Podivná aktivita site

[raskar89]

TCP Eduard-PC:epmap Eduard-PC:0 LISTENING
TCP Eduard-PC:microsoft-ds Eduard-PC:0 LISTENING
TCP Eduard-PC:rtsp Eduard-PC:0 LISTENING
TCP Eduard-PC:icslap Eduard-PC:0 LISTENING
TCP Eduard-PC:wsd Eduard-PC:0 LISTENING
TCP Eduard-PC:10243 Eduard-PC:0 LISTENING
TCP Eduard-PC:49152 Eduard-PC:0 LISTENING
TCP Eduard-PC:49153 Eduard-PC:0 LISTENING
TCP Eduard-PC:49154 Eduard-PC:0 LISTENING
TCP Eduard-PC:49155 Eduard-PC:0 LISTENING
TCP Eduard-PC:49156 Eduard-PC:0 LISTENING
TCP Eduard-PC:49157 Eduard-PC:0 LISTENING
TCP Eduard-PC:5354 Eduard-PC:0 LISTENING
TCP Eduard-PC:12025 Eduard-PC:0 LISTENING
TCP Eduard-PC:12080 Eduard-PC:0 LISTENING
TCP Eduard-PC:12080 localhost:51461 ESTABLISHED
TCP Eduard-PC:12080 localhost:52264 ESTABLISHED
TCP Eduard-PC:12080 localhost:52265 ESTABLISHED
TCP Eduard-PC:12080 localhost:52266 ESTABLISHED
TCP Eduard-PC:12080 localhost:52267 ESTABLISHED
TCP Eduard-PC:12080 localhost:52268 ESTABLISHED
TCP Eduard-PC:12080 localhost:52269 ESTABLISHED
TCP Eduard-PC:12080 localhost:52283 ESTABLISHED
TCP Eduard-PC:12080 localhost:52285 ESTABLISHED
TCP Eduard-PC:12080 localhost:52293 ESTABLISHED
TCP Eduard-PC:12080 localhost:52294 ESTABLISHED
TCP Eduard-PC:12080 localhost:52295 ESTABLISHED
TCP Eduard-PC:12080 localhost:52296 ESTABLISHED
TCP Eduard-PC:12080 localhost:52300 ESTABLISHED
TCP Eduard-PC:12080 localhost:52302 ESTABLISHED
TCP Eduard-PC:12080 localhost:52311 TIME_WAIT
TCP Eduard-PC:12080 localhost:52313 TIME_WAIT
TCP Eduard-PC:12080 localhost:52321 TIME_WAIT
TCP Eduard-PC:12080 localhost:52322 ESTABLISHED
TCP Eduard-PC:12080 localhost:52327 ESTABLISHED
TCP Eduard-PC:12080 localhost:52331 ESTABLISHED
TCP Eduard-PC:12110 Eduard-PC:0 LISTENING
TCP Eduard-PC:12119 Eduard-PC:0 LISTENING
TCP Eduard-PC:12143 Eduard-PC:0 LISTENING
TCP Eduard-PC:12465 Eduard-PC:0 LISTENING
TCP Eduard-PC:12563 Eduard-PC:0 LISTENING
TCP Eduard-PC:12993 Eduard-PC:0 LISTENING
TCP Eduard-PC:12995 Eduard-PC:0 LISTENING
TCP Eduard-PC:27015 Eduard-PC:0 LISTENING
TCP Eduard-PC:49701 localhost:49702 ESTABLISHED
TCP Eduard-PC:49702 localhost:49701 ESTABLISHED
TCP Eduard-PC:49703 localhost:49704 ESTABLISHED
TCP Eduard-PC:49704 localhost:49703 ESTABLISHED
TCP Eduard-PC:51461 localhost:12080 ESTABLISHED
TCP Eduard-PC:52264 localhost:12080 ESTABLISHED
TCP Eduard-PC:52265 localhost:12080 ESTABLISHED
TCP Eduard-PC:52266 localhost:12080 ESTABLISHED
TCP Eduard-PC:52267 localhost:12080 ESTABLISHED
TCP Eduard-PC:52268 localhost:12080 ESTABLISHED
TCP Eduard-PC:52269 localhost:12080 ESTABLISHED
TCP Eduard-PC:52283 localhost:12080 ESTABLISHED
TCP Eduard-PC:52285 localhost:12080 ESTABLISHED
TCP Eduard-PC:52286 localhost:12080 TIME_WAIT
TCP Eduard-PC:52289 localhost:12080 TIME_WAIT
TCP Eduard-PC:52291 localhost:12080 TIME_WAIT
TCP Eduard-PC:52293 localhost:12080 ESTABLISHED
TCP Eduard-PC:52294 localhost:12080 ESTABLISHED
TCP Eduard-PC:52295 localhost:12080 ESTABLISHED
