Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu logu
no ak pise, ze neodpoveda, tak to ukonci - vycisti PC s CCleanerom a napis, ci su este nejake problemy
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Prosím o kontrolu logu
ono už po tom AVPTool to vypadá o 99% líp.. nepadá to, běží to.. nechová se to divně... ještě to vysleduju a dám konečnej verdikt..
každopádně moc děkuju
každopádně moc děkuju
Re: Prosím o kontrolu logu
aj za kolegynu motji: radi sme pomohli
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Prosím o kontrolu logu
Jestli ještě můžu poprosit, spusťte ten Otl jen tak, bez skriptu. Ráda bych si ještě pár věcí ověřila, jsem hrozně paranoidní 
. Pokud by se opět sekl, vypněte ho. Otestujte na www.virustotal.comC:\WINDOWS\system32\dboysb.sys
C:\WINDOWS\system32\dboysb.bat
C:\e.exe
-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.
tento bat soubor znáte?C:\WINDOWS\system32\dboysb.bat
Tento klíč v registru znáte, nastavovali jste si to takto?[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="ctfmon.exe
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu logu
C:\WINDOWS\system32\dboysb.sys - bez nákazy
C:\WINDOWS\system32\dboysb.bat něco našlo (viz níže):
BitDefender 7.2 2010.09.29 Trojan.Downloader.BAT.AACJ
F-Secure 9.0.15370.0 2010.09.29 Trojan.Downloader.BAT.AACJ
GData 21 2010.09.29 Trojan.Downloader.BAT.AACJ
Ikarus T3.1.1.90.0 2010.09.29 Trojan-Downloader.Bat
K7AntiVirus 9.63.2628 2010.09.28 EmailWorm
NOD32 5487 2010.09.28 BAT/TrojanDownloader.Ftp.NHN
nProtect 2010-09-28.01 2010.09.29 Trojan.Downloader.BAT.AACJ
Sophos 4.58.0 2010.09.29 Troj/Dldr-EJ
ten dávkovej soubor neznám
------------------------------------------------------------------
klíč registru jsem taky takhle nenastavoval.
a zde je log OTL:
OTL logfile created on: 29.9.2010 5:52:37 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Administrator\Plocha
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 73,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 6,61 Gb Free Space | 27,07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931,51 Gb Total Space | 678,06 Gb Free Space | 72,79% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 207,48 Gb Total Space | 94,62 Gb Free Space | 45,60% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SERVERSJG
Current User Name: administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.09.27 09:23:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
PRC - [2010.03.30 11:16:16 | 001,820,040 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010.03.30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2009.05.28 19:14:55 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wins.exe
PRC - [2009.02.17 10:19:33 | 000,449,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dns.exe
PRC - [2008.04.28 10:10:44 | 000,423,184 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe
PRC - [2008.04.28 10:08:34 | 000,552,208 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe
PRC - [2008.04.16 09:45:56 | 000,466,944 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\ServerView Agents\GlobalFlash\gf_agent.exe
PRC - [2008.04.15 08:55:12 | 000,016,384 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\RAID\amService.exe
PRC - [2007.05.21 20:39:26 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.05.21 20:39:26 | 000,792,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntfrs.exe
PRC - [2007.05.21 20:39:26 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logon.scr
PRC - [2007.05.21 20:39:26 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dfssvc.exe
PRC - [2007.05.21 20:39:26 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\llssrv.exe
PRC - [2007.05.21 20:39:26 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2007.05.21 20:39:26 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
PRC - [2007.05.21 20:39:26 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2007.05.21 20:39:26 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sbscrexe.exe
PRC - [2007.05.21 20:39:26 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
PRC - [2007.05.21 20:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2007.05.21 20:39:26 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\w3wp.exe
PRC - [2007.04.19 14:08:48 | 000,031,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\web server extensions\60\BIN\OWSTIMER.EXE
PRC - [2007.02.09 11:34:02 | 000,024,576 | ---- | M] (Oki Data Corporation) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHILDCS.EXE
PRC - [2006.09.27 14:05:24 | 000,270,336 | ---- | M] () -- C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe
PRC - [2006.09.27 14:05:24 | 000,069,632 | ---- | M] (LSI Logic Corporation) -- C:\Program Files\Fujitsu Siemens\RAID\bin\mr2kserv.exe
PRC - [2006.05.12 15:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2005.10.14 03:53:50 | 000,087,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2005.10.14 03:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
PRC - [2005.10.14 03:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2005.10.14 03:51:14 | 000,239,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2005.10.04 21:17:18 | 005,227,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\store.exe
PRC - [2005.08.25 19:10:14 | 008,920,064 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\mad.exe
PRC - [2005.08.25 19:10:02 | 003,217,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\exmgmt.exe
PRC - [2005.05.25 02:43:16 | 000,033,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe
PRC - [2003.06.03 09:23:09 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\events.exe
========== Modules (SafeList) ==========
MOD - [2010.09.27 09:23:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
MOD - [2007.05.21 20:39:26 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007.05.21 20:39:26 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2007.02.17 09:28:52 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Running] -- -- (WinHttpAutoProxySvc)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\WinHelp32.exe -- (WigfgnHelp32)
SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Storm\update\%SESSIONNAME%\udvre.cc3 -- (Themes)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\bits.dll -- (BITS)
SRV - [2010.03.30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.05.28 19:14:55 | 000,157,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wins.exe -- (WINS)
SRV - [2009.02.17 10:19:33 | 000,449,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dns.exe -- (DNS)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.04.28 10:10:44 | 000,423,184 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe -- (RemoteConnector)
SRV - [2008.04.28 10:08:34 | 000,552,208 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe -- (SrvCtrl)
SRV - [2008.04.16 09:45:56 | 000,466,944 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\GlobalFlash\gf_agent.exe -- (OfflineFlash)
SRV - [2008.04.15 08:55:12 | 000,016,384 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\amService.exe -- (amService)
SRV - [2007.05.21 20:39:26 | 000,792,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)
SRV - [2007.05.21 20:39:26 | 000,216,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2007.05.21 20:39:26 | 000,164,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)
SRV - [2007.05.21 20:39:26 | 000,094,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)
SRV - [2007.05.21 20:39:26 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)
SRV - [2007.05.21 20:39:26 | 000,069,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe -- (MSSEARCH)
SRV - [2007.05.21 20:39:26 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)
SRV - [2007.05.21 20:39:26 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)
SRV - [2007.05.21 20:39:26 | 000,040,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2007.05.21 20:39:26 | 000,040,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)
SRV - [2007.05.21 20:39:26 | 000,037,888 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\WINDOWS\system32\sbscrexe.exe -- (SBCore)
SRV - [2007.05.21 20:39:26 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (DHCPServer)
SRV - [2007.05.21 20:39:26 | 000,014,848 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\\System32\\svchost.exe -- (Iprip)
SRV - [2007.05.21 20:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) SMTP (Simple Mail Transfer Protocol)
SRV - [2007.05.21 20:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (RESvc)
SRV - [2007.05.21 20:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (POP3Svc)
SRV - [2007.05.21 20:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (NntpSvc) NNTP (Network News Transfer Protocol)
SRV - [2007.05.21 20:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2007.05.21 20:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IMAP4Svc)
SRV - [2007.05.21 20:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007.05.21 20:39:26 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)
SRV - [2007.04.19 14:08:48 | 000,031,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\BIN\OWSTIMER.EXE -- (SPTimer)
SRV - [2007.02.09 11:34:02 | 000,024,576 | ---- | M] (Oki Data Corporation) [Auto | Running] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHILDCS.EXE -- (OKI OPHI DCS Loader)
SRV - [2006.09.27 14:05:24 | 000,270,336 | ---- | M] () [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe -- (SpySer)
SRV - [2006.09.27 14:05:24 | 000,069,632 | ---- | M] (LSI Logic Corporation) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\bin\mr2kserv.exe -- (mr2kserv)
SRV - [2006.05.12 15:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2005.10.14 03:53:50 | 000,087,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005.10.14 03:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SQL Server (MSSQLSERVER)
SRV - [2005.10.14 03:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2005.10.14 03:51:14 | 000,239,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005.10.14 03:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005.10.04 21:17:18 | 005,227,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\store.exe -- (MSExchangeIS)
SRV - [2005.08.25 19:10:14 | 008,920,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\mad.exe -- (MSExchangeSA)
SRV - [2005.08.25 19:10:02 | 003,217,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\exmgmt.exe -- (MSExchangeMGMT)
SRV - [2005.08.25 18:34:34 | 003,592,704 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Exchsrvr\bin\emsmta.exe -- (MSExchangeMTA)
SRV - [2005.08.25 18:29:52 | 000,339,456 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Exchsrvr\bin\srsmain.exe -- (MSExchangeSRS)
SRV - [2005.05.25 02:43:16 | 000,033,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe -- (MSPOP3Connector)
SRV - [2003.06.03 09:23:09 | 000,094,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\events.exe -- (MSExchangeES)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\twju.sys -- (adjf)
DRV - [2009.10.20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009.09.23 11:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.04.28 10:09:34 | 000,025,104 | ---- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Stopped] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\ImbDrvNT.sys -- (ImbDrvNT)
DRV - [2008.04.28 10:09:32 | 000,089,104 | ---- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\ScSBB.sys -- (ScSBB)
DRV - [2007.09.14 17:15:00 | 000,392,192 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\MegaSR.sys -- (MegaSR)
DRV - [2007.05.21 20:39:26 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ClusDisk.sys -- (ClusDisk)
