Removal Tool\setup_9.0.0.722_08.11.2010_16-14\startup.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\Správa serverů.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\slapakova\Nabídka Start\Programy\Po spuštění\Správa serverů.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\stavinoha\Nabídka Start\Programy\Po spuštění\Správa serverů.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2158042360-509897017-4234702055-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SJGFinancial.local
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O27 - HKLM IFEO\cacls.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O27 - HKLM IFEO\ftp.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O27 - HKLM IFEO\reg.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O27 - HKLM IFEO\sethc.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.13 14:34:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0946dc2e-ca93-11dd-a646-0008543fac18}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDEULA.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.11.09 06:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Explorer
[2010.11.08 15:00:41 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\4007338.sys
[2010.11.08 15:00:41 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\40073381.sys
[2010.11.08 15:00:41 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\40073382.sys
[2010.10.26 12:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\Infineon
[2010.10.26 11:59:30 | 000,041,216 | ---- | C] (Infineon Technologies AG) -- C:\WINDOWS\System32\drivers\ifxtpm.sys
[2010.10.22 10:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Sun
[2010.10.22 10:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.10.20 08:28:38 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.10.20 08:28:38 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.10.20 08:28:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.10.20 08:28:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.10.20 08:28:38 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.10.20 08:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010.09.21 08:29:28 | 001,441,369 | ---- | C] (EFD Software ) -- C:\Documents and Settings\Administrator\Data aplikací\hdtunepro_460_trial.exe
========== Files - Modified Within 30 Days ==========
[2010.11.09 12:50:37 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\qexe.sys
[2010.11.09 12:49:26 | 000,002,586 | ---- | M] () -- C:\WINDOWS\System32\licstr.cpa
[2010.11.09 12:00:26 | 000,005,953 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010.11.09 12:00:00 | 000,000,750 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{040918b8-50ef-11dd-866e-806e6f6e6963}.job
[2010.11.09 08:43:29 | 000,001,218 | -H-- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\Default.rdp
[2010.11.08 21:00:14 | 000,000,812 | ---- | M] () -- C:\WINDOWS\tasks\Backup.job
[2010.11.08 18:27:45 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\utq0nze4.sys
[2010.11.08 18:26:40 | 000,000,800 | -HS- | M] () -- C:\WINDOWS\setup_9.0.0.722_08.11.2010_16-14drv.spi
[2010.11.08 15:38:12 | 000,000,163 | ---- | M] () -- C:\WINDOWS\System32\arcconfig.xml
[2010.11.08 15:36:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.11.08 15:36:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.11.08 15:35:17 | 002,359,296 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010.11.08 15:33:16 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010.11.08 15:33:13 | 002,541,420 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\IconCache.db
[2010.11.08 15:02:24 | 000,001,216 | ---- | M] () -- C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\setup_9.0.0.722_08.11.2010_16-14.lnk
[2010.11.08 10:18:34 | 001,087,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.11.08 10:18:33 | 001,095,518 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.11.08 10:18:33 | 000,330,820 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.11.08 10:18:33 | 000,308,132 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.11.08 10:18:32 | 002,876,270 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.11.06 20:52:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.29 08:42:58 | 000,003,818 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2010.10.28 16:50:24 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Ekonomický systém POHODA 2010 Komplet.lnk
[2010.10.20 08:28:21 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.10.20 08:28:21 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.10.20 08:28:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.10.20 08:28:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.10.20 08:28:21 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.10.13 09:03:25 | 000,006,570 | ---- | M] () -- C:\WINDOWS\imsins.BAK
========== Files Created - No Company Name ==========
[2010.11.09 12:50:37 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\qexe.sys
[2010.11.08 18:25:11 | 000,000,800 | -HS- | C] () -- C:\WINDOWS\setup_9.0.0.722_08.11.2010_16-14drv.spi
[2010.11.08 15:48:41 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utq0nze4.sys
[2010.11.08 15:02:24 | 000,001,216 | ---- | C] () -- C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\setup_9.0.0.722_08.11.2010_16-14.lnk