TCP Eduard-PC:52296 localhost:12080 ESTABLISHED
TCP Eduard-PC:52300 localhost:12080 ESTABLISHED
TCP Eduard-PC:52302 localhost:12080 ESTABLISHED
TCP Eduard-PC:52322 localhost:12080 ESTABLISHED
TCP Eduard-PC:52327 localhost:12080 ESTABLISHED
TCP Eduard-PC:52331 localhost:12080 ESTABLISHED
TCP eduard-pc:netbios-ssn Eduard-PC:0 LISTENING
TCP eduard-pc:51462 channel-132-137.01.snc6.tfbnw.net:http ESTABLISHED
TCP eduard-pc:52056 209.85.149.18:https ESTABLISHED
TCP eduard-pc:52076 209.85.149.18:https ESTABLISHED
TCP eduard-pc:52149 www-13-02-snc5.facebook.com:http TIME_WAIT
TCP eduard-pc:52170 209.85.149.113:http TIME_WAIT
TCP eduard-pc:52175 209.85.149.113:http TIME_WAIT
TCP eduard-pc:52197 217.156.169.176:http TIME_WAIT
TCP eduard-pc:52199 217.156.169.176:http TIME_WAIT
TCP eduard-pc:52245 213.220.220.204:http TIME_WAIT
TCP eduard-pc:52248 212.47.26.209:http TIME_WAIT
TCP eduard-pc:52253 192.168.0.1:9393 TIME_WAIT
TCP eduard-pc:52254 192.168.0.1:http TIME_WAIT
TCP eduard-pc:52255 192.168.0.1:9393 TIME_WAIT
TCP eduard-pc:52256 192.168.0.1:http TIME_WAIT
TCP eduard-pc:52257 192.168.0.1:9393 TIME_WAIT
TCP eduard-pc:52270 212.47.26.210:http ESTABLISHED
TCP eduard-pc:52271 212.47.26.210:http ESTABLISHED
TCP eduard-pc:52272 212.47.26.210:http ESTABLISHED
TCP eduard-pc:52273 212.47.26.210:http ESTABLISHED
TCP eduard-pc:52274 212.47.26.210:http ESTABLISHED
TCP eduard-pc:52275 212.47.26.210:http ESTABLISHED
TCP eduard-pc:52279 192.168.0.1:9393 TIME_WAIT
TCP eduard-pc:52284 89.221.209.9:http ESTABLISHED
TCP eduard-pc:52287 209.85.149.104:http ESTABLISHED
TCP eduard-pc:52297 212.47.26.212:http ESTABLISHED
TCP eduard-pc:52298 212.47.26.212:http ESTABLISHED
TCP eduard-pc:52299 212.47.26.212:http ESTABLISHED
TCP eduard-pc:52301 212.47.26.212:http ESTABLISHED
TCP eduard-pc:52303 212.47.26.212:http ESTABLISHED
TCP eduard-pc:52304 212.47.26.212:http ESTABLISHED
TCP eduard-pc:52306 89.221.209.9:http TIME_WAIT
TCP eduard-pc:52324 213.220.220.204:http ESTABLISHED
TCP eduard-pc:52328 www-13-02-snc5.facebook.com:http ESTABLISHED
TCP eduard-pc:52329 192.168.0.1:9393 TIME_WAIT
TCP eduard-pc:52330 192.168.0.1:9393 TIME_WAIT
TCP eduard-pc:52332 64.213.102.10:http ESTABLISHED
TCP eduard-pc:52333 192.168.0.101:netbios-ssn TIME_WAIT
TCP eduard-pc:52334 192.168.0.101:netbios-ssn TIME_WAIT
UDP Eduard-PC:isakmp *:*
UDP Eduard-PC:ws-discovery *:*
UDP Eduard-PC:ws-discovery *:*
UDP Eduard-PC:ws-discovery *:*
UDP Eduard-PC:ws-discovery *:*
UDP Eduard-PC:ipsec-msft *:*
UDP Eduard-PC:5004 *:*
UDP Eduard-PC:5005 *:*
UDP Eduard-PC:llmnr *:*
UDP Eduard-PC:49154 *:*
UDP Eduard-PC:49156 *:*
UDP Eduard-PC:57418 *:*
UDP Eduard-PC:57420 *:*
UDP Eduard-PC:ssdp *:*
UDP Eduard-PC:49152 *:*
UDP Eduard-PC:49153 *:*
UDP Eduard-PC:59127 *:*
UDP Eduard-PC:60014 *:*
UDP Eduard-PC:62840 *:*
UDP eduard-pc:netbios-ns *:*
UDP eduard-pc:netbios-dgm *:*
UDP eduard-pc:ssdp *:*
UDP eduard-pc:5353 *:*
UDP eduard-pc:59126 *:*


