VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu logu RSIT

https://forum.viry.cz:443/viewtopic.php?t=100085

Stránka 1 z 3

Prosím o kontrolu logu RSIT

Napsal: 14 dub 2010 18:09
od gugacka
Dobrý den, prosím Vás o kontrolu logu, počítač je zpomalený, nejdou stahovat aktualizace, nejspíš bude zavirovaný

Logfile of random's system information tool 1.06 (written by random/random)
Run by Lynx at 2010-04-14 19:04:43
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 63 GB (83%) free of 76 GB
Total RAM: 447 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:05:13, on 14.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
H:\hores9\whores.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Lynx\Plocha\RSIT.exe
C:\Program Files\trend micro\Lynx.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NOD32 Control Center.lnk = C:\Program Files\ESET\nod32kui.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {5067a26b-1337-4436-8afe-ee169c2da79f} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067a26b-1337-4436-8afe-ee169c2da79f} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77bf5300-1474-4ec7-9980-d32b190e9b07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8074378953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8075251500
O16 - DPF: {d27cdb6e-ae6d-11cf-96b8-444553530000} - https://fpdownload.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - https://download.macromedia.com/pub/sho ... wflash.cab
O16 - DPF: {EE220EF6-0F76-11D4-A68E-00104B34DE39} (DmanEdX Control) - http://dw.czso.cz/pls/vykwww/download2? ... dmaned.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD8DDAF9-34DE-44C7-9313-E122797EA976}: NameServer = 194.228.41.65,194.228.41.113
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 5777 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-725047959-2584757511-4149722517-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-725047959-2584757511-4149722517-1004.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22bf413b-c6d2-4d91-82a9-a0f997ba588c}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 440056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"=C:\Program Files\VIAudioi\SBADeck\ADeck.exe [2006-07-26 540672]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-10-07 1461080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\602PC SUITE PDF Saver]
C:\Program Files\Common Files\soft602\pdfSaver.exe [2005-08-31 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe [2006-11-09 49263]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
C:\WINDOWS\system32\VTTimer.exe [2005-03-08 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
C:\WINDOWS\system32\VTtrayp.exe [2006-03-23 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Spybot - Search & Destroy.lnk]
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
NOD32 Control Center.lnk - C:\Program Files\ESET\nod32kui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Windows Media(TM) Audio (wma)"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Lynx\Local Settings\Data aplikací\CrossLoop\CrossLoopConnect.exe"="C:\Documents and Settings\Lynx\Local Settings\Data aplikací\CrossLoop\CrossLoopConnect.exe:*:Enabled:CrossLoop - Simple Secure Screen Sharing"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-04-10 22:11:07 ----D---- C:\finalburner
2010-04-10 22:09:20 ----D---- C:\Program Files\FinalBurner
2010-04-10 21:56:47 ----A---- C:\WINDOWS\system32\TwnLib4.dll
2010-04-10 21:56:47 ----A---- C:\WINDOWS\system32\imagXRA7.dll
2010-04-10 21:56:47 ----A---- C:\WINDOWS\system32\imagXR7.dll
2010-04-10 21:56:46 ----A---- C:\WINDOWS\system32\imagXpr7.dll
2010-04-10 21:56:46 ----A---- C:\WINDOWS\system32\imagX7.dll
2010-04-10 21:56:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nero
2010-04-10 21:56:42 ----D---- C:\Program Files\Common Files\Nero
2010-04-06 23:08:10 ----D---- C:\Program Files\trend micro
2010-04-06 23:08:07 ----D---- C:\rsit
2010-04-06 23:01:45 ----D---- C:\WINDOWS\LastGood
2010-04-06 22:30:52 ----A---- C:\WINDOWS\cdplayer.ini
2010-04-06 22:30:24 ----A---- C:\mbam-error.txt
2010-04-06 19:45:59 ----D---- C:\Program Files\Defraggler
2010-04-01 19:34:29 ----A---- C:\WINDOWS\system32\DBCLIENT.DLL
2010-04-01 19:34:25 ----D---- C:\Program Files\Common Files\Borland Shared
2010-04-01 19:33:25 ----D---- C:\Program Files\ProFact 3.0 Free

