VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Rozesílám spam, pořád

https://forum.viry.cz:443/viewtopic.php?t=134194

Stránka 1 z 2

Rozesílám spam, pořád

Napsal: 21 lis 2013 15:28
od Honzikk
Před týdnem mě odstřihli - posílal jsem spam. Projel jsem MWAV (a promazal), zapnul winxp firewall, spybot. Nechal se zase zapojit a předevčírem mě střihli zase. Teď nainstaloval jsem NOD, ale pochybuji že to vyřešil. Nějaká rada? Jde to vůbec nějak testovat? Log hijackem:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:26:21, on 21.11.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\ibmpmsvc.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Intel\WiFi\bin\S24EvMon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
D:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
D:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
D:\WINDOWS\system32\acs.exe
D:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
D:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
D:\Program Files\Lenovo\Zoom\TpScrex.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\WINDOWS\system32\igfxsrvc.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxpers.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\WINDOWS\system32\cisvc.exe
D:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\TpShocks.exe
D:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
E:\Program Files\Winamp\winampa.exe
D:\Program Files\PowerISO\PWRISOVM.EXE
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S30RP1.EXE
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Intel\WiFi\bin\EvtEng.exe
D:\WINDOWS\system32\igfxext.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
E:\Program Files\hotkeyP\HotkeyP.exe
D:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
D:\Documents and Settings\Honzik\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe
D:\Program Files\WinSplit Revolution\WinSplit.exe
D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
D:\Program Files\ManicTime\ManicTime.exe
D:\Program Files\WinSplit Revolution\WinSplitDrvr32.exe
D:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
E:\Users\Honzik\Desktop\Praktické\Antiviry\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\Java\jre7\bin\jqs.exe
D:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
D:\Program Files\TPFanControl\TPFanControl.exe
D:\Program Files\Windows Desktop Search\WindowsSearch.exe
E:\Users\Honzik\Desktop\Praktické\procexp.exe
D:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
D:\WINDOWS\system32\SearchIndexer.exe
D:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
D:\Program Files\Altap Salamander\salamand.exe
D:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
D:\Program Files\TeamViewer\Version8\TeamViewer.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Program Files\TeamViewer\Version8\tv_w32.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\ESET\ESET Smart Security\ekrn.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\WINDOWS\system32\cmd.exe
E:\cygwin\bin\bash.exe
E:\cygwin\bin\bash.exe
D:\WINDOWS\system32\ntvdm.exe
D:\Program Files\Texmaker\texmaker.exe
E:\Program Files\Miranda\miranda32.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\ESET\ESET Smart Security\egui.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\WINDOWS\system32\mspaint.exe
E:\Program Files\inkscape\inkscape.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
E:\Users\Honzik\Desktop\Praktické\Antiviry\hijackthis.exe
D:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] D:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [LenovoAutoScrollUtility] D:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 D:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [APSDaemon] "D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HotkeyP] E:\Program Files\hotkeyP\HotkeyP.exe 0
O4 - HKCU\..\Run: [ShowBatteryBar] "D:\Program Files\BatteryBar\ShowBatteryBar.exe" show
O4 - HKCU\..\Run: [F.lux] "D:\Documents and Settings\Honzik\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [Winsplit] D:\Program Files\WinSplit Revolution\WinSplit.exe
O4 - HKCU\..\Run: [WinPatrol] D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ManicTime] D:\Program Files\ManicTime\ManicTime.exe /minimized /name:
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Users\Honzik\Desktop\Praktické\Antiviry\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Zástupce - procexp.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: TPFanControl.lnk = D:\Program Files\TPFanControl\TPFanControl.exe
O4 - Global Startup: Windows Search.lnk = D:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://D:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - D:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - D:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9034545546
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F3C7A4D-F696-4501-9AD5-E80C8D9F012A}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6E317AC-EE6F-4EAF-90D7-A33C9437CF4C}: NameServer = 8.8.8.8
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Atheros Configuration Service (acs) - Atheros - D:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - D:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: ESET Service (ekrn) - ESET - D:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - D:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - D:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoodSync Server (GsServer) - Unknown owner - D:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lenovo PM Service (IBMPMSVC) - Lenovo. - D:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - E:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - D:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Power Manager DBC Service - Unknown owner - D:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - D:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - D:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - D:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - D:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - D:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - D:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - D:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - D:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

--
End of file - 13509 bytes


Díky

Re: Rozesílám spam, pořád

Napsal: 21 lis 2013 19:13
od Rudy
Zdravím!
Zkuste tento postup: http://forum.viry.cz/viewtopic.php?f=24&t=132509 .

Re: Rozesílám spam, pořád

Napsal: 22 lis 2013 10:41
od Honzikk
Přihládám vygenerovaný log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-11-2013
Ran by Honzik (administrator) on HONZIKPC on 22-11-2013 10:38:15
Running from D:\Documents and Settings\Honzik\Plocha
Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Lenovo.) D:\WINDOWS\system32\ibmpmsvc.exe
(Intel(R) Corporation) D:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(Google Inc.) D:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Lenovo Group Limited) D:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) D:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Atheros) D:\WINDOWS\system32\acs.exe
(Lenovo Group Limited) D:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
(Lenovo Group Limited) D:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) D:\Program Files\Lenovo\Zoom\TpScrex.exe
(Apple Inc.) D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) D:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) D:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) D:\WINDOWS\system32\igfxpers.exe
(Analog Devices, Inc.) D:\Program Files\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) D:\WINDOWS\system32\cisvc.exe
(Lenovo Group Limited) D:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo.) D:\WINDOWS\system32\TpShocks.exe
(Lenovo.) D:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
(Nullsoft, Inc.) E:\Program Files\Winamp\winampa.exe
(PowerISO Computing, Inc.) D:\Program Files\PowerISO\PWRISOVM.EXE
(Synaptics Incorporated) D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SEIKO EPSON CORPORATION) D:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S30RP1.EXE
(Oracle Corporation) D:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel(R) Corporation) D:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) D:\WINDOWS\system32\igfxext.exe
(Synaptics Incorporated) D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Petr Laštovička) E:\Program Files\hotkeyP\HotkeyP.exe
(Lenovo Group Limited) D:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
(Flux Software LLC) D:\Documents and Settings\Honzik\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe
() D:\Program Files\WinSplit Revolution\WinSplit.exe
(Microsoft Corporation) D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(BillP Studios) D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
(Microsoft Corporation) D:\WINDOWS\system32\wbem\unsecapp.exe
() D:\Program Files\WinSplit Revolution\WinSplitDrvr32.exe
() D:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
(Safer-Networking Ltd.) E:\Users\Honzik\Desktop\Praktické\Antiviry\Spybot - Search & Destroy\TeaTimer.exe
(Oracle Corporation) E:\Program Files\Java\jre7\bin\jqs.exe
(Broadcom Corporation.) D:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(troubadix) D:\Program Files\TPFanControl\TPFanControl.exe
(Microsoft Corporation) D:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Sysinternals - www.sysinternals.com) E:\Users\Honzik\Desktop\Praktické\procexp.exe
(Protexis Inc.) D:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) D:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
() D:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
(Microsoft Corporation) D:\WINDOWS\system32\wscntfy.exe
(Lenovo Group Limited) D:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
(ALTAP) D:\Program Files\Altap Salamander\salamand.exe
(Broadcom Corporation.) D:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
(TeamViewer GmbH) D:\Program Files\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) D:\Program Files\TeamViewer\Version8\tv_w32.exe
(ESET) D:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) D:\WINDOWS\system32\cmd.exe
() E:\cygwin\bin\bash.exe
(Microsoft Corporation) D:\WINDOWS\system32\ntvdm.exe
(ESET) D:\Program Files\ESET\ESET Smart Security\egui.exe
(Broadcom Corporation.) D:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
(Microsoft Corporation) D:\WINDOWS\system32\mspaint.exe
(Seifert) E:\Users\Honzik\Desktop\Praktické\WinDirStat\windirstat.exe
(Nullsoft, Inc.) E:\Program Files\Winamp\winamp.exe
(Last.fm) D:\Program Files\Last.fm\Last.fm Scrobbler.exe
() D:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\FOXIT READER.EXE
(Don HO don.h@free.fr) E:\Program Files\Notepad++\notepad++.exe
(Microsoft Corporation) D:\Windows\System32\calc.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Null Team Impex SRL) D:\Program Files\Yate\yate-qt4.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) D:\Documents and Settings\Honzik\Plocha\FRSTLauncher.exe
(Microsoft Corporation) D:\WINDOWS\system32\cmd.exe
() D:\Program Files\Texmaker\texmaker.exe
(Microsoft Corporation) D:\WINDOWS\system32\ping.exe



Addition.txt negeneroval?

