Prosim o kontrolu logu... Diky...
Logfile of random's system information tool 1.08 (written by random/random)
Run by AA at 2011-07-06 17:32:32
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 66 GB (86%) free of 76 GB
Total RAM: 222 MB (9% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:45:13, on 6.7.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe
C:\WINDOWS\PixArt\PAP7501\PACTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\AA\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\AA.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GUCI_AVS] C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe
O4 - HKLM\..\Run: [PACTray] C:\WINDOWS\PixArt\PAP7501\PACTray.exe
O4 - HKLM\..\Run: [PAP7501_Monitor] C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Arjgjg] C:\Documents and Settings\AA\Data aplikací\Arjgjg.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Installer Service - Unknown owner - C:\Documents and Settings\All Users\Data aplikací\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{3FC42713-B6E7-49AA-A553-A224FE9828A8}\Installer\InstallerService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
--
End of file - 7628 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-01-20 77824]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2004-09-01 53248]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-07-04 161064]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"GUCI_AVS"=C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe [2007-12-10 323584]
"PACTray"=C:\WINDOWS\PixArt\PAP7501\PACTray.exe [2008-06-18 339968]
"PAP7501_Monitor"=C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe [2007-12-10 323584]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2011-07-04 3493720]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2011-01-11 63048]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-06-20 451872]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-07-04 148776]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-03-09 26100520]
"Arjgjg"=C:\Documents and Settings\AA\Data aplikací\Arjgjg.exe []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2011-06-08 87424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"ForceClassicControlPanel"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe"
"C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe"
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe"="C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"
"C:\Documents and Settings\AA\sc32.exe"="C:\Documents and Settings\AA\sc32.exe:*:C:\WINDOWS\jodrive32.exe"
"C:\Documents and Settings\AA\Data aplikací\7.tmp"="C:\Documents and Settings\AA\Data aplikací\7.tmp:*:C:\WINDOWS\aadrive32.exe"
"C:\Documents and Settings\AA\Data aplikací\1.tmp"="C:\Documents and Settings\AA\Data aplikací\1.tmp:*:C:\WINDOWS\aadrive32.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe"
"C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe"
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe"="C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"
======List of files/folders created in the last 1 months======
2011-07-06 17:33:53 ----D---- C:\Program Files\trend micro
2011-07-06 17:32:32 ----D---- C:\rsit
2011-07-06 16:31:09 ----A---- C:\WINDOWS\system32\LMIport.dll
2011-07-06 16:31:08 ----A---- C:\WINDOWS\system32\LMIRfsClientNP.dll
2011-07-06 16:31:07 ----A---- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2011-07-06 16:29:46 ----A---- C:\WINDOWS\system32\LMIinit.dll
2011-07-06 16:29:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\LogMeIn
2011-07-06 16:27:58 ----D---- C:\Program Files\LogMeIn
2011-07-06 15:49:19 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-07-06 15:49:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-07-06 15:37:56 ----D---- C:\Install
2011-07-06 15:09:11 ----D---- C:\Program Files\ESET
2011-07-06 15:03:33 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2011-07-06 13:50:11 ----D---- C:\Program Files\CCleaner
2011-07-02 17:04:57 ----A---- C:\Documents and Settings\AA\Data aplikací\B.tmp
======List of files/folders modified in the last 1 months======
2011-07-06 17:45:21 ----D---- C:\Documents and Settings\AA\Data aplikací\Skype
2011-07-06 17:33:53 ----RD---- C:\Program Files
2011-07-06 17:22:55 ----D---- C:\WINDOWS\Temp
2011-07-06 17:12:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-06 17:11:03 ----D---- C:\WINDOWS
2011-07-06 17:10:10 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-06 17:07:26 ----D---- C:\WINDOWS\system32
2011-07-06 16:53:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-06 16:45:47 ----D---- C:\Documents and Settings
2011-07-06 16:34:09 ----SHD---- C:\WINDOWS\Installer
2011-07-06 16:31:07 ----D---- C:\WINDOWS\system32\drivers
2011-07-06 16:30:53 ----HD---- C:\WINDOWS\inf
2011-07-06 16:01:47 ----D---- C:\Documents and Settings\AA\Data aplikací\go
2011-07-06 15:41:54 ----D---- C:\Program Files\Mozilla Firefox
2011-07-06 15:04:14 ----D---- C:\WINDOWS\SoftwareDistribution
2011-07-06 15:04:06 ----D---- C:\WINDOWS\Help
2011-07-06 14:07:14 ----D---- C:\Program Files\Ctyrka
2011-07-06 14:03:46 ----D---- C:\WINDOWS\Debug
2011-07-04 13:43:51 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-07-02 18:44:51 ----D---- C:\Program Files\Google
2011-07-02 18:15:41 ----D---- C:\Program Files\Common Files
2011-07-02 17:53:00 ----D---- C:\Program Files\ahead
2011-07-02 17:43:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2011-07-02 17:34:51 ----D---- C:\WINDOWS\Prefetch
2011-07-02 17:26:44 ----D---- C:\Program Files\HP
2011-07-02 17:24:43 ----D---- C:\Program Files\Adobe
2011-07-02 17:21:26 ----D---- C:\WINDOWS\WinSxS
2011-07-02 17:20:24 ----SD---- C:\WINDOWS\Tasks
2011-07-02 17:15:39 ----D---- C:\Documents and Settings\AA\Data aplikací\HPAppData
2011-07-02 17:04:57 ----D---- C:\WINDOWS\system32\appmgmt
2011-07-02 17:04:56 ----RD---- C:\Program Files\Skype
2011-06-30 18:43:19 ----RSHD---- C:\RECYCLER
2011-06-12 19:25:22 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2004-08-04 44672]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-07-04 30808]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-07-04 441176]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-07-04 309848]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-07-04 43608]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-07-04 102616]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-01-28 2310272]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 GUCI_AVS;Canyon USB2.0 PC Camera; C:\WINDOWS\system32\DRIVERS\GUCI_AVS.sys [2008-06-09 540160]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2011-01-11 10144]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2004-09-27 173440]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-10-28 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-10-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-10-28 21568]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-07-04 42184]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-28 79136]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe [2011-06-08 374152]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2011-06-08 136584]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2011-01-11 390528]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-07-04 267560]
S3 Installer Service;Installer Service; C:\Documents and Settings\All Users\Data aplikací\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{3FC42713-B6E7-49AA-A553-A224FE9828A8}\Installer\InstallerService.exe [2011-02-03 119296]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-07-04 779560]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Kontrola logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Kontrola logu
Zdravim a pekny podvecer preji 
Doporucuji odinstalovat Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam
Mate strasne malou RAM pamet
Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Doporucuji odinstalovat Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam
- Nahrady za Spybota:
- Samozrejme pouzivejte jen jeden z nich
- Osobne doporucuji SuperAntiSpyware
Mate strasne malou RAM pamet
james008 píše:Na dane mnozstvi ram se nehodi zadny (ani uplne holy bez antibiru a programu) ze soucasnymch
funkcnich a podporovanych os vyjma minimalizovanych verzi linuxu, jako jsou ZenWalk ci ArchLinux..
popr DSL..Damn small linux
Pokud chcete provozovat win system s av tak jedine a nejblize system XP sp3 a i presto byste mel
doplnit ram alespon na hodnotu 1Gb.
Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
- Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr
Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif - Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
- Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
- RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
- Ted nerestartujte PC - prisli byste o ucinek RKillu
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Kontrola logu
Diky za navod a doporuceni. VIm, neni to muj pocitac(pracuji res LogMeIn), lec majiteli jsem doporucil upgrade.
Zde je log:
ComboFix 11-07-06.02 - AA 06.07.2011 18:58:26.1.1 - x86
SystÚm Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.222.119 [GMT 2:00]
SpuÜtýnř z: c:\documents and settings\AA\Dokumenty\StaÎen┌ soubory\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( OstatnÝ vřmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\AA\Data aplikacÝ\Arjgjg.exe
c:\windows\PixArt\PAP7501\GUCI_AVS.exe
.
.
((((((((((((((((((((((((( Soubory vytvo°enÚ od 2011-06-06 do 2011-07-06 )))))))))))))))))))))))))))))))
.
.
2011-07-06 16:10 . 2011-07-06 16:11 -------- d-----w- C:\totalcmd
2011-07-06 16:00 . 2011-07-06 16:01 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikacÝ\LogMeIn
2011-07-06 15:33 . 2011-07-06 15:45 -------- d-----w- c:\program files\trend micro
2011-07-06 15:32 . 2011-07-06 15:46 -------- d-----w- C:\rsit
2011-07-06 14:45 . 2011-07-06 16:01 -------- d-----w- c:\documents and settings\LogMeInRemoteUser
2011-07-06 14:32 . 2011-07-06 14:32 -------- d-----w- c:\documents and settings\AA\Local Settings\Data aplikacÝ\LogMeIn
2011-07-06 14:31 . 2011-06-08 11:05 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-07-06 14:31 . 2011-06-08 11:05 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-07-06 14:31 . 2011-06-08 11:05 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-07-06 14:31 . 2011-01-11 17:04 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2011-07-06 14:29 . 2011-06-08 11:05 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-07-06 14:29 . 2011-07-06 16:01 -------- d-----w- c:\documents and settings\All Users\Data aplikacÝ\LogMeIn
2011-07-06 14:27 . 2011-07-06 14:46 -------- d-----w- c:\program files\LogMeIn
2011-07-06 13:49 . 2011-07-06 14:18 -------- d-----w- c:\documents and settings\All Users\Data aplikacÝ\Spybot - Search & Destroy
2011-07-06 13:49 . 2011-07-06 13:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-06 13:41 . 2011-06-16 04:30 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-07-06 13:41 . 2011-06-16 04:30 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-07-06 13:41 . 2011-06-16 04:30 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-07-06 13:41 . 2011-06-16 04:30 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-07-06 13:41 . 2011-06-16 04:30 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-07-06 13:41 . 2011-06-16 04:30 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-07-06 13:41 . 2011-06-16 04:30 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-07-06 13:41 . 2011-06-16 04:30 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-07-06 13:41 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-06 13:41 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-06 13:37 . 2011-07-06 13:46 -------- d-----w- C:\Install
2011-07-06 13:09 . 2011-07-06 13:09 -------- d-----w- c:\program files\ESET
2011-07-06 12:05 . 2011-07-06 12:05 101918 ----a-w- C:\cc_20110706_140526.reg
2011-07-06 11:50 . 2011-07-06 11:50 -------- d-----w- c:\program files\CCleaner
2011-07-02 15:04 . 2011-07-02 15:04 388 ----a-w- c:\documents and settings\AA\Data aplikacÝ\B.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M vřpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 17:12 . 2011-07-06 17:12 46615 ------r- c:\windows\system32\crssc.exe
2011-05-24 16:15 . 2011-05-24 16:15 516096 ----a-w- c:\windows\UN32.EXE
2011-06-16 04:30 . 2011-07-06 13:41 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-03 . A3886230C2B22BF4D3C452B90B1C45CB . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2009-03-07 . ED825E820D036EB454FC0642D81A53FA . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( SpouÜtýcÝ body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznßmka* prßzdnÚ zßznamy a legitimnÝ vřchozÝ ˙daje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-07-04 148776]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 77824]
"VTTimer"="VTTimer.exe" [2004-09-01 53248]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-07-04 161064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"PACTray"="c:\windows\PixArt\PAP7501\PACTray.exe" [2008-06-18 339968]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-11 63048]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-06-08 11:05 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\crssc.exe"=
.