======List of files/folders modified in the last 1 months======

2010-04-14 18:49:51 ----D---- C:\WINDOWS\Temp
2010-04-13 21:40:39 ----D---- C:\WINDOWS\Prefetch
2010-04-10 22:09:20 ----RD---- C:\Program Files
2010-04-10 21:57:36 ----D---- C:\Program Files\Nero
2010-04-10 21:56:47 ----D---- C:\WINDOWS\system32
2010-04-10 21:56:42 ----SHD---- C:\WINDOWS\Installer
2010-04-10 21:56:42 ----SHD---- C:\Config.Msi
2010-04-10 21:56:42 ----D---- C:\Program Files\Common Files
2010-04-10 21:56:41 ----D---- C:\WINDOWS\WinSxS
2010-04-10 21:56:41 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-04-07 00:00:07 ----D---- C:\Program Files\ICQToolbar
2010-04-06 23:02:02 ----HD---- C:\WINDOWS\inf
2010-04-06 23:02:02 ----D---- C:\WINDOWS\Help
2010-04-06 23:02:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-06 23:01:45 ----D---- C:\WINDOWS
2010-04-06 23:01:44 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-06 23:00:12 ----HDC---- C:\WINDOWS\$NtUninstallKB921398$
2010-04-06 23:00:12 ----D---- C:\WINDOWS\system32\drivers
2010-04-06 22:59:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-06 22:32:39 ----D---- C:\Program Files\Real
2010-04-06 22:32:39 ----D---- C:\Program Files\Common Files\Real
2010-04-06 22:32:29 ----D---- C:\Documents and Settings\Lynx\Data aplikací\Real
2010-04-06 22:31:03 ----SD---- C:\WINDOWS\Tasks
2010-04-06 22:30:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-06 22:28:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Real
2010-04-06 22:27:49 ----A---- C:\WINDOWS\system32\msvcr71.dll
2010-04-06 22:27:48 ----A---- C:\WINDOWS\system32\msvcp71.dll
2010-04-06 22:26:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-06 22:23:31 ----D---- C:\Documents and Settings\Lynx\Data aplikací\Skype
2010-04-06 19:44:35 ----D---- C:\Program Files\CCleaner

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2009-10-07 54184]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-10-07 35168]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-10-07 40824]
R3 Dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-14 206976]
R3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-03-15 43008]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2006-04-13 252416]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2006-04-13 204160]
S1 4bc053d3;4bc053d3; C:\WINDOWS\System32\drivers\4bc053d3.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-10-07 472280]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-10-07 20680]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

díky

Re: Prosím o kontrolu logu RSIT

Napsal: 14 dub 2010 18:14
od Caroprd111
Zdravím :)


Obrázek Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
  • Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
CREATERESTOREPOINT
  • Označte položku Pro všechny uživatele.
  • Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
  • Klikněte na tlačítko Prohledat
  • Po dokončení, sem vložte logy OTL.Txt a Extras.txt


Obrázek Doporučuji odinstalovat:
C:\Program Files\BitComet\BitComet.exe

P2P sítě a jejich klienti jsou potenciálním bezpečnostním rizikem, prakticky neustále jsou zdrojem virů, zbytečně se vystavujete riziku.

Re: Prosím o kontrolu logu RSIT

Napsal: 14 dub 2010 18:20
od gugacka
tak na otl se pracuje a ten bitcomet či co to mělo být tady na počítači není nainstalován, kde by to mělo být, ani Start/programy, ani program files, ani ccleaner odinstalátor, nikde nic?

Re: Prosím o kontrolu logu RSIT

Napsal: 14 dub 2010 18:21
od Caroprd111
Ok, bude to asi jen nějaký zbytek. :)

Re: Prosím o kontrolu logu RSIT

Napsal: 14 dub 2010 18:25
od gugacka
OTL logfile created on: 14.4.2010 19:18:32 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Lynx\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

447,00 Mb Total Physical Memory | 118,00 Mb Available Physical Memory | 26,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 61,72 Gb Free Space | 82,82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 428,39 Gb Total Space | 43,36 Gb Free Space | 10,12% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: RECEPCE1
Current User Name: Lynx
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.04.14 19:17:10 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lynx\Plocha\OTL.exe
PRC - [2009.10.07 10:16:50 | 000,472,280 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009.10.07 10:15:42 | 001,461,080 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.07.26 14:19:06 | 000,540,672 | R--- | M] (VIA Technologies, Inc.) -- C:\Program Files\VIAudioi\SBADeck\ADeck.exe
PRC - [2005.03.07 02:51:00 | 000,032,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe


========== Modules (SafeList) ==========

MOD - [2010.04.14 19:17:10 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lynx\Plocha\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009.10.07 10:21:14 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.10.07 10:16:50 | 000,472,280 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)


========== Driver Services (SafeList) ==========

DRV - [2009.10.07 10:18:36 | 000,035,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009.10.07 10:12:22 | 000,054,184 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2009.10.07 10:11:10 | 000,040,824 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2006.07.01 22:42:58 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.04.13 14:09:56 | 000,204,160 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2006.02.23 11:39:06 | 000,011,264 | R--- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2006.02.23 11:38:32 | 000,009,728 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2004.08.04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-725047959-2584757511-4149722517-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-725047959-2584757511-4149722517-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-725047959-2584757511-4149722517-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchT ... f8&oe=utf8
IE - HKU\S-1-5-21-725047959-2584757511-4149722517-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-725047959-2584757511-4149722517-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-725047959-2584757511-4149722517-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2008.11.13 13:24:02 | 000,288,468 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 9941 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKU\S-1-5-21-725047959-2584757511-4149722517-1004\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\S-1-5-21-725047959-2584757511-4149722517-1004\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKU\S-1-5-21-725047959-2584757511-4149722517-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\NOD32 Control Center.lnk = C:\Program Files\ESET\nod32kui.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-725047959-2584757511-4149722517-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\NPJPI150_10.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067a26b-1337-4436-8afe-ee169c2da79f} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77bf5300-1474-4ec7-9980-d32b190e9b07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/ ... ontrol.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 8074378953 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 8075251500 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdat ... /opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {d27cdb6e-ae6d-11cf-96b8-444553530000} https://fpdownload.macromedia.com/get/s ... wflash.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} https://download.macromedia.com/pub/sho ... wflash.cab (Reg Error: Key error.)
O16 - DPF: {EE220EF6-0F76-11D4-A68E-00104B34DE39} http://dw.czso.cz/pls/vykwww/download2? ... dmaned.cab (DmanEdX Control)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Lynx\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lynx\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (digiwet.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.04 16:24:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006.09.04 16:24:20 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55745656140070912)