Re: Rozesílám spam, pořád

Napsal: 22 lis 2013 10:45
od Rudy
Tohle mi není moc platné, log není celý. Zkuste zunovu a pokud to nepůjde, dejte log RSIT: http://forum.viry.cz/viewtopic.php?f=24&t=130784 .

Re: Rozesílám spam, pořád

Napsal: 22 lis 2013 16:12
od Honzikk
Zkouším znovu, vygenerovalo to trochu víc, ale zase něco chybí, jako by to spadlo v polovině generování:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-11-2013
Ran by Honzik (administrator) on HONZIKPC on 22-11-2013 11:14:32
Running from E:\Users\Honzik\Desktop\Praktické\Antiviry
Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Lenovo.) D:\WINDOWS\system32\ibmpmsvc.exe
(Intel(R) Corporation) D:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(Google Inc.) D:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Lenovo Group Limited) D:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) D:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Atheros) D:\WINDOWS\system32\acs.exe
(Lenovo Group Limited) D:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
(Lenovo Group Limited) D:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) D:\Program Files\Lenovo\Zoom\TpScrex.exe
(Apple Inc.) D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) D:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) D:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) D:\WINDOWS\system32\igfxpers.exe
(Analog Devices, Inc.) D:\Program Files\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) D:\WINDOWS\system32\cisvc.exe
(Lenovo Group Limited) D:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo.) D:\WINDOWS\system32\TpShocks.exe
(Lenovo.) D:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
(Nullsoft, Inc.) E:\Program Files\Winamp\winampa.exe
(PowerISO Computing, Inc.) D:\Program Files\PowerISO\PWRISOVM.EXE
(Synaptics Incorporated) D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SEIKO EPSON CORPORATION) D:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S30RP1.EXE
(Oracle Corporation) D:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel(R) Corporation) D:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) D:\WINDOWS\system32\igfxext.exe
(Synaptics Incorporated) D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Petr Laštovička) E:\Program Files\hotkeyP\HotkeyP.exe
(Lenovo Group Limited) D:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
(Flux Software LLC) D:\Documents and Settings\Honzik\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe
() D:\Program Files\WinSplit Revolution\WinSplit.exe
(Microsoft Corporation) D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(BillP Studios) D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
(Microsoft Corporation) D:\WINDOWS\system32\wbem\unsecapp.exe
() D:\Program Files\WinSplit Revolution\WinSplitDrvr32.exe
() D:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
(Safer-Networking Ltd.) E:\Users\Honzik\Desktop\Praktické\Antiviry\Spybot - Search & Destroy\TeaTimer.exe
(Oracle Corporation) E:\Program Files\Java\jre7\bin\jqs.exe
(Broadcom Corporation.) D:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(troubadix) D:\Program Files\TPFanControl\TPFanControl.exe
(Microsoft Corporation) D:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Sysinternals - www.sysinternals.com) E:\Users\Honzik\Desktop\Praktické\procexp.exe
(Protexis Inc.) D:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) D:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
() D:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
(Microsoft Corporation) D:\WINDOWS\system32\wscntfy.exe
(Lenovo Group Limited) D:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
(ALTAP) D:\Program Files\Altap Salamander\salamand.exe
(Broadcom Corporation.) D:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
(TeamViewer GmbH) D:\Program Files\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) D:\Program Files\TeamViewer\Version8\tv_w32.exe
(ESET) D:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) D:\WINDOWS\system32\cmd.exe
() E:\cygwin\bin\bash.exe
(Microsoft Corporation) D:\WINDOWS\system32\ntvdm.exe
(ESET) D:\Program Files\ESET\ESET Smart Security\egui.exe
(Broadcom Corporation.) D:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
(Microsoft Corporation) D:\WINDOWS\system32\mspaint.exe
(Seifert) E:\Users\Honzik\Desktop\Praktické\WinDirStat\windirstat.exe
(Nullsoft, Inc.) E:\Program Files\Winamp\winamp.exe
(Last.fm) D:\Program Files\Last.fm\Last.fm Scrobbler.exe
() D:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\FOXIT READER.EXE
(Don HO don.h@free.fr) E:\Program Files\Notepad++\notepad++.exe
(Microsoft Corporation) D:\Windows\System32\calc.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
() D:\Program Files\Texmaker\texmaker.exe
(Miranda IM) E:\Program Files\Miranda\miranda32.exe
(Dominik Reichl) E:\KeePass\KeePass.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) E:\Users\Honzik\Desktop\Praktické\Antiviry\FRSTLauncher.exe
(Microsoft Corporation) D:\WINDOWS\system32\cmd.exe
() D:\DOCUME~1\Honzik\LOCALS~1\DATAAP~1\MSGBOX.EXE
(Microsoft Corporation) D:\WINDOWS\system32\ping.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - D:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SoundMAXPnP] - D:\Program Files\Analog Devices\Core\smax4pnp.exe [925696 2005-05-20] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] - D:\Program Files\Analog Devices\SoundMAX\SMax4.exe [716800 2005-05-06] (Analog Devices, Inc.)
HKLM\...\Run: [LenovoAutoScrollUtility] - D:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe [101440 2011-10-20] (Lenovo Group Limited)
HKLM\...\Run: [PWRMGRTR] - rundll32 D:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [] - [x]
HKLM\...\Run: [TpShocks] - D:\WINDOWS\system32\TpShocks.exe [186248 2012-09-20] (Lenovo.)
HKLM\...\Run: [WinampAgent] - E:\Program Files\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM\...\Run: [PWRISOVM.EXE] - D:\Program Files\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM\...\Run: [SynTPEnh] - D:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2379504 2013-04-17] (Synaptics Incorporated)
HKLM\...\Run: [APSDaemon] - D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - D:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [egui] - D:\Program Files\ESET\ESET Smart Security\egui.exe [5110672 2013-09-12] (ESET)
HKCU\...\Run: [HotkeyP] - E:\Program Files\hotkeyP\HotkeyP.exe [147456 2012-03-28] (Petr Laštovička)
HKCU\...\Run: [ShowBatteryBar] - D:\Program Files\BatteryBar\ShowBatteryBar.exe [90624 2009-05-28] ()
HKCU\...\Run: [F.lux] - D:\Documents and Settings\Honzik\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKCU\...\Run: [Winsplit] - D:\Program Files\WinSplit Revolution\WinSplit.exe [3951616 2011-04-12] ()
HKCU\...\Run: [WinPatrol] - D:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe [423144 2013-04-26] (BillP Studios)
HKCU\...\Run: [ManicTime] - D:\Program Files\ManicTime\ManicTime.exe [250120 2013-10-09] (Finkit d.o.o.)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [SpybotSD TeaTimer] - E:\Users\Honzik\Desktop\Praktické\Antiviry\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
MountPoints2: {95a9149f-e324-11e2-bcff-0018de01efcd} - L:\iStudio.exe
Startup: D:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> D:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: D:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\TPFanControl.lnk
ShortcutTarget: TPFanControl.lnk -> D:\Program Files\TPFanControl\TPFanControl.exe (troubadix)
Startup: D:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> D:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: D:\Documents and Settings\Honzik\Nabídka Start\Programy\Po spuštění\Zástupce - procexp.lnk
ShortcutTarget: Zástupce - procexp.lnk -> E:\Users\Honzik\Desktop\Praktické\procexp.exe (Sysinternals - www.sysinternals.com)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll ()
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll ()


+ log z RSIT

Re: Rozesílám spam, pořád

Napsal: 22 lis 2013 16:28
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM\...\Run: [SunJavaUpdateSched] - D:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [] - [x]
MountPoints2: {95a9149f-e324-11e2-bcff-0018de01efcd} - L:\iStudio.exe
End

Uložte jakofixlist.txt do stejného adresáře, jako FRST. Pak znovu spusťte FRST a klikněte na >Fix<. Zkopírujte sem pak log, který se na závěr vytvoří.