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [8.6.2011 13:04 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11.1.2011 19:04 12856]
R2 Netmanm;Network Connections to Monitor;c:\windows\system32\crssc.exe [6.7.2011 19:12 46615]
R3 GUCI_AVS;Canyon USB2.0 PC Camera;c:\windows\system32\drivers\GUCI_AVS.sys [25.5.2009 19:34 540160]
S3 Installer Service;Installer Service;c:\documents and settings\All Users\Data aplikacÝ\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{3FC42713-B6E7-49AA-A553-A224FE9828A8}\Installer\InstallerService.exe [3.2.2011 17:05 119296]
.
--- OstatnÝ slu×by/ovladaŔe v pamýti ---
.
*NewlyCreated* - NETMANM
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Dopl˛kovř sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentß°e Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\documents and settings\AA\Data aplikacÝ\Mozilla\Firefox\Profiles\iqfi6msf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATN╔ POLOÄKY ODSTRAN╠N╔ Z REGISTRU - - - -
.
HKCU-Run-Arjgjg - c:\documents and settings\AA\Data aplikacÝ\Arjgjg.exe
HKLM-Run-GUCI_AVS - c:\windows\PixArt\PAP7501\GUCI_AVS.exe
HKLM-Run-PAP7501_Monitor - c:\windows\PixArt\PAP7501\GUCI_AVS.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-06 19:09
Windows 5.1.2600 Service Pack 2 NTFS
.
skenovßnÝ skrytřch proces¨ ...
.
skenovßnÝ skrytřch polo×ek 'Po spuÜtýnÝ' ...
.
skenovßnÝ skrytřch soubor¨ ...
.
sken byl ˙speÜný dokonŔen
skrytÚ soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navßzanÚ na bý×ÝcÝ procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(1368)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ JinÚ spuÜtenÚ procesy ------------------------
.
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\VTTimer.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Celkovř Ŕas: 2011-07-06 19:17:34 - poŔÝtaŔ byl restartovßn
ComboFix-quarantined-files.txt 2011-07-06 17:17
.
P°ed spuÜtýnÝm: Volnřch bajt¨: 68á899á848á192
Po spuÜtýnÝ: Volnřch bajt¨: 68á914á757á632
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 5E5FDCE3EB5F24EE747170028B76BBA3
Zde je log:
ComboFix 11-07-06.02 - AA 06.07.2011 18:58:26.1.1 - x86
SystÚm Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.222.119 [GMT 2:00]
SpuÜtýnř z: c:\documents and settings\AA\Dokumenty\StaÎen┌ soubory\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( OstatnÝ vřmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\AA\Data aplikacÝ\Arjgjg.exe
c:\windows\PixArt\PAP7501\GUCI_AVS.exe
.
.
((((((((((((((((((((((((( Soubory vytvo°enÚ od 2011-06-06 do 2011-07-06 )))))))))))))))))))))))))))))))
.
.
2011-07-06 16:10 . 2011-07-06 16:11 -------- d-----w- C:\totalcmd
2011-07-06 16:00 . 2011-07-06 16:01 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikacÝ\LogMeIn
2011-07-06 15:33 . 2011-07-06 15:45 -------- d-----w- c:\program files\trend micro
2011-07-06 15:32 . 2011-07-06 15:46 -------- d-----w- C:\rsit
2011-07-06 14:45 . 2011-07-06 16:01 -------- d-----w- c:\documents and settings\LogMeInRemoteUser
2011-07-06 14:32 . 2011-07-06 14:32 -------- d-----w- c:\documents and settings\AA\Local Settings\Data aplikacÝ\LogMeIn
2011-07-06 14:31 . 2011-06-08 11:05 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-07-06 14:31 . 2011-06-08 11:05 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-07-06 14:31 . 2011-06-08 11:05 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-07-06 14:31 . 2011-01-11 17:04 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2011-07-06 14:29 . 2011-06-08 11:05 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-07-06 14:29 . 2011-07-06 16:01 -------- d-----w- c:\documents and settings\All Users\Data aplikacÝ\LogMeIn
2011-07-06 14:27 . 2011-07-06 14:46 -------- d-----w- c:\program files\LogMeIn
2011-07-06 13:49 . 2011-07-06 14:18 -------- d-----w- c:\documents and settings\All Users\Data aplikacÝ\Spybot - Search & Destroy
2011-07-06 13:49 . 2011-07-06 13:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-06 13:41 . 2011-06-16 04:30 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-07-06 13:41 . 2011-06-16 04:30 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-07-06 13:41 . 2011-06-16 04:30 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-07-06 13:41 . 2011-06-16 04:30 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-07-06 13:41 . 2011-06-16 04:30 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-07-06 13:41 . 2011-06-16 04:30 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-07-06 13:41 . 2011-06-16 04:30 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-07-06 13:41 . 2011-06-16 04:30 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-07-06 13:41 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-06 13:41 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-06 13:37 . 2011-07-06 13:46 -------- d-----w- C:\Install
2011-07-06 13:09 . 2011-07-06 13:09 -------- d-----w- c:\program files\ESET
2011-07-06 12:05 . 2011-07-06 12:05 101918 ----a-w- C:\cc_20110706_140526.reg
2011-07-06 11:50 . 2011-07-06 11:50 -------- d-----w- c:\program files\CCleaner
2011-07-02 15:04 . 2011-07-02 15:04 388 ----a-w- c:\documents and settings\AA\Data aplikacÝ\B.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M vřpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 17:12 . 2011-07-06 17:12 46615 ------r- c:\windows\system32\crssc.exe
2011-05-24 16:15 . 2011-05-24 16:15 516096 ----a-w- c:\windows\UN32.EXE
2011-06-16 04:30 . 2011-07-06 13:41 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-03 . A3886230C2B22BF4D3C452B90B1C45CB . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2009-03-07 . ED825E820D036EB454FC0642D81A53FA . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( SpouÜtýcÝ body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznßmka* prßzdnÚ zßznamy a legitimnÝ vřchozÝ ˙daje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-07-04 148776]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 77824]
"VTTimer"="VTTimer.exe" [2004-09-01 53248]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-07-04 161064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"PACTray"="c:\windows\PixArt\PAP7501\PACTray.exe" [2008-06-18 339968]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-11 63048]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-06-08 11:05 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\crssc.exe"=
.
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [8.6.2011 13:04 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11.1.2011 19:04 12856]
R2 Netmanm;Network Connections to Monitor;c:\windows\system32\crssc.exe [6.7.2011 19:12 46615]
R3 GUCI_AVS;Canyon USB2.0 PC Camera;c:\windows\system32\drivers\GUCI_AVS.sys [25.5.2009 19:34 540160]
S3 Installer Service;Installer Service;c:\documents and settings\All Users\Data aplikacÝ\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{3FC42713-B6E7-49AA-A553-A224FE9828A8}\Installer\InstallerService.exe [3.2.2011 17:05 119296]
.
--- OstatnÝ slu×by/ovladaŔe v pamýti ---
.
*NewlyCreated* - NETMANM
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Dopl˛kovř sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentß°e Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\documents and settings\AA\Data aplikacÝ\Mozilla\Firefox\Profiles\iqfi6msf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATN╔ POLOÄKY ODSTRAN╠N╔ Z REGISTRU - - - -
.
HKCU-Run-Arjgjg - c:\documents and settings\AA\Data aplikacÝ\Arjgjg.exe
HKLM-Run-GUCI_AVS - c:\windows\PixArt\PAP7501\GUCI_AVS.exe
HKLM-Run-PAP7501_Monitor - c:\windows\PixArt\PAP7501\GUCI_AVS.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-06 19:09
Windows 5.1.2600 Service Pack 2 NTFS
.
skenovßnÝ skrytřch proces¨ ...
.
skenovßnÝ skrytřch polo×ek 'Po spuÜtýnÝ' ...
.
skenovßnÝ skrytřch soubor¨ ...
.
sken byl ˙speÜný dokonŔen
skrytÚ soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navßzanÚ na bý×ÝcÝ procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(1368)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ JinÚ spuÜtenÚ procesy ------------------------
.
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\VTTimer.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Celkovř Ŕas: 2011-07-06 19:17:34 - poŔÝtaŔ byl restartovßn
ComboFix-quarantined-files.txt 2011-07-06 17:17
.
P°ed spuÜtýnÝm: Volnřch bajt¨: 68á899á848á192
Po spuÜtýnÝ: Volnřch bajt¨: 68á914á757á632
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 5E5FDCE3EB5F24EE747170028B76BBA3
Re: Kontrola logu
vy si opravami nejak privydelavate 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Kontrola logu
Ne nevydelavam, je to PC znameho, poprosil mne o pomoc pri odvirovani... Tak to resim dalkove .
.Re: Kontrola logu
OK, dekuji za odpoved 
Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: Collect:: c:\windows\system32\crssc.exe C:\Documents and Settings\AA\sc32.exe C:\WINDOWS\jodrive32.exe C:\WINDOWS\aadrive32.exe Folder:: c:\program files\ESET File:: c:\documents and settings\AA\Data aplikacÝ\B.tmp C:\Documents and Settings\AA\Data aplikací\7.tmp C:\Documents and Settings\AA\Data aplikací\1.tmp Restore:: c:\windows\system32\drivers\tcpip.sys Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=- "SpybotSD TeaTimer"=- "Skype"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"=- "Adobe Reader Speed Launcher"=- "HP Software Update"=- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\crssc.exe"=- [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Documents and Settings\AA\sc32.exe"=- "C:\Documents and Settings\AA\Data aplikací\7.tmp"=- "C:\Documents and Settings\AA\Data aplikací\1.tmp"=- Driver:: NBService Netmanm Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Kontrola logu
Bohuzel jsem ztratil spojení se vzdalenym pocitam, takze mohu pokracovat az zitra ci pozitri... Zatim diky zs pomoc...
