pocitac nemuze najit po startu ntndis.exe a nejde sdileni

Zpráva

ok · #1 Příspěvek od ok » 23 čer 2010 13:41

Logfile of random's system information tool 1.07 (written by random/random)
Run by supervisor at 2010-06-23 14:39:37
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (2%) free of 305 GB
Total RAM: 2047 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:39:38, on 23.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\bkwin\MSDE2K\MSSQL$BANKKLIENT\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\r_server.exe
C:\Program Files\Silicon Image\3132-W-R\SATARaid5ConfigService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\PCIRADIO\Radiotray.exe
C:\WINDOWS\system32\Fmctrl.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PCIRADIO\Raktiv32.exe
C:\ins\DOS presmerovani\DOSPrintUI.exe
C:\WINDOWS\system32\svchost.exe
C:\internet\RFlowCollectorV3\RFlowCollector.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\supervisor\Plocha\RSIT.exe
C:\Program Files\trend micro\supervisor.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.komponenty.xcs.cz/Default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\ntndis.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [RadioTray] C:\PCIRADIO\Radiotray.exe
O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [PATHPILOT] C:\Program Files\Kat MP3 Recorder\Kat MP3 Recorder.exe
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [wininet] C:\WINDOWS\system32\userinit.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RadioAKTIV.lnk = C:\PCIRADIO\Raktiv32.exe
O4 - Startup: Zástupce - DOSPrintUI.lnk = C:\ins\DOS presmerovani\DOSPrintUI.exe
O4 - Startup: Zástupce - netfruko.lnk = C:\netfruko.bat
O4 - Startup: Zástupce - RFlowCollector.lnk = C:\internet\RFlowCollectorV3\RFlowCollector.exe
O4 - Global Startup: Rychlý začátek s aplikací HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download All by ASUS Download - C:\Program Files\ASUS\WL-500gP Wireless Router Utilities\ASDownloadAll.htm
O8 - Extra context menu item: Download using ASUS Download - C:\Program Files\ASUS\WL-500gP Wireless Router Utilities\ASDownload.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {43BD5CFC-1382-4282-8239-AEC0E7ECAA48} (CTBClient Control) - http://www.wspk.cz/internetbanking/inte ... roject.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4463542468
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://88.146.207.195:82/plugin/h263ctrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B32B4CD-41AE-4F3F-8060-08FA64E1E77D}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Emma Device Management (EmmaDevMgmtSvc) - Sony Ericsson Mobile Communications - C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
O23 - Service: Emma Update Management (EmmaUpdMgmtSvc) - Sony Ericsson Mobile Communications - C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe
O23 - Service: SATARaid5 Configuration Service (SATARaid5 Config Service) - Unknown owner - C:\Program Files\Silicon Image\3132-W-R\SATARaid5ConfigService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 12782 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-03-18 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-01-30 650752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
C:\Program Files\pdfforge Toolbar\SearchSettings.dll [2009-01-30 1114112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-01-30 650752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"=C:\WINDOWS\system32\SysTray.Exe [2001-10-25 3072]
"RadioTray"=C:\PCIRADIO\Radiotray.exe [2000-05-12 32256]
"FmctrlTray"=C:\WINDOWS\system32\Fmctrl.EXE [2001-08-20 270336]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-09-27 16844800]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-06-29 8466432]
"nwiz"=nwiz.exe /install []
"WinSys2"=C:\WINDOWS\system32\winsys2.exe [2006-04-29 208896]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-06-29 81920]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-03-18 185896]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [2008-05-15 54576]
"pdfSaver3"= []
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-07-24 63048]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-02-06 2021400]
"SearchSettings"=C:\Program Files\pdfforge Toolbar\SearchSettings.exe [2009-01-30 992256]
"PATHPILOT"=C:\Program Files\Kat MP3 Recorder\Kat MP3 Recorder.exe []
"BtTray"=C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [2009-02-27 278016]
""= []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2008-05-15 95536]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-09-24 434176]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-03-09 26100520]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
"wininet"=C:\WINDOWS\system32\userinit.exe [2010-06-05 79360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FmctrlTray]
C:\WINDOWS\system32\Fmctrl.EXE [2001-08-20 270336]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Rychlý začátek s aplikací HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Documents and Settings\supervisor\Nabídka Start\Programy\Po spuštění
RadioAKTIV.lnk - C:\PCIRADIO\Raktiv32.exe
Zástupce - DOSPrintUI.lnk - C:\ins\DOS presmerovani\DOSPrintUI.exe
Zástupce - netfruko.lnk - C:\netfruko.bat
Zástupce - RFlowCollector.lnk - C:\internet\RFlowCollectorV3\RFlowCollector.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2010-06-10 87424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\bkwin\20398\BKWIN.EXE"="C:\Program Files\bkwin\20398\BKWIN.EXE:*:Disabled:BankKlient 7 - 20398"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\MioNet\MioNetManager.exe"="C:\Program Files\MioNet\MioNetManager.exe:*:Enabled:MioNetManager"
"C:\Program Files\MioNet\jvm\bin\MioNet.exe"="C:\Program Files\MioNet\jvm\bin\MioNet.exe:*:Enabled:MioNet"
"C:\Program Files\Hewlett-Packard\HP Download Manager\hpjdwnld.exe"="C:\Program Files\Hewlett-Packard\HP Download Manager\hpjdwnld.exe:*:Enabled:HP Networked Printer Installer"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS"
"C:\Program Files\Sony Ericsson\SEMC OMSI Module\SEMC OMSI Module.exe"="C:\Program Files\Sony Ericsson\SEMC OMSI Module\SEMC OMSI Module.exe:*:Enabled:SEMC OMSI Module"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
""=":*:Enabled:Control"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"
""=":*:Enabled:Control"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f4caebd-a179-11dc-b3aa-0019dbca819e}]
shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88909221-503f-11de-814e-001167000000}]
shell\AutoRun\command - InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f76aa8ba-3fe9-11dd-b4bc-0019dbca819e}]
shell\AutoRun\command - D:\LaunchU3.exe