DRV - [2007.05.21 20:39:26 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Dfs.sys -- (DfsDriver)
DRV - [2007.04.13 13:33:34 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007.02.17 08:45:56 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2005.12.06 23:44:42 | 001,379,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.08.25 17:29:06 | 000,196,192 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\exifs.sys -- (EXIFS)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2158042360-509897017-4234702055-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
IE - HKU\S-1-5-21-2158042360-509897017-4234702055-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
IE - HKU\S-1-5-21-2158042360-509897017-4234702055-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.26 13:42:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.26 13:42:33 | 000,000,000 | ---D | M]
[2010.03.03 17:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Extensions
[2010.09.27 09:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\4x73brg9.default\extensions
[2010.03.16 16:13:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\4x73brg9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.03 17:04:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.09.26 13:42:21 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.09.26 13:42:21 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.09.26 13:42:22 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.09.26 13:42:22 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.09.26 13:42:22 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
Hosts file not found
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4 - HKLM..\Run: [DWPersistentQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\Správa serverů.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\slapakova\Nabídka Start\Programy\Po spuštění\Správa serverů.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\stavinoha\Nabídka Start\Programy\Po spuštění\Správa serverů.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2158042360-509897017-4234702055-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SJGFinancial.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O27 - HKLM IFEO\cacls.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O27 - HKLM IFEO\ftp.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O27 - HKLM IFEO\reg.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O27 - HKLM IFEO\sethc.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.13 15:34:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.10.30 08:21:13 | 000,000,067 | ---- | M] () - E:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0946dc2e-ca93-11dd-a646-0008543fac18}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDEULA.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.09.29 05:39:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010.09.27 13:46:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010.09.27 13:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.09.27 09:23:31 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2010.09.24 20:21:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010.09.24 20:19:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010.09.24 09:14:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
[2010.09.23 20:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.09.23 20:21:11 | 000,000,000 | ---D | C] -- C:\rsit
[2010.09.21 10:48:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.09.21 10:48:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.09.21 09:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune Pro
[2010.09.21 09:29:28 | 001,441,369 | ---- | C] (EFD Software ) -- C:\Documents and Settings\Administrator\Data aplikací\hdtunepro_460_trial.exe
[2010.09.16 20:11:03 | 000,000,000 | ---D | C] -- C:\HLServer
[2010.09.09 06:01:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.09.29 05:47:45 | 000,002,584 | ---- | M] () -- C:\WINDOWS\System32\licstr.cpa
[2010.09.29 05:39:38 | 000,005,953 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010.09.29 05:37:11 | 000,000,163 | ---- | M] () -- C:\WINDOWS\System32\arcconfig.xml
[2010.09.29 05:37:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.29 05:36:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.29 05:35:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.29 05:33:44 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010.09.29 05:26:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010.09.29 05:26:42 | 003,094,596 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\IconCache.db
[2010.09.28 21:00:00 | 000,000,812 | ---- | M] () -- C:\WINDOWS\tasks\Backup.job
[2010.09.28 12:00:00 | 000,000,750 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{040918b8-50ef-11dd-866e-806e6f6e6963}.job
[2010.09.27 13:46:11 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\CCleaner.lnk
[2010.09.27 09:23:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2010.09.24 19:16:57 | 000,003,999 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2010.09.24 14:51:03 | 000,001,246 | ---- | M] () -- C:\WINDOWS\System32\boot.dat
[2010.09.24 08:53:28 | 000,001,194 | -H-- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\Default.rdp
[2010.09.22 09:00:15 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\154232de.rdb
[2010.09.22 07:39:55 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\dcbfa27a.rdb
[2010.09.22 07:39:39 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\00042df7.iNi
[2010.09.22 07:39:26 | 000,000,125 | ---- | M] () -- C:\WINDOWS\System32\dboysb.bat
[2010.09.22 07:39:26 | 000,000,066 | ---- | M] () -- C:\WINDOWS\System32\dboysb.sys
[2010.09.21 09:29:28 | 001,441,369 | ---- | M] (EFD Software ) -- C:\Documents and Settings\Administrator\Data aplikací\hdtunepro_460_trial.exe
[2010.09.20 04:55:16 | 000,000,496 | ---- | M] () -- C:\WINDOWS\System32\On.reg
[2010.09.20 04:55:16 | 000,000,018 | ---- | M] () -- C:\WINDOWS\System32\install.bat
[2010.09.19 16:17:18 | 000,017,516 | ---- | M] () -- C:\WINDOWS\System32\OP3530.cah
[2010.09.19 16:13:36 | 000,001,400 | ---- | M] () -- C:\WINDOWS\System32\info.dat
[2010.09.14 06:17:25 | 000,001,692 | ---- | M] () -- C:\e.exe
[2010.09.08 07:38:46 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\SysS.ldb
[2010.09.08 07:38:44 | 000,065,536 | ---- | M] () -- C:\WINDOWS\System32\SysS.xml
[2010.09.02 11:42:28 | 000,096,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.09.02 11:34:46 | 001,095,518 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.09.02 11:34:46 | 001,087,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.09.02 11:34:46 | 000,308,132 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.09.02 11:34:45 | 002,833,950 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.09.02 11:34:45 | 000,330,820 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.09.27 13:46:11 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\CCleaner.lnk
[2010.09.23 01:30:43 | 000,002,584 | ---- | C] () -- C:\WINDOWS\System32\licstr.cpa
[2010.09.22 09:00:15 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\154232de.rdb
[2010.09.22 07:39:55 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\dcbfa27a.rdb
[2010.09.22 07:39:39 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\00042df7.iNi
[2010.09.22 07:39:26 | 000,000,125 | ---- | C] () -- C:\WINDOWS\System32\dboysb.bat
[2010.09.22 07:39:26 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\dboysb.sys
[2010.09.20 07:28:37 | 000,001,246 | ---- | C] () -- C:\WINDOWS\System32\boot.dat
[2010.09.20 04:54:57 | 000,000,496 | ---- | C] () -- C:\WINDOWS\System32\On.reg
[2010.09.20 04:54:57 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\install.bat
[2010.09.16 08:09:13 | 000,001,400 | ---- | C] () -- C:\WINDOWS\System32\info.dat
[2010.09.14 06:17:25 | 000,001,692 | ---- | C] () -- C:\e.exe
[2010.09.08 07:38:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\SysS.xml
[2010.09.08 07:38:44 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\SysS.ldb
[2009.11.23 16:49:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NICSettingTool.INI
[2009.11.23 16:16:26 | 000,000,251 | ---- | C] () -- C:\WINDOWS\OPHI.INI
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009.09.11 22:37:27 | 000,000,263 | ---- | C] () -- C:\WINDOWS\HELIQMR.INI
[2009.08.28 10:34:18 | 000,003,355 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2009.02.11 14:08:20 | 000,000,685 | ---- | C] () -- C:\WINDOWS\eporadce_0811.ini
[2009.01.23 14:41:41 | 000,000,272 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2008.07.16 19:46:59 | 000,003,999 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2008.07.13 16:57:31 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\fusioncache.dat
[2008.07.13 16:33:55 | 000,003,526 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008.07.13 16:24:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2008.07.13 16:23:07 | 000,044,291 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008.07.13 16:23:06 | 000,035,920 | ---- | C] () -- C:\WINDOWS\System32\nntpctrs.ini
[2008.07.13 16:23:06 | 000,002,069 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008.07.13 16:23:04 | 000,078,484 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008.07.13 16:23:04 | 000,015,645 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008.07.13 16:23:03 | 000,018,184 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008.07.13 16:17:34 | 000,024,120 | ---- | C] () -- C:\WINDOWS\System32\dnsperf.ini
[2008.07.13 16:14:25 | 000,004,626 | ---- | C] () -- C:\WINDOWS\System32\dhcpctrs.ini
[2008.07.13 15:07:03 | 000,179,577 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
[2008.07.13 15:06:50 | 000,051,600 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
[2008.07.13 15:06:50 | 000,039,968 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
[2008.07.13 15:06:50 | 000,010,209 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
[2008.07.13 15:06:25 | 000,022,725 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
[2008.07.13 15:06:21 | 000,022,854 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
========== LOP Check ==========
[2009.10.23 13:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Leadertech
[2009.12.30 17:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Wireshark
[2009.10.30 08:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Seagate
[2010.03.01 21:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\STORMWARE
[2009.04.22 07:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stavinoha\Data aplikací\STORMWARE
[2010.09.28 21:00:00 | 000,000,812 | ---- | M] () -- C:\WINDOWS\Tasks\Backup.job
[2010.09.29 05:27:47 | 000,032,554 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt
[2010.09.28 12:00:00 | 000,000,750 | ---- | M] () -- C:\WINDOWS\Tasks\ShadowCopyVolume{040918b8-50ef-11dd-866e-806e6f6e6963}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 34 bytes -> C:\Runonce:NUL
< End of report >
C:\WINDOWS\system32\dboysb.bat něco našlo (viz níže):
BitDefender 7.2 2010.09.29 Trojan.Downloader.BAT.AACJ
F-Secure 9.0.15370.0 2010.09.29 Trojan.Downloader.BAT.AACJ
GData 21 2010.09.29 Trojan.Downloader.BAT.AACJ
Ikarus T3.1.1.90.0 2010.09.29 Trojan-Downloader.Bat
K7AntiVirus 9.63.2628 2010.09.28 EmailWorm
NOD32 5487 2010.09.28 BAT/TrojanDownloader.Ftp.NHN
nProtect 2010-09-28.01 2010.09.29 Trojan.Downloader.BAT.AACJ
Sophos 4.58.0 2010.09.29 Troj/Dldr-EJ
ten dávkovej soubor neznám
------------------------------------------------------------------
klíč registru jsem taky takhle nenastavoval.
