log z combofixu:
ComboFix 11-07-21.02 - j.horak@zfpa.cz 21.07.2011 20:11:45.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.185 [GMT 2:00]
Spuštěný z: d:\vir\ComboFix2.exe
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\JHORAK~1.CZ\LOCALS~1\Temp\1383607.exe
c:\docume~1\JHORAK~1.CZ\LOCALS~1\Temp\7521875.exe
c:\windows\services32.exe
c:\windows\sysdriver32_.exe
c:\windows\TEMP\2190962.exe
c:\windows\TEMP\5996402.exe
c:\windows\TEMP\7154369-loader2.exe
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.tray-7-0\svchost.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
-------\Legacy_srvbtcclient
-------\Legacy_srvbtcclient
-------\Service_srvbtcclient
-------\Service_srvbtcclient
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-21 do 2011-07-21 )))))))))))))))))))))))))))))))
.
.
2011-07-21 18:04 . 2011-07-21 18:04 -------- d-----w- c:\program files\trend micro
2011-07-21 18:04 . 2011-07-21 18:04 -------- d-----w- C:\rsit
2011-07-21 15:07 . 2011-07-21 15:07 115200 ----a-w- c:\windows\l1rezerv.exe
2011-07-21 15:06 . 2011-07-21 15:06 118784 ----a-w- c:\windows\systemup.exe
2011-07-21 13:33 . 2011-07-21 13:33 -------- d-----w- c:\windows\ufa
2011-07-21 13:33 . 2011-07-21 13:33 -------- d-----w- c:\windows\rpcminer
2011-07-21 13:33 . 2011-07-21 13:33 -------- d-----w- c:\windows\phoenix
2011-07-21 12:42 . 2011-07-21 13:33 246272 ----a-w- c:\windows\unrar.exe
2011-07-21 12:42 . 2011-07-21 12:42 -------- d-----w- c:\windows\av_ico
2011-07-21 12:40 . 2011-07-21 18:18 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-21 12:40 . 2011-07-21 12:40 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-21 12:38 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-21 12:38 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-21 12:38 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-21 12:38 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-21 12:38 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-21 12:38 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-21 12:38 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-21 12:38 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-21 12:38 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-21 12:38 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-21 12:26 . 2011-07-21 14:59 251392 ----a-w- c:\windows\sysdriver32.exe
2011-07-21 12:25 . 2011-07-21 12:25 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-10 21:35 . 2011-07-10 21:35 -------- d--h--w- c:\windows\msdownld.tmp
2011-07-10 07:58 . 2011-07-10 07:58 -------- d-----w- c:\documents and settings\j.horak@zfpa.cz\appdata
2011-07-08 09:33 . 2011-07-08 09:33 -------- d-----r- c:\program files\Skype
2011-07-07 09:02 . 2011-07-07 09:02 -------- d-----w- c:\program files\ICQ6Toolbar
2011-07-07 09:02 . 2011-07-07 09:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ICQ
2011-06-27 11:15 . 2011-06-27 11:15 -------- d-----w- c:\program files\AEGON Expert 2.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2010-02-03 02:15 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2010-02-02 17:34 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2010-02-03 02:15 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2010-02-03 02:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2010-02-03 02:15 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2010-02-03 02:15 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:06 . 2010-02-03 02:15 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2010-02-03 02:15 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2010-02-03 02:15 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2010-02-03 02:15 385024 ----a-w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\j.horak@zfpa.cz\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\j.horak@zfpa.cz\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\j.horak@zfpa.cz\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\j.horak@zfpa.cz\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-19 328568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-24 18702336]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-17 53248]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2009-02-16 196608]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-05-05 149280]
"Free PDF Print Dispatcher"="c:\program files\pdfconverter.com\FreePDF Creator\itFPCPrnDisp.exe" [2010-01-15 25600]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"sysdriver32.exe"="c:\windows\sysdriver32.exe" [2011-07-21 251392]
"systemup"="c:\windows\systemup.exe" [2011-07-21 118784]
"l1rezerv.exe"="c:\windows\l1rezerv.exe" [2011-07-21 115200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\j.horak@zfpa.cz\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Dropbox.lnk - c:\documents and settings\j.horak@zfpa.cz\Data aplikacˇ\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
Kooperativa - PDF Server.lnk - c:\program files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe [2010-12-5 2935808]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-2-2 708608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Acer\\Acer VCM\\VC.exe"=
"c:\\Documents and Settings\\j.horak@zfpa.cz\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2.2.2010 23:27 17840]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2.2.2010 23:27 15280]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2.2.2010 23:27 58800]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R2 KoopPdfService;KoopPdfService;c:\program files\Kooperativa\Services\KoopPDFServer.exe [29.5.2010 11:27 2459136]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2.2.2010 23:09 240160]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [21.7.2009 8:37 38912]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe [10.9.2009 15:42 305448]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8.7.2011 11:34 136176]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2.2.2010 23:49 253952]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [10.4.2011 2:41 2280312]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2.2.2010 22:35 1684736]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8.7.2011 11:34 136176]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [1.7.2010 17:38 9040]
S3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [1.7.2010 17:38 19408]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2.2.2010 22:30 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-08 09:34]
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-08 09:34]
.