========== Files/Folders - Created Within 30 Days ==========

[2010.04.14 19:17:01 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lynx\Plocha\OTL.exe
[2010.04.10 22:11:07 | 000,000,000 | ---D | C] -- C:\finalburner
[2010.04.10 22:09:20 | 000,000,000 | ---D | C] -- C:\Program Files\FinalBurner
[2010.04.10 21:56:47 | 000,802,816 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\imagXRA7.dll
[2010.04.10 21:56:47 | 000,368,640 | ---- | C] (Pegasus Imaging Corporation) -- C:\WINDOWS\System32\TwnLib4.dll
[2010.04.10 21:56:47 | 000,258,048 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\imagXR7.dll
[2010.04.10 21:56:46 | 001,757,184 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\imagX7.dll
[2010.04.10 21:56:46 | 000,497,296 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\imagXpr7.dll
[2010.04.10 21:56:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Nero
[2010.04.10 21:56:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010.04.06 23:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.04.06 23:08:07 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.06 23:01:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010.04.06 19:52:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Lynx\Recent
[2010.04.06 19:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2010.04.01 20:41:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lynx\Local Settings\Data aplikací\CrossLoop
[2010.04.01 19:34:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Borland Shared
[2010.04.01 19:33:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lynx\Local Settings\Data aplikací\eXmind
[2010.04.01 19:33:25 | 000,000,000 | ---D | C] -- C:\Program Files\ProFact 3.0 Free
[2009.11.29 16:55:48 | 017,013,088 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-CSY.exe
[2009.11.29 14:58:39 | 002,025,768 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2009.03.25 22:15:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2009.02.12 02:33:18 | 013,338,096 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer11GOLD.exe
[2008.08.04 20:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET
[2008.06.03 19:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2007.12.23 14:18:08 | 014,147,536 | ---- | C] (Macrovision Corporation) -- C:\Program Files\Install_ICQ6.exe
[2007.05.12 07:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Help
[2007.05.12 07:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\Help
[2006.09.04 16:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2006.09.04 16:24:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.04.14 19:17:10 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lynx\Plocha\OTL.exe
[2010.04.14 12:52:52 | 000,012,463 | ---- | M] () -- C:\Documents and Settings\Lynx\intlname.ols
[2010.04.14 09:36:28 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Lynx\Dokumenty\počítadla Lobby.xls
[2010.04.13 22:31:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-725047959-2584757511-4149722517-1004.job
[2010.04.13 12:58:22 | 000,324,608 | ---- | M] () -- C:\Documents and Settings\Lynx\Dokumenty\Ceník - pasant 2010.wpd
[2010.04.13 12:56:39 | 000,002,561 | ---- | M] () -- C:\Documents and Settings\Lynx\Plocha\MS Word 2003.lnk
[2010.04.13 12:01:58 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\Lynx\NTUSER.DAT
[2010.04.11 16:55:27 | 005,387,776 | ---- | M] () -- C:\Documents and Settings\Lynx\Plocha\CUP - výpočet.xls
[2010.04.11 15:27:31 | 000,050,032 | ---- | M] () -- C:\Documents and Settings\Lynx\Plocha\211-10.pdf
[2010.04.10 21:34:47 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Lynx\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.08 11:04:38 | 000,049,566 | ---- | M] () -- C:\Documents and Settings\Lynx\Plocha\207-10.pdf
[2010.04.06 23:07:36 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\Lynx\Plocha\RSIT.exe
[2010.04.06 23:05:24 | 003,908,251 | ---- | M] () -- C:\Documents and Settings\Lynx\Plocha\ComboFix.exe
[2010.04.06 23:00:51 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.06 23:00:36 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-725047959-2584757511-4149722517-1004.job
[2010.04.06 23:00:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.06 23:00:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.06 23:00:25 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.06 22:59:50 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\Lynx\ntuser.ini
[2010.04.06 22:30:52 | 000,000,049 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010.04.06 22:27:49 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2010.04.06 22:27:48 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2010.04.06 22:26:43 | 000,723,102 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.06 22:26:43 | 000,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.06 22:26:43 | 000,312,970 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.04.06 22:26:43 | 000,047,206 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.04.06 22:26:43 | 000,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.06 19:46:10 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\Lynx\Plocha\Defraggler.lnk
[2010.04.06 19:44:39 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Lynx\Plocha\CCleaner.lnk
[2010.04.01 19:33:33 | 000,000,757 | ---- | M] () -- C:\Documents and Settings\Lynx\Plocha\ProFact 3.0 Free.lnk
[2010.04.01 18:22:27 | 000,002,517 | ---- | M] () -- C:\Documents and Settings\Lynx\Plocha\MS Excel 2003.lnk