a zde je log OTL:
OTL logfile created on: 29.9.2010 5:52:37 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Administrator\Plocha
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 73,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 6,61 Gb Free Space | 27,07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931,51 Gb Total Space | 678,06 Gb Free Space | 72,79% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 207,48 Gb Total Space | 94,62 Gb Free Space | 45,60% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SERVERSJG
Current User Name: administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.09.27 09:23:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
PRC - [2010.03.30 11:16:16 | 001,820,040 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010.03.30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2009.05.28 19:14:55 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wins.exe
PRC - [2009.02.17 10:19:33 | 000,449,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dns.exe
PRC - [2008.04.28 10:10:44 | 000,423,184 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe
PRC - [2008.04.28 10:08:34 | 000,552,208 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe
PRC - [2008.04.16 09:45:56 | 000,466,944 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\ServerView Agents\GlobalFlash\gf_agent.exe
PRC - [2008.04.15 08:55:12 | 000,016,384 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\RAID\amService.exe
PRC - [2007.05.21 20:39:26 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.05.21 20:39:26 | 000,792,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntfrs.exe
PRC - [2007.05.21 20:39:26 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logon.scr
PRC - [2007.05.21 20:39:26 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dfssvc.exe
PRC - [2007.05.21 20:39:26 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\llssrv.exe
PRC - [2007.05.21 20:39:26 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2007.05.21 20:39:26 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
PRC - [2007.05.21 20:39:26 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2007.05.21 20:39:26 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sbscrexe.exe
PRC - [2007.05.21 20:39:26 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
PRC - [2007.05.21 20:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2007.05.21 20:39:26 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\w3wp.exe
PRC - [2007.04.19 14:08:48 | 000,031,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\web server extensions\60\BIN\OWSTIMER.EXE
PRC - [2007.02.09 11:34:02 | 000,024,576 | ---- | M] (Oki Data Corporation) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHILDCS.EXE
PRC - [2006.09.27 14:05:24 | 000,270,336 | ---- | M] () -- C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe
PRC - [2006.09.27 14:05:24 | 000,069,632 | ---- | M] (LSI Logic Corporation) -- C:\Program Files\Fujitsu Siemens\RAID\bin\mr2kserv.exe
PRC - [2006.05.12 15:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2005.10.14 03:53:50 | 000,087,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2005.10.14 03:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
PRC - [2005.10.14 03:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2005.10.14 03:51:14 | 000,239,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2005.10.04 21:17:18 | 005,227,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\store.exe
PRC - [2005.08.25 19:10:14 | 008,920,064 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\mad.exe
PRC - [2005.08.25 19:10:02 | 003,217,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\exmgmt.exe
PRC - [2005.05.25 02:43:16 | 000,033,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe
PRC - [2003.06.03 09:23:09 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\events.exe
========== Modules (SafeList) ==========
MOD - [2010.09.27 09:23:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
MOD - [2007.05.21 20:39:26 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007.05.21 20:39:26 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2007.02.17 09:28:52 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Running] -- -- (WinHttpAutoProxySvc)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\WinHelp32.exe -- (WigfgnHelp32)
SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Storm\update\%SESSIONNAME%\udvre.cc3 -- (Themes)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\bits.dll -- (BITS)
SRV - [2010.03.30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.05.28 19:14:55 | 000,157,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wins.exe -- (WINS)
SRV - [2009.02.17 10:19:33 | 000,449,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dns.exe -- (DNS)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.04.28 10:10:44 | 000,423,184 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe -- (RemoteConnector)
SRV - [2008.04.28 10:08:34 | 000,552,208 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe -- (SrvCtrl)
SRV - [2008.04.16 09:45:56 | 000,466,944 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\GlobalFlash\gf_agent.exe -- (OfflineFlash)
SRV - [2008.04.15 08:55:12 | 000,016,384 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\amService.exe -- (amService)
SRV - [2007.05.21 20:39:26 | 000,792,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)
SRV - [2007.05.21 20:39:26 | 000,216,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2007.05.21 20:39:26 | 000,164,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)
SRV - [2007.05.21 20:39:26 | 000,094,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)
SRV - [2007.05.21 20:39:26 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)
SRV - [2007.05.21 20:39:26 | 000,069,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe -- (MSSEARCH)
SRV - [2007.05.21 20:39:26 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)
SRV - [2007.05.21 20:39:26 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)
SRV - [2007.05.21 20:39:26 | 000,040,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2007.05.21 20:39:26 | 000,040,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)
SRV - [2007.05.21 20:39:26 | 000,037,888 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\WINDOWS\system32\sbscrexe.exe -- (SBCore)
SRV - [2007.05.21 20:39:26 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (DHCPServer)
SRV - [2007.05.21 20:39:26 | 000,014,848 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\\System32\\svchost.exe -- (Iprip)
SRV - [2007.05.21 20:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) SMTP (Simple Mail Transfer Protocol)
SRV - [2007.05.21 20:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (RESvc)
SRV - [2007.05.21 20:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (POP3Svc)
SRV - [2007.05.21 20:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (NntpSvc) NNTP (Network News Transfer Protocol)
SRV - [2007.05.21 20:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2007.05.21 20:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IMAP4Svc)
SRV - [2007.05.21 20:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007.05.21 20:39:26 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)
SRV - [2007.04.19 14:08:48 | 000,031,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\BIN\OWSTIMER.EXE -- (SPTimer)
SRV - [2007.02.09 11:34:02 | 000,024,576 | ---- | M] (Oki Data Corporation) [Auto | Running] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHILDCS.EXE -- (OKI OPHI DCS Loader)
SRV - [2006.09.27 14:05:24 | 000,270,336 | ---- | M] () [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe -- (SpySer)
SRV - [2006.09.27 14:05:24 | 000,069,632 | ---- | M] (LSI Logic Corporation) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\bin\mr2kserv.exe -- (mr2kserv)
SRV - [2006.05.12 15:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2005.10.14 03:53:50 | 000,087,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005.10.14 03:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SQL Server (MSSQLSERVER)
SRV - [2005.10.14 03:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2005.10.14 03:51:14 | 000,239,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005.10.14 03:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005.10.04 21:17:18 | 005,227,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\store.exe -- (MSExchangeIS)
SRV - [2005.08.25 19:10:14 | 008,920,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\mad.exe -- (MSExchangeSA)
SRV - [2005.08.25 19:10:02 | 003,217,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\exmgmt.exe -- (MSExchangeMGMT)
SRV - [2005.08.25 18:34:34 | 003,592,704 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Exchsrvr\bin\emsmta.exe -- (MSExchangeMTA)
SRV - [2005.08.25 18:29:52 | 000,339,456 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Exchsrvr\bin\srsmain.exe -- (MSExchangeSRS)
SRV - [2005.05.25 02:43:16 | 000,033,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe -- (MSPOP3Connector)
SRV - [2003.06.03 09:23:09 | 000,094,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\events.exe -- (MSExchangeES)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\twju.sys -- (adjf)
DRV - [2009.10.20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009.09.23 11:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.04.28 10:09:34 | 000,025,104 | ---- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Stopped] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\ImbDrvNT.sys -- (ImbDrvNT)
DRV - [2008.04.28 10:09:32 | 000,089,104 | ---- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\ScSBB.sys -- (ScSBB)
DRV - [2007.09.14 17:15:00 | 000,392,192 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\MegaSR.sys -- (MegaSR)
DRV - [2007.05.21 20:39:26 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ClusDisk.sys -- (ClusDisk)
DRV - [2007.05.21 20:39:26 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Dfs.sys -- (DfsDriver)
DRV - [2007.04.13 13:33:34 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007.02.17 08:45:56 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2005.12.06 23:44:42 | 001,379,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.08.25 17:29:06 | 000,196,192 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\exifs.sys -- (EXIFS)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2158042360-509897017-4234702055-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
IE - HKU\S-1-5-21-2158042360-509897017-4234702055-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
IE - HKU\S-1-5-21-2158042360-509897017-4234702055-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.26 13:42:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.26 13:42:33 | 000,000,000 | ---D | M]
[2010.03.03 17:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Extensions
[2010.09.27 09:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\4x73brg9.default\extensions