Re: Kontrola logu
OK
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Kontrola logu
Objevil se message box s tímto kouzelným sdělením:
Zkoušeli jste aplikovat CFSskript?
Název CFSskript se zdá být nesprávně hláskovaný.
Zkoušeli jste aplikovat CFSskript?
Název CFSskript se zdá být nesprávně hláskovaný.
Re: Kontrola logu
Mate spatne pojmenovan skript CFSskript to male S tam byt nema, ma to byt jen CFScript
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Kontrola logu
Log, prosim o jeho kontrolu. Diky
ComboFix 11-07-07.01 - AA 07.07.2011 14:13:14.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.222.6 [GMT 2:00]
Spuštěný z: c:\documents and settings\AA\Plocha\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
.
FILE ::
"c:\documents and settings\AA\Data aplikacÝ\B.tmp"
"c:\documents and settings\AA\Data aplikací\1.tmp"
"c:\documents and settings\AA\Data aplikací\7.tmp"
.
file zipped: c:\windows\system32\crssc.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\crssc.exe
.
Nakažená kopie c:\windows\system32\drivers\tcpip.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\system32\dllcache\tcpip.sys
.
Nakažená kopie c:\windows\system32\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETMANM
-------\Service_Netmanm
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-07 do 2011-07-07 )))))))))))))))))))))))))))))))
.
.
2011-07-07 10:22 . 2011-07-07 10:28 -------- d-----w- c:\documents and settings\AA\Data aplikací\vlc
2011-07-07 10:20 . 2011-07-07 10:20 -------- d-----w- c:\program files\VideoLAN
2011-07-07 08:40 . 2011-07-07 08:40 -------- d-----w- c:\windows\LastGood.Tmp
2011-07-06 20:42 . 2011-07-06 20:42 -------- d-----w- c:\windows\Driver Cache
2011-07-06 20:39 . 2011-07-06 20:39 -------- d-----w- c:\windows\ServicePackFiles
2011-07-06 20:39 . 2011-07-06 20:45 -------- d-----w- c:\windows\ie8updates
2011-07-06 20:39 . 2011-07-06 20:39 -------- d-----w- c:\program files\MSXML 4.0
2011-07-06 19:26 . 2011-07-06 19:26 -------- d-----w- c:\documents and settings\AA\Local Settings\Data aplikací\GHISLER
2011-07-06 19:05 . 2011-07-06 19:18 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-07-06 19:03 . 2008-06-14 18:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-07-06 19:03 . 2008-06-14 18:00 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-07-06 19:02 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-07-06 19:00 . 2010-02-16 19:34 2060544 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-07-06 19:00 . 2010-02-16 19:34 2018816 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-07-06 19:00 . 2010-02-16 19:34 2183552 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-07-06 19:00 . 2010-02-16 19:34 2139136 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-07-06 18:41 . 2011-07-06 20:46 -------- d--h--w- c:\windows\$hf_mig$
2011-07-06 17:30 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-07-06 17:20 . 2011-07-06 17:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\LightScribe
2011-07-06 16:10 . 2011-07-06 16:11 -------- d-----w- C:\totalcmd
2011-07-06 16:00 . 2011-07-06 16:01 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\LogMeIn
2011-07-06 15:33 . 2011-07-06 15:45 -------- d-----w- c:\program files\trend micro
2011-07-06 15:32 . 2011-07-06 15:46 -------- d-----w- C:\rsit
2011-07-06 14:45 . 2011-07-07 10:49 -------- d-----w- c:\documents and settings\LogMeInRemoteUser
2011-07-06 14:32 . 2011-07-06 14:32 -------- d-----w- c:\documents and settings\AA\Local Settings\Data aplikací\LogMeIn
2011-07-06 14:31 . 2011-06-08 11:05 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-07-06 14:31 . 2011-06-08 11:05 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-07-06 14:31 . 2011-06-08 11:05 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-07-06 14:31 . 2011-01-11 17:04 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2011-07-06 14:29 . 2011-06-08 11:05 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-07-06 14:29 . 2011-07-07 08:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\LogMeIn
2011-07-06 14:27 . 2011-07-06 14:46 -------- d-----w- c:\program files\LogMeIn
2011-07-06 13:49 . 2011-07-06 17:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-06 13:49 . 2011-07-06 17:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-07-06 13:41 . 2011-06-16 04:30 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-07-06 13:41 . 2011-06-16 04:30 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-07-06 13:41 . 2011-06-16 04:30 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-07-06 13:41 . 2011-06-16 04:30 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-07-06 13:41 . 2011-06-16 04:30 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-07-06 13:41 . 2011-06-16 04:30 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-07-06 13:41 . 2011-06-16 04:30 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-07-06 13:41 . 2011-06-16 04:30 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-07-06 13:41 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-06 13:41 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-06 13:37 . 2011-07-06 20:07 -------- d-----w- C:\Install
2011-07-06 12:05 . 2011-07-06 12:05 101918 ----a-w- C:\cc_20110706_140526.reg
2011-07-06 11:50 . 2011-07-06 11:50 -------- d-----w- c:\program files\CCleaner
2011-07-02 15:04 . 2011-07-02 15:04 388 ----a-w- c:\documents and settings\AA\Data aplikací\B.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 16:15 . 2011-05-24 16:15 516096 ----a-w- c:\windows\UN32.EXE
2011-06-16 04:30 . 2011-07-06 13:41 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-03-07 . ED825E820D036EB454FC0642D81A53FA . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . 56A6034E7764E23D9114223EB3523925 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-07-06_17.08.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-30 14:45 . 2008-09-30 14:45 91656 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2011-07-06 18:53 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2004-08-17 12:49 . 2009-06-15 11:33 81408 c:\windows\system32\tlntsess.exe
+ 2004-08-17 12:49 . 2009-06-15 11:33 78336 c:\windows\system32\telnet.exe
+ 2011-02-03 15:21 . 2009-05-26 11:40 18296 c:\windows\system32\spmsg.dll
- 2004-08-17 12:49 . 2004-08-17 12:49 55808 c:\windows\system32\secur32.dll
+ 2004-08-17 12:49 . 2009-02-03 20:11 55808 c:\windows\system32\secur32.dll
+ 2001-10-25 11:00 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe
+ 2004-08-17 12:49 . 2009-10-12 13:54 69632 c:\windows\system32\raschap.dll
- 2004-08-17 12:49 . 2004-08-17 12:49 69632 c:\windows\system32\raschap.dll
- 2001-10-25 11:00 . 2011-03-27 06:39 40836 c:\windows\system32\perfc009.dat
+ 2001-10-25 11:00 . 2011-07-07 08:41 40836 c:\windows\system32\perfc009.dat
- 2001-10-25 11:00 . 2011-03-27 06:39 47206 c:\windows\system32\perfc005.dat
+ 2001-10-25 11:00 . 2011-07-07 08:41 47206 c:\windows\system32\perfc005.dat
+ 2009-05-25 13:55 . 2008-06-12 14:19 91648 c:\windows\system32\mtxoci.dll
+ 2004-08-17 12:49 . 2008-06-12 14:19 66560 c:\windows\system32\mtxclu.dll
- 2004-08-17 12:49 . 2004-08-17 12:49 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-17 15:49 . 2009-11-27 17:35 17920 c:\windows\system32\msyuv.dll
+ 2004-08-17 12:49 . 2005-05-04 12:45 15360 c:\windows\system32\msisip.dll
+ 2004-08-17 12:49 . 2005-05-04 12:45 78848 c:\windows\system32\msiexec.exe
+ 2009-05-25 13:55 . 2008-06-12 14:19 58880 c:\windows\system32\msdtclog.dll
- 2009-05-25 13:55 . 2004-08-17 12:49 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-17 12:49 . 2008-06-24 16:24 74240 c:\windows\system32\mscms.dll
+ 2004-08-17 12:49 . 2009-09-04 20:47 58880 c:\windows\system32\msasn1.dll
+ 2001-10-25 11:00 . 2009-10-15 17:22 82432 c:\windows\system32\fontsub.dll
+ 2004-08-17 12:49 . 2009-06-15 11:33 81408 c:\windows\system32\dllcache\tlntsess.exe
+ 2004-08-17 12:49 . 2009-06-15 11:33 78336 c:\windows\system32\dllcache\telnet.exe
+ 2004-08-17 12:49 . 2009-02-03 20:11 55808 c:\windows\system32\dllcache\secur32.dll
- 2004-08-17 12:49 . 2004-08-17 12:49 55808 c:\windows\system32\dllcache\secur32.dll
+ 2001-10-25 11:00 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe
+ 2004-08-17 12:49 . 2009-10-12 13:54 69632 c:\windows\system32\dllcache\raschap.dll
- 2004-08-17 12:49 . 2004-08-17 12:49 69632 c:\windows\system32\dllcache\raschap.dll
+ 2009-05-25 13:55 . 2008-06-12 14:19 91648 c:\windows\system32\dllcache\mtxoci.dll
- 2004-08-17 12:49 . 2004-08-17 12:49 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2004-08-17 12:49 . 2008-06-12 14:19 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2004-08-17 15:49 . 2009-11-27 17:35 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2004-08-17 12:49 . 2005-05-04 12:45 15360 c:\windows\system32\dllcache\msisip.dll
+ 2004-08-17 12:49 . 2005-05-04 12:45 78848 c:\windows\system32\dllcache\msiexec.exe
- 2009-05-25 13:55 . 2004-08-17 12:49 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2009-05-25 13:55 . 2008-06-12 14:19 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2004-08-17 12:49 . 2008-06-24 16:24 74240 c:\windows\system32\dllcache\mscms.dll
+ 2004-08-17 12:49 . 2009-09-04 20:47 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2001-10-25 11:00 . 2009-10-15 17:22 82432 c:\windows\system32\dllcache\fontsub.dll