======List of files/folders created in the last 1 months======

2010-06-23 14:39:14 ----D---- C:\Program Files\trend micro
2010-06-23 14:39:13 ----D---- C:\rsit
2010-06-23 13:27:54 ----D---- C:\Program Files\Common Files\PCSuite
2010-06-09 08:08:29 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-09 08:08:09 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-09 08:04:53 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-09 08:01:14 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-09 08:00:33 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-09 07:59:43 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-07 20:30:17 ----D---- C:\ADUSER
2010-06-05 10:21:49 ----A---- C:\WINDOWS\system32\stu2.exe
2010-06-03 09:09:42 ----D---- C:\Program Files\PC Connectivity Solution
2010-05-26 07:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-05-24 12:25:34 ----D---- C:\Documents and Settings\supervisor\Data aplikací\602XML

======List of files/folders modified in the last 1 months======

2010-06-23 14:39:19 ----D---- C:\WINDOWS\Prefetch
2010-06-23 14:39:14 ----D---- C:\WINDOWS\Temp
2010-06-23 14:39:14 ----D---- C:\Program Files
2010-06-23 14:31:56 ----D---- C:\Documents and Settings\supervisor\Data aplikací\Skype
2010-06-23 14:18:18 ----A---- C:\WINDOWS\hpbafd.ini
2010-06-23 14:16:37 ----A---- C:\loggg.txt
2010-06-23 13:48:29 ----D---- C:\Program Files\Mozilla Thunderbird
2010-06-23 13:32:19 ----D---- C:\WINDOWS
2010-06-23 13:31:19 ----A---- C:\WINDOWS\system32\LOCALSERVICE.INI
2010-06-23 13:30:46 ----A---- C:\WINDOWS\system32\bscs.ini
2010-06-23 13:29:02 ----D---- C:\WINDOWS\system32\config
2010-06-23 13:28:39 ----D---- C:\WINDOWS\system32\wbem
2010-06-23 13:28:38 ----D---- C:\WINDOWS\Registration
2010-06-23 13:28:13 ----D---- C:\karat
2010-06-23 13:27:59 ----D---- C:\WINDOWS\system32\drivers
2010-06-23 13:27:57 ----HD---- C:\WINDOWS\inf
2010-06-23 13:27:57 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-06-23 13:27:57 ----D---- C:\WINDOWS\system32
2010-06-23 13:27:51 ----HD---- C:\Config.Msi
2010-06-23 13:27:43 ----SHD---- C:\WINDOWS\Installer
2010-06-23 13:27:26 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-23 13:26:28 ----D---- C:\Program Files\Nokia
2010-06-23 13:26:01 ----D---- C:\WINDOWS\WinSxS
2010-06-23 13:25:19 ----D---- C:\Program Files\pdfforge Toolbar
2010-06-23 13:25:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-23 13:25:00 ----D---- C:\WINDOWS\system32\Restore
2010-06-23 13:16:50 ----D---- C:\Documents and Settings\supervisor\Data aplikací\skypePM
2010-06-23 13:13:43 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-06-23 13:13:39 ----RSD---- C:\WINDOWS\assembly
2010-06-23 13:12:28 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-23 12:43:53 ----D---- C:\Program Files\Mozilla Firefox
2010-06-23 11:36:17 ----D---- C:\Program Files\LogMeIn
2010-06-22 16:22:45 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-22 14:43:07 ----D---- C:\Program Files\Common Files
2010-06-22 14:43:01 ----D---- C:\Program Files\Common Files\Nokia
2010-06-22 14:42:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Installations
2010-06-22 14:14:08 ----D---- C:\rum
2010-06-22 12:35:38 ----D---- C:\Documents and Settings\supervisor\Data aplikací\PC Suite
2010-06-22 11:45:31 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-06-21 15:13:32 ----A---- C:\WINDOWS\wincmd.ini
2010-06-17 12:55:02 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-06-14 10:35:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\hps
2010-06-14 10:32:42 ----D---- C:\Program Files\FotoStar
2010-06-14 10:22:19 ----D---- C:\vyvolat
2010-06-14 09:18:03 ----D---- C:\Program Files\DreamCom
2010-06-10 11:36:40 ----A---- C:\WINDOWS\system32\LMIRfsClientNP.dll
2010-06-10 11:36:39 ----A---- C:\WINDOWS\system32\LMIport.dll
2010-06-10 11:36:39 ----A---- C:\WINDOWS\system32\LMIinit.dll
2010-06-09 18:50:27 ----D---- C:\wutemp
2010-06-09 08:08:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-09 08:08:17 ----A---- C:\WINDOWS\imsins.BAK
2010-06-09 08:08:08 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-09 08:06:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-06-09 08:04:29 ----D---- C:\Program Files\Internet Explorer
2010-06-09 08:04:04 ----D---- C:\WINDOWS\ie8updates
2010-06-09 07:55:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-09 07:44:34 ----D---- C:\Documents and Settings\supervisor\Data aplikací\Thunderbird
2010-06-05 10:21:44 ----A---- C:\WINDOWS\system32\userinit.exe
2010-06-03 13:00:47 ----A---- C:\WINDOWS\system.ini
2010-05-28 21:37:34 ----A---- C:\WINDOWS\system32\MRT.exe
2010-05-24 14:42:02 ----D---- C:\sdileni