[2010.03.16 16:13:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\4x73brg9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.03 17:04:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.09.26 13:42:21 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.09.26 13:42:21 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.09.26 13:42:22 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.09.26 13:42:22 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.09.26 13:42:22 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
Hosts file not found
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4 - HKLM..\Run: [DWPersistentQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\Správa serverů.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\slapakova\Nabídka Start\Programy\Po spuštění\Správa serverů.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\stavinoha\Nabídka Start\Programy\Po spuštění\Správa serverů.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2158042360-509897017-4234702055-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SJGFinancial.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O27 - HKLM IFEO\cacls.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O27 - HKLM IFEO\ftp.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O27 - HKLM IFEO\reg.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O27 - HKLM IFEO\sethc.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.13 15:34:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.10.30 08:21:13 | 000,000,067 | ---- | M] () - E:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0946dc2e-ca93-11dd-a646-0008543fac18}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDEULA.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.09.29 05:39:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010.09.27 13:46:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010.09.27 13:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.09.27 09:23:31 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2010.09.24 20:21:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010.09.24 20:19:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010.09.24 09:14:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
[2010.09.23 20:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.09.23 20:21:11 | 000,000,000 | ---D | C] -- C:\rsit
[2010.09.21 10:48:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.09.21 10:48:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.09.21 09:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune Pro
[2010.09.21 09:29:28 | 001,441,369 | ---- | C] (EFD Software ) -- C:\Documents and Settings\Administrator\Data aplikací\hdtunepro_460_trial.exe
[2010.09.16 20:11:03 | 000,000,000 | ---D | C] -- C:\HLServer
[2010.09.09 06:01:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.09.29 05:47:45 | 000,002,584 | ---- | M] () -- C:\WINDOWS\System32\licstr.cpa
[2010.09.29 05:39:38 | 000,005,953 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010.09.29 05:37:11 | 000,000,163 | ---- | M] () -- C:\WINDOWS\System32\arcconfig.xml
[2010.09.29 05:37:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.29 05:36:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.29 05:35:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.29 05:33:44 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010.09.29 05:26:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010.09.29 05:26:42 | 003,094,596 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\IconCache.db
[2010.09.28 21:00:00 | 000,000,812 | ---- | M] () -- C:\WINDOWS\tasks\Backup.job
[2010.09.28 12:00:00 | 000,000,750 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{040918b8-50ef-11dd-866e-806e6f6e6963}.job
[2010.09.27 13:46:11 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\CCleaner.lnk
[2010.09.27 09:23:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2010.09.24 19:16:57 | 000,003,999 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2010.09.24 14:51:03 | 000,001,246 | ---- | M] () -- C:\WINDOWS\System32\boot.dat
[2010.09.24 08:53:28 | 000,001,194 | -H-- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\Default.rdp
[2010.09.22 09:00:15 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\154232de.rdb
[2010.09.22 07:39:55 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\dcbfa27a.rdb
[2010.09.22 07:39:39 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\00042df7.iNi
[2010.09.22 07:39:26 | 000,000,125 | ---- | M] () -- C:\WINDOWS\System32\dboysb.bat
[2010.09.22 07:39:26 | 000,000,066 | ---- | M] () -- C:\WINDOWS\System32\dboysb.sys
[2010.09.21 09:29:28 | 001,441,369 | ---- | M] (EFD Software ) -- C:\Documents and Settings\Administrator\Data aplikací\hdtunepro_460_trial.exe
[2010.09.20 04:55:16 | 000,000,496 | ---- | M] () -- C:\WINDOWS\System32\On.reg
[2010.09.20 04:55:16 | 000,000,018 | ---- | M] () -- C:\WINDOWS\System32\install.bat
[2010.09.19 16:17:18 | 000,017,516 | ---- | M] () -- C:\WINDOWS\System32\OP3530.cah
[2010.09.19 16:13:36 | 000,001,400 | ---- | M] () -- C:\WINDOWS\System32\info.dat
[2010.09.14 06:17:25 | 000,001,692 | ---- | M] () -- C:\e.exe
[2010.09.08 07:38:46 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\SysS.ldb
[2010.09.08 07:38:44 | 000,065,536 | ---- | M] () -- C:\WINDOWS\System32\SysS.xml
[2010.09.02 11:42:28 | 000,096,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.09.02 11:34:46 | 001,095,518 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.09.02 11:34:46 | 001,087,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.09.02 11:34:46 | 000,308,132 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.09.02 11:34:45 | 002,833,950 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.09.02 11:34:45 | 000,330,820 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.09.27 13:46:11 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\CCleaner.lnk
[2010.09.23 01:30:43 | 000,002,584 | ---- | C] () -- C:\WINDOWS\System32\licstr.cpa
[2010.09.22 09:00:15 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\154232de.rdb
[2010.09.22 07:39:55 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\dcbfa27a.rdb
[2010.09.22 07:39:39 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\00042df7.iNi
[2010.09.22 07:39:26 | 000,000,125 | ---- | C] () -- C:\WINDOWS\System32\dboysb.bat
[2010.09.22 07:39:26 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\dboysb.sys
[2010.09.20 07:28:37 | 000,001,246 | ---- | C] () -- C:\WINDOWS\System32\boot.dat
[2010.09.20 04:54:57 | 000,000,496 | ---- | C] () -- C:\WINDOWS\System32\On.reg
[2010.09.20 04:54:57 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\install.bat
[2010.09.16 08:09:13 | 000,001,400 | ---- | C] () -- C:\WINDOWS\System32\info.dat
[2010.09.14 06:17:25 | 000,001,692 | ---- | C] () -- C:\e.exe
[2010.09.08 07:38:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\SysS.xml
[2010.09.08 07:38:44 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\SysS.ldb
[2009.11.23 16:49:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NICSettingTool.INI
[2009.11.23 16:16:26 | 000,000,251 | ---- | C] () -- C:\WINDOWS\OPHI.INI
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009.09.11 22:37:27 | 000,000,263 | ---- | C] () -- C:\WINDOWS\HELIQMR.INI
[2009.08.28 10:34:18 | 000,003,355 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2009.02.11 14:08:20 | 000,000,685 | ---- | C] () -- C:\WINDOWS\eporadce_0811.ini
[2009.01.23 14:41:41 | 000,000,272 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2008.07.16 19:46:59 | 000,003,999 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2008.07.13 16:57:31 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\fusioncache.dat
[2008.07.13 16:33:55 | 000,003,526 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008.07.13 16:24:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2008.07.13 16:23:07 | 000,044,291 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008.07.13 16:23:06 | 000,035,920 | ---- | C] () -- C:\WINDOWS\System32\nntpctrs.ini
[2008.07.13 16:23:06 | 000,002,069 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008.07.13 16:23:04 | 000,078,484 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008.07.13 16:23:04 | 000,015,645 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008.07.13 16:23:03 | 000,018,184 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008.07.13 16:17:34 | 000,024,120 | ---- | C] () -- C:\WINDOWS\System32\dnsperf.ini
[2008.07.13 16:14:25 | 000,004,626 | ---- | C] () -- C:\WINDOWS\System32\dhcpctrs.ini
[2008.07.13 15:07:03 | 000,179,577 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
[2008.07.13 15:06:50 | 000,051,600 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
[2008.07.13 15:06:50 | 000,039,968 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
[2008.07.13 15:06:50 | 000,010,209 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
[2008.07.13 15:06:25 | 000,022,725 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
[2008.07.13 15:06:21 | 000,022,854 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
========== LOP Check ==========
[2009.10.23 13:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Leadertech
[2009.12.30 17:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Wireshark
[2009.10.30 08:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Seagate
[2010.03.01 21:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\STORMWARE
[2009.04.22 07:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stavinoha\Data aplikací\STORMWARE
[2010.09.28 21:00:00 | 000,000,812 | ---- | M] () -- C:\WINDOWS\Tasks\Backup.job
[2010.09.29 05:27:47 | 000,032,554 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt
[2010.09.28 12:00:00 | 000,000,750 | ---- | M] () -- C:\WINDOWS\Tasks\ShadowCopyVolume{040918b8-50ef-11dd-866e-806e6f6e6963}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 34 bytes -> C:\Runonce:NUL
< End of report >
Re: Prosím o kontrolu logu
ještě jsem zapomněl ten c:\e.exe
SUPERAntiSpyware 4.40.0.1006 2010.09.29 Rogue.Agent/Gen-Nullo[EXE]
SUPERAntiSpyware 4.40.0.1006 2010.09.29 Rogue.Agent/Gen-Nullo[EXE]
Re: Prosím o kontrolu logu
Ten soubor E.exe znáte? Podívejte se na datum vzniku[2010.09.14 06:17:25 | 000,001,692 | ---- | M] () -- C:\e.exe
:arrow:Ještě otestujte na www.virustotal.com
C:\WINDOWS\System32\154232de.rdb
C:\WINDOWS\System32\dcbfa27a.rdb
C:\WINDOWS\System32\00042df7.iNi
Soubor C:\WINDOWS\System32\dboysb.bat najděte, klikněte na něj levým mšítkem - otevřít jako - otevřít v notepadu a text vložte zde Ten klíč bude asi v pořádku, protože se jedná o server, tohle nastaení by jste měl znátO27 - HKLM IFEO\cacls.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O27 - HKLM IFEO\ftp.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O27 - HKLM IFEO\reg.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O27 - HKLM IFEO\sethc.exe: Debugger - ctfmon.exe (Microsoft Corporation)
Já tu budu zase až večer. Server neznám, proto se raději ujišťuji, nechci Vám něco odpálit
. Nicméně ten bat soubor se mi vůbec nezdá, i s tím druhým, i na google se o nich mluví v souvislosti s malware http://translate.google.cz/translate?hl ... s:official
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu logu
takže..
e.exe bohužel neznám. Ale podle data by to cca mohlo odpovídat, kdy server začal mít divné chování.