Re: Rozesílám spam, pořád

Napsal: 24 lis 2013 13:28
od Honzikk
Tady vrácený log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-11-2013
Ran by Honzik at 2013-11-24 13:25:42 Run:1
Running from D:\Documents and Settings\Honzik\Plocha
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [SunJavaUpdateSched] - D:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [] - [x]
MountPoints2: {95a9149f-e324-11e2-bcff-0018de01efcd} - L:\iStudio.exe
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95a9149f-e324-11e2-bcff-0018de01efcd} => Key deleted successfully.
HKCR\CLSID\{95a9149f-e324-11e2-bcff-0018de01efcd} => Key not found.

==== End of Fixlog ====


I: byl disk z jiného PC

Re: Rozesílám spam, pořád

Napsal: 24 lis 2013 13:43
od Rudy
Smazáno. Nastala nějaká změna?

Re: Rozesílám spam, pořád

Napsal: 24 lis 2013 13:58
od Honzikk
Vlastně ani před tím jsem nevěděl že rozesílám spam, takže žádná změna. Můžu nějak ověřit, že už se to neděje? Jinak než počkat až mě upozorní poskytovatel :)

Re: Rozesílám spam, pořád

Napsal: 24 lis 2013 18:33
od Rudy
To opravdu těžko zjistíte. Pokud se někdo přihlásí, můžeme pokračovat.

Re: Rozesílám spam, pořád

Napsal: 01 pro 2013 00:33
od Honzikk
Tak mě zase střihli :( Měl jsem zakázaný port SMTP (firewallem nodu) ale stejně to nepomohlo. RSIT log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Honzik at 2013-12-01 00:30:51
Systém Microsoft Windows XP Professional Service Pack 3
System drive D: has 3 GB (14%) free of 20 GB
Total RAM: 3062 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:31:00, on 1.12.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\ibmpmsvc.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Intel\WiFi\bin\S24EvMon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
D:\WINDOWS\system32\igfxsrvc.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxpers.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\TpShocks.exe
E:\Program Files\Winamp\winampa.exe
D:\Program Files\PowerISO\PWRISOVM.EXE
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Program Files\ESET\ESET Smart Security\egui.exe
D:\WINDOWS\system32\igfxext.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
E:\Program Files\hotkeyP\HotkeyP.exe
D:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
D:\Documents and Settings\Honzik\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe
D:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
D:\Program Files\WinSplit Revolution\WinSplit.exe
D:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
D:\WINDOWS\system32\acs.exe
D:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
D:\Program Files\ManicTime\ManicTime.exe
D:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
D:\Program Files\Lenovo\Zoom\TpScrex.exe
D:\Program Files\WinSplit Revolution\WinSplitDrvr32.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\WINDOWS\system32\cisvc.exe
D:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
D:\Program Files\ESET\ESET Smart Security\ekrn.exe
D:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S30RP1.EXE
D:\Program Files\Intel\WiFi\bin\EvtEng.exe
D:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
D:\Program Files\TPFanControl\TPFanControl.exe
D:\Program Files\Windows Desktop Search\WindowsSearch.exe
E:\Users\Honzik\Desktop\Praktické\procexp.exe
D:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
E:\Program Files\Java\jre7\bin\jqs.exe
D:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
D:\WINDOWS\system32\SearchIndexer.exe
D:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
D:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\TeamViewer\Version8\TeamViewer.exe
D:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Program Files\TeamViewer\Version8\tv_w32.exe
D:\Program Files\Altap Salamander\salamand.exe
E:\Program Files\Winamp\winamp.exe
D:\Program Files\Last.fm\Last.fm Scrobbler.exe
D:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
E:\Program Files\Miranda\miranda32.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Honzik\Dokumenty\Downloads\RSIT.exe
E:\Users\Honzik\Desktop\Praktické\Antiviry\Honzik.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] D:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [LenovoAutoScrollUtility] D:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 D:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [APSDaemon] "D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HotkeyP] E:\Program Files\hotkeyP\HotkeyP.exe 0
O4 - HKCU\..\Run: [ShowBatteryBar] "D:\Program Files\BatteryBar\ShowBatteryBar.exe" show
O4 - HKCU\..\Run: [F.lux] "D:\Documents and Settings\Honzik\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [Winsplit] D:\Program Files\WinSplit Revolution\WinSplit.exe
O4 - HKCU\..\Run: [WinPatrol] D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ManicTime] D:\Program Files\ManicTime\ManicTime.exe /minimized /name:
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Users\Honzik\Desktop\Praktické\Antiviry\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NokiaSuite.exe] D:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Zástupce - procexp.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: TPFanControl.lnk = D:\Program Files\TPFanControl\TPFanControl.exe
O4 - Global Startup: Windows Search.lnk = D:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://D:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - D:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - D:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9034545546
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F3C7A4D-F696-4501-9AD5-E80C8D9F012A}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6E317AC-EE6F-4EAF-90D7-A33C9437CF4C}: NameServer = 8.8.8.8
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Atheros Configuration Service (acs) - Atheros - D:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - D:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: ESET Service (ekrn) - ESET - D:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - D:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - D:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoodSync Server (GsServer) - Unknown owner - D:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lenovo PM Service (IBMPMSVC) - Lenovo. - D:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - E:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - D:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Power Manager DBC Service - Unknown owner - D:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - D:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - D:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - D:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - D:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - D:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - D:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - D:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - D:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

--
End of file - 13400 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\AppleSoftwareUpdate.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
D:\WINDOWS\tasks\PMTask.job
D:\WINDOWS\tasks\updater.exe.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - D:\Program Files\Orbitdownloader\orbitcth.dll [2013-04-03 241448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - E:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - E:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - D:\Program Files\Orbitdownloader\GrabPro.dll [2013-04-03 696000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=D:\WINDOWS\system32\igfxtray.exe [2008-03-05 141848]
"HotKeysCmds"=D:\WINDOWS\system32\hkcmd.exe [2008-03-05 166424]
"Persistence"=D:\WINDOWS\system32\igfxpers.exe [2008-03-05 137752]
"SoundMAXPnP"=D:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SoundMAX"=D:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-05-06 716800]
"LenovoAutoScrollUtility"=D:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe [2011-10-20 101440]
"PWRMGRTR"=rundll32 D:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor []
""= []
"TpShocks"=D:\WINDOWS\system32\TpShocks.exe [2012-09-20 186248]
"WinampAgent"=E:\Program Files\Winamp\winampa.exe [2012-06-28 74752]
"PWRISOVM.EXE"=D:\Program Files\PowerISO\PWRISOVM.EXE [2010-04-12 180224]
"SynTPEnh"=D:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-17 2379504]
"APSDaemon"=D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"egui"=D:\Program Files\ESET\ESET Smart Security\egui.exe [2013-09-12 5110672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"HotkeyP"=E:\Program Files\hotkeyP\HotkeyP.exe [2012-03-28 147456]
"ShowBatteryBar"=D:\Program Files\BatteryBar\ShowBatteryBar.exe [2009-05-28 90624]
"F.lux"=D:\Documents and Settings\Honzik\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe [2013-10-23 1017224]
"Winsplit"=D:\Program Files\WinSplit Revolution\WinSplit.exe [2011-04-12 3951616]
"WinPatrol"=D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2013-04-26 423144]
"ManicTime"=D:\Program Files\ManicTime\ManicTime.exe [2013-10-09 250120]
"SpybotSD TeaTimer"=E:\Users\Honzik\Desktop\Praktické\Antiviry\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"NokiaSuite.exe"=D:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [2013-04-19 1090912]

D:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - D:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
TPFanControl.lnk - D:\Program Files\TPFanControl\TPFanControl.exe
Windows Search.lnk - D:\Program Files\Windows Desktop Search\WindowsSearch.exe

D:\Documents and Settings\Honzik\Nabídka Start\Programy\Po spuštění
Zástupce - procexp.lnk - E:\Users\Honzik\Desktop\Praktické\procexp.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
D:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=D:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Program Files\Altap Salamander\salamand.exe"="D:\Program Files\Altap Salamander\salamand.exe:*:Enabled:Altap Salamander, File Manager"
"D:\Program Files\Siber Systems\GoodSync\GoodSync.exe"="D:\Program Files\Siber Systems\GoodSync\GoodSync.exe:*:Enabled:GoodSync"
"D:\Program Files\Siber Systems\GoodSync\GsExplorer.exe"="D:\Program Files\Siber Systems\GoodSync\GsExplorer.exe:*:Enabled:GoodSync Explorer"
"D:\Program Files\Siber Systems\GoodSync\Gs-Server.exe"="D:\Program Files\Siber Systems\GoodSync\Gs-Server.exe:*:Enabled:GoodSync Server"
"D:\ti\ccsv5\eclipse\jre\bin\java.exe"="D:\ti\ccsv5\eclipse\jre\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\Program Files\Orbitdownloader\orbitdm.exe"="D:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"D:\Program Files\Orbitdownloader\orbitnet.exe"="D:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"D:\Program Files\TeamViewer\Version8\TeamViewer.exe"="D:\Program Files\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"D:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe"="D:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"E:\ti\ccsv5\eclipse\eclipsec.exe"="E:\ti\ccsv5\eclipse\eclipsec.exe:*:Disabled:eclipsec"
"D:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="D:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Disabled:WebKit"
"E:\Users\Honzik\Desktop\Praktické\Games\StarCraft Portable 1.15.2\StarCraft.exe"="E:\Users\Honzik\Desktop\Praktické\Games\StarCraft Portable 1.15.2\StarCraft.exe:*:Enabled:StarCraft.exe"
"E:\Users\Honzik\Desktop\Praktické\SciLor's Grooveshark.com Downloader\SciLors GrooveDownloader.exe"="E:\Users\Honzik\Desktop\Praktické\SciLor's Grooveshark.com Downloader\SciLors GrooveDownloader.exe:*:Enabled:SciLors GrooveDownloader.exe"
"D:\Documents and Settings\Honzik\Data aplikací\uTorrent\uTorrent.exe"="D:\Documents and Settings\Honzik\Data aplikací\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"E:\Users\Honzik\Desktop\FIT\ST2\Cisco Packet Tracer 5.3.1\bin\PacketTracer5.exe"="E:\Users\Honzik\Desktop\FIT\ST2\Cisco Packet Tracer 5.3.1\bin\PacketTracer5.exe:*:Enabled:PacketTracer5"
"E:\Program Files\Cisco Packet Tracer 6.0.1\bin\PacketTracer6.exe"="E:\Program Files\Cisco Packet Tracer 6.0.1\bin\PacketTracer6.exe:*:Enabled:PacketTracer6"
"E:\Users\Honzik\Desktop\FIT\PSI\robot\robot.exe"="E:\Users\Honzik\Desktop\FIT\PSI\robot\robot.exe:*:Disabled:robot"
"E:\Users\Honzik\Desktop\FIT\PSI\robot\bin\Debug\robot.exe"="E:\Users\Honzik\Desktop\FIT\PSI\robot\bin\Debug\robot.exe:*:Disabled:robot"
"E:\Users\Honzik\Desktop\FIT\PSI\UDP_TestTool.exe"="E:\Users\Honzik\Desktop\FIT\PSI\UDP_TestTool.exe:*:Disabled:UDP_TestTool"
"D:\Program Files\SimpleComTools\UDP Test Tool\UDP_TestTool.exe"="D:\Program Files\SimpleComTools\UDP Test Tool\UDP_TestTool.exe:*:Disabled:UDP_TestTool"
"I:\Xilinx\14.1\ISE_DS\ISE\bin\nt\unwrapped\isimgui.exe"="I:\Xilinx\14.1\ISE_DS\ISE\bin\nt\unwrapped\isimgui.exe:*:Disabled:isimgui"
"D:\WINDOWS\system32\sessmgr.exe"="D:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=D:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=D:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.FMVC"=fmcodec.dll
"vidc.yv12"=