po vypnuti DHT

[motji]

jsem zjistila, že v mém pc vlastně asi nic nemám, mám ten log tak pětinovej, možná ani to ne

Po vypnutí pořád odchází pakety?

[raskar89]

Ano, bohuzel porad

[motji]

Poprosím Vás o log ze Rsitu viz můj podpis.
Zkuste to i v nouzovém režimu, jestli taky odchází....
Povypínejte všechny zbytečně spuštěné programy.

[raskar89]

jeste bych se zeptal, proc porad prichazi provoz z te IP v USA? jak to blokuje comodo. da se to nejak zablokovat trvale?

[raskar89]

Logfile of random's system information tool 1.08 (written by random/random)
Run by Eduard at 2011-01-03 21:52:54
Microsoft Windows 7 Home Premium
System drive C: has 59 GB (49%) free of 119 GB
Total RAM: 3071 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:53:33, on 3.1.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\ASScrPro.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Eduard\Desktop\RSIT.exe
C:\Program Files\trend micro\Eduard.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8118
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0FC59343-0F1B-4E29-B9E5-E89F4FF7291C}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{1847B92A-B3C7-43F0-8C76-84FD0DD00B20}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{0FC59343-0F1B-4E29-B9E5-E89F4FF7291C}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{0FC59343-0F1B-4E29-B9E5-E89F4FF7291C}: NameServer = 156.154.70.25,156.154.71.25
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6841 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2413461409-2882023136-2989487530-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2413461409-2882023136-2989487530-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-10-14 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-07-02 13789728]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2009-05-05 1466368]
"ATKOSD2"=C:\Program Files\ATKOSD2\ATKOSD2.exe [2007-10-17 7737344]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1029416]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
"PowerForPhone"=C:\Program Files\P4P\P4P.exe [2007-08-02 778240]
"ASUS Camera ScreenSaver"=C:\Windows\ASScrProlog.exe [2010-09-07 37232]
"ASUS Screen Saver Protector"=C:\Windows\ASScrPro.exe [2010-09-07 33136]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-09-10 2500552]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-12-31 3395600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Eduard\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-20 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-07-22 150528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-12-13 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe -onlytray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-12-25 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
C:\Windows\Skytel.exe [2007-11-20 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-08-25 2424560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe [2010-10-27 5636136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Eduard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2009-02-26 97680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-01-03 17:24:12 ----A---- C:\Windows\system32\ACEngSvr.exe
2011-01-03 13:16:14 ----A---- C:\Windows\ntbtlog.txt
2011-01-03 02:12:31 ----A---- C:\Windows\gmer.ini
2011-01-03 02:12:26 ----A---- C:\Windows\system32\drivers\gmer.sys
2011-01-03 02:12:26 ----A---- C:\Windows\gmer_uninstall.cmd
2011-01-03 02:12:26 ----A---- C:\Windows\gmer.exe
2011-01-03 02:12:26 ----A---- C:\Windows\gmer.dll
2011-01-03 00:05:55 ----D---- C:\Program Files\PSPad editor
2011-01-02 23:08:18 ----RASH---- C:\MSDOS.SYS
2011-01-02 23:08:18 ----RASH---- C:\IO.SYS
2011-01-02 22:48:13 ----D---- C:\_OTL
2011-01-01 20:39:31 ----D---- C:\ProgramData\Kaspersky Lab
2011-01-01 18:25:14 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-01-01 18:25:14 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-01-01 18:25:14 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-01-01 18:25:14 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-01-01 18:25:14 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-01-01 18:25:06 ----A---- C:\Windows\system32\aswBoot.exe
