Prosím o pomoc confinger červ díky
Napsal: 28 zář 2010 11:26
Logfile of random's system information tool 1.08 (written by random/random)
Run by Majk-Little at 2010-09-28 12:16:18
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 9 GB (78%) free of 12 GB
Total RAM: 128 MB (21% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:18:04, on 28.9.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\atievxx.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\Atiptaxx.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Documents and Settings\Majk-Little\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Majk-Little\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Majk-Little\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Majk-Little\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Majk-Little.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DAAB5FE-D924-4201-834C-48349D2C825B}: NameServer = 62.141.0.1 213.162.65.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DAAB5FE-D924-4201-834C-48349D2C825B}: NameServer = 62.141.0.1 213.162.65.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 4080 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 54248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-26 41368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-26 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"=C:\WINDOWS\system32\Atiptaxx.exe [2001-10-10 270336]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-02-06 2021400]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-26 148888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile Communication Centre]
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe [2009-01-08 1331024]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-09-28 12:16:34 ----D---- C:\Program Files\trend micro
2010-09-28 12:16:18 ----D---- C:\rsit
2010-09-27 20:40:57 ----D---- C:\Program Files\Ultimate Process Manager
2010-09-26 17:39:48 ----D---- C:\WINDOWS\Minidump
2010-09-25 10:11:30 ----D---- C:\Program Files\WinRAR
2010-09-25 08:36:51 ----D---- C:\Documents and Settings\Majk-Little\Data aplikací\vlc
2010-09-25 08:31:11 ----D---- C:\Program Files\VideoLAN
2010-09-25 08:02:05 ----A---- C:\WINDOWS\UPGRADE.TXT
2010-09-25 08:01:56 ----D---- C:\WINDOWS\setup.pss
2010-09-25 08:01:19 ----D---- C:\WINDOWS\setupupd
2010-09-24 19:45:48 ----D---- C:\Program Files\ESET
2010-09-24 19:45:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-09-24 19:45:41 ----SHD---- C:\Config.Msi
2010-09-24 19:10:07 ----D---- C:\Documents and Settings\Majk-Little\Data aplikací\Media Player Classic
2010-09-24 18:47:52 ----D---- C:\Documents and Settings\Majk-Little\Data aplikací\U3
2010-09-24 18:15:51 ----D---- C:\WINDOWS\pss
2010-09-24 18:13:11 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2010-09-24 18:12:12 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2010-09-08 23:25:39 ----A---- C:\WINDOWS\system32\ptpusb.dll
2010-09-08 23:25:32 ----A---- C:\WINDOWS\system32\ptpusd.dll
2010-09-08 23:25:14 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
======List of files/folders modified in the last 1 months======
2010-09-28 12:16:34 ----RD---- C:\Program Files
2010-09-28 12:00:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-28 11:48:30 ----D---- C:\WINDOWS\Temp
2010-09-28 11:42:04 ----D---- C:\Documents and Settings\Majk-Little\Data aplikací\Mozilla
2010-09-28 11:37:14 ----D---- C:\WINDOWS\system32
2010-09-28 10:52:24 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-27 20:42:20 ----D---- C:\WINDOWS\Prefetch
2010-09-26 17:39:49 ----D---- C:\WINDOWS
2010-09-25 07:55:17 ----D---- C:\WINDOWS\SoftwareDistribution
2010-09-24 20:13:09 ----SH---- C:\boot.ini
2010-09-24 20:13:09 ----A---- C:\WINDOWS\win.ini
2010-09-24 20:13:09 ----A---- C:\WINDOWS\system.ini
2010-09-24 19:56:16 ----SHD---- C:\WINDOWS\Installer
2010-09-24 19:54:11 ----D---- C:\WINDOWS\system32\drivers
2010-09-24 19:54:10 ----HD---- C:\WINDOWS\inf
2010-09-24 19:13:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-09-24 19:00:31 ----D---- C:\WINDOWS\Debug
2010-09-24 18:13:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-09-08 23:29:00 ----SD---- C:\Documents and Settings\Majk-Little\Data aplikací\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R2 Ethpdrv;Ethernet Packet Driver; C:\WINDOWS\system32\DRIVERS\ethpdrv.sys [2007-08-01 16376]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R3 ati2mpad;ati2mpad; C:\WINDOWS\system32\DRIVERS\ati2mpad.sys [2002-02-18 303360]
R3 ess;ESS Audio Driver (WDM); C:\WINDOWS\system32\drivers\ess.sys [2001-08-17 63360]
R3 IpwP;IPWireless 3G Network Adapter; C:\WINDOWS\system32\DRIVERS\ipw3gnet.sys [2008-10-10 51040]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-10-24 35913]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-18 20480]
S3 atimpab;atimpab; C:\WINDOWS\system32\DRIVERS\atimpab.sys [2001-10-24 289664]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ameisvc;Web'n'walk Manager mobile equipment installation service; C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2009-01-08 58608]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\atievxx.exe [2001-10-24 37376]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-26 152984]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-02-06 20680]