C:\WINDOWS\System32\154232de.rdb ok
C:\WINDOWS\System32\dcbfa27a.rdb ok
C:\WINDOWS\System32\00042df7.iNi ok
baťák obsahuje:
ftp -s:dboysb.sys
start C:\dboycao.exe
ping -n 10 127.0.0.1
start C:\dboycao.exe
del dboysb.sys
del dboysb.bat
del %0
koukal jsem, jestli nemůže něcpo takovýho využívat program, který na serveru běží (účetní), ale nenašel jsem žádne info, kde by o tom něco bylo...
e.exe bohužel neznám. Ale podle data by to cca mohlo odpovídat, kdy server začal mít divné chování.
C:\WINDOWS\System32\154232de.rdb ok
C:\WINDOWS\System32\dcbfa27a.rdb ok
C:\WINDOWS\System32\00042df7.iNi ok
baťák obsahuje:
ftp -s:dboysb.sys
start C:\dboycao.exe
ping -n 10 127.0.0.1
start C:\dboycao.exe
del dboysb.sys
del dboysb.bat
del %0
koukal jsem, jestli nemůže něcpo takovýho využívat program, který na serveru běží (účetní), ale nenašel jsem žádne info, kde by o tom něco bylo...
Re: Prosím o kontrolu logu
Máte udělanou zálohu, můžu ty soubory, co se mi nelíbí, smazat?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu logu
ano, zálohu mám. to zní, jak kdyby jste se tam dostal/a
záloha je, takže v pohodě můžem mazat
záloha je, takže v pohodě můžem mazat
Re: Prosím o kontrolu logu
myslíte do zálohy? To neano, zálohu mám. to zní, jak kdyby jste se tam dostal/a
, ale předpokládám že kvůli tomu serveru zálohu máte Jdeme to smazat
. Spustte OTL-do bílého okna dole skopírujte tento skript:
Kód: Vybrat vše
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
@Alternate Data Stream - 34 bytes -> C:\Runonce:NUL
04 - HKLM..\Run: [UserFaultCheck] File not found
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\dboycao.exe
C:\e.exe
C:\WINDOWS\System32\154232de.rdb
C:\WINDOWS\System32\dcbfa27a.rdb
C:\WINDOWS\System32\00042df7.iNi
C:\WINDOWS\System32\dboysb.bat
C:\WINDOWS\System32\dboysb.sys
:commands
[emptytemp]
[EMPTYFLASH]
[Reboot]-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu logu
zde je log:
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
ADS C:\Runonce:NUL deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\SET11.tmp moved successfully.
C:\WINDOWS\SET12.tmp moved successfully.
C:\WINDOWS\SET13.tmp moved successfully.
C:\WINDOWS\SET27.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET7.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2741.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2820.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7F9.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8ED.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9CE.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9F9.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA5B.tmp folder moved successfully.
C:\WINDOWS\inf\005\MSExchangeOMA\tmpDB6.tmp moved successfully.
C:\WINDOWS\inf\009\MSExchangeOMA\tmpDB6.tmp moved successfully.
C:\WINDOWS\inf\inc\MSExchangeOMA\tmpDB7.tmp moved successfully.
C:\WINDOWS\Installer\MSI6.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\system32\inetsrv\ASP Compiled Templates\PID1024.TMP folder moved successfully.
File\Folder C:\dboycao.exe not found.
C:\e.exe moved successfully.
C:\WINDOWS\System32\154232de.rdb moved successfully.
C:\WINDOWS\System32\dcbfa27a.rdb moved successfully.
C:\WINDOWS\System32\00042df7.iNi moved successfully.
C:\WINDOWS\System32\dboysb.bat moved successfully.
C:\WINDOWS\System32\dboysb.sys moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: 123
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: admin$
->Temp folder emptied: 2631298 bytes
->Temporary Internet Files folder emptied: 33274 bytes
User: Administrator
->Temp folder emptied: 62413418 bytes
->Temporary Internet Files folder emptied: 112642 bytes
->Java cache emptied: 39070354 bytes
->FireFox cache emptied: 43978688 bytes
->Flash cache emptied: 446 bytes
User: All Users
User: brezina
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 4252135 bytes
->Temporary Internet Files folder emptied: 402 bytes
User: pohoda
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: remote
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 23093992 bytes
User: slapakova
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: stavinoha
->Temp folder emptied: 1139144 bytes
->Temporary Internet Files folder emptied: 229778 bytes
->Java cache emptied: 31493331 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 74559 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 49351322 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 246,00 mb
[EMPTYFLASH]
User: 123
User: admin$
User: Administrator
->Flash cache emptied: 0 bytes
User: All Users
User: brezina
User: Default User
User: LocalService
User: NetworkService
User: pohoda
User: remote
User: slapakova
User: stavinoha
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.14.1 log created on 10032010_191801
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
ADS C:\Runonce:NUL deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\SET11.tmp moved successfully.
C:\WINDOWS\SET12.tmp moved successfully.
C:\WINDOWS\SET13.tmp moved successfully.
C:\WINDOWS\SET27.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET7.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2741.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2820.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7F9.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8ED.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9CE.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9F9.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA5B.tmp folder moved successfully.
C:\WINDOWS\inf\005\MSExchangeOMA\tmpDB6.tmp moved successfully.
C:\WINDOWS\inf\009\MSExchangeOMA\tmpDB6.tmp moved successfully.
C:\WINDOWS\inf\inc\MSExchangeOMA\tmpDB7.tmp moved successfully.
C:\WINDOWS\Installer\MSI6.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\system32\inetsrv\ASP Compiled Templates\PID1024.TMP folder moved successfully.
File\Folder C:\dboycao.exe not found.
C:\e.exe moved successfully.
C:\WINDOWS\System32\154232de.rdb moved successfully.
C:\WINDOWS\System32\dcbfa27a.rdb moved successfully.
C:\WINDOWS\System32\00042df7.iNi moved successfully.
C:\WINDOWS\System32\dboysb.bat moved successfully.
C:\WINDOWS\System32\dboysb.sys moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: 123
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: admin$
->Temp folder emptied: 2631298 bytes
->Temporary Internet Files folder emptied: 33274 bytes
User: Administrator
->Temp folder emptied: 62413418 bytes
->Temporary Internet Files folder emptied: 112642 bytes
->Java cache emptied: 39070354 bytes
->FireFox cache emptied: 43978688 bytes
->Flash cache emptied: 446 bytes
User: All Users
User: brezina
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 4252135 bytes
->Temporary Internet Files folder emptied: 402 bytes
User: pohoda
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: remote
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 23093992 bytes
User: slapakova
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: stavinoha
->Temp folder emptied: 1139144 bytes
->Temporary Internet Files folder emptied: 229778 bytes
->Java cache emptied: 31493331 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 74559 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 49351322 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 246,00 mb
[EMPTYFLASH]
User: 123
User: admin$
User: Administrator
->Flash cache emptied: 0 bytes
User: All Users
User: brezina
User: Default User
User: LocalService
User: NetworkService
User: pohoda
User: remote
User: slapakova
User: stavinoha
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.14.1 log created on 10032010_191801
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Re: Prosím o kontrolu logu
Fajn, poprosím o nový log z OTL.
Co počítač? Funguje všechno,jak má, nebo jsem něco odstřelila?
Co počítač? Funguje všechno,jak má, nebo jsem něco odstřelila?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu logu
log hodím. Jen nejdou aktualizace. Ale ty nešly ani před posledním krokem. Nestáhuje je. Při otevření window update se IE sekne.