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 UserPort;UserPort; \??\C:\WINDOWS\system32\Drivers\UserPort.sys []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 MLPTDR_B;MLPTDR_B; \??\C:\WINDOWS\system32\MLPTDR_B.SYS []
R2 RadPciNT;RadPciNT; \??\C:\WINDOWS\system32\Radpcint.sys []
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2008-12-07 14088]
R3 btnetBUs;Bluetooth PAN Bus Service; C:\WINDOWS\System32\Drivers\btnetBus.sys [2008-12-07 30088]
R3 gameport;FM801 PCI Joystick; C:\WINDOWS\system32\DRIVERS\fmjoy.sys [2001-11-02 9728]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-02 4613120]
R3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-07-02 26248]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-29 6807328]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2008-01-21 14856]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2009-01-08 31880]
R3 wdm_fm801;FM801 PCI Audio (WDM); C:\WINDOWS\system32\drivers\fm801.sys [2001-11-02 328320]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2008-11-25 33800]
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2008-11-25 27528]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2009-01-03 39304]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BthEnum;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys []
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2005-09-19 30189]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 FWL;Fwl Packet Filter; \??\C:\Program files\Software602\602LAN SUITE\fwl.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-04-06 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-04-06 25512]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 HidBth;Miniport Bluetooth HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-14 25600]
S3 MA-620;Mobile Action MA-660 USB Infrared Adapter; C:\WINDOWS\system32\DRIVERS\MA-620.sys [2003-03-25 27136]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSICPL;MSICPL; \??\E:\install4\MSICPL.sys []
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PRODIGY;PRODIGY; C:\WINDOWS\System32\Drivers\PRODIGY.SYS [2006-08-29 32377]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 Ser2pl;Prolific2 Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2005-07-25 48640]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usb2vcom;USB Data Cable; C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2005-12-21 29152]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VHidMinidrv;Bluetooth HID Device Service; C:\WINDOWS\system32\drivers\VHIDMini.sys [2008-12-22 17416]
S3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2010-04-14 73728]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2009-02-27 850432]
R2 BsMobileCS;BsMobileCS; C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-02-27 143467]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 EmmaDevMgmtSvc;Emma Device Management; C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [2009-09-08 306296]
R2 EmmaUpdMgmtSvc;Emma Update Management; C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [2009-09-08 162936]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2010-06-10 116104]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-07-24 63040]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-03-19 335872]
R2 MSSQL$BANKKLIENT;MSSQL$BANKKLIENT; C:\Program Files\bkwin\MSDE2K\MSSQL$BANKKLIENT\Binn\sqlservr.exe [2002-12-17 7520337]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-29 155716]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 r_server;Remote Administrator Service; C:\WINDOWS\system32\r_server.exe [2004-06-17 708608]
R2 SATARaid5 Config Service;SATARaid5 Configuration Service; C:\Program Files\Silicon Image\3132-W-R\SATARaid5ConfigService.exe [2005-10-05 131072]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 BsHelpCS;BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2009-02-27 98407]
S2 MacroSoft;Microsoft Network helper Service; C:\WINDOWS\system32\svchost -k MacroSoft []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-02-06 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 SQLAgent$BANKKLIENT;SQLAgent$BANKKLIENT; C:\Program Files\bkwin\MSDE2K\MSSQL$BANKKLIENT\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

ok · #2 Příspěvek od ok » 23 čer 2010 13:44

Dobry den,

prosim o pomoc, nejde mi na tomto pc sdileni a po spusteni win hledaji c:\windows\system32\drivers\ntndis.exe

Nevim co s tim.

ok · #3 Příspěvek od ok » 24 čer 2010 06:55

Dekuji,

prosim mam tam nastavit jen 7 dni, je mozne ze problem trva dele, jelikoz PC treba tyden nerestartuju, tipuju to tak na 3 tydny.

OK

ok · #4 Příspěvek od ok » 24 čer 2010 08:48

Posilam logy ale dal jsem 14 dnu, jeslti mam dat jen 7 tak to udela znova.

soubor je v priloze.

ok · #5 Příspěvek od ok » 24 čer 2010 08:57

Tady je log pro 30 dni

ok · #6 Příspěvek od ok » 25 čer 2010 14:25

Zdravim,

dekuji a posilam prvni log po restartu.

All processes killed
========== PROCESSES ==========
========== OTL ==========
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome\skin folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome\locale\EN-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.
C:\Program Files\pdfforge Toolbar\SearchSettings.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pdfSaver3 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files\pdfforge Toolbar\SearchSettings.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\WINDOWS\system32\drivers\ntndis.exe deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:8A5B0737 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\wininet deleted successfully.
========== FILES ==========
atapi.sys extracted to C:\
File C:\WINDOWS\System32\drivers\atapi.sys successfully replaced with c:\atapi.sys
File C:\WINDOWS\system32\userinit.exe successfully replaced with C:\WINDOWS\System32\stu2.exe
Changer.sys extracted to C:\
File C:\WINDOWS\System32\drivers\Changer.sys successfully replaced with c:\Changer.sys
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 9888696 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: supervisor
->Temp folder emptied: 4076279064 bytes
->Temporary Internet Files folder emptied: 542839664 bytes
->Java cache emptied: 61322614 bytes
->FireFox cache emptied: 139291039 bytes
->Flash cache emptied: 32416 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134153 bytes
%systemroot%\System32 .tmp files removed: 1162696 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 37768 bytes
Windows Temp folder emptied: 226438524 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 39179672 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 390777024 bytes

Total Files Cleaned = 5 235,00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: supervisor
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.7.0 log created on 06252010_144446

ok · #7 Příspěvek od ok » 25 čer 2010 14:36

Posilam dalsi log z OTL po prohledavani

OTL logfile created on: 25.6.2010 15:32:58 - Run 4
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\supervisor\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 7,44 Gb Free Space | 2,50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 105,67 Gb Total Space | 12,84 Gb Free Space | 12,15% Space Free | Partition Type: NTFS
Drive K: | 105,67 Gb Total Space | 12,84 Gb Free Space | 12,15% Space Free | Partition Type: NTFS
Drive L: | 5,60 Gb Total Space | 1,17 Gb Free Space | 20,83% Space Free | Partition Type: FAT32
Drive W: | 133,10 Gb Total Space | 7,71 Gb Free Space | 5,79% Space Free | Partition Type: NTFS
Drive Z: | 97,64 Gb Total Space | 12,44 Gb Free Space | 12,74% Space Free | Partition Type: NTFS

Computer Name: SPRAVCE
Current User Name: supervisor
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Standard