[2009.11.23 15:49:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NICSettingTool.INI
[2009.11.23 15:16:26 | 000,000,251 | ---- | C] () -- C:\WINDOWS\OPHI.INI
[2009.10.20 19:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009.09.11 21:37:27 | 000,000,263 | ---- | C] () -- C:\WINDOWS\HELIQMR.INI
[2009.08.28 09:34:18 | 000,003,355 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2009.02.11 13:08:20 | 000,000,685 | ---- | C] () -- C:\WINDOWS\eporadce_0811.ini
[2009.01.23 13:41:41 | 000,000,272 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2008.07.16 18:46:59 | 000,003,818 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2008.07.13 15:57:31 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\fusioncache.dat
[2008.07.13 15:33:55 | 000,003,526 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008.07.13 15:24:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2008.07.13 15:23:07 | 000,044,291 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008.07.13 15:23:06 | 000,035,920 | ---- | C] () -- C:\WINDOWS\System32\nntpctrs.ini
[2008.07.13 15:23:06 | 000,002,069 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008.07.13 15:23:04 | 000,078,484 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008.07.13 15:23:04 | 000,015,645 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008.07.13 15:23:03 | 000,018,184 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008.07.13 15:17:34 | 000,024,120 | ---- | C] () -- C:\WINDOWS\System32\dnsperf.ini
[2008.07.13 15:14:25 | 000,004,626 | ---- | C] () -- C:\WINDOWS\System32\dhcpctrs.ini
[2008.07.13 14:07:03 | 000,179,577 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
[2008.07.13 14:06:50 | 000,051,600 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
[2008.07.13 14:06:50 | 000,039,968 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
[2008.07.13 14:06:50 | 000,010,209 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
[2008.07.13 14:06:25 | 000,022,725 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
[2008.07.13 14:06:21 | 000,022,854 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
========== LOP Check ==========
[2009.10.23 12:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Leadertech
[2009.12.30 16:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Wireshark
[2009.10.30 07:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Seagate
[2010.03.01 20:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\STORMWARE
[2010.10.13 20:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\remote\Data aplikací\STORMWARE
[2010.11.07 01:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\remote\Data aplikací\uTorrent
[2010.10.23 09:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\remote\Data aplikací\Zoiper
[2009.04.22 06:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stavinoha\Data aplikací\STORMWARE
[2010.11.08 21:00:14 | 000,000,812 | ---- | M] () -- C:\WINDOWS\Tasks\Backup.job
[2010.11.08 15:33:48 | 000,032,186 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt
[2010.11.09 12:00:00 | 000,000,750 | ---- | M] () -- C:\WINDOWS\Tasks\ShadowCopyVolume{040918b8-50ef-11dd-866e-806e6f6e6963}.job
========== Purity Check ==========
< End of report >
Re: Prosím o kontrolu logu
V mbamu jste to smazal? Pořád to tam je
Otestujte na www.virustotal.com
C:\Program Files\Microsoft Explorer\svchost.exe
C:\Program Files\Exchsrvr\bin\events.exe
Tuto složku/ program znáte?
C:\Program Files\Microsoft Explorer
Otestujte na www.virustotal.comC:\Program Files\Microsoft Explorer\svchost.exe
C:\Program Files\Exchsrvr\bin\events.exe
Tuto složku/ program znáte?C:\Program Files\Microsoft Explorer
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu logu
smazal, ale je potřeba reestart, což ted bohužel není za provozu možné
složku neznám právě. ale nevěděl jsem, aby to němělo něco společného s explorer.exe
zde jsou výsledky:
C:\Program Files\Microsoft Explorer\svchost.exe:
Avast 4.8.1351.0 2010.11.09 Win32:PcClient-ZE
Avast5 5.0.594.0 2010.11.09 Win32:PcClient-ZE
CTools 7.0.3.5 2010.11.09 HeurEngine.MalPE
SUPERAntiSpyware 4.40.0.1006 2010.11.09 Trojan.Agent/Gen-Nullo[Short]
Symantec 20101.2.0.161 2010.11.09 Bloodhound.MalPE
TheHacker 6.7.0.1.080 2010.11.08 Trojan/Agent.fvlz
C:\Program Files\Exchsrvr\bin\events.exe:
ten je ok
složku neznám právě. ale nevěděl jsem, aby to němělo něco společného s explorer.exe
zde jsou výsledky:
C:\Program Files\Microsoft Explorer\svchost.exe:
Avast 4.8.1351.0 2010.11.09 Win32:PcClient-ZE
Avast5 5.0.594.0 2010.11.09 Win32:PcClient-ZE
CTools 7.0.3.5 2010.11.09 HeurEngine.MalPE
SUPERAntiSpyware 4.40.0.1006 2010.11.09 Trojan.Agent/Gen-Nullo[Short]
Symantec 20101.2.0.161 2010.11.09 Bloodhound.MalPE
TheHacker 6.7.0.1.080 2010.11.08 Trojan/Agent.fvlz
C:\Program Files\Exchsrvr\bin\events.exe:
ten je ok
Re: Prosím o kontrolu logu
Je v té složce kromě toho souboru ještě něco jiného?
Potom po restartu zkontrolujte, jestli tam ten soubor pořád je.
Potom po restartu zkontrolujte, jestli tam ten soubor pořád je.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu logu
žádný jiný soubor tam není, udělám restart...
Re: Prosím o kontrolu logu
Fajn, pak to zkontrolujte, složku smažte a dejte vědět
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu logu
Tak složka a ani soubor už tam není.. zkusím projet ještě MBAMem
Přispějete na provoz fóra?