-----------------EOF-----------------
Run by Majk-Little at 2010-09-28 12:16:18
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 9 GB (78%) free of 12 GB
Total RAM: 128 MB (21% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:18:04, on 28.9.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\atievxx.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\Atiptaxx.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Documents and Settings\Majk-Little\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Majk-Little\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Majk-Little\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Majk-Little\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Majk-Little.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DAAB5FE-D924-4201-834C-48349D2C825B}: NameServer = 62.141.0.1 213.162.65.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DAAB5FE-D924-4201-834C-48349D2C825B}: NameServer = 62.141.0.1 213.162.65.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 4080 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 54248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-26 41368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-26 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"=C:\WINDOWS\system32\Atiptaxx.exe [2001-10-10 270336]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-02-06 2021400]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-26 148888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile Communication Centre]
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe [2009-01-08 1331024]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-09-28 12:16:34 ----D---- C:\Program Files\trend micro
2010-09-28 12:16:18 ----D---- C:\rsit
2010-09-27 20:40:57 ----D---- C:\Program Files\Ultimate Process Manager
2010-09-26 17:39:48 ----D---- C:\WINDOWS\Minidump
2010-09-25 10:11:30 ----D---- C:\Program Files\WinRAR
2010-09-25 08:36:51 ----D---- C:\Documents and Settings\Majk-Little\Data aplikací\vlc
2010-09-25 08:31:11 ----D---- C:\Program Files\VideoLAN
2010-09-25 08:02:05 ----A---- C:\WINDOWS\UPGRADE.TXT
2010-09-25 08:01:56 ----D---- C:\WINDOWS\setup.pss
2010-09-25 08:01:19 ----D---- C:\WINDOWS\setupupd
2010-09-24 19:45:48 ----D---- C:\Program Files\ESET
2010-09-24 19:45:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-09-24 19:45:41 ----SHD---- C:\Config.Msi
2010-09-24 19:10:07 ----D---- C:\Documents and Settings\Majk-Little\Data aplikací\Media Player Classic
2010-09-24 18:47:52 ----D---- C:\Documents and Settings\Majk-Little\Data aplikací\U3
2010-09-24 18:15:51 ----D---- C:\WINDOWS\pss
2010-09-24 18:13:11 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2010-09-24 18:12:12 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2010-09-08 23:25:39 ----A---- C:\WINDOWS\system32\ptpusb.dll
2010-09-08 23:25:32 ----A---- C:\WINDOWS\system32\ptpusd.dll
2010-09-08 23:25:14 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
======List of files/folders modified in the last 1 months======
2010-09-28 12:16:34 ----RD---- C:\Program Files
2010-09-28 12:00:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-28 11:48:30 ----D---- C:\WINDOWS\Temp
2010-09-28 11:42:04 ----D---- C:\Documents and Settings\Majk-Little\Data aplikací\Mozilla
2010-09-28 11:37:14 ----D---- C:\WINDOWS\system32
2010-09-28 10:52:24 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-27 20:42:20 ----D---- C:\WINDOWS\Prefetch
2010-09-26 17:39:49 ----D---- C:\WINDOWS
2010-09-25 07:55:17 ----D---- C:\WINDOWS\SoftwareDistribution
2010-09-24 20:13:09 ----SH---- C:\boot.ini
2010-09-24 20:13:09 ----A---- C:\WINDOWS\win.ini
2010-09-24 20:13:09 ----A---- C:\WINDOWS\system.ini
2010-09-24 19:56:16 ----SHD---- C:\WINDOWS\Installer
2010-09-24 19:54:11 ----D---- C:\WINDOWS\system32\drivers
2010-09-24 19:54:10 ----HD---- C:\WINDOWS\inf
2010-09-24 19:13:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-09-24 19:00:31 ----D---- C:\WINDOWS\Debug
2010-09-24 18:13:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-09-08 23:29:00 ----SD---- C:\Documents and Settings\Majk-Little\Data aplikací\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R2 Ethpdrv;Ethernet Packet Driver; C:\WINDOWS\system32\DRIVERS\ethpdrv.sys [2007-08-01 16376]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R3 ati2mpad;ati2mpad; C:\WINDOWS\system32\DRIVERS\ati2mpad.sys [2002-02-18 303360]
R3 ess;ESS Audio Driver (WDM); C:\WINDOWS\system32\drivers\ess.sys [2001-08-17 63360]
R3 IpwP;IPWireless 3G Network Adapter; C:\WINDOWS\system32\DRIVERS\ipw3gnet.sys [2008-10-10 51040]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-10-24 35913]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-18 20480]
S3 atimpab;atimpab; C:\WINDOWS\system32\DRIVERS\atimpab.sys [2001-10-24 289664]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ameisvc;Web'n'walk Manager mobile equipment installation service; C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2009-01-08 58608]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\atievxx.exe [2001-10-24 37376]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-26 152984]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-02-06 20680]
-----------------EOF-----------------