========== Custom Scans ==========

< MD5 for: ATAPI.SYS >
[2008.08.20 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\sdileni\compaq 530\root\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.17 17:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.08.25 09:53:11 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.08.25 09:53:11 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\sdileni\compaq 530\root\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\sdileni\compaq 530\root\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\sdileni\compaq 530\root\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\sdileni\compaq 530\root\WINDOWS\system32\drivers\atapi.sys
[2008.08.20 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\sdileni\compaq 530\root\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2008.08.20 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\sdileni\compaq 530\root\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\sdileni\compaq 530\root\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\sdileni\compaq 530\root\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: BTWDNDIS.CAT >
[2007.03.23 10:50:20 | 000,008,123 | ---- | M] () MD5=2425C56BED3FC2FEF2D8FA6DAB33EBF1 -- C:\ins\servis\notebook\ACER TravelMate 6592\BLUETOOTH\BlueTooth_Broadcom BlueTooth Driver_v5.1.0.3000_XP\BlueTooth Broadcom BlueTooth Driver v5.1.0.3000\Win32\drivers\btwdndis.cat

< MD5 for: BTWDNDIS.INF >
[2007.03.23 10:51:02 | 000,006,886 | ---- | M] () MD5=B19C922E8923736460E21FD63860A370 -- C:\ins\servis\notebook\ACER TravelMate 6592\BLUETOOTH\BlueTooth_Broadcom BlueTooth Driver_v5.1.0.3000_XP\BlueTooth Broadcom BlueTooth Driver v5.1.0.3000\Win32\drivers\btwdndis.inf

< MD5 for: BTWDNDIS.SYS >
[2007.03.23 10:50:24 | 000,149,123 | ---- | M] (Broadcom Corporation.) MD5=B1D350F3F13CF340FCE93912D2BA1EBF -- C:\ins\servis\notebook\ACER TravelMate 6592\BLUETOOTH\BlueTooth_Broadcom BlueTooth Driver_v5.1.0.3000_XP\BlueTooth Broadcom BlueTooth Driver v5.1.0.3000\Win32\drivers\btwdndis.sys

< MD5 for: GTMNDIS.CAT >
[2007.04.30 07:08:12 | 000,016,259 | ---- | M] () MD5=3567783D4A643D7E028AF0E31181FB67 -- C:\ins\servis\notebook\ACER TravelMate 6592\GTCONNECT 3G DRIVER\GTConnect 3G Driver 3.313\driver_3_3_1_3-signed\32\gtmndis.cat

< MD5 for: GTMNDIS.INF >
[2007.04.26 19:42:26 | 000,017,980 | ---- | M] () MD5=395916E1510BC3DEDEF08CE034D106F6 -- C:\ins\servis\notebook\ACER TravelMate 6592\GTCONNECT 3G DRIVER\GTConnect 3G Driver 3.313\driver_3_3_1_3-signed\32\gtmndis.inf

< MD5 for: NDIS.38_ >
[1994.04.19 04:11:00 | 000,013,809 | ---- | M] () MD5=1F8C6855FA92F2BEA7261F3FD4A25B31 -- C:\picka\INST\NDIS.38_

< MD5 for: NDIS.DOS >
[2003.03.04 12:07:00 | 000,027,248 | ---- | M] () MD5=42416C263B79B4DC07D76D667445CC12 -- C:\ins\servis\MOTHERBOARD\MSI K7N2G-L\nFORCE 2\nf2_mcp2\Dos_Net\ndis.dos

< MD5 for: NDIS.SYS >
[2008.08.20 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\sdileni\compaq 530\root\WINDOWS\system32\dllcache\ndis.sys
[2008.08.20 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\sdileni\compaq 530\root\WINDOWS\system32\drivers\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.04 01:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NDIS.VXD >
[1996.04.16 19:05:08 | 000,099,084 | ---- | M] () MD5=853AEEA46E983963E85B613B7B15C493 -- C:\ins\servis\INFRAPORT\ma600 CD\driver\win95\ndis.vxd

< MD5 for: NETRNDIS.INF >
[2005.10.21 02:51:09 | 000,002,938 | ---- | M] () MD5=501A0AD4711C5F71B3B1A549879A3AE4 -- C:\WINDOWS\$NtServicePackUninstall$\netrndis.inf
[2008.08.20 14:00:00 | 000,005,874 | ---- | M] () MD5=CDC15583D7891EED43DDAF2B5BAB7CD4 -- C:\sdileni\compaq 530\root\WINDOWS\inf\netrndis.inf
[2004.08.17 17:46:00 | 000,005,874 | ---- | M] () MD5=CDC15583D7891EED43DDAF2B5BAB7CD4 -- C:\WINDOWS\$NtUninstallKB909394$\netrndis.inf
[2004.08.17 17:46:00 | 000,005,874 | ---- | M] () MD5=CDC15583D7891EED43DDAF2B5BAB7CD4 -- C:\WINDOWS\inf\netrndis.inf
[2004.08.17 17:46:00 | 000,005,874 | ---- | M] () MD5=CDC15583D7891EED43DDAF2B5BAB7CD4 -- C:\WINDOWS\ServicePackFiles\i386\netrndis.inf

< MD5 for: NETRNDIS.PNF >
[2009.12.23 15:16:05 | 000,006,800 | ---- | M] () MD5=22D042019B6CA0F06B1F5CE9FE4C90CF -- C:\sdileni\compaq 530\root\WINDOWS\inf\netrndis.PNF
[2008.08.27 09:17:48 | 000,006,800 | ---- | M] () MD5=72CECBA533168ADF265BA3A5DF559885 -- C:\WINDOWS\inf\netrndis.PNF

< MD5 for: PE2NDIS.DO_ >
[1994.04.19 04:11:00 | 000,022,779 | ---- | M] () MD5=23B6CFE8FFF318B81519BF72A76B0D45 -- C:\picka\INST\PE2NDIS.DO_

< MD5 for: PENDIS.DO_ >
[1994.04.19 04:11:00 | 000,015,755 | ---- | M] () MD5=8B06180106365DC7329A82D1BA34B0DA -- C:\picka\INST\PENDIS.DO_