[2010.04.01 15:51:50 | 000,159,744 | ---- | M] () -- C:\Documents and Settings\Lynx\Plocha\Zálohová faktura.doc
[2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.03.30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.03.29 14:53:33 | 000,049,081 | ---- | M] () -- C:\Documents and Settings\Lynx\Plocha\182-10.pdf
[2010.03.25 15:44:48 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Lynx\Plocha\VÝPOČET.xls
[2010.03.25 11:28:42 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Lynx\Dokumenty\Kufry - Wolff.doc
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.14 10:38:55 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Lynx\Dokumenty\počítadla Lobby.xls
[2010.04.11 15:27:28 | 000,050,032 | ---- | C] () -- C:\Documents and Settings\Lynx\Plocha\211-10.pdf
[2010.04.08 11:04:36 | 000,049,566 | ---- | C] () -- C:\Documents and Settings\Lynx\Plocha\207-10.pdf
[2010.04.06 23:07:31 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\Lynx\Plocha\RSIT.exe
[2010.04.06 23:05:12 | 003,908,251 | ---- | C] () -- C:\Documents and Settings\Lynx\Plocha\ComboFix.exe
[2010.04.06 22:30:52 | 000,000,049 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010.04.06 22:29:16 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-725047959-2584757511-4149722517-1004.job
[2010.04.06 22:29:15 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-725047959-2584757511-4149722517-1004.job
[2010.04.06 19:46:10 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\Lynx\Plocha\Defraggler.lnk
[2010.04.01 19:34:29 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\BDEADMIN.CPL
[2010.04.01 19:33:33 | 000,000,757 | ---- | C] () -- C:\Documents and Settings\Lynx\Plocha\ProFact 3.0 Free.lnk
[2010.03.29 14:53:31 | 000,049,081 | ---- | C] () -- C:\Documents and Settings\Lynx\Plocha\182-10.pdf
[2010.03.25 16:48:38 | 000,324,608 | ---- | C] () -- C:\Documents and Settings\Lynx\Dokumenty\Ceník - pasant 2010.wpd
[2010.03.13 13:46:38 | 000,356,024 | ---- | C] () -- C:\Program Files\Second_Life_Setup.exe
[2010.03.13 13:46:15 | 023,055,856 | ---- | C] () -- C:\Program Files\Second_Life_1-22-11-113941_Setup.exe
[2009.04.18 16:05:55 | 000,012,463 | ---- | C] () -- C:\Documents and Settings\Lynx\intlname.ols
[2009.01.13 15:41:01 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008.11.13 12:05:55 | 000,015,271 | ---- | C] () -- C:\WINDOWS\hplj1010.ini
[2008.09.11 17:38:05 | 000,020,133 | ---- | C] () -- C:\Documents and Settings\Lynx\Nabídka Start.rar
[2008.05.29 11:52:59 | 000,179,330 | ---- | C] () -- C:\Program Files\minulost.exe
[2008.04.23 15:00:48 | 000,035,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2007.02.09 03:39:34 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\KOAZHJAL.DLL
[2007.02.09 03:39:34 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\KOAZHAAL.DLL
[2007.02.04 22:24:40 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Lynx\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.11.03 17:14:14 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\QTSBandwidthCache
[2006.10.13 11:30:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006.10.07 19:33:05 | 000,000,172 | ---- | C] () -- C:\Documents and Settings\Lynx\default.pls
[2006.10.07 19:27:59 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.10.04 08:51:44 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\INETWH32.DLL
[2006.10.04 08:51:44 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2006.10.02 18:20:38 | 000,001,152 | ---- | C] () -- C:\Documents and Settings\Lynx\Data aplikací\wklnhst.dat
[2006.10.02 17:37:47 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll
[2006.10.02 16:52:53 | 000,000,920 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.09.29 15:42:40 | 009,699,328 | ---- | C] () -- C:\Documents and Settings\Lynx\NTUSER.DAT
[2006.09.29 15:42:40 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Lynx\ntuser.dat.LOG
[2006.09.29 15:42:40 | 000,000,272 | -HS- | C] () -- C:\Documents and Settings\Lynx\ntuser.ini
[2006.09.29 15:42:33 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2006.09.29 15:42:33 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2006.09.27 12:37:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.09.13 08:39:35 | 000,061,440 | R--- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2006.09.04 18:07:03 | 000,001,134 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001.07.31 12:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

========== LOP Check ==========

[2008.06.03 18:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2008.06.03 19:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.01.18 19:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\ICQ
[2007.12.23 14:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\ICQ Toolbar
[2009.01.04 17:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\OfficeUpdate12
[2009.02.11 23:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\Onyx Software s.r.o
[2010.03.13 13:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\SecondLife
[2008.03.30 08:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\Software602
[2010.01.15 11:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\TeamViewer
[2006.10.02 18:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\Template
[2006.10.06 20:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\WebCompiler3
[2008.12.12 17:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\Zoner