Re: Prosím o kontrolu logu
OTL logfile created on: 3.10.2010 19:34:51 - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Administrator\Plocha
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 73,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 9,08 Gb Free Space | 37,21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931,51 Gb Total Space | 647,24 Gb Free Space | 69,48% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 207,48 Gb Total Space | 94,40 Gb Free Space | 45,50% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SERVERSJG
Current User Name: administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.09.27 09:23:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
PRC - [2010.03.30 11:16:16 | 001,820,040 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010.03.30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2009.05.28 19:14:55 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wins.exe
PRC - [2009.02.17 10:19:33 | 000,449,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dns.exe
PRC - [2008.04.28 10:10:44 | 000,423,184 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe
PRC - [2008.04.28 10:08:34 | 000,552,208 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe
PRC - [2008.04.16 09:45:56 | 000,466,944 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\ServerView Agents\GlobalFlash\gf_agent.exe
PRC - [2008.04.15 08:55:12 | 000,016,384 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\RAID\amService.exe
PRC - [2007.05.21 20:39:26 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.05.21 20:39:26 | 000,792,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntfrs.exe
PRC - [2007.05.21 20:39:26 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dfssvc.exe
PRC - [2007.05.21 20:39:26 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\llssrv.exe
PRC - [2007.05.21 20:39:26 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2007.05.21 20:39:26 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
PRC - [2007.05.21 20:39:26 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2007.05.21 20:39:26 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sbscrexe.exe
PRC - [2007.05.21 20:39:26 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
PRC - [2007.05.21 20:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2007.05.21 20:39:26 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\w3wp.exe
PRC - [2007.04.19 14:08:48 | 000,031,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\web server extensions\60\BIN\OWSTIMER.EXE
PRC - [2007.02.09 11:34:02 | 000,024,576 | ---- | M] (Oki Data Corporation) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHILDCS.EXE
PRC - [2006.09.27 14:05:24 | 000,270,336 | ---- | M] () -- C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe
PRC - [2006.09.27 14:05:24 | 000,069,632 | ---- | M] (LSI Logic Corporation) -- C:\Program Files\Fujitsu Siemens\RAID\bin\mr2kserv.exe
PRC - [2006.05.12 15:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2005.10.14 03:53:50 | 000,087,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2005.10.14 03:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
PRC - [2005.10.14 03:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2005.10.14 03:51:14 | 000,239,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2005.10.04 21:17:18 | 005,227,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\store.exe
PRC - [2005.08.25 19:10:14 | 008,920,064 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\mad.exe
PRC - [2005.08.25 19:10:02 | 003,217,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\exmgmt.exe
PRC - [2005.05.25 02:43:16 | 000,033,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe
PRC - [2003.06.03 09:23:09 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\events.exe
========== Modules (SafeList) ==========
MOD - [2010.09.27 09:23:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
MOD - [2007.05.21 20:39:26 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007.05.21 20:39:26 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2007.02.17 09:28:52 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Running] -- -- (WinHttpAutoProxySvc)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\WinHelp32.exe -- (WigfgnHelp32)
SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Storm\update\%SESSIONNAME%\udvre.cc3 -- (Themes)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\bits.dll -- (BITS)
SRV - [2010.03.30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.05.28 19:14:55 | 000,157,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wins.exe -- (WINS)
SRV - [2009.02.17 10:19:33 | 000,449,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dns.exe -- (DNS)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.04.28 10:10:44 | 000,423,184 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe -- (RemoteConnector)
SRV - [2008.04.28 10:08:34 | 000,552,208 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe -- (SrvCtrl)
SRV - [2008.04.16 09:45:56 | 000,466,944 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\GlobalFlash\gf_agent.exe -- (OfflineFlash)
SRV - [2008.04.15 08:55:12 | 000,016,384 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\amService.exe -- (amService)
SRV - [2007.05.21 20:39:26 | 000,792,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)
SRV - [2007.05.21 20:39:26 | 000,216,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2007.05.21 20:39:26 | 000,164,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)
SRV - [2007.05.21 20:39:26 | 000,094,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)
SRV - [2007.05.21 20:39:26 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)
SRV - [2007.05.21 20:39:26 | 000,069,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe -- (MSSEARCH)
SRV - [2007.05.21 20:39:26 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)
SRV - [2007.05.21 20:39:26 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)
SRV - [2007.05.21 20:39:26 | 000,040,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2007.05.21 20:39:26 | 000,040,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)
SRV - [2007.05.21 20:39:26 | 000,037,888 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\WINDOWS\system32\sbscrexe.exe -- (SBCore)
SRV - [2007.05.21 20:39:26 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (DHCPServer)
SRV - [2007.05.21 20:39:26 | 000,014,848 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\\System32\\svchost.exe -- (Iprip)
SRV - [2007.05.21 20:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) SMTP (Simple Mail Transfer Protocol)
SRV - [2007.05.21 20:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (RESvc)
SRV - [2007.05.21 20:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (POP3Svc)
SRV - [2007.05.21 20:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (NntpSvc) NNTP (Network News Transfer Protocol)
SRV - [2007.05.21 20:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2007.05.21 20:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IMAP4Svc)
SRV - [2007.05.21 20:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007.05.21 20:39:26 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)
SRV - [2007.04.19 14:08:48 | 000,031,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\BIN\OWSTIMER.EXE -- (SPTimer)
SRV - [2007.02.09 11:34:02 | 000,024,576 | ---- | M] (Oki Data Corporation) [Auto | Running] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHILDCS.EXE -- (OKI OPHI DCS Loader)
SRV - [2006.09.27 14:05:24 | 000,270,336 | ---- | M] () [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe -- (SpySer)
SRV - [2006.09.27 14:05:24 | 000,069,632 | ---- | M] (LSI Logic Corporation) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\bin\mr2kserv.exe -- (mr2kserv)
SRV - [2006.05.12 15:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2005.10.14 03:53:50 | 000,087,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005.10.14 03:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SQL Server (MSSQLSERVER)
SRV - [2005.10.14 03:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2005.10.14 03:51:14 | 000,239,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005.10.14 03:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005.10.04 21:17:18 | 005,227,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\store.exe -- (MSExchangeIS)
SRV - [2005.08.25 19:10:14 | 008,920,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\mad.exe -- (MSExchangeSA)
SRV - [2005.08.25 19:10:02 | 003,217,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\exmgmt.exe -- (MSExchangeMGMT)
SRV - [2005.08.25 18:34:34 | 003,592,704 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Exchsrvr\bin\emsmta.exe -- (MSExchangeMTA)
SRV - [2005.08.25 18:29:52 | 000,339,456 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Exchsrvr\bin\srsmain.exe -- (MSExchangeSRS)
SRV - [2005.05.25 02:43:16 | 000,033,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe -- (MSPOP3Connector)
SRV - [2003.06.03 09:23:09 | 000,094,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\events.exe -- (MSExchangeES)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\twju.sys -- (adjf)
DRV - [2009.10.20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009.09.23 11:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.04.28 10:09:34 | 000,025,104 | ---- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Stopped] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\ImbDrvNT.sys -- (ImbDrvNT)
DRV - [2008.04.28 10:09:32 | 000,089,104 | ---- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\ScSBB.sys -- (ScSBB)
DRV - [2007.09.14 17:15:00 | 000,392,192 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\MegaSR.sys -- (MegaSR)
DRV - [2007.05.21 20:39:26 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ClusDisk.sys -- (ClusDisk)
DRV - [2007.05.21 20:39:26 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Dfs.sys -- (DfsDriver)
DRV - [2007.04.13 13:33:34 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007.02.17 08:45:56 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2005.12.06 23:44:42 | 001,379,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.08.25 17:29:06 | 000,196,192 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\exifs.sys -- (EXIFS)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2158042360-509897017-4234702055-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
IE - HKU\S-1-5-21-2158042360-509897017-4234702055-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
IE - HKU\S-1-5-21-2158042360-509897017-4234702055-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.26 13:42:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.26 13:42:33 | 000,000,000 | ---D | M]
[2010.03.03 17:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Extensions
[2010.09.29 06:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\4x73brg9.default\extensions
[2010.03.16 16:13:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\4x73brg9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.03 17:04:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.09.26 13:42:21 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.09.26 13:42:21 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.09.26 13:42:22 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.09.26 13:42:22 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.09.26 13:42:22 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
Hosts file not found
O4 - HKLM..\Run: [DWPersistentQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\Správa serverů.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\slapakova\Nabídka Start\Programy\Po spuštění\Správa serverů.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\stavinoha\Nabídka Start\Programy\Po spuštění\Správa serverů.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2158042360-509897017-4234702055-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SJGFinancial.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O27 - HKLM IFEO\cacls.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O27 - HKLM IFEO\ftp.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O27 - HKLM IFEO\reg.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O27 - HKLM IFEO\sethc.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.13 15:34:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.10.30 08:21:13 | 000,000,067 | ---- | M] () - E:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0946dc2e-ca93-11dd-a646-0008543fac18}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDEULA.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.10.03 19:18:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.09.29 08:38:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010.09.29 05:39:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010.09.27 13:46:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010.09.27 13:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.09.27 09:23:31 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2010.09.24 20:21:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010.09.24 20:19:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010.09.24 09:14:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