+ 2004-08-17 12:49 . 2009-12-14 07:37 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-05-25 13:55 . 2005-07-26 04:42 60416 c:\windows\system32\dllcache\colbact.dll
+ 2004-08-17 12:49 . 2010-01-13 14:10 85504 c:\windows\system32\dllcache\cabview.dll
+ 2004-08-17 12:49 . 2009-07-17 18:57 58880 c:\windows\system32\dllcache\atl.dll
- 2004-08-17 12:49 . 2004-08-17 12:49 58880 c:\windows\system32\dllcache\atl.dll
+ 2004-08-17 12:49 . 2010-03-05 14:57 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2004-08-17 12:49 . 2009-12-14 07:37 33280 c:\windows\system32\csrsrv.dll
+ 2009-05-25 13:55 . 2005-07-26 04:42 60416 c:\windows\system32\colbact.dll
+ 2004-08-17 12:49 . 2010-01-13 14:10 85504 c:\windows\system32\cabview.dll
+ 2004-08-17 12:49 . 2009-07-17 18:57 58880 c:\windows\system32\atl.dll
- 2004-08-17 12:49 . 2004-08-17 12:49 58880 c:\windows\system32\atl.dll
+ 2004-08-17 12:49 . 2010-03-05 14:57 65536 c:\windows\system32\asycfilt.dll
- 2008-06-10 07:17 . 2008-06-10 07:17 96768 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm10mix\logagent.exe
- 2008-06-10 03:52 . 2008-06-10 03:52 96768 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm10l\logagent.exe
- 2008-06-10 07:17 . 2008-06-10 07:17 96768 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm10\logagent.exe
- 2007-07-27 07:41 . 2007-07-27 07:41 16760 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\spmsg.dll
- 2008-06-11 00:47 . 2008-06-11 00:47 96768 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\mceur2\logagent.exe
+ 2011-07-06 20:39 . 2011-07-06 20:39 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2009-11-27 17:35 . 2009-11-27 17:35 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2008-02-17 02:33 . 2008-02-17 02:33 358912 c:\windows\system32\xpsp3res.dll
+ 2004-08-17 12:49 . 2009-04-01 21:02 604160 c:\windows\system32\wmspdmod.dll
- 2004-08-17 12:49 . 2004-08-17 12:49 233472 c:\windows\system32\wmpdxm.dll
+ 2004-08-17 12:49 . 2009-07-13 00:18 233472 c:\windows\system32\wmpdxm.dll
+ 2004-08-17 12:49 . 2008-06-18 03:03 938496 c:\windows\system32\WMNetmgr.dll
+ 2004-08-17 12:49 . 2007-10-25 07:28 222720 c:\windows\system32\wmasf.dll
- 2004-08-17 12:49 . 2004-08-17 12:49 132096 c:\windows\system32\wkssvc.dll
+ 2004-08-17 12:49 . 2009-06-10 06:31 132096 c:\windows\system32\wkssvc.dll
+ 2004-08-17 12:49 . 2009-12-24 07:07 177664 c:\windows\system32\wintrust.dll
+ 2009-05-25 13:55 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2009-05-25 13:55 . 2009-02-09 10:22 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2009-05-25 13:55 . 2009-02-09 10:22 473088 c:\windows\system32\wbem\fastprox.dll
+ 2004-08-17 12:49 . 2010-03-10 06:17 420352 c:\windows\system32\vbscript.dll
- 2004-08-17 12:49 . 2009-03-08 03:33 420352 c:\windows\system32\vbscript.dll
+ 2004-08-17 12:49 . 2009-10-15 20:52 119808 c:\windows\system32\t2embed.dll
+ 2004-08-17 12:49 . 2009-08-26 08:16 247326 c:\windows\system32\strmdll.dll
+ 2004-08-17 12:49 . 2009-12-08 09:01 474112 c:\windows\system32\shlwapi.dll
- 2004-08-17 12:49 . 2009-01-07 17:20 474112 c:\windows\system32\shlwapi.dll
+ 2004-08-17 12:49 . 2009-02-09 10:11 111104 c:\windows\system32\services.exe
+ 2004-08-17 12:49 . 2009-02-09 10:22 399360 c:\windows\system32\rpcss.dll
- 2004-08-17 12:49 . 2004-08-17 12:49 112640 c:\windows\system32\rastls.dll
+ 2004-08-17 12:49 . 2009-10-12 13:54 112640 c:\windows\system32\rastls.dll
- 2001-10-25 11:00 . 2011-03-27 06:39 314508 c:\windows\system32\perfh009.dat
+ 2001-10-25 11:00 . 2011-07-07 08:41 314508 c:\windows\system32\perfh009.dat
+ 2001-10-25 11:00 . 2011-07-07 08:41 312970 c:\windows\system32\perfh005.dat
- 2001-10-25 11:00 . 2011-03-27 06:39 312970 c:\windows\system32\perfh005.dat
- 2004-08-17 12:49 . 2004-08-17 12:49 283648 c:\windows\system32\pdh.dll
+ 2004-08-17 12:49 . 2009-03-06 14:47 283648 c:\windows\system32\pdh.dll
+ 2004-08-17 12:48 . 2009-02-09 10:22 709632 c:\windows\system32\ntdll.dll
+ 2004-08-17 12:49 . 2008-10-15 17:00 332800 c:\windows\system32\netapi32.dll
+ 2009-05-25 13:55 . 2009-06-05 07:46 655872 c:\windows\system32\mstscax.dll
+ 2004-08-17 12:49 . 2006-12-04 14:21 414720 c:\windows\system32\msscp.dll
+ 2004-08-17 12:48 . 2005-05-04 12:45 884736 c:\windows\system32\msimsg.dll
- 2004-08-17 12:48 . 2004-08-17 12:48 884736 c:\windows\system32\msimsg.dll
+ 2004-08-17 12:49 . 2005-05-04 12:45 271360 c:\windows\system32\msihnd.dll
+ 2009-05-25 13:55 . 2008-06-12 14:19 161792 c:\windows\system32\msdtcuiu.dll
+ 2009-05-25 13:55 . 2008-06-12 14:19 956928 c:\windows\system32\msdtctm.dll
+ 2009-05-25 13:55 . 2008-06-12 14:19 428032 c:\windows\system32\msdtcprx.dll
+ 2004-08-17 12:49 . 2009-02-09 10:22 722432 c:\windows\system32\lsasrv.dll
+ 2004-08-17 12:49 . 2008-06-17 23:09 100864 c:\windows\system32\logagent.exe
- 2004-08-17 12:49 . 2006-10-18 19:03 100864 c:\windows\system32\logagent.exe
+ 2004-08-17 12:49 . 2009-05-07 15:44 345088 c:\windows\system32\localspl.dll
+ 2004-08-17 12:49 . 2009-03-21 14:21 984576 c:\windows\system32\kernel32.dll
+ 2004-08-17 12:49 . 2009-12-09 05:55 726528 c:\windows\system32\jscript.dll
- 2004-08-17 12:49 . 2009-03-08 03:33 726528 c:\windows\system32\jscript.dll
- 2009-05-25 15:50 . 2010-05-29 05:41 192184 c:\windows\system32\FNTCACHE.DAT
+ 2009-05-25 15:50 . 2011-07-07 08:36 192184 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-17 12:49 . 2008-07-07 20:32 253952 c:\windows\system32\es.dll
+ 2004-08-03 20:07 . 2010-02-11 12:01 226880 c:\windows\system32\drivers\tcpip6.sys
+ 2004-08-03 20:14 . 2009-12-31 16:14 352640 c:\windows\system32\drivers\srv.sys
+ 2001-10-25 11:00 . 2008-05-08 12:28 202752 c:\windows\system32\drivers\rmcast.sys
+ 2004-08-03 20:15 . 2010-02-24 12:31 454016 c:\windows\system32\drivers\mrxsmb.sys
+ 2004-08-03 20:14 . 2008-08-14 09:51 138368 c:\windows\system32\drivers\afd.sys
+ 2009-05-25 13:55 . 2008-04-21 21:28 216576 c:\windows\system32\dllcache\wordpad.exe
+ 2004-08-17 12:49 . 2009-04-01 21:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2004-08-17 12:49 . 2009-07-13 00:18 233472 c:\windows\system32\dllcache\wmpdxm.dll
- 2004-08-17 12:49 . 2004-08-17 12:49 233472 c:\windows\system32\dllcache\wmpdxm.dll
+ 2004-08-17 12:49 . 2008-06-18 03:03 938496 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2009-05-25 13:55 . 2009-02-06 16:39 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2009-05-25 13:55 . 2009-02-09 10:22 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2004-08-17 12:49 . 2007-10-25 07:28 222720 c:\windows\system32\dllcache\wmasf.dll
- 2004-08-17 12:49 . 2004-08-17 12:49 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2004-08-17 12:49 . 2009-06-10 06:31 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2004-08-17 12:49 . 2009-12-24 07:07 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2004-08-17 12:49 . 2010-03-10 06:17 420352 c:\windows\system32\dllcache\vbscript.dll
- 2004-08-17 12:49 . 2009-03-08 03:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2009-05-25 13:57 . 2009-06-21 22:07 153088 c:\windows\system32\dllcache\triedit.dll
- 2009-05-25 13:57 . 2004-08-17 12:49 153088 c:\windows\system32\dllcache\triedit.dll
+ 2004-08-03 20:07 . 2010-02-11 12:01 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2004-08-17 12:49 . 2009-10-15 20:52 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2004-08-17 12:49 . 2009-08-26 08:16 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2004-08-03 20:14 . 2009-12-31 16:14 352640 c:\windows\system32\dllcache\srv.sys
- 2004-08-17 12:49 . 2009-01-07 17:20 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-17 12:49 . 2009-12-08 09:01 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-17 12:49 . 2009-02-09 10:11 111104 c:\windows\system32\dllcache\services.exe
+ 2004-08-17 12:49 . 2009-02-09 10:22 399360 c:\windows\system32\dllcache\rpcss.dll
+ 2001-10-25 11:00 . 2008-05-08 12:28 202752 c:\windows\system32\dllcache\rmcast.sys
- 2004-08-17 12:49 . 2004-08-17 12:49 112640 c:\windows\system32\dllcache\rastls.dll
+ 2004-08-17 12:49 . 2009-10-12 13:54 112640 c:\windows\system32\dllcache\rastls.dll
+ 2004-08-17 12:49 . 2009-03-06 14:47 283648 c:\windows\system32\dllcache\pdh.dll
- 2004-08-17 12:49 . 2004-08-17 12:49 283648 c:\windows\system32\dllcache\pdh.dll
+ 2004-08-17 12:48 . 2009-02-09 10:22 709632 c:\windows\system32\dllcache\ntdll.dll
+ 2004-08-17 12:49 . 2008-10-15 17:00 332800 c:\windows\system32\dllcache\netapi32.dll
+ 2009-05-25 13:55 . 2009-06-05 07:46 655872 c:\windows\system32\dllcache\mstscax.dll
+ 2004-08-17 12:49 . 2006-12-04 14:21 414720 c:\windows\system32\dllcache\msscp.dll
+ 2004-08-17 12:48 . 2005-05-04 12:45 884736 c:\windows\system32\dllcache\msimsg.dll
- 2004-08-17 12:48 . 2004-08-17 12:48 884736 c:\windows\system32\dllcache\msimsg.dll
+ 2004-08-17 12:49 . 2005-05-04 12:45 271360 c:\windows\system32\dllcache\msihnd.dll
+ 2009-05-25 13:55 . 2008-06-12 14:19 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2009-05-25 13:55 . 2008-06-12 14:19 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2009-05-25 13:55 . 2008-06-12 14:19 428032 c:\windows\system32\dllcache\msdtcprx.dll
- 2009-05-25 13:57 . 2004-08-17 12:49 331776 c:\windows\system32\dllcache\msadce.dll
+ 2009-05-25 13:57 . 2008-05-01 14:33 331776 c:\windows\system32\dllcache\msadce.dll
+ 2004-08-17 12:49 . 2009-02-09 10:22 722432 c:\windows\system32\dllcache\lsasrv.dll
+ 2004-08-17 12:49 . 2008-06-17 23:09 100864 c:\windows\system32\dllcache\logagent.exe