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 08:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)

< c:\windows\*.* /U >
[1 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2006.10.04 08:50:49 | 040,006,376 | ---- | M] (InstallShield Software Corporation) -- C:\602pc_suite_4.1.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2008.04.12 13:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\Adobe
[2006.10.05 08:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\AdobeUM
[2006.10.22 23:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\Ahead
[2006.11.03 17:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\Apple Computer
[2006.10.06 20:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\CyberLink
[2008.10.12 16:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\Google
[2006.11.19 20:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\Help
[2009.01.18 19:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\ICQ
[2007.12.23 14:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\ICQ Toolbar
[2006.09.04 16:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\Identities
[2007.01.10 10:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\Lavasoft
[2006.10.07 13:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\Macromedia
[2009.01.20 21:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\Malwarebytes
[2009.04.23 15:48:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Lynx\Data aplikací\Microsoft
[2007.12.23 14:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\Mozilla
[2009.01.04 17:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\OfficeUpdate12
[2009.02.11 23:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\Onyx Software s.r.o
[2010.04.06 22:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\Real
[2010.03.13 13:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\SecondLife
[2010.04.06 22:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\Skype
[2009.11.29 19:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\skypePM
[2008.03.30 08:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\Software602
[2006.12.23 09:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\Sun
[2010.01.15 11:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\TeamViewer
[2006.10.02 18:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\Template
[2009.07.20 13:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\U3
[2006.10.06 20:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\WebCompiler3
[2008.05.15 16:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\WinRAR
[2008.12.12 17:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynx\Data aplikací\Zoner

< %APPDATA%\*.exe /s >
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Lynx\Data aplikací\U3\temp\cleanup.exe


< MD5 for: AGP440.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006.03.02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006.03.02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2006.03.02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2006.03.02 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2006.03.02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006.03.02 14:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 15:11:59 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.14 00:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.14 00:01:30 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2006.03.02 14:00:00 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.14 00:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: LSASS.EXE >
[2006.03.02 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2006.03.02 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2006.03.02 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006.03.02 14:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2006.03.02 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2006.03.02 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2006.04.20 13:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2007.10.30 18:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2007.10.30 19:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006.03.02 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 14:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2006.03.02 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006.03.02 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2006.03.02 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008.10.16 15:12:20 | 000,561,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\wuapi.dll
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006.09.04 18:17:47 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006.09.04 18:17:47 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006.09.04 18:17:46 | 000,471,040 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2008.10.16 15:12:20 | 000,561,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\wuapi.dll
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

========== Files - Unicode (All) ==========
[2006.10.27 01:23:52 | 000,000,000 | ---D | M](C:\Documents and Settings\Lynx\Data aplikac?acromedia) -- C:\Documents and Settings\Lynx\Data aplikac�acromedia
[2006.10.27 01:23:52 | 000,000,000 | ---D | M](C:\Documents and Settings\Lynx\Data aplikac?acromedia) -- C:\Documents and Settings\Lynx\Data aplikac�acromedia
(C:\Documents and Settings\Lynx\Data aplikac?acromedia) -- C:\Documents and Settings\Lynx\Data aplikac�acromedia
< End of report >

Re: Prosím o kontrolu logu RSIT

Napsal: 14 dub 2010 18:26
od gugacka
OTL Extras logfile created on: 14.4.2010 19:18:32 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Lynx\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

447,00 Mb Total Physical Memory | 118,00 Mb Available Physical Memory | 26,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 61,72 Gb Free Space | 82,82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 428,39 Gb Total Space | 43,36 Gb Free Space | 10,12% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: RECEPCE1
Current User Name: Lynx
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.scr [@ = scrfile] -- "%1" /s

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /s
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"15259:TCP" = 15259:TCP:*:Enabled:BitComet 15259 TCP
"15259:UDP" = 15259:UDP:*:Enabled:BitComet 15259 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5910:TCP" = 5910:TCP:*:Enabled:vnc5910