[2010.09.23 20:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.09.23 20:21:11 | 000,000,000 | ---D | C] -- C:\rsit
[2010.09.21 10:48:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.09.21 10:48:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.09.21 09:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune Pro
[2010.09.21 09:29:28 | 001,441,369 | ---- | C] (EFD Software ) -- C:\Documents and Settings\Administrator\Data aplikací\hdtunepro_460_trial.exe
[2010.09.16 20:11:03 | 000,000,000 | ---D | C] -- C:\HLServer
[2010.09.09 06:01:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data
========== Files - Modified Within 30 Days ==========
[2010.10.03 19:29:23 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010.10.03 19:28:11 | 000,005,953 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010.10.03 19:24:59 | 000,000,163 | ---- | M] () -- C:\WINDOWS\System32\arcconfig.xml
[2010.10.03 19:23:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.10.03 19:23:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.03 19:19:37 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010.10.03 19:17:40 | 000,002,586 | ---- | M] () -- C:\WINDOWS\System32\licstr.cpa
[2010.10.03 17:41:08 | 000,000,812 | ---- | M] () -- C:\WINDOWS\tasks\Backup.job
[2010.10.01 12:00:00 | 000,000,750 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{040918b8-50ef-11dd-866e-806e6f6e6963}.job
[2010.10.01 05:38:53 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.29 05:26:42 | 003,094,596 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\IconCache.db
[2010.09.27 13:46:11 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\CCleaner.lnk
[2010.09.27 09:23:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2010.09.24 19:16:57 | 000,003,999 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2010.09.24 14:51:03 | 000,001,246 | ---- | M] () -- C:\WINDOWS\System32\boot.dat
[2010.09.24 08:53:28 | 000,001,194 | -H-- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\Default.rdp
[2010.09.21 09:29:28 | 001,441,369 | ---- | M] (EFD Software ) -- C:\Documents and Settings\Administrator\Data aplikací\hdtunepro_460_trial.exe
[2010.09.20 04:55:16 | 000,000,496 | ---- | M] () -- C:\WINDOWS\System32\On.reg
[2010.09.20 04:55:16 | 000,000,018 | ---- | M] () -- C:\WINDOWS\System32\install.bat
[2010.09.19 16:17:18 | 000,017,516 | ---- | M] () -- C:\WINDOWS\System32\OP3530.cah
[2010.09.19 16:13:36 | 000,001,400 | ---- | M] () -- C:\WINDOWS\System32\info.dat
[2010.09.08 07:38:46 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\SysS.ldb
[2010.09.08 07:38:44 | 000,065,536 | ---- | M] () -- C:\WINDOWS\System32\SysS.xml
========== Files Created - No Company Name ==========
[2010.09.27 13:46:11 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\CCleaner.lnk
[2010.09.23 01:30:43 | 000,002,586 | ---- | C] () -- C:\WINDOWS\System32\licstr.cpa
[2010.09.20 07:28:37 | 000,001,246 | ---- | C] () -- C:\WINDOWS\System32\boot.dat
[2010.09.20 04:54:57 | 000,000,496 | ---- | C] () -- C:\WINDOWS\System32\On.reg
[2010.09.20 04:54:57 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\install.bat
[2010.09.16 08:09:13 | 000,001,400 | ---- | C] () -- C:\WINDOWS\System32\info.dat
[2010.09.08 07:38:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\SysS.xml
[2010.09.08 07:38:44 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\SysS.ldb
[2009.11.23 16:49:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NICSettingTool.INI
[2009.11.23 16:16:26 | 000,000,251 | ---- | C] () -- C:\WINDOWS\OPHI.INI
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009.09.11 22:37:27 | 000,000,263 | ---- | C] () -- C:\WINDOWS\HELIQMR.INI
[2009.08.28 10:34:18 | 000,003,355 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2009.02.11 14:08:20 | 000,000,685 | ---- | C] () -- C:\WINDOWS\eporadce_0811.ini
[2009.01.23 14:41:41 | 000,000,272 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2008.07.16 19:46:59 | 000,003,999 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2008.07.13 16:57:31 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\fusioncache.dat
[2008.07.13 16:33:55 | 000,003,526 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008.07.13 16:24:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2008.07.13 16:23:07 | 000,044,291 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008.07.13 16:23:06 | 000,035,920 | ---- | C] () -- C:\WINDOWS\System32\nntpctrs.ini
[2008.07.13 16:23:06 | 000,002,069 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008.07.13 16:23:04 | 000,078,484 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008.07.13 16:23:04 | 000,015,645 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008.07.13 16:23:03 | 000,018,184 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008.07.13 16:17:34 | 000,024,120 | ---- | C] () -- C:\WINDOWS\System32\dnsperf.ini
[2008.07.13 16:14:25 | 000,004,626 | ---- | C] () -- C:\WINDOWS\System32\dhcpctrs.ini
[2008.07.13 15:07:03 | 000,179,577 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
[2008.07.13 15:06:50 | 000,051,600 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
[2008.07.13 15:06:50 | 000,039,968 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
[2008.07.13 15:06:50 | 000,010,209 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
[2008.07.13 15:06:25 | 000,022,725 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
[2008.07.13 15:06:21 | 000,022,854 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
========== LOP Check ==========
[2009.10.23 13:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Leadertech
[2009.12.30 17:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Wireshark
[2009.10.30 08:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Seagate
[2010.03.01 21:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\STORMWARE
[2009.04.22 07:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stavinoha\Data aplikací\STORMWARE
[2010.10.03 17:41:08 | 000,000,812 | ---- | M] () -- C:\WINDOWS\Tasks\Backup.job
[2010.10.03 19:20:03 | 000,032,554 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt
[2010.10.01 12:00:00 | 000,000,750 | ---- | M] () -- C:\WINDOWS\Tasks\ShadowCopyVolume{040918b8-50ef-11dd-866e-806e6f6e6963}.job
========== Purity Check ==========
< End of report >
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Administrator\Plocha
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 73,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 9,08 Gb Free Space | 37,21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931,51 Gb Total Space | 647,24 Gb Free Space | 69,48% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 207,48 Gb Total Space | 94,40 Gb Free Space | 45,50% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SERVERSJG
Current User Name: administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.09.27 09:23:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
PRC - [2010.03.30 11:16:16 | 001,820,040 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010.03.30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2009.05.28 19:14:55 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wins.exe
PRC - [2009.02.17 10:19:33 | 000,449,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dns.exe
PRC - [2008.04.28 10:10:44 | 000,423,184 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe
PRC - [2008.04.28 10:08:34 | 000,552,208 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe
PRC - [2008.04.16 09:45:56 | 000,466,944 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\ServerView Agents\GlobalFlash\gf_agent.exe
PRC - [2008.04.15 08:55:12 | 000,016,384 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\RAID\amService.exe
PRC - [2007.05.21 20:39:26 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.05.21 20:39:26 | 000,792,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntfrs.exe
PRC - [2007.05.21 20:39:26 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dfssvc.exe
PRC - [2007.05.21 20:39:26 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\llssrv.exe
PRC - [2007.05.21 20:39:26 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2007.05.21 20:39:26 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
PRC - [2007.05.21 20:39:26 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2007.05.21 20:39:26 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sbscrexe.exe
PRC - [2007.05.21 20:39:26 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
PRC - [2007.05.21 20:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2007.05.21 20:39:26 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\w3wp.exe
PRC - [2007.04.19 14:08:48 | 000,031,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\web server extensions\60\BIN\OWSTIMER.EXE
PRC - [2007.02.09 11:34:02 | 000,024,576 | ---- | M] (Oki Data Corporation) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHILDCS.EXE
PRC - [2006.09.27 14:05:24 | 000,270,336 | ---- | M] () -- C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe
PRC - [2006.09.27 14:05:24 | 000,069,632 | ---- | M] (LSI Logic Corporation) -- C:\Program Files\Fujitsu Siemens\RAID\bin\mr2kserv.exe
PRC - [2006.05.12 15:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2005.10.14 03:53:50 | 000,087,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2005.10.14 03:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
PRC - [2005.10.14 03:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2005.10.14 03:51:14 | 000,239,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2005.10.04 21:17:18 | 005,227,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\store.exe
PRC - [2005.08.25 19:10:14 | 008,920,064 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\mad.exe
PRC - [2005.08.25 19:10:02 | 003,217,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\exmgmt.exe
PRC - [2005.05.25 02:43:16 | 000,033,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe
PRC - [2003.06.03 09:23:09 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\events.exe
========== Modules (SafeList) ==========
MOD - [2010.09.27 09:23:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
MOD - [2007.05.21 20:39:26 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007.05.21 20:39:26 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2007.02.17 09:28:52 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Running] -- -- (WinHttpAutoProxySvc)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\WinHelp32.exe -- (WigfgnHelp32)
SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Storm\update\%SESSIONNAME%\udvre.cc3 -- (Themes)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\bits.dll -- (BITS)
SRV - [2010.03.30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.05.28 19:14:55 | 000,157,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wins.exe -- (WINS)
SRV - [2009.02.17 10:19:33 | 000,449,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dns.exe -- (DNS)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.04.28 10:10:44 | 000,423,184 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe -- (RemoteConnector)
SRV - [2008.04.28 10:08:34 | 000,552,208 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe -- (SrvCtrl)
SRV - [2008.04.16 09:45:56 | 000,466,944 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\GlobalFlash\gf_agent.exe -- (OfflineFlash)
SRV - [2008.04.15 08:55:12 | 000,016,384 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\amService.exe -- (amService)
SRV - [2007.05.21 20:39:26 | 000,792,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)
SRV - [2007.05.21 20:39:26 | 000,216,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2007.05.21 20:39:26 | 000,164,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)
SRV - [2007.05.21 20:39:26 | 000,094,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)
SRV - [2007.05.21 20:39:26 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)
SRV - [2007.05.21 20:39:26 | 000,069,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe -- (MSSEARCH)
SRV - [2007.05.21 20:39:26 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)
SRV - [2007.05.21 20:39:26 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)
SRV - [2007.05.21 20:39:26 | 000,040,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2007.05.21 20:39:26 | 000,040,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)
SRV - [2007.05.21 20:39:26 | 000,037,888 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\WINDOWS\system32\sbscrexe.exe -- (SBCore)
SRV - [2007.05.21 20:39:26 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (DHCPServer)
SRV - [2007.05.21 20:39:26 | 000,014,848 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\\System32\\svchost.exe -- (Iprip)
SRV - [2007.05.21 20:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) SMTP (Simple Mail Transfer Protocol)