2011-07-21 c:\windows\Tasks\User_Feed_Synchronization-{C0C2F307-DF12-4BA7-9861-3FB5088F5D61}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=aspire_one&r=0xph05106955l04g4wu05w74124412
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: mswsock.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\program files\AVAST Software\Avast\ashShell.dll
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-Kalendar - c:\program files\Kalendar\kalendar.exe
HKLM-Run-wxpdrv - c:\windows\services32.exe
HKLM-Run-sysdriver32_.exe - c:\windows\sysdriver32_.exe
HKLM-Run-avast - c:\program files\AVAST Software\Avast\avastUI.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico0 - c:\windows\update.tray-7-0\svchost.exe
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-21 20:30
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\windows\$NtUninstallKB2785$:SummaryInformation 0 bytes hidden from API
.
.
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\\.\globalroot\Device\svchost.exe\svchost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\documents and settings\j.horak@zfpa.cz\Data aplikací\Dropbox\bin\Dropbox.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Celkový čas: 2011-07-21 20:34:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-21 18:34
.
Před spuštěním: Volných bajtů: 91 941 257 216
Po spuštění: Volných bajtů: 93 227 569 152
.
- - End Of File - - B255C8757E307D388AD69F01DCDD7C3D
log z RSIT
Logfile of random's system information tool 1.09 (written by random/random)
Run by j.horak@zfpa.cz at 2011-07-21 20:04:47
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 88 GB (62%) free of 142 GB
Total RAM: 1014 MB (14% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{C0C2F307-DF12-4BA7-9861-3FB5088F5D61}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-23 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-05 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-05 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-04-18 178712]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-28 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-28 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-28 137752]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-08-24 18702336]
"AzMixerSel"=C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe [2006-07-17 53248]
"EgisTecLiveUpdate"=C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [2009-08-04 199464]
"mwlDaemon"=C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [2009-09-10 349480]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"NortonOnlineBackupReminder"=C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe [2009-07-24 588648]
"PLFSetL"=C:\WINDOWS\PLFSetL.exe [2008-07-03 94208]
"snp2uvc"=C:\WINDOWS\system32\csnp2uvc.dll [2009-02-16 196608]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-02-06 1430824]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-05-05 149280]
"Free PDF Print Dispatcher"=C:\Program Files\pdfconverter.com\FreePDF Creator\itFPCPrnDisp.exe [2010-01-15 25600]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-11-29 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-01-25 421160]
"wxpdrv"=C:\WINDOWS\services32.exe [2011-07-21 1178112]
"7521875.exe"=C:\DOCUME~1\JHORAK~1.CZ\LOCALS~1\Temp\7521875.exe [2011-07-21 232960]
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-07-21 251392]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-07-21 245760]
"1383607.exe"=C:\DOCUME~1\JHORAK~1.CZ\LOCALS~1\Temp\1383607.exe [2011-07-21 232960]
"2190962.exe"=C:\WINDOWS\TEMP\2190962.exe [2011-07-21 232960]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui []
"tray_ico"= []