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Windows Media(TM) Audio (wma) -- File not found
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- File not found
"C:\Documents and Settings\Lynx\Local Settings\Data aplikací\CrossLoop\CrossLoopConnect.exe" = C:\Documents and Settings\Lynx\Local Settings\Data aplikací\CrossLoop\CrossLoopConnect.exe:*:Enabled:CrossLoop - Simple Secure Screen Sharing -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{10627FCE-B1C9-4E78-AFCA-5AAE11774442}" = Anglický překladový slovník Lingea pro MS Office 2003
"{1A3E23D7-7A1E-43EC-B35D-EB8A31BED943}" = FinalBurner Free v2.19.0.183
"{1A7CB4C1-2CC6-4BFD-A910-449CA5F140D3}" = HORES
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{31FEA631-B78A-4695-859E-D33CD5CF4BE4}" = ESET NOD32 Antivirus
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{541deac0-5f3d-45e6-b7cb-94ecf3b96748}" = Skype web features
"{5B7DE700-C8C4-41D6-9B11-9C1B645F264D}" = Microsoft Works
"{6DFC4B13-4489-4A59-AF95-12628A86FA76}" = 602PC SUITE
"{70E42F24-B920-4CDE-BB99-7B9CE881ED6A}" = Německý překladový slovník Lingea pro MS Office 2003
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90AF0405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91130405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{A62392EE-03CB-4FA8-8E79-B5F95A346FB3}" = Kontrola české gramatiky pro sadu Microsoft Office 2003
"{AC76BA86-7AD7-1029-7B44-A70000000000}" = Adobe Reader 7.0 - Czech
"{d103c4ba-f905-437a-8049-db24763bbe36}" = Skype™ 4.1
"{F9AB9E47-BBEC-11D5-B87E-00805FD53222}" = HORES PLUS Win
"3FA1705966809259F916AF817C59B4F389F4572C" = Balíček ovladače systému Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"adobe flash player activex" = Adobe Flash Player 10 ActiveX
"CCleaner" = CCleaner
"CR1-12 - Elektronické výkaznictví ČSÚ_is1" = CR1-12 - Elektronické výkaznictví ČSÚ 2.10
"Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5
"Defraggler" = Defraggler
"Generic 20C-1 Installer" = Generic 20C-1
"HijackThis" = HijackThis 2.0.2
"HP-LaserJet 1020 series" = LaserJet 1020 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"intelore - outlook express password recovery" = Outlook Express Password Recovery v1.0c (remove only)
"LYNX BLACK" = LYNX BLACK
"mail passview" = Mail PassView
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero8Lite_is1" = Nero 8 Micro
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProFact 3.0 Free_is1" = ProFact 3.0 Free
"VIA/S3G UniChrome Family Win2K/XP/Server2003 Display" = VIA/S3G Display Driver 6.14.10.0297
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-725047959-2584757511-4149722517-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14.3.2010 7:44:02 | Computer Name = RECEPCE1 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace whores.exe, verze 9.4.6.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 17.3.2010 11:26:33 | Computer Name = RECEPCE1 | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Excel.

Error - 17.3.2010 11:27:24 | Computer Name = RECEPCE1 | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Excel.

Error - 20.3.2010 5:53:37 | Computer Name = RECEPCE1 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 8.0.6001.18702, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 24.3.2010 11:28:46 | Computer Name = RECEPCE1 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 8.0.6001.18702, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 29.3.2010 8:07:18 | Computer Name = RECEPCE1 | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 8.0.6001.18702, chybující modul
unknown, verze 0.0.0.0, adresa chyby 0x62160b80.

Error - 2.4.2010 8:39:17 | Computer Name = RECEPCE1 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 8.0.6001.18702, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 2.4.2010 12:42:17 | Computer Name = RECEPCE1 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 8.0.6001.18702, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 2.4.2010 12:42:32 | Computer Name = RECEPCE1 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 8.0.6001.18702, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 2.4.2010 15:39:10 | Computer Name = RECEPCE1 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 8.0.6001.18702, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

[ System Events ]
Error - 6.4.2010 17:01:28 | Computer Name = RECEPCE1 | Source = Service Control Manager | ID = 7000
Description = Služba Automatické aktualizace neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 6.4.2010 17:02:01 | Computer Name = RECEPCE1 | Source = Service Control Manager | ID = 7028
Description = Klíč registru wuauserv odmítl přístup k programům účtu SYSTEM. Správce
služeb proto převzal vlastnictví tohoto klíče.

Error - 10.4.2010 15:28:05 | Computer Name = RECEPCE1 | Source = MRxSmb | ID = 8003
Description = Hlavní prohledávač přijal oznámení serveru od počítače REDITEL, který
se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{BD8DDAF9-34DE-44C7-9.
Hlavní
prohledávač bude ukončen nebo bude vyvolána volba.

Error - 14.4.2010 13:05:50 | Computer Name = RECEPCE1 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %2 při pokusu o spuštění služby wuauserv
s argumenty za účelem spuštění serveru: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 14.4.2010 13:05:52 | Computer Name = RECEPCE1 | Source = Service Control Manager | ID = 7000
Description = Služba Automatické aktualizace neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 14.4.2010 13:05:54 | Computer Name = RECEPCE1 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %2 při pokusu o spuštění služby wuauserv
s argumenty za účelem spuštění serveru: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 14.4.2010 13:05:54 | Computer Name = RECEPCE1 | Source = Service Control Manager | ID = 7000
Description = Služba Automatické aktualizace neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 14.4.2010 13:05:57 | Computer Name = RECEPCE1 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %2 při pokusu o spuštění služby wuauserv
s argumenty za účelem spuštění serveru: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 14.4.2010 13:05:57 | Computer Name = RECEPCE1 | Source = Service Control Manager | ID = 7000
Description = Služba Automatické aktualizace neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 14.4.2010 13:06:27 | Computer Name = RECEPCE1 | Source = Service Control Manager | ID = 7028
Description = Klíč registru wuauserv odmítl přístup k programům účtu SYSTEM. Správce
služeb proto převzal vlastnictví tohoto klíče.