SRV - [2007.05.21 20:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (RESvc)
SRV - [2007.05.21 20:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (POP3Svc)
SRV - [2007.05.21 20:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (NntpSvc) NNTP (Network News Transfer Protocol)
SRV - [2007.05.21 20:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2007.05.21 20:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IMAP4Svc)
SRV - [2007.05.21 20:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007.05.21 20:39:26 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)
SRV - [2007.04.19 14:08:48 | 000,031,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\BIN\OWSTIMER.EXE -- (SPTimer)
SRV - [2007.02.09 11:34:02 | 000,024,576 | ---- | M] (Oki Data Corporation) [Auto | Running] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHILDCS.EXE -- (OKI OPHI DCS Loader)
SRV - [2006.09.27 14:05:24 | 000,270,336 | ---- | M] () [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe -- (SpySer)
SRV - [2006.09.27 14:05:24 | 000,069,632 | ---- | M] (LSI Logic Corporation) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\bin\mr2kserv.exe -- (mr2kserv)
SRV - [2006.05.12 15:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2005.10.14 03:53:50 | 000,087,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005.10.14 03:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SQL Server (MSSQLSERVER)
SRV - [2005.10.14 03:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2005.10.14 03:51:14 | 000,239,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005.10.14 03:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005.10.04 21:17:18 | 005,227,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\store.exe -- (MSExchangeIS)
SRV - [2005.08.25 19:10:14 | 008,920,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\mad.exe -- (MSExchangeSA)
SRV - [2005.08.25 19:10:02 | 003,217,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\exmgmt.exe -- (MSExchangeMGMT)
SRV - [2005.08.25 18:34:34 | 003,592,704 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Exchsrvr\bin\emsmta.exe -- (MSExchangeMTA)
SRV - [2005.08.25 18:29:52 | 000,339,456 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Exchsrvr\bin\srsmain.exe -- (MSExchangeSRS)
SRV - [2005.05.25 02:43:16 | 000,033,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe -- (MSPOP3Connector)
SRV - [2003.06.03 09:23:09 | 000,094,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\events.exe -- (MSExchangeES)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\twju.sys -- (adjf)
DRV - [2009.10.20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009.09.23 11:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.04.28 10:09:34 | 000,025,104 | ---- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Stopped] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\ImbDrvNT.sys -- (ImbDrvNT)
DRV - [2008.04.28 10:09:32 | 000,089,104 | ---- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\ScSBB.sys -- (ScSBB)
DRV - [2007.09.14 17:15:00 | 000,392,192 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\MegaSR.sys -- (MegaSR)
DRV - [2007.05.21 20:39:26 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ClusDisk.sys -- (ClusDisk)
DRV - [2007.05.21 20:39:26 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Dfs.sys -- (DfsDriver)
DRV - [2007.04.13 13:33:34 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007.02.17 08:45:56 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2005.12.06 23:44:42 | 001,379,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.08.25 17:29:06 | 000,196,192 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\exifs.sys -- (EXIFS)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2158042360-509897017-4234702055-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
IE - HKU\S-1-5-21-2158042360-509897017-4234702055-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
IE - HKU\S-1-5-21-2158042360-509897017-4234702055-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.26 13:42:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.26 13:42:33 | 000,000,000 | ---D | M]
[2010.03.03 17:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Extensions
[2010.09.29 06:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\4x73brg9.default\extensions
[2010.03.16 16:13:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\4x73brg9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.03 17:04:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.09.26 13:42:21 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.09.26 13:42:21 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.09.26 13:42:22 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.09.26 13:42:22 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.09.26 13:42:22 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
Hosts file not found
O4 - HKLM..\Run: [DWPersistentQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\Správa serverů.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\slapakova\Nabídka Start\Programy\Po spuštění\Správa serverů.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\stavinoha\Nabídka Start\Programy\Po spuštění\Správa serverů.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2158042360-509897017-4234702055-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SJGFinancial.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O27 - HKLM IFEO\cacls.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O27 - HKLM IFEO\ftp.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O27 - HKLM IFEO\reg.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O27 - HKLM IFEO\sethc.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.13 15:34:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.10.30 08:21:13 | 000,000,067 | ---- | M] () - E:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0946dc2e-ca93-11dd-a646-0008543fac18}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDEULA.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.10.03 19:18:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.09.29 08:38:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010.09.29 05:39:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010.09.27 13:46:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010.09.27 13:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.09.27 09:23:31 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2010.09.24 20:21:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010.09.24 20:19:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010.09.24 09:14:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
[2010.09.23 20:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.09.23 20:21:11 | 000,000,000 | ---D | C] -- C:\rsit
[2010.09.21 10:48:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.09.21 10:48:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.09.21 09:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune Pro
[2010.09.21 09:29:28 | 001,441,369 | ---- | C] (EFD Software ) -- C:\Documents and Settings\Administrator\Data aplikací\hdtunepro_460_trial.exe
[2010.09.16 20:11:03 | 000,000,000 | ---D | C] -- C:\HLServer
[2010.09.09 06:01:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data
========== Files - Modified Within 30 Days ==========
[2010.10.03 19:29:23 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010.10.03 19:28:11 | 000,005,953 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010.10.03 19:24:59 | 000,000,163 | ---- | M] () -- C:\WINDOWS\System32\arcconfig.xml
[2010.10.03 19:23:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.10.03 19:23:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.03 19:19:37 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010.10.03 19:17:40 | 000,002,586 | ---- | M] () -- C:\WINDOWS\System32\licstr.cpa
[2010.10.03 17:41:08 | 000,000,812 | ---- | M] () -- C:\WINDOWS\tasks\Backup.job
[2010.10.01 12:00:00 | 000,000,750 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{040918b8-50ef-11dd-866e-806e6f6e6963}.job
[2010.10.01 05:38:53 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.29 05:26:42 | 003,094,596 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\IconCache.db
[2010.09.27 13:46:11 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\CCleaner.lnk
[2010.09.27 09:23:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2010.09.24 19:16:57 | 000,003,999 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2010.09.24 14:51:03 | 000,001,246 | ---- | M] () -- C:\WINDOWS\System32\boot.dat
[2010.09.24 08:53:28 | 000,001,194 | -H-- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\Default.rdp
[2010.09.21 09:29:28 | 001,441,369 | ---- | M] (EFD Software ) -- C:\Documents and Settings\Administrator\Data aplikací\hdtunepro_460_trial.exe
[2010.09.20 04:55:16 | 000,000,496 | ---- | M] () -- C:\WINDOWS\System32\On.reg
[2010.09.20 04:55:16 | 000,000,018 | ---- | M] () -- C:\WINDOWS\System32\install.bat
[2010.09.19 16:17:18 | 000,017,516 | ---- | M] () -- C:\WINDOWS\System32\OP3530.cah
[2010.09.19 16:13:36 | 000,001,400 | ---- | M] () -- C:\WINDOWS\System32\info.dat
[2010.09.08 07:38:46 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\SysS.ldb
[2010.09.08 07:38:44 | 000,065,536 | ---- | M] () -- C:\WINDOWS\System32\SysS.xml
========== Files Created - No Company Name ==========
[2010.09.27 13:46:11 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\CCleaner.lnk
[2010.09.23 01:30:43 | 000,002,586 | ---- | C] () -- C:\WINDOWS\System32\licstr.cpa
[2010.09.20 07:28:37 | 000,001,246 | ---- | C] () -- C:\WINDOWS\System32\boot.dat
[2010.09.20 04:54:57 | 000,000,496 | ---- | C] () -- C:\WINDOWS\System32\On.reg
[2010.09.20 04:54:57 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\install.bat
[2010.09.16 08:09:13 | 000,001,400 | ---- | C] () -- C:\WINDOWS\System32\info.dat
[2010.09.08 07:38:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\SysS.xml
[2010.09.08 07:38:44 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\SysS.ldb
[2009.11.23 16:49:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NICSettingTool.INI
[2009.11.23 16:16:26 | 000,000,251 | ---- | C] () -- C:\WINDOWS\OPHI.INI
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009.09.11 22:37:27 | 000,000,263 | ---- | C] () -- C:\WINDOWS\HELIQMR.INI
[2009.08.28 10:34:18 | 000,003,355 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2009.02.11 14:08:20 | 000,000,685 | ---- | C] () -- C:\WINDOWS\eporadce_0811.ini
[2009.01.23 14:41:41 | 000,000,272 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2008.07.16 19:46:59 | 000,003,999 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2008.07.13 16:57:31 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\fusioncache.dat
[2008.07.13 16:33:55 | 000,003,526 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008.07.13 16:24:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2008.07.13 16:23:07 | 000,044,291 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008.07.13 16:23:06 | 000,035,920 | ---- | C] () -- C:\WINDOWS\System32\nntpctrs.ini
[2008.07.13 16:23:06 | 000,002,069 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008.07.13 16:23:04 | 000,078,484 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008.07.13 16:23:04 | 000,015,645 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008.07.13 16:23:03 | 000,018,184 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008.07.13 16:17:34 | 000,024,120 | ---- | C] () -- C:\WINDOWS\System32\dnsperf.ini
[2008.07.13 16:14:25 | 000,004,626 | ---- | C] () -- C:\WINDOWS\System32\dhcpctrs.ini
[2008.07.13 15:07:03 | 000,179,577 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
[2008.07.13 15:06:50 | 000,051,600 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
[2008.07.13 15:06:50 | 000,039,968 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
[2008.07.13 15:06:50 | 000,010,209 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
[2008.07.13 15:06:25 | 000,022,725 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
[2008.07.13 15:06:21 | 000,022,854 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
========== LOP Check ==========
[2009.10.23 13:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Leadertech
[2009.12.30 17:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Wireshark
[2009.10.30 08:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Seagate
[2010.03.01 21:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\STORMWARE
[2009.04.22 07:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stavinoha\Data aplikací\STORMWARE
[2010.10.03 17:41:08 | 000,000,812 | ---- | M] () -- C:\WINDOWS\Tasks\Backup.job
[2010.10.03 19:20:03 | 000,032,554 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt
[2010.10.01 12:00:00 | 000,000,750 | ---- | M] () -- C:\WINDOWS\Tasks\ShadowCopyVolume{040918b8-50ef-11dd-866e-806e6f6e6963}.job
========== Purity Check ==========
< End of report >
Přispějete na provoz fóra?