"tray_ico0"=C:\WINDOWS\update.tray-7-0\svchost.exe [2011-07-21 1178112]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"5996402.exe"=C:\WINDOWS\TEMP\5996402.exe [2011-07-21 232960]
"7611224.exe"=C:\WINDOWS\TEMP\7611224.exe [2011-07-21 483328]
"7154369-loader2.exe"=C:\WINDOWS\TEMP\7154369-loader2.exe [2011-07-21 245760]
"systemup"=C:\WINDOWS\systemup.exe [2011-07-21 118784]
"l1rezerv.exe"=C:\WINDOWS\l1rezerv.exe [2011-07-21 115200]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background []
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2010-09-19 328568]
"Kalendar"=C:\Program Files\Kalendar\kalendar.exe []
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Documents and Settings\j.horak@zfpa.cz\Nabídka Start\Programy\Po spuštění
Dropbox.lnk - C:\Documents and Settings\j.horak@zfpa.cz\Data aplikací\Dropbox\bin\Dropbox.exe
Kooperativa - PDF Server.lnk - C:\Program Files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\UltraVNC\winvnc.exe"="C:\Program Files\UltraVNC\winvnc.exe:*:Enabled:winvnc.exe"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Acer\Acer VCM\VC.exe"="C:\Program Files\Acer\Acer VCM\VC.exe:*:Enabled:Acer Video Quality Enhancement"
"C:\Documents and Settings\j.horak@zfpa.cz\Data aplikací\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\j.horak@zfpa.cz\Data aplikací\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\DOCUME~1\JHORAK~1.CZ\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\6DUKPMD2\Flash-Player[1].exe"="C:\DOCUME~1\JHORAK~1.CZ\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\6DUKPMD2\Flash-Player[1].exe:*:Enabled:C:\DOCUME~1\JHORAK~1.CZ\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\6DUKPMD2\Flash-Player[1].exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======List of files/folders created in the last 1 month======
2011-07-21 20:04:49 ----D---- C:\Program Files\trend micro
2011-07-21 20:04:47 ----D---- C:\rsit
2011-07-21 18:49:19 ----D---- C:\WINDOWS\LastGood
2011-07-21 17:07:35 ----A---- C:\WINDOWS\l1rezerv.exe
2011-07-21 17:06:47 ----A---- C:\WINDOWS\ddh_iplist.txt
2011-07-21 17:06:36 ----A---- C:\WINDOWS\systemup.exe
2011-07-21 15:33:03 ----D---- C:\WINDOWS\ufa
2011-07-21 15:33:03 ----D---- C:\WINDOWS\rpcminer
2011-07-21 15:33:03 ----D---- C:\WINDOWS\phoenix
2011-07-21 14:42:56 ----A---- C:\WINDOWS\unrar.exe
2011-07-21 14:42:52 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-07-21 14:42:36 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-07-21 14:42:25 ----HD---- C:\WINDOWS\update.2
2011-07-21 14:42:15 ----D---- C:\WINDOWS\av_ico
2011-07-21 14:42:13 ----HD---- C:\WINDOWS\update.5.0
2011-07-21 14:41:49 ----ASH---- C:\hiberfil.sys
2011-07-21 14:40:52 ----HD---- C:\WINDOWS\update.tray-7-0-lnk
2011-07-21 14:40:52 ----HD---- C:\WINDOWS\update.tray-7-0
2011-07-21 14:39:00 ----A---- C:\WINDOWS\winlog-ids.txt
2011-07-21 14:39:00 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-07-21 14:38:54 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-07-21 14:38:54 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-07-21 14:38:53 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-07-21 14:38:53 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-07-21 14:38:53 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-07-21 14:38:53 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-07-21 14:38:53 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-07-21 14:38:52 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-07-21 14:38:39 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-07-21 14:38:39 ----A---- C:\WINDOWS\avastSS.scr
2011-07-21 14:26:49 ----A---- C:\WINDOWS\iplist.txt