======List of files/folders created in the last 1 month======

2013-11-22 11:41:09 ----D---- D:\Documents and Settings\Honzik\Data aplikací\hte
2013-11-22 11:10:53 ----D---- D:\rsit
2013-11-22 10:37:12 ----D---- D:\FRST
2013-11-22 10:08:59 ----D---- D:\Documents and Settings\Honzik\Data aplikací\Yate
2013-11-22 10:08:33 ----D---- D:\Program Files\Yate
2013-11-22 10:02:16 ----D---- D:\Program Files\sox-14-4-1
2013-11-21 16:26:58 ----D---- D:\Program Files\HD Tune
2013-11-21 11:51:57 ----D---- D:\Documents and Settings\Honzik\Data aplikací\ESET
2013-11-21 11:49:16 ----D---- D:\Program Files\ESET
2013-11-21 11:49:16 ----D---- D:\Documents and Settings\All Users\Data aplikací\ESET
2013-11-20 23:12:29 ----D---- D:\Program Files\Dia
2013-11-20 19:15:02 ----A---- D:\WINDOWS\ModemLog_Nokia C2-01 USB Modem.txt
2013-11-18 01:54:35 ----D---- D:\Documents and Settings\Honzik\Data aplikací\SwvUpdater
2013-11-18 00:17:19 ----A---- D:\WINDOWS\wininit.ini
2013-11-17 23:28:46 ----D---- D:\Program Files\TeaTimer (Spybot - Search & Destroy)
2013-11-17 23:28:46 ----D---- D:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2013-11-17 23:28:45 ----D---- D:\Program Files\SDHelper (Spybot - Search & Destroy)
2013-11-17 23:28:45 ----D---- D:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2013-11-17 15:37:37 ----AD---- D:\WINDOWS\rundll16.exe
2013-11-17 15:37:37 ----AD---- D:\WINDOWS\logo1_.exe
2013-11-15 01:54:15 ----D---- D:\Documents and Settings\Honzik\Data aplikací\Wireshark
2013-11-14 16:37:18 ----D---- D:\Program Files\WinPcap
2013-11-14 16:36:54 ----D---- D:\Program Files\Wireshark
2013-11-13 21:34:22 ----A---- D:\WINDOWS\system32\drivers\trufos.sys
2013-11-13 16:57:51 ----D---- D:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2013-11-11 12:45:09 ----RASH---- D:\WINDOWS\fonts\StaticCache.dat
2013-11-11 10:49:59 ----RASH---- D:\WINDOWS\system32\winDCE32.dll
2013-11-11 10:49:59 ----RASH---- D:\WINDOWS\system32\TAKDSDecoder.dll
2013-11-11 10:49:59 ----RASH---- D:\WINDOWS\system32\OptimFROG.dll
2013-11-11 10:49:59 ----RASH---- D:\WINDOWS\system32\nbDX.dll
2013-11-11 10:49:59 ----RASH---- D:\WINDOWS\system32\msfDX.dll
2013-11-11 10:49:59 ----RASH---- D:\WINDOWS\system32\flvDX.dll
2013-11-11 10:49:59 ----A---- D:\WINDOWS\system32\pncrt.dll
2013-11-11 10:49:59 ----A---- D:\WINDOWS\system32\drvc.dll
2013-11-11 10:49:53 ----D---- D:\Program Files\eRightSoft
2013-11-10 14:49:19 ----D---- D:\Documents and Settings\Honzik\Data aplikací\Corel
2013-11-10 14:49:18 ----D---- D:\Documents and Settings\All Users\Data aplikací\Protexis
2013-11-10 14:44:19 ----D---- D:\Program Files\Microsoft SDKs
2013-11-10 14:44:18 ----D---- D:\Program Files\Microsoft Visual Studio 9.0
2013-11-10 14:44:17 ----D---- D:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2013-11-10 14:43:59 ----D---- D:\Program Files\gs
2013-11-10 14:43:40 ----D---- D:\Program Files\Common Files\Corel
2013-11-10 14:43:18 ----D---- D:\Program Files\Common Files\Protexis
2013-11-10 14:43:13 ----D---- D:\Documents and Settings\All Users\Data aplikací\Corel
2013-11-10 14:35:17 ----D---- D:\Documents and Settings\All Users\Data aplikací\CorelDRAW Graphics Suite X6
2013-11-10 12:39:49 ----A---- D:\WINDOWS\IsUninst.exe
2013-11-10 01:05:27 ----AH---- D:\WINDOWS\system32\m3.dll
2013-11-10 00:12:50 ----D---- D:\.Xilinx
2013-11-10 00:04:08 ----D---- D:\Program Files\Common Files\Digilent
2013-11-10 00:04:07 ----D---- D:\Program Files\Digilent
2013-11-10 00:04:07 ----A---- D:\WINDOWS\system32\drivers\xpc4drvr.sys
2013-11-10 00:03:37 ----A---- D:\WINDOWS\system32\drivers\windrvr6.sys
2013-11-10 00:03:24 ----D---- D:\Documents and Settings\Honzik\Data aplikací\Xilinx
2013-11-09 23:57:07 ----HD---- D:\Program Files\Zero G Registry
2013-11-09 19:25:36 ----D---- D:\Documents and Settings\Honzik\Data aplikací\Download Manager
2013-11-05 22:41:33 ----D---- D:\Documents and Settings\Honzik\Data aplikací\Mathematica
2013-11-05 22:40:50 ----D---- D:\Program Files\Common Files\Wolfram Research
2013-11-05 22:40:50 ----D---- D:\Program Files\Common Files\ResearchSoft
2013-11-05 22:40:50 ----D---- D:\Documents and Settings\All Users\Data aplikací\Mathematica
2013-11-05 22:36:40 ----A---- D:\WINDOWS\system32\mlmodule32.dll
2013-11-05 22:36:40 ----A---- D:\WINDOWS\system32\ml32i3.dll
2013-11-05 22:36:40 ----A---- D:\WINDOWS\system32\ml32i2.dll
2013-11-05 22:36:40 ----A---- D:\WINDOWS\system32\ml32i1.dll
2013-11-05 22:21:49 ----D---- D:\Program Files\jViewer
2013-11-03 20:29:21 ----D---- D:\Documents and Settings\Honzik\Data aplikací\Help

======List of files/folders modified in the last 1 month======

2013-12-01 00:19:59 ----D---- D:\WINDOWS\Temp
2013-11-30 20:17:40 ----D---- D:\Documents and Settings\Honzik\Data aplikací\NetSpeedMonitor
2013-11-30 20:13:52 ----D---- D:\WINDOWS
2013-11-28 17:36:12 ----D---- D:\WINDOWS\Prefetch
2013-11-28 17:35:11 ----D---- D:\WINDOWS\system32\CatRoot2
2013-11-28 17:34:02 ----D---- D:\WINDOWS\system32\drivers
2013-11-28 17:16:58 ----D---- D:\Documents and Settings\Honzik\Data aplikací\vlc
2013-11-28 12:47:33 ----A---- D:\WINDOWS\SchedLgU.Txt
2013-11-28 12:00:11 ----D---- D:\WINDOWS\system32\drivers\UMDF
2013-11-28 12:00:11 ----D---- D:\WINDOWS\system32
2013-11-28 00:09:33 ----A---- D:\WINDOWS\win.ini
2013-11-27 17:19:06 ----D---- D:\Documents and Settings\Honzik\Data aplikací\GoodSync
2013-11-26 00:39:27 ----SHD---- D:\WINDOWS\system32\MPK
2013-11-24 23:44:56 ----HD---- D:\WINDOWS\inf
2013-11-22 10:08:33 ----RD---- D:\Program Files
2013-11-21 16:35:16 ----D---- D:\Downloads
2013-11-21 11:50:43 ----SHD---- D:\WINDOWS\Installer
2013-11-20 19:22:46 ----D---- D:\Documents and Settings\Honzik\Data aplikací\Nokia
2013-11-18 08:29:26 ----D---- D:\Documents and Settings\Honzik\Data aplikací\CodeBlocks
2013-11-18 01:57:41 ----SD---- D:\WINDOWS\Tasks
2013-11-16 10:31:50 ----RSD---- D:\WINDOWS\Fonts
2013-11-13 22:17:18 ----D---- D:\WINDOWS\system32\ReinstallBackups
2013-11-13 21:58:18 ----A---- D:\WINDOWS\system32\WinUSBCoInstaller2.dll
2013-11-13 21:58:18 ----A---- D:\WINDOWS\system32\WdfCoInstaller01009.dll
2013-11-11 21:27:55 ----D---- D:\WINDOWS\Microsoft.NET
2013-11-11 21:05:47 ----RSD---- D:\WINDOWS\assembly
2013-11-11 21:04:10 ----D---- D:\Program Files\ManicTime
2013-11-10 14:46:21 ----SD---- D:\Documents and Settings\Honzik\Data aplikací\Microsoft
2013-11-10 14:46:21 ----SD---- D:\Documents and Settings\All Users\Data aplikací\Microsoft
2013-11-10 14:44:44 ----D---- D:\Program Files\Common Files\Microsoft Shared
2013-11-10 14:43:40 ----D---- D:\Program Files\Common Files
2013-11-10 14:43:27 ----D---- D:\WINDOWS\WinSxS
2013-11-10 11:04:11 ----D---- D:\Documents and Settings\Honzik\Data aplikací\uTorrent
2013-11-10 01:05:03 ----HD---- D:\Program Files\InstallShield Installation Information
2013-11-10 00:32:53 ----D---- D:\Documents and Settings\Honzik\Data aplikací\Orbit
2013-11-10 00:04:15 ----DC---- D:\WINDOWS\system32\DRVSTORE
2013-11-06 17:18:20 ----D---- D:\Program Files\TallStick
2013-11-05 22:21:56 ----HD---- D:\Program Files\InstallJammer Registry