2011-01-01 18:25:04 ----D---- C:\ProgramData\Alwil Software
2011-01-01 18:25:04 ----D---- C:\Program Files\Alwil Software
2011-01-01 18:14:50 ----D---- C:\ProgramData\MFAData
2011-01-01 16:24:33 ----A---- C:\ATKPF.ini
2010-12-30 13:35:48 ----D---- C:\Temp
2010-12-30 13:33:13 ----D---- C:\Program Files\Winnydows
2010-12-30 11:04:48 ----A---- C:\Windows\system32\acovcnt.exe
2010-12-30 11:03:33 ----SHD---- C:\$RECYCLE.BIN
2010-12-30 11:03:09 ----A---- C:\ComboFix.txt
2010-12-30 10:54:42 ----A---- C:\Windows\SWXCACLS.exe
2010-12-29 00:14:23 ----D---- C:\VritualRoot
2010-12-29 00:12:01 ----D---- C:\Program Files\COMODO
2010-12-29 00:11:02 ----D---- C:\ProgramData\Comodo
2010-12-28 23:28:33 ----A---- C:\Windows\zip.exe
2010-12-28 23:28:33 ----A---- C:\Windows\SWSC.exe
2010-12-28 23:28:33 ----A---- C:\Windows\SWREG.exe
2010-12-28 23:28:33 ----A---- C:\Windows\sed.exe
2010-12-28 23:28:33 ----A---- C:\Windows\PEV.exe
2010-12-28 23:28:33 ----A---- C:\Windows\NIRCMD.exe
2010-12-28 23:28:33 ----A---- C:\Windows\MBR.exe
2010-12-28 23:28:33 ----A---- C:\Windows\grep.exe
2010-12-28 23:28:26 ----D---- C:\Windows\ERDNT
2010-12-27 21:37:16 ----D---- C:\Qoobox
2010-12-24 22:37:03 ----D---- C:\Users\Eduard\AppData\Roaming\Apple Computer
2010-12-24 22:36:45 ----A---- C:\Windows\system32\GEARAspi.dll
2010-12-24 22:36:45 ----A---- C:\Windows\system32\drivers\GEARAspiWDM.sys
2010-12-24 22:36:21 ----D---- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-24 22:36:21 ----D---- C:\Program Files\iTunes
2010-12-24 22:36:21 ----D---- C:\Program Files\iPod
2010-12-24 22:35:29 ----D---- C:\ProgramData\Apple Computer
2010-12-24 22:35:29 ----D---- C:\Program Files\QuickTime
2010-12-24 22:35:18 ----D---- C:\Program Files\Apple Software Update
2010-12-24 22:34:58 ----D---- C:\Program Files\Bonjour
2010-12-24 22:34:54 ----D---- C:\ProgramData\Apple
2010-12-24 22:34:54 ----D---- C:\Program Files\Common Files\Apple
2010-12-24 00:39:46 ----A---- C:\Windows\system32\drivers\SBREDrv.sys
2010-12-17 18:42:16 ----D---- C:\Program Files\WinHTTrack
2010-12-15 10:30:07 ----D---- C:\4581386463297300e3bd92ebac10
2010-12-15 10:29:31 ----A---- C:\Windows\system32\webio.dll
2010-12-15 10:29:31 ----A---- C:\Windows\system32\consent.exe
2010-12-15 10:29:30 ----A---- C:\Windows\system32\tzres.dll
2010-12-15 10:29:26 ----A---- C:\Windows\system32\iertutil.dll
2010-12-15 10:29:26 ----A---- C:\Windows\system32\atmlib.dll
2010-12-15 10:29:26 ----A---- C:\Windows\system32\atmfd.dll
2010-12-15 10:29:25 ----A---- C:\Windows\system32\mstime.dll
2010-12-15 10:29:24 ----A---- C:\Windows\system32\mshtml.dll
2010-12-15 10:29:24 ----A---- C:\Windows\system32\ieframe.dll
2010-12-15 10:29:23 ----A---- C:\Windows\system32\wininet.dll
2010-12-15 10:29:23 ----A---- C:\Windows\system32\urlmon.dll
2010-12-15 10:29:23 ----A---- C:\Windows\system32\mshtmled.dll
2010-12-15 10:29:23 ----A---- C:\Windows\system32\msfeedssync.exe
2010-12-15 10:29:23 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-12-15 10:29:23 ----A---- C:\Windows\system32\msfeeds.dll
2010-12-15 10:29:23 ----A---- C:\Windows\system32\licmgr10.dll
2010-12-15 10:29:23 ----A---- C:\Windows\system32\jsproxy.dll
2010-12-15 10:29:23 ----A---- C:\Windows\system32\ieui.dll
2010-12-15 10:29:23 ----A---- C:\Windows\system32\iepeers.dll
2010-12-15 10:29:23 ----A---- C:\Windows\system32\iedkcs32.dll
2010-12-15 10:29:22 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-15 10:29:22 ----A---- C:\Windows\system32\taskschd.dll
2010-12-15 10:29:22 ----A---- C:\Windows\system32\taskeng.exe
2010-12-15 10:29:22 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-15 10:29:22 ----A---- C:\Windows\system32\schtasks.exe
2010-12-15 10:29:22 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-15 10:29:22 ----A---- C:\Windows\system32\oleaut32.dll
2010-12-15 10:29:21 ----A---- C:\Windows\system32\win32k.sys
2010-12-06 22:51:41 ----A---- C:\Windows\system32\binkw32.dll
2010-12-06 00:37:05 ----D---- C:\Users\Eduard\AppData\Roaming\Leadertech