< End of report >

Re: Prosím o kontrolu logu RSIT

Napsal: 14 dub 2010 18:35
od Caroprd111
Obrázek Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKU\S-1-5-21-725047959-2584757511-4149722517-1004\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\S-1-5-21-725047959-2584757511-4149722517-1004\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKU\S-1-5-21-725047959-2584757511-4149722517-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\NOD32 Control Center.lnk = C:\Program Files\ESET\nod32kui.exe File not found
O29 - HKLM SecurityProviders - (digiwet.dll) - File not found
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[RESETHOSTS] 
[CREATERESTOREPOINT]
[REBOOT]
Poté klikněte na Opravit, PC se restartuje, log vložte sem.


Obrázek Tohle otestujte na http://www.virustotal.com/cs/
C:\WINDOWS\System32\KOAZHJAL.DLL
C:\WINDOWS\System32\vshp1020.dll

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)


:arrow: Start - spustit - napsat regedit - ok

:arrow: Najděte tyto klíče (je možné, že tam některý nebude)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services (BITS and Wuauserv)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services (BITS and Wuauserv)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services (BITS and Wuauserv)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services (BITS and Wuauserv)

:arrow: Najďěte složky BITS a wuauserv (u všech klíčů výše uvedených), klikněte na ně pravým tlačítkem myši, vyberte možnost "Oprávnění". Dejte "Povolit vše".

Obrázek

Potom v pravém okénku najdete hodnotu Imagepath,
U ní je cesta k aktualizacím (%fystemRoot%\system32\svchost.exe -k netsvcs)
a vy musíte přepsat písmenko F na s
aby cesta byla (%systemRoot%\system32\svchost.exe -k netsvcs)

Obrázek

Re: Prosím o kontrolu logu RSIT

Napsal: 14 dub 2010 18:52
od gugacka
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-725047959-2584757511-4149722517-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\S-1-5-21-725047959-2584757511-4149722517-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_USERS\S-1-5-21-725047959-2584757511-4149722517-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\NOD32 Control Center.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:digiwet.dll deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SETA4CC.tmp deleted successfully.
C:\WINDOWS\System32\SETA4D8.tmp deleted successfully.
C:\WINDOWS\System32\SETA4E5.tmp deleted successfully.
C:\WINDOWS\System32\SETA520.tmp deleted successfully.
C:\WINDOWS\System32\SETEF4.tmp deleted successfully.
C:\WINDOWS\System32\SETF14.tmp deleted successfully.
C:\WINDOWS\System32\SETF17.tmp deleted successfully.
C:\WINDOWS\System32\SETF26.tmp deleted successfully.
C:\WINDOWS\002849_.tmp deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 881 bytes
->Temporary Internet Files folder emptied: 1959787 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Lynx
->Temp folder emptied: 1695862 bytes
->Temporary Internet Files folder emptied: 18381281 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 51388 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Power
->Temp folder emptied: 43645461 bytes
->Temporary Internet Files folder emptied: 31634851 bytes
->Flash cache emptied: 405 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 505 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 267244 bytes

Total Files Cleaned = 93,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: Lynx
->Flash cache emptied: 0 bytes

User: NetworkService

User: Power
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.2.1.1 log created on 04142010_193633