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DozeHDD;DozeHDD; D:\WINDOWS\System32\DRIVERS\DozeHDD.sys [2012-12-26 24264]
R0 iaStor;Intel AHCI Controller; D:\WINDOWS\System32\Drivers\iaStor.sys [2008-06-12 317976]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; D:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 Shockprf;Shockprf; D:\WINDOWS\System32\DRIVERS\Apsx86.sys [2012-07-23 129384]
R0 TPDIGIMN;TPDIGIMN; D:\WINDOWS\System32\DRIVERS\ApsHM86.sys [2012-09-06 20328]
R1 eamon;eamon; D:\WINDOWS\system32\DRIVERS\eamon.sys [2013-09-17 184664]
R1 ehdrv;ehdrv; D:\WINDOWS\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]
R1 epfwtdi;epfwtdi; D:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2013-09-17 61600]
R1 intelppm;Řadič procesoru Intel; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 lenovo.smi;Lenovo System Interface Driver; D:\WINDOWS\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
R1 SCDEmu;SCDEmu; D:\WINDOWS\system32\drivers\SCDEmu.sys [2010-04-12 59388]
R1 TPHKDRV;TPHKDRV; D:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2008-05-12 17844]
R1 TPPWRIF;TPPWRIF; D:\WINDOWS\System32\drivers\Tppwrif.sys [2012-12-26 13936]
R2 bh560eth;Blackhawk 560 Ethernet JTAG Emulator Driver; D:\WINDOWS\System32\Drivers\bh560eth.sys [2010-11-17 97776]
R2 epfw;epfw; D:\WINDOWS\system32\DRIVERS\epfw.sys [2013-09-17 174400]
R2 irda;Protokol IrDA; D:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 mdmxsdk;mdmxsdk; D:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2010-06-02 19384]
R2 s24trans;WLAN Transport; D:\WINDOWS\system32\DRIVERS\s24trans.sys [2010-05-19 13952]
R2 sdiont;sdiont; \??\D:\WINDOWS\system32\drivers\sdiont.sys []
R2 TVicPort;TVicPort; D:\WINDOWS\system32\drivers\TVicPort.sys [2006-10-13 20512]
R2 XilinxPC4Driver;XilinxPC4Driver; D:\WINDOWS\System32\drivers\xpc4drvr.sys [2012-04-24 16000]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; D:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-06-20 178688]
R3 AEAudioService;AEAudio Service; D:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 Arp1394;Protokol 1394 ARP Client; D:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; D:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-05-02 161792]
R3 btaudio;Zvukové zařízení Bluetooth; D:\WINDOWS\system32\drivers\btaudio.sys [2009-09-18 533152]
R3 BTDriver;Ovladač virtuálních komunikací Bluetooth; D:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-04 37160]
R3 BTKRNL;Enumenátor sběrnice Bluetooth; D:\WINDOWS\system32\DRIVERS\btkrnl.sys [2010-09-23 993576]
R3 BTWDNDIS;Server pro přístup k síti LAN Bluetooth; D:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-07-24 156816]
R3 btwhid;btwhid; D:\WINDOWS\system32\DRIVERS\btwhid.sys [2009-05-11 56992]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; D:\WINDOWS\System32\Drivers\btwusb.sys [2010-09-16 51752]
R3 Epfwndis;Eset Personal Firewall; D:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2013-09-17 38952]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; D:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2010-06-02 993464]
R3 HSFHWAZL;HSFHWAZL; D:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2010-06-02 217016]
R3 ialm;ialm; D:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IBMPMDRV;IBMPMDRV; D:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2012-04-11 35240]
R3 NETwLx32; Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows XP 32 Bit; D:\WINDOWS\system32\DRIVERS\NETwLx32.sys [2010-10-07 6609920]
R3 NIC1394;1394 Net Driver; D:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 NSCIRDA;NSC Infrared Device Driver; D:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-14 28672]
R3 Rasirda;WAN Miniport (IrDA); D:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; D:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 sdbus;sdbus; D:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 sffdisk;Ovladač třídy úložiště SFF; D:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
R3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; D:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
R3 SynTP;Synaptics TouchPad Driver; D:\WINDOWS\system32\DRIVERS\SynTP.sys [2013-04-17 347888]
R3 teamviewervpn;TeamViewer VPN Adapter; D:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2013-06-06 25088]
R3 tifm21;tifm21; D:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; D:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
R3 winachsf;winachsf; D:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2010-06-02 738360]
R3 WSIMD;wsimd Service; D:\WINDOWS\system32\DRIVERS\wsimd.sys [2008-02-08 57408]
R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
S1 kbdhid;Ovladač klávesnice standardu HID; D:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication; D:\WINDOWS\system32\DRIVERS\adusbser.sys [2009-11-06 106880]
S3 CCDECODE;Dekodér Closed Caption; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FTDIBUS;USB Serial Converter Driver; D:\WINDOWS\system32\drivers\ftdibus.sys [2013-07-25 65896]
S3 FTSER2K;USB Serial Port Driver; D:\WINDOWS\system32\drivers\ftser2k.sys [2013-07-25 74088]
S3 HidUsb;Ovladač třídy standardu HID; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSIRCOMM;Microsoft IR Communications Driver; D:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent Driver; D:\WINDOWS\system32\drivers\ccdcmb.sys [2013-01-23 18560]
S3 nmwcdc;Nokia USB Communication Driver; D:\WINDOWS\system32\drivers\ccdcmbo.sys [2013-01-23 23168]
S3 NPF;NetGroup Packet Filter Driver; D:\WINDOWS\system32\drivers\npf.sys [2013-03-01 36600]
S3 pccsmcfd;PCCS Mode Change Filter Driver; D:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2012-10-17 19072]
S3 Ser2pl;Prolific2 Serial port driver; D:\WINDOWS\system32\DRIVERS\ser2pl.sys [2005-07-25 48640]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tapoas;TAP-Win32 Adapter OAS; D:\WINDOWS\system32\DRIVERS\tapoas.sys [2012-07-15 26112]
S3 trufos;trufos; D:\WINDOWS\system32\drivers\trufos.sys [2013-11-13 343456]
S3 TwoTrack;IBM PS/2 TrackPoint Filter Driver; D:\WINDOWS\system32\DRIVERS\TwoTrack.sys [2001-08-17 11520]
S3 upperdev;upperdev; D:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2013-01-23 8192]
S3 USBAAPL;Apple Mobile USB Driver; D:\WINDOWS\System32\Drivers\usbaapl.sys [2012-12-13 45056]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;MSP430 Application UART; D:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; D:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2013-01-23 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); D:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WinDriver6;WinDriver6; D:\WINDOWS\system32\drivers\windrvr6.sys [2012-04-24 195968]
S3 WinUSB;WinUSB - Kernel Driver 07/14/2009 6.1.7600.16385; D:\WINDOWS\system32\DRIVERS\WinUSB.sys [2009-07-13 34944]
S3 WpdUsb;WpdUsb; D:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 acs;Atheros Configuration Service; D:\WINDOWS\system32\acs.exe [2009-09-24 475220]
R2 Apple Mobile Device;Apple Mobile Device; D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-12-21 57008]
R2 btwdins;Bluetooth Service; D:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2010-09-22 349528]
R2 DozeSvc;Lenovo Doze Mode Service; D:\Program Files\ThinkPad\Utilities\DOZESVC.EXE [2012-12-26 280640]
R2 ekrn;ESET Service; D:\Program Files\ESET\ESET Smart Security\ekrn.exe [2013-09-12 1337752]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); D:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S30RP1.EXE [2006-04-18 102400]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; D:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-10-24 870672]
R2 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
R2 GsServer;GoodSync Server; D:\Program Files\Siber Systems\GoodSync\Gs-Server.exe [2012-03-28 3336880]
R2 IBMPMSVC;Lenovo PM Service; D:\WINDOWS\system32\ibmpmsvc.exe [2012-04-11 39248]
R2 Irmon;Sledování infračerveného přenosu; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; E:\Program Files\Java\jre7\bin\jqs.exe [2013-10-08 182696]
R2 Power Manager DBC Service;Power Manager DBC Service; D:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2012-12-26 1645568]
R2 PSI_SVC_2;Protexis Licensing V2; D:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728]
R2 PwmEWSvc;Cisco EnergyWise Enabler; D:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [2012-12-26 1664656]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-10-24 481552]
R2 S24EventMonitor;Intel(R) PROSet/Wireless WiFi Service; D:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2011-10-24 882960]
R2 TeamViewer8;TeamViewer 8; D:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [2013-10-01 5087584]
R2 TPHKLOAD;Lenovo Hotkey Client Loader; D:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 131432]
R2 TPHKSVC;On Screen Display; D:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
R2 WSearch;Windows Search; D:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; D:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2013-04-18 737616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); D:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-27 116648]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute; D:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2013-04-26 647680]
S3 gupdatem;Služba Google Update (gupdatem); D:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-27 116648]
S3 gusvc;Google Updater Service; D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09 136120]
S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); D:\Program Files\WinPcap\rpcapd.exe [2013-03-01 118520]
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; D:\WINDOWS\System32\TPHDEXLG.exe [2012-09-06 39304]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-04-18 754856]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2012-09-27 129632]
S4 yate;Yet Another Telephony Engine; D:\Program Files\Yate\yate-service.exe [2013-10-20 6656]