- 2004-08-17 12:49 . 2006-10-18 19:03 100864 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-17 12:49 . 2009-05-07 15:44 345088 c:\windows\system32\dllcache\localspl.dll
+ 2004-08-17 12:49 . 2009-03-21 14:21 984576 c:\windows\system32\dllcache\kernel32.dll
- 2004-08-17 12:49 . 2009-03-08 03:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2004-08-17 12:49 . 2009-12-09 05:55 726528 c:\windows\system32\dllcache\jscript.dll
- 2009-05-25 13:57 . 2004-08-17 12:49 743936 c:\windows\system32\dllcache\helpsvc.exe
+ 2009-05-25 13:57 . 2010-06-14 14:30 743936 c:\windows\system32\dllcache\helpsvc.exe
+ 2009-05-25 13:55 . 2009-02-09 10:22 473088 c:\windows\system32\dllcache\fastprox.dll
+ 2004-08-17 12:49 . 2008-07-07 20:32 253952 c:\windows\system32\dllcache\es.dll
+ 2004-08-17 12:48 . 2010-04-20 05:48 285696 c:\windows\system32\dllcache\atmfd.dll
- 2004-08-17 12:48 . 2004-08-17 12:48 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2004-08-03 20:14 . 2008-08-14 09:51 138368 c:\windows\system32\dllcache\afd.sys
- 2004-08-17 12:49 . 2004-08-17 12:49 683520 c:\windows\system32\dllcache\advapi32.dll
+ 2004-08-17 12:49 . 2009-02-09 10:22 683520 c:\windows\system32\dllcache\advapi32.dll
+ 2004-08-17 12:49 . 2009-11-21 16:46 470528 c:\windows\system32\dllcache\aclayers.dll
+ 2004-08-17 12:49 . 2010-02-12 04:47 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2004-08-17 12:48 . 2010-04-20 05:48 285696 c:\windows\system32\atmfd.dll
- 2004-08-17 12:48 . 2004-08-17 12:48 285696 c:\windows\system32\atmfd.dll
+ 2004-08-17 12:49 . 2009-02-09 10:22 683520 c:\windows\system32\advapi32.dll
- 2004-08-17 12:49 . 2004-08-17 12:49 683520 c:\windows\system32\advapi32.dll
+ 2004-08-17 12:49 . 2010-02-12 04:47 100864 c:\windows\system32\6to4svc.dll
- 2008-06-09 23:06 . 2008-06-09 23:06 103936 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm9l\logagent.exe
- 2008-06-09 23:31 . 2008-06-09 23:31 103936 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm9\logagent.exe
- 2008-06-18 03:03 . 2008-06-18 03:03 938496 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm11\wmnetmgr.dll
- 2008-06-17 23:09 . 2008-06-17 23:09 100864 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm11\logagent.exe
- 2007-07-27 07:41 . 2007-07-27 07:41 382840 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\update\updspapi.dll
- 2007-07-27 05:17 . 2007-07-27 05:17 759160 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\update\update.exe
- 2007-07-27 05:17 . 2007-07-27 05:17 233848 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\spuninst.exe
- 2008-06-11 00:58 . 2008-06-11 00:58 988672 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\mceur2\wmnetmgr.dll
+ 2009-05-25 13:57 . 2010-06-14 14:30 743936 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
- 2009-05-25 13:57 . 2004-08-17 12:49 743936 c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
+ 2011-07-06 20:39 . 2011-07-06 20:39 432640 c:\windows\Installer\673558.msi
+ 2011-07-06 20:40 . 2009-03-08 03:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
+ 2011-07-06 20:40 . 2009-05-26 11:40 391032 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
+ 2011-07-06 20:40 . 2009-05-26 11:40 233848 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
+ 2011-07-06 20:45 . 2008-07-08 12:59 391032 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2011-07-06 20:45 . 2008-07-08 12:59 233848 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2011-07-06 20:45 . 2009-06-22 06:48 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2011-07-06 20:39 . 2008-07-08 12:59 391032 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2011-07-06 20:39 . 2008-07-08 12:59 233848 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2011-07-06 20:39 . 2009-03-08 03:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2011-07-06 19:02 . 2010-02-24 12:31 454016 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-07-06 19:03 . 2008-06-14 18:00 272128 c:\windows\Driver Cache\i386\bthport.sys
+ 2004-08-17 12:49 . 2009-11-21 16:46 470528 c:\windows\AppPatch\aclayers.dll
+ 2011-07-06 17:30 . 2009-08-13 13:56 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2008-09-30 14:42 . 2008-09-30 14:42 1286152 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2004-08-17 12:49 . 2010-04-06 02:52 2462720 c:\windows\system32\WMVCore.dll
+ 2004-08-17 12:49 . 2010-02-16 05:27 4734976 c:\windows\system32\wmp.dll
+ 2004-08-17 12:44 . 2010-05-02 08:27 1850880 c:\windows\system32\win32k.sys
+ 2004-08-17 12:49 . 2009-11-27 17:35 1293824 c:\windows\system32\quartz.dll
+ 2004-08-17 12:45 . 2010-02-16 19:34 2183552 c:\windows\system32\ntoskrnl.exe
+ 2004-08-17 15:45 . 2010-02-16 19:34 2060544 c:\windows\system32\ntkrnlpa.exe
+ 2008-09-30 14:43 . 2008-09-30 14:43 1286152 c:\windows\system32\msxml4.dll
+ 2004-08-17 12:49 . 2009-07-31 04:59 1172480 c:\windows\system32\msxml3.dll
+ 2004-08-17 12:49 . 2005-05-04 12:45 2890240 c:\windows\system32\msi.dll
+ 2008-03-20 16:06 . 2008-03-20 16:06 1480232 c:\windows\system32\LegitCheckControl.dll
+ 2004-08-17 12:49 . 2010-04-06 02:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-17 12:49 . 2010-02-16 05:27 4734976 c:\windows\system32\dllcache\wmp.dll
+ 2004-08-17 12:44 . 2010-05-02 08:27 1850880 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-17 12:49 . 2009-11-27 17:35 1293824 c:\windows\system32\dllcache\quartz.dll
+ 2004-08-17 12:49 . 2009-07-31 04:59 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2004-08-17 12:49 . 2005-05-04 12:45 2890240 c:\windows\system32\dllcache\msi.dll
- 2009-05-25 13:57 . 2004-08-17 12:49 3555328 c:\windows\system32\dllcache\moviemk.exe
+ 2009-05-25 13:57 . 2009-10-23 14:27 3555328 c:\windows\system32\dllcache\moviemk.exe
- 2008-06-09 23:24 . 2008-06-09 23:24 2064384 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm9l\wmvcore.dll
- 2008-06-09 23:24 . 2008-06-09 23:24 1022464 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm9l\wmnetmgr.dll
- 2008-11-07 16:32 . 2008-11-07 16:32 2109440 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm9\wmvcore.dll
- 2008-06-10 16:18 . 2008-06-10 16:18 1053696 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm9\wmnetmgr.dll
- 2008-06-18 03:03 . 2008-06-18 03:03 2458112 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm11\wmvcore.dll
- 2008-06-10 09:57 . 2008-06-10 09:57 2364472 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm10mix\wmvcore.dll
- 2008-06-10 04:28 . 2008-06-10 04:28 1028096 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm10mix\wmnetmgr.dll
- 2008-06-10 05:07 . 2008-06-10 05:07 2376760 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm10l\wmvcore.dll
- 2008-06-10 04:28 . 2008-06-10 04:28 1028096 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm10l\wmnetmgr.dll
- 2008-06-10 09:57 . 2008-06-10 09:57 2364472 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm10\wmvcore.dll
- 2008-06-10 09:37 . 2008-06-10 09:37 1026048 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm10\wmnetmgr.dll
- 2008-06-11 00:58 . 2008-06-11 00:58 2330624 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\mceur2\wmvcore.dll
+ 2011-07-06 19:00 . 2010-02-16 19:34 2183552 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2011-07-06 19:00 . 2010-02-16 19:34 2018816 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2011-07-06 19:00 . 2010-02-16 19:34 2060544 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2011-07-06 19:00 . 2010-02-16 19:34 2139136 c:\windows\Driver Cache\i386\ntkrnlmp.exe
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 77824]
"VTTimer"="VTTimer.exe" [2004-09-01 53248]
"PACTray"="c:\windows\PixArt\PAP7501\PACTray.exe" [2008-06-18 339968]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-11 63048]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-06-08 11:05 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 10:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11.1.2011 19:04 12856]
R3 GUCI_AVS;Canyon USB2.0 PC Camera;c:\windows\system32\drivers\GUCI_AVS.sys [25.5.2009 19:34 540160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\documents and settings\AA\Data aplikací\Mozilla\Firefox\Profiles\iqfi6msf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-07 14:22
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(1604)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\VTTimer.exe
c:\program files\LogMeIn\x86\LMIGuardianSvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
.
**************************************************************************
.
Celkový čas: 2011-07-07 14:29:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-07 12:29
ComboFix2.txt 2011-07-06 19:46
ComboFix3.txt 2011-07-06 17:17
.
Před spuštěním: Volných bajtů: 67 729 645 568
Po spuštění: Volných bajtů: 67 661 733 888
.
- - End Of File - - 5E726033D30FE408D1EFF4E1C93D3498
Nahr nˇ probŘhlo ŁspŘçnŘ
ComboFix 11-07-07.01 - AA 07.07.2011 14:13:14.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.222.6 [GMT 2:00]
Spuštěný z: c:\documents and settings\AA\Plocha\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
.
FILE ::
"c:\documents and settings\AA\Data aplikacÝ\B.tmp"
"c:\documents and settings\AA\Data aplikací\1.tmp"
"c:\documents and settings\AA\Data aplikací\7.tmp"
.
file zipped: c:\windows\system32\crssc.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\crssc.exe
.