< MD5 for: S0016NDIS.INF >
[2008.04.24 13:50:14 | 000,008,937 | ---- | M] () MD5=0D72AA294F0F8244676CA6DE44385A5D -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\Drivers\SignedPhones\s0016ndis.inf
[2008.04.24 11:50:14 | 000,008,937 | ---- | M] () MD5=0D72AA294F0F8244676CA6DE44385A5D -- C:\WINDOWS\system32\DRVSTORE\s0016ndis_9D1BEA0AD7AC1ECEA653A080CB50A95794EB54A6\s0016ndis.inf

< MD5 for: S0017NDIS.INF >
[2008.10.20 16:41:52 | 000,007,076 | ---- | M] () MD5=A9DF694E1DA64EBA04BE1C2BB3ED78E2 -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\Drivers\SignedPhones\s0017ndis.inf
[2008.10.20 14:41:52 | 000,007,076 | ---- | M] () MD5=A9DF694E1DA64EBA04BE1C2BB3ED78E2 -- C:\WINDOWS\system32\DRVSTORE\s0017ndis_BB4DCB7C5F0783D4B48E0C375B1725378044DF2F\s0017ndis.inf

< MD5 for: S1018NDIS.INF >
[2009.03.19 15:07:00 | 000,006,380 | ---- | M] () MD5=8930E364672CEE7C5860C414B74CD53A -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\Drivers\SignedPhones\s1018ndis.inf
[2009.03.19 13:07:00 | 000,006,380 | ---- | M] () MD5=8930E364672CEE7C5860C414B74CD53A -- C:\WINDOWS\system32\DRVSTORE\s1018ndis_FEAFA99A4CC5D22FA160F403DF44383CD83239E6\s1018ndis.inf

< MD5 for: S1029NDIS.INF >
[2009.05.20 16:32:08 | 000,006,311 | ---- | M] () MD5=208EB9D6B5A104B3F6B43B33EF41F605 -- C:\WINDOWS\system32\DRVSTORE\s1029ndis_91D404288C79BFBE9BD09F2AD4D15DD5FC90B92D\s1029ndis.inf
[2009.05.20 17:27:18 | 000,006,311 | ---- | M] () MD5=83F0A70FBE844E441F0E14E2F3259CF5 -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\Drivers\SignedPhones\s1029ndis.inf

< MD5 for: S116NDIS.INF >
[2007.04.03 14:13:56 | 000,008,634 | R--- | M] () MD5=1772FF05A2D6FC17C349FFFEEFBF3175 -- C:\WINDOWS\system32\DRVSTORE\s116ndis_A53E3A4209E2289370AAD8AEB452D42DD0A9F77A\s116ndis.inf

< MD5 for: S616NDIS.INF >
[2007.04.03 13:55:18 | 000,008,628 | R--- | M] () MD5=BBD926226AF82139ED3137E27B410768 -- C:\WINDOWS\system32\DRVSTORE\s616ndis_BC0951E0329684A71CAD29F53BF2A61D61BA8A9C\s616ndis.inf

< MD5 for: S716NDIS.INF >
[2007.04.04 14:45:30 | 000,008,634 | R--- | M] () MD5=6E03B57CF2FCF9CEFD7EDEA5B5D0D44C -- C:\WINDOWS\system32\DRVSTORE\s716ndis_DFBBF0C093A3E74C62E36E25E809DFAB4E562E6C\s716ndis.inf

< MD5 for: S816NDIS.INF >
[2007.06.01 14:03:46 | 000,008,616 | R--- | M] () MD5=08EDB27FA7CA35E1B3633A6E05AE1BD4 -- C:\WINDOWS\system32\DRVSTORE\s816ndis_D7CF9C3129229D02F512ADFE683E32F539015344\s816ndis.inf

< MD5 for: STU2.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\stu2.exe

< MD5 for: USERINIT.EXE >
[2008.08.20 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\sdileni\compaq 530\root\WINDOWS\system32\dllcache\userinit.exe
[2008.08.20 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\sdileni\compaq 530\root\WINDOWS\system32\dllcache\userinit.exe
[2008.08.20 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\sdileni\compaq 530\root\WINDOWS\system32\userinit.exe
[2008.08.20 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\sdileni\compaq 530\root\WINDOWS\system32\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.17 17:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2004.08.17 17:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: USERINIT.EXE-30B18140.PF >
[2009.12.23 14:53:15 | 000,013,278 | ---- | M] () MD5=46183E40FCB2B47375CFCF26287BB191 -- C:\sdileni\compaq 530\root\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf
[2010.06.24 07:47:36 | 000,019,650 | ---- | M] () MD5=DA59FEF07383D9D89FB193A1CE14F5FD -- C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf

< MD5 for: W95NDIS.TXT >
[1999.06.07 16:53:00 | 000,017,642 | ---- | M] () MD5=0CDBFFF4C6D2C3DD5D9A889C8DC1AE61 -- C:\ins\servis\Sitovky\3c90xx\help\w95ndis.txt

< MD5 for: WCERNDIS.CAT >
[2006.03.08 09:57:18 | 000,008,229 | ---- | M] () MD5=36D180CF40278C23CD66B42003B8C42F -- C:\Program Files\Microsoft ActiveSync\Drivers\WceRndis.cat

< MD5 for: WCERNDIS.INF >
[2006.03.08 09:57:18 | 000,003,432 | ---- | M] () MD5=3AEF6E48F055378158CA469CF6C9B2D6 -- C:\Program Files\Microsoft ActiveSync\Drivers\WceRndis.inf

< MD5 for: WFWNDIS.TXT >
[1999.06.01 16:18:50 | 000,004,060 | ---- | M] () MD5=9B96A0DDC53B1851F4785694F9995D84 -- C:\ins\servis\Sitovky\3c90xx\help\wfwndis.txt
< End of report >

ok · #8 Příspěvek od ok » 25 čer 2010 14:37

Vypis z MBR

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

ok · #9 Příspěvek od ok » 25 čer 2010 14:39

Dalsi log po mbr -t

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Nevim kde jsem to nabral ale asi z mailu ale vetsinou nic neoeviram, ale jendou mysli ze jo, ale jak nerestartuju, tak to tezko urcim...

ok · #10 Příspěvek od ok » 25 čer 2010 14:42

Stav PC - po resteru uz nehlasi chybu na userinit ani na ntndis ale porad nejde nasdilet zadnou slozku, nevim ve vlastnostech slozky to nemam....

ok · #11 Příspěvek od ok » 25 čer 2010 14:46

Tady je,

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll >>UNKNOWN [0x8AA9FDD0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x8a4c3d08
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

ok · #12 Příspěvek od ok » 25 čer 2010 14:48

Tady to je.