-----------------EOF-----------------

Re: Rozesílám spam, pořád

Napsal: 01 pro 2013 10:02
od Rudy
Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

Re: Rozesílám spam, pořád

Napsal: 01 pro 2013 12:28
od Honzikk
Tak projeto ComboFixem:

ComboFix 13-11-27.01 - Honzik 01.12.2013 12:09:16.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3062.1358 [GMT 1:00]
Spuštěný z: d:\documents and settings\Honzik\Dokumenty\Downloads\combo\ComboFix.exe
AV: ESET Smart Security 7.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personální firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\documents and settings\Honzik\WINDOWS
d:\windows\qfe161.tmp
d:\windows\regedit.com
d:\windows\system32\taskmgr.com
d:\windows\system64
d:\windows\system64\msvcp100.dll
d:\windows\system64\msvcr100.dll
d:\windows\wininit.ini
I:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-01 do 2013-12-01 )))))))))))))))))))))))))))))))
.
.
2013-11-22 10:41 . 2013-11-22 10:41 -------- d-----w- d:\documents and settings\Honzik\Data aplikací\hte
2013-11-22 10:10 . 2013-11-22 10:11 -------- d-----w- D:\rsit
2013-11-22 09:37 . 2013-11-22 09:37 -------- d-----w- D:\FRST
2013-11-22 09:08 . 2013-11-22 09:43 -------- d-----w- d:\documents and settings\Honzik\Data aplikací\Yate
2013-11-22 09:08 . 2013-11-22 09:08 -------- d-----w- d:\program files\Yate
2013-11-22 09:02 . 2013-11-22 13:11 -------- d-----w- d:\program files\sox-14-4-1
2013-11-21 15:26 . 2013-11-21 15:27 -------- d-----w- d:\program files\HD Tune
2013-11-21 10:51 . 2013-11-21 10:51 -------- d-----w- d:\documents and settings\Honzik\Data aplikací\ESET
2013-11-21 10:50 . 2013-11-21 10:50 -------- d-----w- d:\documents and settings\Honzik\Local Settings\Data aplikací\ESET
2013-11-21 10:50 . 2013-11-21 10:50 -------- d-----w- d:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2013-11-21 10:49 . 2013-11-21 10:49 -------- d-----w- d:\program files\ESET
2013-11-21 10:49 . 2013-11-21 10:49 -------- d-----w- d:\documents and settings\All Users\Data aplikací\ESET
2013-11-20 22:12 . 2013-11-21 00:08 -------- d-----w- d:\documents and settings\Honzik\.dia
2013-11-20 22:12 . 2013-11-20 22:12 -------- d-----w- d:\program files\Dia
2013-11-18 00:54 . 2013-11-18 19:54 -------- d-----w- d:\documents and settings\Honzik\Data aplikací\SwvUpdater
2013-11-17 22:28 . 2013-11-17 22:28 -------- d-----w- d:\program files\TeaTimer (Spybot - Search & Destroy)
2013-11-17 22:28 . 2013-11-17 22:28 -------- d-----w- d:\program files\Misc. Support Library (Spybot - Search & Destroy)
2013-11-17 22:28 . 2013-11-17 22:28 -------- d-----w- d:\program files\SDHelper (Spybot - Search & Destroy)
2013-11-17 22:28 . 2013-11-17 22:28 -------- d-----w- d:\program files\File Scanner Library (Spybot - Search & Destroy)
2013-11-17 14:37 . 2013-11-17 14:37 -------- d---a-w- d:\windows\rundll16.exe
2013-11-17 14:37 . 2013-11-17 14:37 -------- d---a-w- d:\windows\logo1_.exe
2013-11-15 00:54 . 2013-11-27 15:56 -------- d-----w- d:\documents and settings\Honzik\Data aplikací\Wireshark
2013-11-14 15:37 . 2013-11-14 15:37 -------- d-----w- d:\program files\WinPcap
2013-11-14 15:36 . 2013-11-14 15:37 -------- d-----w- d:\program files\Wireshark
2013-11-13 20:34 . 2013-11-13 20:34 343456 ----a-w- d:\windows\system32\drivers\trufos.sys
2013-11-13 15:57 . 2013-11-17 22:35 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2013-11-11 11:31 . 2013-11-11 11:31 -------- d-----w- d:\documents and settings\Honzik\IBM
2013-11-10 13:49 . 2013-11-10 13:50 -------- d-----w- d:\documents and settings\Honzik\Data aplikací\Corel
2013-11-10 13:49 . 2013-11-10 13:49 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Protexis
2013-11-10 13:47 . 2013-11-10 13:47 348256 ----a-w- d:\documents and settings\All Users\Data aplikací\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
2013-11-10 13:46 . 2013-11-10 13:46 348256 ----a-w- d:\documents and settings\All Users\Data aplikací\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
2013-11-10 13:46 . 2013-11-10 13:46 416 ----a-w- d:\documents and settings\All Users\Data aplikací\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2013-11-10 13:45 . 2013-11-10 13:45 -------- d-----w- d:\documents and settings\Honzik\Local Settings\Data aplikací\Microsoft Help
2013-11-10 13:44 . 2013-11-10 13:44 -------- d-----w- d:\program files\Microsoft SDKs
2013-11-10 13:44 . 2013-11-10 13:44 -------- d-----w- d:\program files\Microsoft Visual Studio 9.0
2013-11-10 13:44 . 2013-11-10 13:47 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Microsoft Help
2013-11-10 13:43 . 2013-11-10 13:43 -------- d-----w- d:\program files\gs
2013-11-10 13:43 . 2013-11-10 13:43 -------- d-----w- d:\program files\Common Files\Corel
2013-11-10 13:43 . 2013-11-10 13:43 -------- d-----w- d:\program files\Common Files\Protexis
2013-11-10 13:43 . 2013-11-10 13:49 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Corel
2013-11-10 11:39 . 1998-10-02 19:00 327168 ----a-w- d:\windows\IsUninst.exe
2013-11-10 00:05 . 2013-11-10 00:09 1 ---ha-w- d:\windows\system32\m3.dll
2013-11-09 23:12 . 2013-11-09 23:13 -------- d-----w- D:\.Xilinx
2013-11-09 23:04 . 2013-11-09 23:04 -------- d-----w- d:\documents and settings\Honzik\Xilinx
2013-11-09 23:04 . 2013-11-09 23:04 -------- d-----w- d:\documents and settings\All Users\.cse
2013-11-09 23:04 . 2013-11-09 23:04 -------- d-----w- d:\program files\Common Files\Digilent
2013-11-09 23:04 . 2013-11-09 23:04 -------- d-----w- d:\program files\Digilent
2013-11-09 23:04 . 2012-04-24 06:35 16000 ----a-w- d:\windows\system32\drivers\xpc4drvr.sys
2013-11-09 23:03 . 2012-04-24 06:35 195968 ----a-w- d:\windows\system32\drivers\windrvr6.sys
2013-11-09 23:03 . 2013-11-09 23:18 -------- d-----w- d:\documents and settings\Honzik\Data aplikací\Xilinx
2013-11-09 22:57 . 2013-11-09 22:58 -------- d--h--w- d:\program files\Zero G Registry
2013-11-09 22:57 . 2013-11-09 22:57 -------- d--h--w- d:\documents and settings\Honzik\InstallAnywhere
2013-11-09 18:25 . 2013-11-09 21:50 -------- d-----w- d:\documents and settings\Honzik\Data aplikací\Download Manager