Nakažená kopie c:\windows\system32\drivers\tcpip.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\system32\dllcache\tcpip.sys
.
Nakažená kopie c:\windows\system32\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETMANM
-------\Service_Netmanm
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-07 do 2011-07-07 )))))))))))))))))))))))))))))))
.
.
2011-07-07 10:22 . 2011-07-07 10:28 -------- d-----w- c:\documents and settings\AA\Data aplikací\vlc
2011-07-07 10:20 . 2011-07-07 10:20 -------- d-----w- c:\program files\VideoLAN
2011-07-07 08:40 . 2011-07-07 08:40 -------- d-----w- c:\windows\LastGood.Tmp
2011-07-06 20:42 . 2011-07-06 20:42 -------- d-----w- c:\windows\Driver Cache
2011-07-06 20:39 . 2011-07-06 20:39 -------- d-----w- c:\windows\ServicePackFiles
2011-07-06 20:39 . 2011-07-06 20:45 -------- d-----w- c:\windows\ie8updates
2011-07-06 20:39 . 2011-07-06 20:39 -------- d-----w- c:\program files\MSXML 4.0
2011-07-06 19:26 . 2011-07-06 19:26 -------- d-----w- c:\documents and settings\AA\Local Settings\Data aplikací\GHISLER
2011-07-06 19:05 . 2011-07-06 19:18 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-07-06 19:03 . 2008-06-14 18:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-07-06 19:03 . 2008-06-14 18:00 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-07-06 19:02 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-07-06 19:00 . 2010-02-16 19:34 2060544 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-07-06 19:00 . 2010-02-16 19:34 2018816 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-07-06 19:00 . 2010-02-16 19:34 2183552 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-07-06 19:00 . 2010-02-16 19:34 2139136 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-07-06 18:41 . 2011-07-06 20:46 -------- d--h--w- c:\windows\$hf_mig$
2011-07-06 17:30 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-07-06 17:20 . 2011-07-06 17:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\LightScribe
2011-07-06 16:10 . 2011-07-06 16:11 -------- d-----w- C:\totalcmd
2011-07-06 16:00 . 2011-07-06 16:01 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\LogMeIn
2011-07-06 15:33 . 2011-07-06 15:45 -------- d-----w- c:\program files\trend micro
2011-07-06 15:32 . 2011-07-06 15:46 -------- d-----w- C:\rsit
2011-07-06 14:45 . 2011-07-07 10:49 -------- d-----w- c:\documents and settings\LogMeInRemoteUser
2011-07-06 14:32 . 2011-07-06 14:32 -------- d-----w- c:\documents and settings\AA\Local Settings\Data aplikací\LogMeIn
2011-07-06 14:31 . 2011-06-08 11:05 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-07-06 14:31 . 2011-06-08 11:05 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-07-06 14:31 . 2011-06-08 11:05 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-07-06 14:31 . 2011-01-11 17:04 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2011-07-06 14:29 . 2011-06-08 11:05 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-07-06 14:29 . 2011-07-07 08:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\LogMeIn
2011-07-06 14:27 . 2011-07-06 14:46 -------- d-----w- c:\program files\LogMeIn
2011-07-06 13:49 . 2011-07-06 17:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-06 13:49 . 2011-07-06 17:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-07-06 13:41 . 2011-06-16 04:30 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-07-06 13:41 . 2011-06-16 04:30 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-07-06 13:41 . 2011-06-16 04:30 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-07-06 13:41 . 2011-06-16 04:30 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-07-06 13:41 . 2011-06-16 04:30 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-07-06 13:41 . 2011-06-16 04:30 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-07-06 13:41 . 2011-06-16 04:30 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-07-06 13:41 . 2011-06-16 04:30 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-07-06 13:41 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-06 13:41 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-06 13:37 . 2011-07-06 20:07 -------- d-----w- C:\Install
2011-07-06 12:05 . 2011-07-06 12:05 101918 ----a-w- C:\cc_20110706_140526.reg
2011-07-06 11:50 . 2011-07-06 11:50 -------- d-----w- c:\program files\CCleaner
2011-07-02 15:04 . 2011-07-02 15:04 388 ----a-w- c:\documents and settings\AA\Data aplikací\B.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 16:15 . 2011-05-24 16:15 516096 ----a-w- c:\windows\UN32.EXE
2011-06-16 04:30 . 2011-07-06 13:41 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-03-07 . ED825E820D036EB454FC0642D81A53FA . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . 56A6034E7764E23D9114223EB3523925 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-07-06_17.08.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-30 14:45 . 2008-09-30 14:45 91656 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2011-07-06 18:53 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2004-08-17 12:49 . 2009-06-15 11:33 81408 c:\windows\system32\tlntsess.exe
+ 2004-08-17 12:49 . 2009-06-15 11:33 78336 c:\windows\system32\telnet.exe
+ 2011-02-03 15:21 . 2009-05-26 11:40 18296 c:\windows\system32\spmsg.dll
- 2004-08-17 12:49 . 2004-08-17 12:49 55808 c:\windows\system32\secur32.dll
+ 2004-08-17 12:49 . 2009-02-03 20:11 55808 c:\windows\system32\secur32.dll
+ 2001-10-25 11:00 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe
+ 2004-08-17 12:49 . 2009-10-12 13:54 69632 c:\windows\system32\raschap.dll
- 2004-08-17 12:49 . 2004-08-17 12:49 69632 c:\windows\system32\raschap.dll
- 2001-10-25 11:00 . 2011-03-27 06:39 40836 c:\windows\system32\perfc009.dat
+ 2001-10-25 11:00 . 2011-07-07 08:41 40836 c:\windows\system32\perfc009.dat
- 2001-10-25 11:00 . 2011-03-27 06:39 47206 c:\windows\system32\perfc005.dat
+ 2001-10-25 11:00 . 2011-07-07 08:41 47206 c:\windows\system32\perfc005.dat
+ 2009-05-25 13:55 . 2008-06-12 14:19 91648 c:\windows\system32\mtxoci.dll
+ 2004-08-17 12:49 . 2008-06-12 14:19 66560 c:\windows\system32\mtxclu.dll
- 2004-08-17 12:49 . 2004-08-17 12:49 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-17 15:49 . 2009-11-27 17:35 17920 c:\windows\system32\msyuv.dll
+ 2004-08-17 12:49 . 2005-05-04 12:45 15360 c:\windows\system32\msisip.dll
+ 2004-08-17 12:49 . 2005-05-04 12:45 78848 c:\windows\system32\msiexec.exe
+ 2009-05-25 13:55 . 2008-06-12 14:19 58880 c:\windows\system32\msdtclog.dll
- 2009-05-25 13:55 . 2004-08-17 12:49 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-17 12:49 . 2008-06-24 16:24 74240 c:\windows\system32\mscms.dll
+ 2004-08-17 12:49 . 2009-09-04 20:47 58880 c:\windows\system32\msasn1.dll
+ 2001-10-25 11:00 . 2009-10-15 17:22 82432 c:\windows\system32\fontsub.dll
+ 2004-08-17 12:49 . 2009-06-15 11:33 81408 c:\windows\system32\dllcache\tlntsess.exe
+ 2004-08-17 12:49 . 2009-06-15 11:33 78336 c:\windows\system32\dllcache\telnet.exe
+ 2004-08-17 12:49 . 2009-02-03 20:11 55808 c:\windows\system32\dllcache\secur32.dll
- 2004-08-17 12:49 . 2004-08-17 12:49 55808 c:\windows\system32\dllcache\secur32.dll
+ 2001-10-25 11:00 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe
+ 2004-08-17 12:49 . 2009-10-12 13:54 69632 c:\windows\system32\dllcache\raschap.dll
- 2004-08-17 12:49 . 2004-08-17 12:49 69632 c:\windows\system32\dllcache\raschap.dll
+ 2009-05-25 13:55 . 2008-06-12 14:19 91648 c:\windows\system32\dllcache\mtxoci.dll
- 2004-08-17 12:49 . 2004-08-17 12:49 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2004-08-17 12:49 . 2008-06-12 14:19 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2004-08-17 15:49 . 2009-11-27 17:35 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2004-08-17 12:49 . 2005-05-04 12:45 15360 c:\windows\system32\dllcache\msisip.dll
+ 2004-08-17 12:49 . 2005-05-04 12:45 78848 c:\windows\system32\dllcache\msiexec.exe
- 2009-05-25 13:55 . 2004-08-17 12:49 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2009-05-25 13:55 . 2008-06-12 14:19 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2004-08-17 12:49 . 2008-06-24 16:24 74240 c:\windows\system32\dllcache\mscms.dll
+ 2004-08-17 12:49 . 2009-09-04 20:47 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2001-10-25 11:00 . 2009-10-15 17:22 82432 c:\windows\system32\dllcache\fontsub.dll
+ 2004-08-17 12:49 . 2009-12-14 07:37 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-05-25 13:55 . 2005-07-26 04:42 60416 c:\windows\system32\dllcache\colbact.dll
+ 2004-08-17 12:49 . 2010-01-13 14:10 85504 c:\windows\system32\dllcache\cabview.dll
+ 2004-08-17 12:49 . 2009-07-17 18:57 58880 c:\windows\system32\dllcache\atl.dll
- 2004-08-17 12:49 . 2004-08-17 12:49 58880 c:\windows\system32\dllcache\atl.dll
+ 2004-08-17 12:49 . 2010-03-05 14:57 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2004-08-17 12:49 . 2009-12-14 07:37 33280 c:\windows\system32\csrsrv.dll
+ 2009-05-25 13:55 . 2005-07-26 04:42 60416 c:\windows\system32\colbact.dll
+ 2004-08-17 12:49 . 2010-01-13 14:10 85504 c:\windows\system32\cabview.dll
+ 2004-08-17 12:49 . 2009-07-17 18:57 58880 c:\windows\system32\atl.dll
- 2004-08-17 12:49 . 2004-08-17 12:49 58880 c:\windows\system32\atl.dll
+ 2004-08-17 12:49 . 2010-03-05 14:57 65536 c:\windows\system32\asycfilt.dll
- 2008-06-10 07:17 . 2008-06-10 07:17 96768 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm10mix\logagent.exe