C:\Documents and Settings\supervisor\Plocha\HAMeb_check.exe
p 25.06.2010 at 15:47:44,70

éźet je aktivnˇ Ne

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll >>UNKNOWN [0x8AA9FDD0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x8a4c3d08
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"=1700:TCP:*:Enabled:MioNet Remote Drive Access 0
"1701:TCP"=1701:TCP:*:Enabled:MioNet Remote Drive Access 1
"1702:TCP"=1702:TCP:*:Enabled:MioNet Remote Drive Access 2
"1703:TCP"=1703:TCP:*:Enabled:MioNet Remote Drive Access 3
"1704:TCP"=1704:TCP:*:Enabled:MioNet Remote Drive Access 4
"1705:TCP"=1705:TCP:*:Enabled:MioNet Remote Drive Access 5
"1706:TCP"=1706:TCP:*:Enabled:MioNet Remote Drive Access 6
"1707:TCP"=1707:TCP:*:Enabled:MioNet Remote Drive Access 7
"1708:TCP"=1708:TCP:*:Enabled:MioNet Remote Drive Access 8
"1709:TCP"=1709:TCP:*:Enabled:MioNet Remote Drive Access 9
"1641:TCP"=1641:TCP:*:Enabled:MioNet Remote Drive Verification

~~ EOF ~~

ok · #13 Příspěvek od ok » 28 čer 2010 06:44

Zdravim,

byl jsem cely vikend pryc, tak to posilam az ted, ale uz to vypada ze vse funguje, uz je videt i sdileni atd.

tady je log:

ComboFix 10-06-24.03 - Administrator 25.06.2010 16:04:34.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1620 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\jestertb.dll
c:\windows\system32\ndisapi.dll

----- BITS: Možné infikované stránky -----

hxxp://www.deadly-pie.cn
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NDISRD

((((((((((((((((((((((((( Soubory vytvořené od 2010-05-25 do 2010-06-25 )))))))))))))))))))))))))))))))
.

2010-06-25 13:27 . 2010-06-25 13:27 77312 ----a-w- C:\mbr.exe
2010-06-25 12:44 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-06-25 12:44 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\Changer.sys
2010-06-25 12:44 . 2008-04-13 18:40 8192 ----a-w- C:\changer.sys
2010-06-25 12:44 . 2008-04-13 18:40 96512 ----a-w- C:\atapi.sys
2010-06-25 12:44 . 2010-06-25 12:44 -------- d-----w- C:\_OTL
2010-06-25 12:36 . 2010-06-25 12:36 -------- d-----w- c:\program files\ERUNT
2010-06-23 12:39 . 2010-06-23 12:39 -------- d-----w- c:\program files\trend micro
2010-06-23 12:39 . 2010-06-23 12:39 -------- d-----w- C:\rsit
2010-06-23 11:28 . 2010-06-23 11:28 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-23 11:27 . 2010-06-23 11:27 -------- d-----w- c:\program files\Common Files\PCSuite
2010-06-09 04:13 . 2010-05-06 10:35 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-07 18:30 . 2010-06-07 18:30 -------- d-----w- C:\ADUSER
2010-06-05 08:21 . 2008-04-14 03:22 26112 ----a-w- c:\windows\system32\stu2.exe
2010-06-03 07:09 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-06-03 07:09 . 2010-06-03 07:09 -------- d-----w- c:\program files\PC Connectivity Solution

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-25 13:33 . 2007-11-14 15:30 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-06-25 12:44 . 2009-04-02 08:34 -------- d-----w- c:\program files\pdfforge Toolbar
2010-06-25 11:30 . 2008-12-02 09:25 -------- d-----w- c:\program files\LogMeIn
2010-06-24 01:02 . 2001-10-25 14:00 486614 ----a-w- c:\windows\system32\perfh005.dat
2010-06-24 01:02 . 2001-10-25 14:00 106078 ----a-w- c:\windows\system32\perfc005.dat
2010-06-23 11:27 . 2007-11-14 14:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-23 11:26 . 2007-11-16 11:26 -------- d-----w- c:\program files\Nokia
2010-06-22 12:43 . 2009-09-09 09:19 -------- d-----w- c:\program files\Common Files\Nokia
2010-06-17 06:29 . 2010-04-15 06:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-14 08:32 . 2008-02-05 13:04 -------- d-----w- c:\program files\FotoStar
2010-06-14 07:18 . 2007-11-14 14:55 -------- d-----w- c:\program files\DreamCom
2010-06-10 09:36 . 2008-12-02 09:26 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-10 09:36 . 2008-12-02 09:26 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-06-10 09:36 . 2008-12-02 09:26 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-05-06 10:35 . 2004-08-17 15:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2004-08-17 15:44 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:32 . 2004-08-17 15:48 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-12 15:29 . 2010-04-23 06:08 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-03-30 22:16 . 2010-03-30 22:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-30 22:10 . 2010-03-30 22:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 18:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-05-15 95536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RadioTray"="c:\pciradio\Radiotray.exe" [2000-05-11 32256]
"FmctrlTray"="Fmctrl.EXE" [2001-08-20 270336]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-27 16844800]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"WinSys2"="c:\windows\system32\winsys2.exe" [2006-04-29 208896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-18 185896]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-05-15 54576]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-02-27 278016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"BrowserChoice"="c:\windows\system32\browserchoice.exe" [2010-02-12 293376]
"wininet"="c:\wutemp\srvxc.exe" [2010-06-09 116224]