2011-07-21 14:26:20 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-07-21 14:26:06 ----A---- C:\WINDOWS\sysdriver32.exe
2011-07-21 14:25:52 ----A---- C:\WINDOWS\front_ip_list.txt
2011-07-21 14:25:43 ----HD---- C:\WINDOWS\update.1
2011-07-21 14:25:43 ----A---- C:\WINDOWS\services32.exe
2011-07-14 09:02:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-14 08:57:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2011-07-10 23:35:26 ----HD---- C:\WINDOWS\msdownld.tmp
2011-07-08 11:33:25 ----RD---- C:\Program Files\Skype
2011-07-07 11:02:46 ----D---- C:\Program Files\ICQ6Toolbar
2011-07-07 11:02:05 ----D---- C:\Documents and Settings\j.horak@zfpa.cz\Data aplikací\Mozilla
2011-07-07 11:02:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2011-06-30 08:39:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$
2011-06-27 13:15:21 ----D---- C:\Program Files\AEGON Expert 2.0
======List of files/folders modified in the last 1 month======
2011-07-21 20:04:49 ----RD---- C:\Program Files
2011-07-21 19:59:06 ----D---- C:\Documents and Settings\j.horak@zfpa.cz\Data aplikací\uTorrent
2011-07-21 19:40:40 ----D---- C:\WINDOWS\Temp
2011-07-21 19:05:00 ----SHD---- C:\System Volume Information
2011-07-21 18:49:23 ----D---- C:\Documents and Settings\j.horak@zfpa.cz\Data aplikací\Dropbox
2011-07-21 18:49:19 ----HD---- C:\WINDOWS\inf
2011-07-21 18:49:19 ----D---- C:\WINDOWS\system32\drivers
2011-07-21 18:49:19 ----D---- C:\WINDOWS
2011-07-21 18:49:16 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-21 17:39:26 ----AD---- C:\WINDOWS\system32
2011-07-21 17:35:49 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-07-21 16:58:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-21 14:43:02 ----D---- C:\WINDOWS\Prefetch
2011-07-21 14:42:53 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-21 14:41:08 ----A---- C:\boot.ini
2011-07-21 14:38:49 ----D---- C:\Config.Msi
2011-07-21 14:38:48 ----SHD---- C:\WINDOWS\Installer
2011-07-21 14:38:48 ----D---- C:\WINDOWS\WinSxS
2011-07-20 14:50:47 ----D---- C:\Documents and Settings
2011-07-20 09:17:52 ----D---- C:\Documents and Settings\j.horak@zfpa.cz\Data aplikací\Skype
2011-07-18 02:50:54 ----HD---- C:\xxx
2011-07-15 17:30:57 ----D---- C:\Program Files\Sirius
2011-07-14 09:02:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-14 08:57:32 ----A---- C:\WINDOWS\system32\MRT.exe
2011-07-14 08:57:27 ----A---- C:\WINDOWS\imsins.BAK
2011-07-13 14:18:49 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-11 09:46:35 ----RD---- C:\Pracovní složka
2011-07-10 23:35:26 ----D---- C:\Program Files\Internet Explorer
2011-07-08 11:35:00 ----D---- C:\Program Files\Google
2011-07-08 11:34:08 ----SD---- C:\WINDOWS\Tasks
2011-07-08 11:33:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2011-07-07 11:02:05 ----HD---- C:\Program Files\InstallShield Installation Information
2011-07-04 23:05:16 ----D---- C:\Program Files\Common Files
2011-07-04 23:04:28 ----D---- C:\Documents and Settings\j.horak@zfpa.cz\Data aplikací\skypePM
2011-06-27 14:19:18 ----D---- C:\WINDOWS\Microsoft.NET
2011-06-27 13:18:23 ----RSD---- C:\WINDOWS\assembly
2011-06-27 11:06:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-06-27 10:55:58 ----SD---- C:\Documents and Settings\j.horak@zfpa.cz\Data aplikací\Microsoft
co dal? děkuji
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
vir z FB, pro chodnik74
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: vir z FB, pro chodnik74
Zdravim 
jak bylo receno i v prvnim threadu - firemni PC resit nebudem - at si to daji svemu IT technikovi
jak bylo receno i v prvnim threadu - firemni PC resit nebudem - at si to daji svemu IT technikovi
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?