======List of files/folders modified in the last 1 months======

2011-01-03 21:53:14 ----D---- C:\Windows\Temp
2011-01-03 21:53:14 ----D---- C:\Windows\Prefetch
2011-01-03 21:53:04 ----D---- C:\Program Files\trend micro
2011-01-03 21:36:47 ----D---- C:\Users\Eduard\AppData\Roaming\uTorrent
2011-01-03 17:39:04 ----D---- C:\Windows\system32\config
2011-01-03 17:30:55 ----D---- C:\ProgramData
2011-01-03 17:24:12 ----D---- C:\Windows\System32
2011-01-03 17:24:04 ----SHD---- C:\System Volume Information
2011-01-03 13:40:19 ----SD---- C:\Users\Eduard\AppData\Roaming\Microsoft
2011-01-03 13:16:14 ----D---- C:\Windows
2011-01-03 02:12:26 ----D---- C:\Windows\system32\drivers
2011-01-03 00:05:55 ----RD---- C:\Program Files
2011-01-02 23:26:42 ----D---- C:\Program Files\Mozilla Firefox
2011-01-02 23:19:54 ----DC---- C:\Windows\system32\DRVSTORE
2011-01-02 23:02:28 ----D---- C:\Program Files\ESET
2011-01-02 10:33:07 ----HD---- C:\Program Files\InstallShield Installation Information
2011-01-01 18:39:27 ----D---- C:\Windows\system32\catroot2
2011-01-01 18:38:58 ----D---- C:\Config.Msi
2011-01-01 18:38:25 ----D---- C:\Windows\system32\catroot
2011-01-01 18:25:13 ----SHD---- C:\Windows\Installer
2011-01-01 18:15:19 ----D---- C:\Windows\system32\DriverStore
2011-01-01 18:15:19 ----D---- C:\Windows\inf
2011-01-01 18:14:40 ----D---- C:\Program Files\Common Files
2010-12-30 12:58:55 ----D---- C:\KST 2
2010-12-30 12:26:16 ----D---- C:\Users\Eduard\AppData\Roaming\vlc
2010-12-30 12:12:08 ----D---- C:\Program Files\HP
2010-12-30 11:01:40 ----A---- C:\Windows\system.ini
2010-12-30 11:01:36 ----D---- C:\Windows\system32\drivers\etc
2010-12-30 11:00:03 ----D---- C:\Windows\AppPatch
2010-12-29 00:02:01 ----D---- C:\Windows\winsxs
2010-12-28 20:36:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-25 20:04:55 ----D---- C:\Users\Eduard\AppData\Roaming\Vidalia
2010-12-25 20:04:55 ----D---- C:\Users\Eduard\AppData\Roaming\Tor
2010-12-25 15:49:12 ----D---- C:\Windows\system32\drivers\UMDF
2010-12-25 10:47:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-24 22:35:40 ----D---- C:\Program Files\Internet Explorer
2010-12-24 22:35:20 ----D---- C:\Windows\system32\Tasks
2010-12-18 17:11:57 ----D---- C:\Windows\Tasks
2010-12-18 16:33:51 ----D---- C:\Program Files\Opera
2010-12-18 14:24:03 ----D---- C:\Program Files\Microsoft Silverlight
2010-12-16 18:44:59 ----D---- C:\Users\Eduard\AppData\Roaming\TrueCrypt
2010-12-16 18:34:05 ----D---- C:\Users\Eduard\AppData\Roaming\IrfanView
2010-12-16 17:36:39 ----D---- C:\Windows\debug
2010-12-15 17:02:29 ----D---- C:\Windows\rescache
2010-12-15 14:25:47 ----D---- C:\Windows\system32\migration
2010-12-15 14:25:47 ----D---- C:\Windows\system32\cs-CZ
2010-12-15 14:25:47 ----D---- C:\Program Files\Windows Mail
2010-12-15 10:32:53 ----D---- C:\ProgramData\Microsoft Help
2010-12-15 10:30:09 ----A---- C:\Windows\system32\MRT.exe
2010-12-12 11:45:14 ----D---- C:\Windows\system32\wdi
2010-12-04 18:12:22 ----D---- C:\Windows\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-09-29 308248]
R0 JGOGO;JMicron Hot-Plug Driver; C:\Windows\system32\DRIVERS\JGOGO.sys [2006-02-07 6912]
R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2007-04-11 48000]
R0 lullaby;lullaby; C:\Windows\system32\DRIVERS\lullaby.sys [2007-09-26 15416]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-12-31 23632]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-12-31 293968]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-12-31 47440]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2010-09-10 236088]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2010-09-10 30112]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2010-09-10 78504]
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2009-09-01 128016]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2010-09-07 231248]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-12-31 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-12-31 51280]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-08-08 45568]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2007-06-20 49664]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2009-07-14 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 NETw4v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-10-10 84992]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-05-05 1095808]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-10-01 1769984]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-06 196400]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
S1 37509211;37509211; C:\Windows\system32\DRIVERS\37509211.sys []
S1 90463701;90463701; C:\Windows\system32\DRIVERS\90463701.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 catchme;catchme; \??\C:\Users\Eduard\AppData\Local\Temp\catchme.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 RimUsb;zařízení BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2007-05-14 22656]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-09-28 41984]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-10-02 94208]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-07 94208]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-12-31 40384]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-09-10 1901056]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-06-01 647168]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-02 211488]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-06-01 327680]
R2 Secunia Update Agent;Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [2010-12-21 399416]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-12-13 820008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Secunia PSI Agent;Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [2010-12-21 987704]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-09-07 1343400]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-08 136176]