c:\documents and settings\supervisor\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RadioAKTIV.lnk - c:\pciradio\Raktiv32.exe [2000-5-12 392192]
Z stupce - DOSPrintUI.lnk - c:\ins\DOS presmerovani\DOSPrintUI.exe [2007-11-15 48128]
Z stupce - netfruko.lnk - C:\netfruko.bat [2007-11-14 233]
Z stupce - RFlowCollector.lnk - c:\internet\RFlowCollectorV3\RFlowCollector.exe [2008-6-20 5812224]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Rychlě zaź tek s aplikacˇ HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-06-10 09:36 87424 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FmctrlTray]
2001-08-20 20:47 270336 ----a-w- c:\windows\system32\fmctrl.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\bkwin\\20398\\BKWIN.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\Sony Ericsson\\SEMC OMSI Module\\SEMC OMSI Module.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4899:TCP"= 4899:TCP:sit
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [14.11.2007 20:02 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [14.11.2007 20:02 5248]
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 23:39 20744]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 15:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6.2.2009 15:24 93336]
R1 UserPort;UserPort;c:\windows\system32\drivers\userport.sys [9.1.2008 16:49 4256]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 11:28 73728]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [27.2.2009 16:40 143467]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 15:23 727720]
R2 EmmaDevMgmtSvc;Emma Device Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [8.9.2009 17:11 306296]
R2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [8.9.2009 17:11 162936]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24.7.2008 19:46 12856]
R2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [15.11.2007 14:48 20064]
R2 MSSQL$BANKKLIENT;MSSQL$BANKKLIENT;c:\program files\bkwin\MSDE2K\MSSQL$BANKKLIENT\Binn\sqlservr.exe -sBANKKLIENT --> c:\program files\bkwin\MSDE2K\MSSQL$BANKKLIENT\Binn\sqlservr.exe -sBANKKLIENT [?]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [14.1.2010 9:02 90112]
R2 r_server;Remote Administrator Service;c:\windows\system32\r_server.exe [17.11.2007 11:15 708608]
R2 RadPciNT;RadPciNT;c:\windows\system32\RadPciNT.sys [24.4.2000 18:26 9417]
R2 SATARaid5 Config Service;SATARaid5 Configuration Service;c:\program files\Silicon Image\3132-W-R\SATARaid5ConfigService.exe [5.10.2005 18:19 131072]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 12:44 30088]
R3 gameport;FM801 PCI Joystick;c:\windows\system32\drivers\fmjoy.sys [14.11.2007 20:39 9728]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 14:58 26248]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [23.9.2009 7:58 27632]
R3 wdm_fm801;FM801 PCI Audio (WDM);c:\windows\system32\drivers\fm801.sys [14.11.2007 20:39 328320]
S2 MacroSoft;Microsoft Network helper Service;c:\windows\system32\svchost -k MacroSoft --> c:\windows\system32\svchost -k MacroSoft [?]
S3 FWL;Fwl Packet Filter;\??\c:\program files\Software602\602LAN SUITE\fwl.sys --> c:\program files\Software602\602LAN SUITE\fwl.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [23.9.2009 8:30 13224]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [16.11.2007 11:07 32377]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [23.9.2009 7:56 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [23.9.2009 7:56 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [23.9.2009 7:56 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [23.9.2009 7:57 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [23.9.2009 7:57 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [23.9.2009 7:57 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [23.9.2009 7:57 115752]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [26.2.2009 16:16 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [26.2.2009 16:16 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [26.2.2009 16:16 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [26.2.2009 16:16 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [26.2.2009 16:16 98568]
S3 SQLAgent$BANKKLIENT;SQLAgent$BANKKLIENT;c:\program files\bkwin\MSDE2K\MSSQL$BANKKLIENT\Binn\sqlagent.EXE -i BANKKLIENT --> c:\program files\bkwin\MSDE2K\MSSQL$BANKKLIENT\Binn\sqlagent.EXE -i BANKKLIENT [?]
S3 usb2vcom;USB Data Cable;c:\windows\system32\drivers\usb2vcom.sys [4.4.2008 14:51 29152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
MacroSoft REG_MULTI_SZ MacroSoft
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {5B32B4CD-41AE-4F3F-8060-08FA64E1E77D} = 192.168.1.1
DPF: {43BD5CFC-1382-4282-8239-AEC0E7ECAA48} - hxxp://www.wspk.cz/internetbanking/internetban ... roject.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\felc3r70.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npfiller.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-PATHPILOT - c:\program files\Kat MP3 Recorder\Kat MP3 Recorder.exe
Notify-AtiExtEvent - (no file)
AddRemove-Majetek Visual verze 4.6x-2007 - c:\arrowsys\MAJETEKW\setup\setup.exe
AddRemove-Useful File Utilities - c:\program files\UFU\UninstUFU.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-25 16:11
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll >>UNKNOWN [0x8AAB1B10]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf7586cb8
\Driver\atapi -> 0x8a4a7ae8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\LMIinit.dll
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'lsass.exe'(940)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'explorer.exe'(2640)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\bkwin\MSDE2K\MSSQL$BANKKLIENT\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Celkový čas: 2010-06-25 16:18:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-25 14:18

Před spuštěním: 7 875 358 720
Po spuštění: 7 697 293 312

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 4527EE948E6E252F9A296637CC7B4C8A

ok · #14 Příspěvek od ok » 28 čer 2010 17:52

Ahoj,

tak tady je vysledek z virustotal:

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x159f7
timedatestamp.....: 0x4802539d (Sun Apr 13 18:40:29 2008)
machinetype.......: 0x14c (I386)

( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x97ba 0x9800 6.45 0d7d81391f33c6450a81be1e3ac8c7b7
NONPAGE 0x9b80 0x18e8 0x1900 6.48 c74a833abd81cc5d037de168e055ad29
.rdata 0xb480 0xa64 0xa80 4.31 8523651899e28819a14bf9415af25708
.data 0xbf00 0xd94 0xe00 0.45 3575b51634ae7a56f55f1ee0a6213834
PAGESCAN 0xcd00 0x157f 0x1580 6.20 dc4c309c4db9576daa752fdd125fccf9
PAGE 0xe280 0x61da 0x6200 6.46 40b83d4d552384e58a03517a98eb4863
INIT 0x14480 0x22be 0x2300 6.47 906462abc478368424ea462d5868d2e3
.rsrc 0x16780 0x3e0 0x400 3.36 8fd2d82e745b289c28bc056d3a0d62ab
.reloc 0x16b80 0xd20 0xd80 6.39 ce2b0898cc0e40b618e5df9099f6be45