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Lynx\Local Settings\Temp\Temporary Internet Files\Content.IE5\SF0WYXB6\6VHSF3CAI14PN2CAZMMME8CA3XTKACCA6229JZCAHGC3TTCAB0O5EECAD4TNEXCA82U26ICABJ3D4TCAEHDF3NCA4EB543CAIQKNIOCAFHHHGMCATZ1MSECADVTWPPCALD6U4YCAXL2RJ7CAWISUNICAZQ3TPBCAFUFZUACAAVKLCN.jpg not found!
File\Folder C:\Documents and Settings\Lynx\Local Settings\Temp\Temporary Internet Files\Content.IE5\SF0WYXB6\etaViewWatchSearch_11730;seg=GL_MetaViewWatchSearch_619;seg=GL_MetaViewWatchSearch_625;sz=728x90;ord=1266509602163;dcopt=ist;tile=1;um=7;us=11;eb_trk=133252;pr=24;xp=32;np=24[1].htm not found!
File\Folder C:\Documents and Settings\Lynx\Local Settings\Temp\Temporary Internet Files\Content.IE5\SF0WYXB6\hSearch_11730;seg=GL_MetaViewWatchSearch_619;seg=GL_MetaViewWatchSearch_625;seg=GL_AllBid_Mar05;sz=160x600;ord=1266509602163;tile=2;um=7;us=11;eb_trk=133250;pr=24;xp=32;np=24[1].htm not found!
File\Folder C:\Documents and Settings\Lynx\Local Settings\Temp\Temporary Internet Files\Content.IE5\SF0WYXB6\ViewWatchSearch_11730;seg=GL_MetaViewWatchSearch_625;seg=GL_AllBid_Mar05;seg=GL_AllSucBuy_Mar05;sz=300x100;ord=1266509580608;tile=2;um=7;us=11;eb_trk=132973;pr=24;xp=32;np=24[1].htm not found!
File\Folder C:\Documents and Settings\Lynx\Local Settings\Temp\Temporary Internet Files\Content.IE5\RRPBKGJG\etaViewWatchSearch_11730;seg=GL_MetaViewWatchSearch_619;seg=GL_MetaViewWatchSearch_625;sz=728x90;ord=1266510008477;dcopt=ist;tile=1;um=7;us=11;eb_trk=133252;pr=24;xp=32;np=24[1].htm not found!
File\Folder C:\Documents and Settings\Lynx\Local Settings\Temp\Temporary Internet Files\Content.IE5\RRPBKGJG\etaViewWatchSearch_11730;seg=GL_MetaViewWatchSearch_619;seg=GL_MetaViewWatchSearch_625;sz=728x90;ord=1266510030713;dcopt=ist;tile=1;um=7;us=11;eb_trk=133252;pr=24;xp=32;np=24[1].htm not found!
File\Folder C:\Documents and Settings\Lynx\Local Settings\Temp\Temporary Internet Files\Content.IE5\RRPBKGJG\hSearch_11730;seg=GL_MetaViewWatchSearch_619;seg=GL_MetaViewWatchSearch_625;seg=GL_AllBid_Mar05;sz=160x600;ord=1266510008477;tile=2;um=7;us=11;eb_trk=133250;pr=24;xp=32;np=24[1].htm not found!
File\Folder C:\Documents and Settings\Lynx\Local Settings\Temp\Temporary Internet Files\Content.IE5\RRPBKGJG\hSearch_11730;seg=GL_MetaViewWatchSearch_619;seg=GL_MetaViewWatchSearch_625;seg=GL_AllBid_Mar05;sz=160x600;ord=1266510030713;tile=2;um=7;us=11;eb_trk=133250;pr=24;xp=32;np=24[1].htm not found!
File\Folder C:\Documents and Settings\Lynx\Local Settings\Temp\Temporary Internet Files\Content.IE5\8O5G9BI4\;seg=GL_MetaViewWatchSearch_619;seg=GL_MetaViewWatchSearch_625;seg=GL_AllSucBuy_Mar05;sz=300x250;ord=1266509580608;dcopt=ist;tile=1;um=7;us=11;eb_trk=132974;pr=24;xp=32;np=24[1].htm not found!
File\Folder C:\Documents and Settings\Lynx\Local Settings\Temp\Temporary Internet Files\Content.IE5\0T9SNSY5\etaViewWatchSearch_11730;seg=GL_MetaViewWatchSearch_619;seg=GL_MetaViewWatchSearch_625;sz=728x90;ord=1266509925481;dcopt=ist;tile=1;um=7;us=11;eb_trk=133252;pr=24;xp=32;np=24[1].htm not found!
File\Folder C:\Documents and Settings\Lynx\Local Settings\Temp\Temporary Internet Files\Content.IE5\0T9SNSY5\hSearch_11730;seg=GL_MetaViewWatchSearch_619;seg=GL_MetaViewWatchSearch_625;seg=GL_AllBid_Mar05;sz=160x600;ord=1266509925481;tile=2;um=7;us=11;eb_trk=133250;pr=24;xp=32;np=24[1].htm not found!
C:\Documents and Settings\Lynx\Local Settings\Temporary Internet Files\Content.IE5\9175OK1S\afr[1].htm moved successfully.
C:\Documents and Settings\Lynx\Local Settings\Temporary Internet Files\Content.IE5\5FSWQLP8\afr[2].htm moved successfully.
C:\Documents and Settings\Lynx\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

Re: Prosím o kontrolu logu RSIT

Napsal: 14 dub 2010 18:53
od Caroprd111
Ok, ještě ten zbytek. :)

Re: Prosím o kontrolu logu RSIT

Napsal: 14 dub 2010 18:55
od gugacka
kontrola souborů na viry nic nenašla

Re: Prosím o kontrolu logu RSIT

Napsal: 14 dub 2010 18:58
od Caroprd111
To je dobře. :) Co oprava BITS a Wuauserv :???:

Re: Prosím o kontrolu logu RSIT

Napsal: 14 dub 2010 19:09
od gugacka
oprava klíčů

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services (BITS and Wuauserv) - opraveno
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services (BITS and Wuauserv) - opraveno
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services (BITS and Wuauserv) - není
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services (BITS and Wuauserv) - nebyl poškozen

Re: Prosím o kontrolu logu RSIT

Napsal: 14 dub 2010 19:10
od Caroprd111
Jak to vypadá s PC :???:

Re: Prosím o kontrolu logu RSIT

Napsal: 14 dub 2010 19:16
od gugacka
chová se pořád stejně, nejde aktualizace windows a je docela dost zpomalenej

Re: Prosím o kontrolu logu RSIT

Napsal: 14 dub 2010 19:18
od Caroprd111
Obrázek Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
  • Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
  • Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna :!:
  • Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
  • Během skenování může být počítač restartován.
Všechny časy jsou v UTC+01:00
Stránka 1 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz