Opakovaný blok odesílání emailů

[maxXx]

Už se mi stalo několikrát že mi Outlook přestal odesílat emaily s tím, že moje IP adresa na SMTP serveru je označená jako "lisened".

Potřebuji zjistit jestli na mém PC není nějaký bot, či virus který by zapříčiňoval toto blokování.

Přikládám email od společnosti která mě típnula odesílání.

Thank you for contacting Barracuda Networks regarding your issue. Your issue is important to us. We have assigned a confirmation number: xxxxxxxxx-xxxxxx-xxxxxx to this case.

We apologize for any inconvenience that this may have caused you. Since this is not your first request for this IP, the reputation of this IP address will *not* be upgraded during the investigation. When our investigation is complete, you will receive a decision via email.

There are a number of reasons your IP address may have been listed as "poor", including:

1. The email server at this IP address contains a virus and has been sending out spam
2. The email server at this IP address may be configured incorrectly
3. The PC at this IP address may be infected with a virus or botnet software program
4. An individual in the organization at this IP address may have a PC infected with a virus or botnet program
5. This IP address may be a dynamic IP address which was previously utilized by a known spammer
6. The marketing department of a company at this IP address may be sending out bulk emails that do not comply with the CAN-SPAM Act
7. This IP address may have a insecure wireless network attached to it which could allow unknown users to use it's network connection to send out bulk email
8. In some rare cases, your recipients' Barracuda Spam Firewall may be misconfigured

If you do not think any of the above apply, please also contact the person who manages this IP address, as they may be better able to investigate this issue.


Thank you for your time and understanding.

Barracuda Central by Barracuda Networks
http://www.barracudacentral.com/
intent@barracuda.com

log je zde...

Logfile of random's system information tool 1.08 (written by random/random)
Run by Klimek at 2010-08-13 12:43:05
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 116 GB (76%) free of 153 GB
Total RAM: 575 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:43:36, on 13.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Klimek\Local Settings\Data aplikací\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Klimek\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Klimek\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Klimek\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Klimek\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Klimek\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Klimek\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Klimek\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Klimek\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Klimek\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Klimek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.cz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://hledani.tiscali.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Klimek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S79.tmp" /EF "HKCU"
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\Klimek\Data aplikací\SystemProc\lsass.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 6628 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-117609710-682003330-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-117609710-682003330-1004UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-07-21 1619296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-28 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-28 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2010-01-17 53248]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2010-01-17 176128]
"AudioDeck"=C:\Program Files\VIAudioi\SBADeck\ADeck.exe [2010-01-17 450560]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-07-17 2065760]
"Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"RTHDBPL"=C:\Documents and Settings\Klimek\Data aplikací\SystemProc\lsass.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Klimek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-01-16 135664]
"EPSON Stylus DX4400 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-03-01 180736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
C:\Program Files\VIA\RAID\raid_tool.exe [2006-12-28 4579328]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-07-17 12536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-08-13 12:43:07 ----D---- C:\Program Files\trend micro
2010-08-13 12:43:05 ----D---- C:\rsit
2010-08-12 03:04:15 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-12 03:04:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-12 03:04:02 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-12 03:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-12 03:03:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-12 03:03:41 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-12 03:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-12 03:00:40 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-08-03 03:00:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-07-17 08:19:34 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-07-14 03:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$

======List of files/folders modified in the last 1 months======

2010-08-13 12:43:07 ----RD---- C:\Program Files
2010-08-13 12:43:02 ----D---- C:\WINDOWS\Prefetch
2010-08-13 11:33:51 ----D---- C:\WINDOWS\Temp
2010-08-13 09:36:13 ----D---- C:\WINDOWS\system32\drivers\Avg
2010-08-13 04:12:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-12 03:21:49 ----D---- C:\WINDOWS
2010-08-12 03:21:08 ----D---- C:\WINDOWS\system32
2010-08-12 03:04:56 ----HD---- C:\WINDOWS\inf
2010-08-12 03:04:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-12 03:04:46 ----D---- C:\WINDOWS\system32\cs-cz
2010-08-12 03:04:45 ----D---- C:\Program Files\Internet Explorer
2010-08-12 03:04:17 ----D---- C:\WINDOWS\system32\drivers
2010-08-12 03:04:17 ----A---- C:\WINDOWS\imsins.BAK
2010-08-12 03:04:14 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-12 03:03:46 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-12 03:03:40 ----D---- C:\WINDOWS\system32\CatRoot
2010-08-12 03:00:51 ----D---- C:\Program Files\Movie Maker
2010-08-03 20:09:31 ----A---- C:\WINDOWS\system32\MRT.exe
2010-07-27 08:30:31 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-18 08:05:54 ----SD---- C:\WINDOWS\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 gagp30kx;Filtr Microsoft Generic AGPv3.0 pro procesorovou platformu K8; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2008-04-13 46464]
R0 viamraid;viamraid; C:\WINDOWS\system32\DRIVERS\viamraid.sys [2006-11-08 102912]
R0 videX32;videX32; C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 9216]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2010-02-20 82380]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-07-17 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-06-03 29584]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-07-17 243024]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2010-01-17 252416]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2010-01-17 202112]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 42496]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:\WINDOWS\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:\WINDOWS\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-07-17 308136]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-28 153376]
S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

P.S. Toto je firemní PC na kterém je vše legální a tak bych byl rád aby vše taky fungovalo... Děkuji za pomoc...

[vyosek]

Zdravim a pekne odpoledne preji

Odpovim Vam citaci nasi site adminky:

Dobrý den,
naše fórum funguje na bázi dobrovolnosti, rádci zde radí zadarmo a ve svém volném čase.
Z kapacitních a ani etických důvodů nesuplujeme práci bezpečnostních techniků ani lidí, kteří za tuto činnost jsou placeni.

S pozdravem
iwigirl
site admin

Takze doporucuji se obratit na IT technika Vasi firmy.
Omlouvam se ze neprinasim lepsi zpravy, ale posledni dobou je zde mnoho useru, kteri si zde chce lecit sve firemni PC ac od toho maji placene ajtaky ve firme. A je to opravdu problem tady suplovat neci praci - ac pomahame radi...

[maxXx]

Jsem soukromník, tím firemním PC jsem chtěl pouze říct, že je zaměřeno pouze na učetnictví atd... žádné hry a podobně... IT technika opravdu nevlastním... tak bych ještě jednou požádal o pomoc.. děkuji.

[vyosek]

Muzete si najmou nejakeho externiho a naklady na nej dat do nakladu na podnikani...Ale dobra tedy...

Mate jedinecnou IP adresu Je mozne ze je Vase PC ciste a pouze jine IP zapojene do site je infikovano a ono zpusobuje to bloknuti od outlooku...

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

• C:\Documents and Settings\Klimek\Data aplikací\SystemProc\lsass.exe
• Kliknete na Prochazet
• Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
• Pokud napise Soubor byl jiz testovan, dejte otestovat znovu
• Kliknete na Otestovat soubor
• Vysledek analyzy sem vlozte (jako odkaz)

[maxXx]

C:\Documents and Settings\Klimek\Data aplikací\SystemProc\lsass.exe
Tento soubor nebyl nalezen!

[vyosek]

Fajn, to jen potvrzuje tvrzeni RSITu - obcas ma na tohle sve dny...

Stahnete OTM (viz muj podpis)

• Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
• Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

• Kód: Vybrat vše

  :reg
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
  "RTHDBPL"=-
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  "SunJavaUpdateSched"=-
  "Share-to-Web Namespace Daemon"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "Google Update"=-
  
  :files
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp /s
  C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-117609710-682003330-1004Core.job
  C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-117609710-682003330-1004UA.job
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [CLEARALLRESTOREPOINTS]

• Kliknete na cervene tlacitko MoveIt!
• Sem pote dejte obsah okna Results (pod zelenou carou)
• Pokud budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

• Provedte aktualizaci - treti zalozka
• Provedte uplny sken - nic nemazte
• MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

[maxXx]

Log OTM

All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\RTHDBPL deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Share-to-Web Namespace Daemon deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
C:\WINDOWS\system32\SET4D.tmp moved successfully.
C:\WINDOWS\system32\SET52.tmp moved successfully.
C:\WINDOWS\system32\SETA2.tmp moved successfully.
C:\WINDOWS\002557_.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\twain_32\hpqgends.tmp moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-117609710-682003330-1004Core.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-117609710-682003330-1004UA.job moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Klimek
->Temp folder emptied: 55087705 bytes
->Temporary Internet Files folder emptied: 224917206 bytes
->Java cache emptied: 2153948 bytes
->Google Chrome cache emptied: 380670037 bytes
->Flash cache emptied: 84317 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 129290 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 353227 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 123075654 bytes

Total Files Cleaned = 750,00 mb


Restore points cleared and new OTM Restore Point set!