- 2008-06-10 03:52 . 2008-06-10 03:52 96768 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm10l\logagent.exe
- 2008-06-10 07:17 . 2008-06-10 07:17 96768 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm10\logagent.exe
- 2007-07-27 07:41 . 2007-07-27 07:41 16760 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\spmsg.dll
- 2008-06-11 00:47 . 2008-06-11 00:47 96768 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\mceur2\logagent.exe
+ 2011-07-06 20:39 . 2011-07-06 20:39 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2009-11-27 17:35 . 2009-11-27 17:35 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2008-02-17 02:33 . 2008-02-17 02:33 358912 c:\windows\system32\xpsp3res.dll
+ 2004-08-17 12:49 . 2009-04-01 21:02 604160 c:\windows\system32\wmspdmod.dll
- 2004-08-17 12:49 . 2004-08-17 12:49 233472 c:\windows\system32\wmpdxm.dll
+ 2004-08-17 12:49 . 2009-07-13 00:18 233472 c:\windows\system32\wmpdxm.dll
+ 2004-08-17 12:49 . 2008-06-18 03:03 938496 c:\windows\system32\WMNetmgr.dll
+ 2004-08-17 12:49 . 2007-10-25 07:28 222720 c:\windows\system32\wmasf.dll
- 2004-08-17 12:49 . 2004-08-17 12:49 132096 c:\windows\system32\wkssvc.dll
+ 2004-08-17 12:49 . 2009-06-10 06:31 132096 c:\windows\system32\wkssvc.dll
+ 2004-08-17 12:49 . 2009-12-24 07:07 177664 c:\windows\system32\wintrust.dll
+ 2009-05-25 13:55 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2009-05-25 13:55 . 2009-02-09 10:22 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2009-05-25 13:55 . 2009-02-09 10:22 473088 c:\windows\system32\wbem\fastprox.dll
+ 2004-08-17 12:49 . 2010-03-10 06:17 420352 c:\windows\system32\vbscript.dll
- 2004-08-17 12:49 . 2009-03-08 03:33 420352 c:\windows\system32\vbscript.dll
+ 2004-08-17 12:49 . 2009-10-15 20:52 119808 c:\windows\system32\t2embed.dll
+ 2004-08-17 12:49 . 2009-08-26 08:16 247326 c:\windows\system32\strmdll.dll
+ 2004-08-17 12:49 . 2009-12-08 09:01 474112 c:\windows\system32\shlwapi.dll
- 2004-08-17 12:49 . 2009-01-07 17:20 474112 c:\windows\system32\shlwapi.dll
+ 2004-08-17 12:49 . 2009-02-09 10:11 111104 c:\windows\system32\services.exe
+ 2004-08-17 12:49 . 2009-02-09 10:22 399360 c:\windows\system32\rpcss.dll
- 2004-08-17 12:49 . 2004-08-17 12:49 112640 c:\windows\system32\rastls.dll
+ 2004-08-17 12:49 . 2009-10-12 13:54 112640 c:\windows\system32\rastls.dll
- 2001-10-25 11:00 . 2011-03-27 06:39 314508 c:\windows\system32\perfh009.dat
+ 2001-10-25 11:00 . 2011-07-07 08:41 314508 c:\windows\system32\perfh009.dat
+ 2001-10-25 11:00 . 2011-07-07 08:41 312970 c:\windows\system32\perfh005.dat
- 2001-10-25 11:00 . 2011-03-27 06:39 312970 c:\windows\system32\perfh005.dat
- 2004-08-17 12:49 . 2004-08-17 12:49 283648 c:\windows\system32\pdh.dll
+ 2004-08-17 12:49 . 2009-03-06 14:47 283648 c:\windows\system32\pdh.dll
+ 2004-08-17 12:48 . 2009-02-09 10:22 709632 c:\windows\system32\ntdll.dll
+ 2004-08-17 12:49 . 2008-10-15 17:00 332800 c:\windows\system32\netapi32.dll
+ 2009-05-25 13:55 . 2009-06-05 07:46 655872 c:\windows\system32\mstscax.dll
+ 2004-08-17 12:49 . 2006-12-04 14:21 414720 c:\windows\system32\msscp.dll
+ 2004-08-17 12:48 . 2005-05-04 12:45 884736 c:\windows\system32\msimsg.dll
- 2004-08-17 12:48 . 2004-08-17 12:48 884736 c:\windows\system32\msimsg.dll
+ 2004-08-17 12:49 . 2005-05-04 12:45 271360 c:\windows\system32\msihnd.dll
+ 2009-05-25 13:55 . 2008-06-12 14:19 161792 c:\windows\system32\msdtcuiu.dll
+ 2009-05-25 13:55 . 2008-06-12 14:19 956928 c:\windows\system32\msdtctm.dll
+ 2009-05-25 13:55 . 2008-06-12 14:19 428032 c:\windows\system32\msdtcprx.dll
+ 2004-08-17 12:49 . 2009-02-09 10:22 722432 c:\windows\system32\lsasrv.dll
+ 2004-08-17 12:49 . 2008-06-17 23:09 100864 c:\windows\system32\logagent.exe
- 2004-08-17 12:49 . 2006-10-18 19:03 100864 c:\windows\system32\logagent.exe
+ 2004-08-17 12:49 . 2009-05-07 15:44 345088 c:\windows\system32\localspl.dll
+ 2004-08-17 12:49 . 2009-03-21 14:21 984576 c:\windows\system32\kernel32.dll
+ 2004-08-17 12:49 . 2009-12-09 05:55 726528 c:\windows\system32\jscript.dll
- 2004-08-17 12:49 . 2009-03-08 03:33 726528 c:\windows\system32\jscript.dll
- 2009-05-25 15:50 . 2010-05-29 05:41 192184 c:\windows\system32\FNTCACHE.DAT
+ 2009-05-25 15:50 . 2011-07-07 08:36 192184 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-17 12:49 . 2008-07-07 20:32 253952 c:\windows\system32\es.dll
+ 2004-08-03 20:07 . 2010-02-11 12:01 226880 c:\windows\system32\drivers\tcpip6.sys
+ 2004-08-03 20:14 . 2009-12-31 16:14 352640 c:\windows\system32\drivers\srv.sys
+ 2001-10-25 11:00 . 2008-05-08 12:28 202752 c:\windows\system32\drivers\rmcast.sys
+ 2004-08-03 20:15 . 2010-02-24 12:31 454016 c:\windows\system32\drivers\mrxsmb.sys
+ 2004-08-03 20:14 . 2008-08-14 09:51 138368 c:\windows\system32\drivers\afd.sys
+ 2009-05-25 13:55 . 2008-04-21 21:28 216576 c:\windows\system32\dllcache\wordpad.exe
+ 2004-08-17 12:49 . 2009-04-01 21:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2004-08-17 12:49 . 2009-07-13 00:18 233472 c:\windows\system32\dllcache\wmpdxm.dll
- 2004-08-17 12:49 . 2004-08-17 12:49 233472 c:\windows\system32\dllcache\wmpdxm.dll
+ 2004-08-17 12:49 . 2008-06-18 03:03 938496 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2009-05-25 13:55 . 2009-02-06 16:39 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2009-05-25 13:55 . 2009-02-09 10:22 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2004-08-17 12:49 . 2007-10-25 07:28 222720 c:\windows\system32\dllcache\wmasf.dll
- 2004-08-17 12:49 . 2004-08-17 12:49 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2004-08-17 12:49 . 2009-06-10 06:31 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2004-08-17 12:49 . 2009-12-24 07:07 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2004-08-17 12:49 . 2010-03-10 06:17 420352 c:\windows\system32\dllcache\vbscript.dll
- 2004-08-17 12:49 . 2009-03-08 03:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2009-05-25 13:57 . 2009-06-21 22:07 153088 c:\windows\system32\dllcache\triedit.dll
- 2009-05-25 13:57 . 2004-08-17 12:49 153088 c:\windows\system32\dllcache\triedit.dll
+ 2004-08-03 20:07 . 2010-02-11 12:01 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2004-08-17 12:49 . 2009-10-15 20:52 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2004-08-17 12:49 . 2009-08-26 08:16 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2004-08-03 20:14 . 2009-12-31 16:14 352640 c:\windows\system32\dllcache\srv.sys
- 2004-08-17 12:49 . 2009-01-07 17:20 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-17 12:49 . 2009-12-08 09:01 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-17 12:49 . 2009-02-09 10:11 111104 c:\windows\system32\dllcache\services.exe
+ 2004-08-17 12:49 . 2009-02-09 10:22 399360 c:\windows\system32\dllcache\rpcss.dll
+ 2001-10-25 11:00 . 2008-05-08 12:28 202752 c:\windows\system32\dllcache\rmcast.sys
- 2004-08-17 12:49 . 2004-08-17 12:49 112640 c:\windows\system32\dllcache\rastls.dll
+ 2004-08-17 12:49 . 2009-10-12 13:54 112640 c:\windows\system32\dllcache\rastls.dll
+ 2004-08-17 12:49 . 2009-03-06 14:47 283648 c:\windows\system32\dllcache\pdh.dll
- 2004-08-17 12:49 . 2004-08-17 12:49 283648 c:\windows\system32\dllcache\pdh.dll
+ 2004-08-17 12:48 . 2009-02-09 10:22 709632 c:\windows\system32\dllcache\ntdll.dll
+ 2004-08-17 12:49 . 2008-10-15 17:00 332800 c:\windows\system32\dllcache\netapi32.dll
+ 2009-05-25 13:55 . 2009-06-05 07:46 655872 c:\windows\system32\dllcache\mstscax.dll
+ 2004-08-17 12:49 . 2006-12-04 14:21 414720 c:\windows\system32\dllcache\msscp.dll
+ 2004-08-17 12:48 . 2005-05-04 12:45 884736 c:\windows\system32\dllcache\msimsg.dll
- 2004-08-17 12:48 . 2004-08-17 12:48 884736 c:\windows\system32\dllcache\msimsg.dll
+ 2004-08-17 12:49 . 2005-05-04 12:45 271360 c:\windows\system32\dllcache\msihnd.dll
+ 2009-05-25 13:55 . 2008-06-12 14:19 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2009-05-25 13:55 . 2008-06-12 14:19 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2009-05-25 13:55 . 2008-06-12 14:19 428032 c:\windows\system32\dllcache\msdtcprx.dll
- 2009-05-25 13:57 . 2004-08-17 12:49 331776 c:\windows\system32\dllcache\msadce.dll
+ 2009-05-25 13:57 . 2008-05-01 14:33 331776 c:\windows\system32\dllcache\msadce.dll
+ 2004-08-17 12:49 . 2009-02-09 10:22 722432 c:\windows\system32\dllcache\lsasrv.dll
+ 2004-08-17 12:49 . 2008-06-17 23:09 100864 c:\windows\system32\dllcache\logagent.exe
- 2004-08-17 12:49 . 2006-10-18 19:03 100864 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-17 12:49 . 2009-05-07 15:44 345088 c:\windows\system32\dllcache\localspl.dll
+ 2004-08-17 12:49 . 2009-03-21 14:21 984576 c:\windows\system32\dllcache\kernel32.dll
- 2004-08-17 12:49 . 2009-03-08 03:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2004-08-17 12:49 . 2009-12-09 05:55 726528 c:\windows\system32\dllcache\jscript.dll
- 2009-05-25 13:57 . 2004-08-17 12:49 743936 c:\windows\system32\dllcache\helpsvc.exe
+ 2009-05-25 13:57 . 2010-06-14 14:30 743936 c:\windows\system32\dllcache\helpsvc.exe
+ 2009-05-25 13:55 . 2009-02-09 10:22 473088 c:\windows\system32\dllcache\fastprox.dll
+ 2004-08-17 12:49 . 2008-07-07 20:32 253952 c:\windows\system32\dllcache\es.dll
+ 2004-08-17 12:48 . 2010-04-20 05:48 285696 c:\windows\system32\dllcache\atmfd.dll
- 2004-08-17 12:48 . 2004-08-17 12:48 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2004-08-03 20:14 . 2008-08-14 09:51 138368 c:\windows\system32\dllcache\afd.sys