-----------------EOF-----------------

[motji]

Rsit je pro mě přehlednější nez OTl, těch 017 jsme si nevšimla
Tyhle IP adresy určitě neznáte?
O17 - HKLM\System\CCS\Services\Tcpip\..\{1847B92A-B3C7-43F0-8C76-84FD0DD00B20}: NameServer = 156.154.70.25,156.154.71.25
http://en.utrace.de/?query=156.154.70.25

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

[raskar89]

mockrat dekuji, ze se snazite pomoct program mam jiz nainstalovany, sken spoustim ted. Jinak ty IP mne nic nerikaji. Pouzivam obcas proxy, ale to je samozrejme ted vyple. Tor.

[motji]

Ta Ip adresa by měla být v pořádku, co jsem googlila. Uvidíme co vyhrabe mbam. Když tak si ji opíšete a zkusíme ji fixnout v HJt.

[raskar89]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5449

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3.1.2011 23:08:43
mbam-log-2011-01-03 (23-08-43).txt

Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 234541
Uplynulý čas: 1 hodin, 0 minut, 58 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[motji]

do zítřka pc sledujte...asi bych zkusila fixnout ty 017 a nastavit IP adresu podle svého poskytovatele

[raskar89]

poradila byste mne prosim, jak na to? uz jsem zapomnel jak se dostat v RSIT do toho okna, kde se to da fixnout :-/

[motji]

Ale nejdřív si opište tyto Ip adresy.
Ip adresa se Vám načítá automaticky? Pokud ne, měl by jste mít svoji IP adresu ve smlouvě s providerem. Pokud by jste se po dfixnutí a restartu nedostal na net, nastavte tyto adresy znovu.


spusťte přejmenované HJT C:\Program Files\trend micro\Eduard.exe , má tuto ikonku

- Klikněte na "Do a system scan only"
- U řádku
O17 - HKLM\System\CCS\Services\Tcpip\..\{0FC59343-0F1B-4E29-B9E5-E89F4FF7291C}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{1847B92A-B3C7-43F0-8C76-84FD0DD00B20}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{0FC59343-0F1B-4E29-B9E5-E89F4FF7291C}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{0FC59343-0F1B-4E29-B9E5-E89F4FF7291C}: NameServer = 156.154.70.25,156.154.71.25
- Dejte fajfku do čtverečku a zmáčkněte Fix checked
- restartujte pc

[motji]

Kolega mi říkal, že ty Ip adresy by měli být od comoda .
Jak dlouho comodo máte?

[raskar89]

asi 5 dnu.

Bohuzel to nepomohlo. Porad je tam ten uload 208B