( 3 imports )
> ntoskrnl.exe: RtlInitUnicodeString, swprintf, KeSetEvent, IoCreateSymbolicLink, IoGetConfigurationInformation, IoDeleteSymbolicLink, MmFreeMappingAddress, IoFreeErrorLogEntry, IoDisconnectInterrupt, MmUnmapIoSpace, ObReferenceObjectByPointer, IofCompleteRequest, RtlCompareUnicodeString, IofCallDriver, MmAllocateMappingAddress, IoAllocateErrorLogEntry, IoConnectInterrupt, IoDetachDevice, KeWaitForSingleObject, KeInitializeEvent, KeCancelTimer, RtlAnsiStringToUnicodeString, RtlInitAnsiString, IoBuildDeviceIoControlRequest, IoQueueWorkItem, MmMapIoSpace, IoInvalidateDeviceRelations, IoReportDetectedDevice, IoReportResourceForDetection, RtlxAnsiStringToUnicodeSize, NlsMbCodePageTag, PoRequestPowerIrp, KeInsertByKeyDeviceQueue, PoRegisterDeviceForIdleDetection, sprintf, MmMapLockedPagesSpecifyCache, ObfDereferenceObject, IoGetAttachedDeviceReference, IoInvalidateDeviceState, ZwClose, ObReferenceObjectByHandle, ZwCreateDirectoryObject, IoBuildSynchronousFsdRequest, PoStartNextPowerIrp, IoCreateDevice, RtlCopyUnicodeString, IoAllocateDriverObjectExtension, RtlQueryRegistryValues, ZwOpenKey, RtlFreeUnicodeString, IoStartTimer, KeInitializeTimer, IoInitializeTimer, KeInitializeDpc, KeInitializeSpinLock, IoInitializeIrp, ZwCreateKey, RtlAppendUnicodeStringToString, RtlIntegerToUnicodeString, ZwSetValueKey, KeInsertQueueDpc, KefAcquireSpinLockAtDpcLevel, IoStartPacket, KefReleaseSpinLockFromDpcLevel, IoBuildAsynchronousFsdRequest, IoFreeMdl, MmUnlockPages, IoWriteErrorLogEntry, KeRemoveByKeyDeviceQueue, MmMapLockedPagesWithReservedMapping, MmUnmapReservedMapping, KeSynchronizeExecution, IoStartNextPacket, KeBugCheckEx, KeRemoveDeviceQueue, KeSetTimer, _allmul, MmProbeAndLockPages, _except_handler3, PoSetPowerState, IoOpenDeviceRegistryKey, RtlWriteRegistryValue, RtlDeleteRegistryValue, _aulldiv, strstr, _strupr, KeQuerySystemTime, IoWMIRegistrationControl, KeTickCount, IoAttachDeviceToDeviceStack, IoDeleteDevice, ExAllocatePoolWithTag, IoAllocateWorkItem, IoAllocateIrp, IoAllocateMdl, MmBuildMdlForNonPagedPool, MmLockPagableDataSection, IoGetDriverObjectExtension, MmUnlockPagableImageSection, ExFreePoolWithTag, IoFreeIrp, IoFreeWorkItem, InitSafeBootMode, RtlCompareMemory, PoCallDriver, memmove, MmHighestUserAddress
> HAL.dll: KfAcquireSpinLock, READ_PORT_UCHAR, KeGetCurrentIrql, KfRaiseIrql, KfLowerIrql, HalGetInterruptVector, HalTranslateBusAddress, KeStallExecutionProcessor, KfReleaseSpinLock, READ_PORT_BUFFER_USHORT, READ_PORT_USHORT, WRITE_PORT_BUFFER_USHORT, WRITE_PORT_UCHAR
> WMILIB.SYS: WmiSystemControl, WmiCompleteRequest

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
packers (Kaspersky): PE_Patch
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: IDE/ATAPI Port Driver
original name: atapi.sys
internal name: atapi.sys
file version.: 5.1.2600.5512 (xpsp.080413-2108)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Tyto porty znam: MioNet Remote Drive a Sit , mozna ten mionet zakazu, nepouzivam ho.

Zbytek udelam zitra, musim pryc.

Zatim diky.

OK

ok · #15 Příspěvek od ok » 02 črc 2010 08:02

Ahoj,

nevim co myslis: potrebuji co nasly av ???

VIRY.CZ

pocitac nemuze najit po startu ntndis.exe a nejde sdileni

pocitac nemuze najit po startu ntndis.exe a nejde sdileni

Re: pocitac nemuze najit po startu ntndis.exe a nejde sdilen

Re: pocitac nemuze najit po startu ntndis.exe a nejde sdilen

Re: pocitac nemuze najit po startu ntndis.exe a nejde sdilen

Re: pocitac nemuze najit po startu ntndis.exe a nejde sdilen

Re: pocitac nemuze najit po startu ntndis.exe a nejde sdilen

Re: pocitac nemuze najit po startu ntndis.exe a nejde sdilen

Re: pocitac nemuze najit po startu ntndis.exe a nejde sdilen

Re: pocitac nemuze najit po startu ntndis.exe a nejde sdilen

Re: pocitac nemuze najit po startu ntndis.exe a nejde sdilen

Re: pocitac nemuze najit po startu ntndis.exe a nejde sdilen

Re: pocitac nemuze najit po startu ntndis.exe a nejde sdilen

Re: pocitac nemuze najit po startu ntndis.exe a nejde sdilen

Re: pocitac nemuze najit po startu ntndis.exe a nejde sdilen

Re: pocitac nemuze najit po startu ntndis.exe a nejde sdilen