OTM by OldTimer - Version 3.1.15.0 log created on 08132010_134747

Files moved on Reboot...

Registry entries deleted on Reboot...

[vyosek]

OK, pockam na mbam...
Maze jeste nejake PC pripojene do site kde je toto? mate svou ip nebo sdilenou
nedavejte prosim logy do [quote]

[maxXx]

Ano je to v domácí síťi... S jednou venkovní IP adresou...

Další dva počítače připojeny do této síťe se tváří jako nezavirované, ale na nich Outlook nepouživáme...

[vyosek]

Dobra tedy, pockame jestli mbam neco najde...
Jaky program na ucetnictvi pouzivate Nasadil bych Combofix kdyby bylo nejhure, ale je na ucetni program Ucto agresivni (bohuzel)

[maxXx]

MBAM log...


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4424

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

13.8.2010 14:59:40
mbam-log-2010-08-13 (14-59-40).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 176088
Uplynulý čas: 56 minuta(y), 25 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 3
Infikované složky: 4
Infikované soubory: 11

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
C:\Documents and Settings\Klimek\Data aplikací\SystemProc (Trojan.Agent) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D} (Trojan.Swisyn) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Trojan.Swisyn) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Trojan.Swisyn) -> No action taken.

Infikované soubory:
C:\Documents and Settings\Klimek\Dokumenty\Foto nefunkční\Doma 04\DSCN2842.JPG (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\Klimek\Dokumenty\Foto nefunkční\Uh.Hradište 07\DSC02829.JPG (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\Klimek\Dokumenty\Foto nefunkční\Pochod na Kazatelnu Duben 05\DSCN4496.JPG (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\Klimek\Dokumenty\Foto nefunkční\Pochod na Kazatelnu Duben 05\DSCN4503.JPG (Extension.Mismatch) -> No action taken.
C:\Recovery\Files2_vse\LostFiles1\0000392503464D47433752[1].jpg (Extension.Mismatch) -> No action taken.
C:\Recovery\Files2_vse\LostFiles1\00010971[1].jpg (Extension.Mismatch) -> No action taken.
C:\Recovery\Files2_vse\LostFiles1\1538[1].jpg (Extension.Mismatch) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Trojan.Swisyn) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Trojan.Swisyn) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Trojan.Swisyn) -> No action taken.
C:\confin.sys (Malware.Trace) -> No action taken.

[maxXx]

Dobra tedy, pockame jestli mbam neco najde...
Jaky program na ucetnictvi pouzivate Nasadil bych Combofix kdyby bylo nejhure, ale je na ucetni program Ucto agresivni (bohuzel)

Používáme účetní program Tomia. Firma která ho spravuje už dávno zanikla tak nevím jak by to bylo s podporou kdyby se něco stalo...

[vyosek]

Vse co nasel MBAM smazte

Nejde ani tak o podporu, on je CF smaze, ale dela zalohy, akorat se musi obnovit...Poradim se s kolegou na CF...

Jak se chova PC po smazani veci v MBAM

[maxXx]

Smazáno...

Vse co nasel MBAM smazte

Nejde ani tak o podporu, on je CF smaze, ale dela zalohy, akorat se musi obnovit...Poradim se s kolegou na CF...

Jak se chova PC po smazani veci v MBAM

PC není o poznání rychlejší ani pomalejší... Protože jsem ani před tím nepozoroval zpomalení.
Záminkou testu, byl výše uvedený email a zablokování Outlooku...

[vyosek]

Na zrychleni PC se vrhnem az v ramci cisteni, ted je prvotni problem s mailem...Outlook je stale zablokovan