- 2004-08-17 12:49 . 2004-08-17 12:49 683520 c:\windows\system32\dllcache\advapi32.dll
+ 2004-08-17 12:49 . 2009-02-09 10:22 683520 c:\windows\system32\dllcache\advapi32.dll
+ 2004-08-17 12:49 . 2009-11-21 16:46 470528 c:\windows\system32\dllcache\aclayers.dll
+ 2004-08-17 12:49 . 2010-02-12 04:47 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2004-08-17 12:48 . 2010-04-20 05:48 285696 c:\windows\system32\atmfd.dll
- 2004-08-17 12:48 . 2004-08-17 12:48 285696 c:\windows\system32\atmfd.dll
+ 2004-08-17 12:49 . 2009-02-09 10:22 683520 c:\windows\system32\advapi32.dll
- 2004-08-17 12:49 . 2004-08-17 12:49 683520 c:\windows\system32\advapi32.dll
+ 2004-08-17 12:49 . 2010-02-12 04:47 100864 c:\windows\system32\6to4svc.dll
- 2008-06-09 23:06 . 2008-06-09 23:06 103936 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm9l\logagent.exe
- 2008-06-09 23:31 . 2008-06-09 23:31 103936 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm9\logagent.exe
- 2008-06-18 03:03 . 2008-06-18 03:03 938496 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm11\wmnetmgr.dll
- 2008-06-17 23:09 . 2008-06-17 23:09 100864 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm11\logagent.exe
- 2007-07-27 07:41 . 2007-07-27 07:41 382840 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\update\updspapi.dll
- 2007-07-27 05:17 . 2007-07-27 05:17 759160 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\update\update.exe
- 2007-07-27 05:17 . 2007-07-27 05:17 233848 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\spuninst.exe
- 2008-06-11 00:58 . 2008-06-11 00:58 988672 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\mceur2\wmnetmgr.dll
+ 2009-05-25 13:57 . 2010-06-14 14:30 743936 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
- 2009-05-25 13:57 . 2004-08-17 12:49 743936 c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
+ 2011-07-06 20:39 . 2011-07-06 20:39 432640 c:\windows\Installer\673558.msi
+ 2011-07-06 20:40 . 2009-03-08 03:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
+ 2011-07-06 20:40 . 2009-05-26 11:40 391032 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
+ 2011-07-06 20:40 . 2009-05-26 11:40 233848 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
+ 2011-07-06 20:45 . 2008-07-08 12:59 391032 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2011-07-06 20:45 . 2008-07-08 12:59 233848 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2011-07-06 20:45 . 2009-06-22 06:48 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2011-07-06 20:39 . 2008-07-08 12:59 391032 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2011-07-06 20:39 . 2008-07-08 12:59 233848 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2011-07-06 20:39 . 2009-03-08 03:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2011-07-06 19:02 . 2010-02-24 12:31 454016 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-07-06 19:03 . 2008-06-14 18:00 272128 c:\windows\Driver Cache\i386\bthport.sys
+ 2004-08-17 12:49 . 2009-11-21 16:46 470528 c:\windows\AppPatch\aclayers.dll
+ 2011-07-06 17:30 . 2009-08-13 13:56 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2008-09-30 14:42 . 2008-09-30 14:42 1286152 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2004-08-17 12:49 . 2010-04-06 02:52 2462720 c:\windows\system32\WMVCore.dll
+ 2004-08-17 12:49 . 2010-02-16 05:27 4734976 c:\windows\system32\wmp.dll
+ 2004-08-17 12:44 . 2010-05-02 08:27 1850880 c:\windows\system32\win32k.sys
+ 2004-08-17 12:49 . 2009-11-27 17:35 1293824 c:\windows\system32\quartz.dll
+ 2004-08-17 12:45 . 2010-02-16 19:34 2183552 c:\windows\system32\ntoskrnl.exe
+ 2004-08-17 15:45 . 2010-02-16 19:34 2060544 c:\windows\system32\ntkrnlpa.exe
+ 2008-09-30 14:43 . 2008-09-30 14:43 1286152 c:\windows\system32\msxml4.dll
+ 2004-08-17 12:49 . 2009-07-31 04:59 1172480 c:\windows\system32\msxml3.dll
+ 2004-08-17 12:49 . 2005-05-04 12:45 2890240 c:\windows\system32\msi.dll
+ 2008-03-20 16:06 . 2008-03-20 16:06 1480232 c:\windows\system32\LegitCheckControl.dll
+ 2004-08-17 12:49 . 2010-04-06 02:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-17 12:49 . 2010-02-16 05:27 4734976 c:\windows\system32\dllcache\wmp.dll
+ 2004-08-17 12:44 . 2010-05-02 08:27 1850880 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-17 12:49 . 2009-11-27 17:35 1293824 c:\windows\system32\dllcache\quartz.dll
+ 2004-08-17 12:49 . 2009-07-31 04:59 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2004-08-17 12:49 . 2005-05-04 12:45 2890240 c:\windows\system32\dllcache\msi.dll
- 2009-05-25 13:57 . 2004-08-17 12:49 3555328 c:\windows\system32\dllcache\moviemk.exe
+ 2009-05-25 13:57 . 2009-10-23 14:27 3555328 c:\windows\system32\dllcache\moviemk.exe
- 2008-06-09 23:24 . 2008-06-09 23:24 2064384 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm9l\wmvcore.dll
- 2008-06-09 23:24 . 2008-06-09 23:24 1022464 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm9l\wmnetmgr.dll
- 2008-11-07 16:32 . 2008-11-07 16:32 2109440 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm9\wmvcore.dll
- 2008-06-10 16:18 . 2008-06-10 16:18 1053696 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm9\wmnetmgr.dll
- 2008-06-18 03:03 . 2008-06-18 03:03 2458112 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm11\wmvcore.dll
- 2008-06-10 09:57 . 2008-06-10 09:57 2364472 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm10mix\wmvcore.dll
- 2008-06-10 04:28 . 2008-06-10 04:28 1028096 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm10mix\wmnetmgr.dll
- 2008-06-10 05:07 . 2008-06-10 05:07 2376760 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm10l\wmvcore.dll
- 2008-06-10 04:28 . 2008-06-10 04:28 1028096 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm10l\wmnetmgr.dll
- 2008-06-10 09:57 . 2008-06-10 09:57 2364472 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm10\wmvcore.dll
- 2008-06-10 09:37 . 2008-06-10 09:37 1026048 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\wm10\wmnetmgr.dll
- 2008-06-11 00:58 . 2008-06-11 00:58 2330624 c:\windows\SoftwareDistribution\Download\039e6d8adcf85e2f36553e354ed1c57d\mceur2\wmvcore.dll
+ 2011-07-06 19:00 . 2010-02-16 19:34 2183552 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2011-07-06 19:00 . 2010-02-16 19:34 2018816 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2011-07-06 19:00 . 2010-02-16 19:34 2060544 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2011-07-06 19:00 . 2010-02-16 19:34 2139136 c:\windows\Driver Cache\i386\ntkrnlmp.exe
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 77824]
"VTTimer"="VTTimer.exe" [2004-09-01 53248]
"PACTray"="c:\windows\PixArt\PAP7501\PACTray.exe" [2008-06-18 339968]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-11 63048]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-06-08 11:05 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 10:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11.1.2011 19:04 12856]
R3 GUCI_AVS;Canyon USB2.0 PC Camera;c:\windows\system32\drivers\GUCI_AVS.sys [25.5.2009 19:34 540160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\documents and settings\AA\Data aplikací\Mozilla\Firefox\Profiles\iqfi6msf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-07 14:22
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(1604)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\VTTimer.exe
c:\program files\LogMeIn\x86\LMIGuardianSvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
.
**************************************************************************
.
Celkový čas: 2011-07-07 14:29:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-07 12:29
ComboFix2.txt 2011-07-06 19:46
ComboFix3.txt 2011-07-06 17:17
.
Před spuštěním: Volných bajtů: 67 729 645 568
Po spuštění: Volných bajtů: 67 661 733 888
.
- - End Of File - - 5E726033D30FE408D1EFF4E1C93D3498
Nahr nˇ probŘhlo ŁspŘçnŘ
Re: Kontrola logu
Log jiz vypada cisty, jak se chova PC
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Kontrola logu
Diky za pomoc, PC jiz vypada OK...
Re: Kontrola logu
Tak jeste uklidime 
Odinstalujte Combofix
T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
OTC http://oldtimer.geekstogo.com/OTC.exe
TFC http://oldtimer.geekstogo.com/TFC.exe
Stahnete Ccleaner (viz muj podpis)
Panel čistič
A pokud nejsou problemy ci dotazy, je to z me strany vse 
Odinstalujte Combofix
- Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
- Napiste ComboFix /Uninstall
- Stisknete Enter
- Tohle smaze Combofix a jeho slozky
T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
- Stahnete a spustte
- Pro potvrzeni volby mackejte A, Enter
- Po pouziti utilitu smazte
- Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
OTC http://oldtimer.geekstogo.com/OTC.exe
- Stahnete a spustte
- Kliknete na CleanUp a potvrdte YES
- Program uklidi a restartuje PC
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stahnete a spustte
- Kliknete na Start a potvrdte OK
- Program uklidi a restartuje pc
- Po pouziti utilitu smazte
Stahnete Ccleaner (viz muj podpis)Panel čistič
- Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
- dejte Hledej problémy
- nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
- postup opakujte dokud nebude bez problemu - vetsinou cca 3x
- Zde muzete odinstalovat nepotrebne programy
A pokud nejsou problemy ci dotazy, je to z me strany vse "Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?