2013-11-05 21:41 . 2013-11-18 21:58 -------- d-----w- d:\documents and settings\Honzik\Local Settings\Data aplikací\Mathematica
2013-11-05 21:41 . 2013-11-05 21:42 -------- d-----w- d:\documents and settings\Honzik\Data aplikací\Mathematica
2013-11-05 21:40 . 2013-11-05 21:42 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Mathematica
2013-11-05 21:40 . 2013-11-05 21:40 -------- d-----w- d:\program files\Common Files\Wolfram Research
2013-11-05 21:40 . 2013-11-05 21:40 -------- d-----w- d:\program files\Common Files\ResearchSoft
2013-11-05 21:36 . 2011-02-23 17:33 335888 ----a-w- d:\windows\system32\mltcpip32.mlp
2013-11-05 21:36 . 2011-02-23 17:33 93712 ----a-w- d:\windows\system32\mltcp32.mlp
2013-11-05 21:36 . 2011-02-23 17:33 88080 ----a-w- d:\windows\system32\mlshm32.mlp
2013-11-05 21:36 . 2011-02-23 17:33 167952 ----a-w- d:\windows\system32\mlmodule32.dll
2013-11-05 21:36 . 2011-02-23 17:33 79376 ----a-w- d:\windows\system32\mlmap32.mlp
2013-11-05 21:36 . 2011-02-23 17:33 369680 ----a-w- d:\windows\system32\ml32i3.dll
2013-11-05 21:36 . 2011-02-23 17:33 260112 ----a-w- d:\windows\system32\ml32i2.dll
2013-11-05 21:36 . 2011-02-23 17:33 253968 ----a-w- d:\windows\system32\ml32i1.dll
2013-11-05 21:21 . 2013-11-05 21:21 -------- d-----w- d:\program files\jViewer
2013-11-03 19:29 . 2013-11-03 19:29 -------- d-----w- d:\documents and settings\Honzik\Local Settings\Data aplikací\Help
2013-11-01 14:12 . 2013-11-06 16:18 -------- d-----w- d:\program files\TallStick
2013-11-01 13:50 . 2013-11-01 13:50 -------- d-----w- d:\documents and settings\Honzik\Data aplikac?
2013-11-01 13:45 . 2013-11-01 13:45 -------- d-----w- d:\documents and settings\All Users\Data aplikací\APN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-13 20:58 . 2013-10-27 16:58 851176 ----a-w- d:\windows\system32\WinUSBCoInstaller2.dll
2013-11-13 20:58 . 2013-05-05 18:01 1461992 ----a-w- d:\windows\system32\WdfCoInstaller01009.dll
2013-11-13 20:37 . 2013-11-13 20:36 8855060 ----a-w- d:\windows\REGBK00.ZIP
2013-10-08 06:50 . 2013-10-27 16:07 94632 ----a-w- d:\windows\system32\WindowsAccessBridge.dll
2013-10-08 06:29 . 2013-10-27 16:07 145408 ----a-w- d:\windows\system32\javacpl.cpl
2013-09-17 14:17 . 2013-09-17 14:17 61600 ----a-w- d:\windows\system32\drivers\epfwtdi.sys
2013-09-17 14:17 . 2013-09-17 14:17 38952 ----a-w- d:\windows\system32\drivers\epfwndis.sys
2013-09-17 14:17 . 2013-09-17 14:17 184664 ----a-w- d:\windows\system32\drivers\eamon.sys
2013-09-17 14:17 . 2013-09-17 14:17 174400 ----a-w- d:\windows\system32\drivers\epfw.sys
2013-09-17 14:17 . 2013-09-17 14:17 134248 ----a-w- d:\windows\system32\drivers\ehdrv.sys
2006-05-03 10:06 163328 --sha-r- d:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 --sha-r- d:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 --sha-r- d:\windows\system32\nbDX.dll
2011-02-11 10:26 112128 --sha-r- d:\windows\system32\OptimFROG.dll
2010-01-06 23:00 107520 --sha-r- d:\windows\system32\TAKDSDecoder.dll
2012-10-05 18:54 188416 --sha-r- d:\windows\system32\winDCE32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-06-12 . C71BB4782833750BF4C02AC30ED670B7 . 1571840 . . [5.1.2600.5512] . . d:\windows\system32\sfcfiles.dll
.
[-] 2013-06-03 . 70E758EACB9AB931C7E0E48EC3042950 . 295936 . . [5.1.2600.5512] . . d:\windows\system32\termsrv.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotkeyP"="e:\program files\hotkeyP\HotkeyP.exe" [2012-03-28 147456]
"ShowBatteryBar"="d:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 90624]
"F.lux"="d:\documents and settings\Honzik\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
"Winsplit"="d:\program files\WinSplit Revolution\WinSplit.exe" [2011-04-12 3951616]
"WinPatrol"="d:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2013-04-26 423144]
"ManicTime"="d:\program files\ManicTime\ManicTime.exe" [2013-10-09 250120]
"SpybotSD TeaTimer"="e:\users\Honzik\Desktop\Praktické\Antiviry\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"NokiaSuite.exe"="d:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2013-04-18 1090912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="d:\windows\system32\igfxtray.exe" [2008-03-05 141848]
"HotKeysCmds"="d:\windows\system32\hkcmd.exe" [2008-03-05 166424]
"Persistence"="d:\windows\system32\igfxpers.exe" [2008-03-05 137752]
"SoundMAXPnP"="d:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"LenovoAutoScrollUtility"="d:\program files\Lenovo\VIRTSCRL\virtscrl.exe" [2011-10-20 101440]
"PWRMGRTR"="d:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2012-12-26 3715216]
"TpShocks"="TpShocks.exe" [2012-09-20 186248]
"WinampAgent"="e:\program files\Winamp\winampa.exe" [2012-06-28 74752]
"PWRISOVM.EXE"="d:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"SynTPEnh"="d:\program files\Synaptics\SynTP\SynTPEnh.exe" [2013-04-17 2379504]
"APSDaemon"="d:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"egui"="d:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5110672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
d:\documents and settings\Honzik\Nabídka Start\Programy\Po spuštění\
Zástupce - procexp.lnk - e:\users\Honzik\Desktop\Praktické\procexp.exe [2012-10-28 4777280]
.
d:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth.lnk - d:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-9-22 607584]
TPFanControl.lnk - d:\program files\TPFanControl\TPFanControl.exe [2013-3-28 154112]
Windows Search.lnk - d:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "d:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Program Files\\Altap Salamander\\salamand.exe"=
"d:\\Program Files\\Siber Systems\\GoodSync\\GoodSync.exe"=
"d:\\Program Files\\Siber Systems\\GoodSync\\GsExplorer.exe"=
"d:\\Program Files\\Siber Systems\\GoodSync\\Gs-Server.exe"=
"d:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"d:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"d:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"d:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"e:\\ti\\ccsv5\\eclipse\\eclipsec.exe"=
"d:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"e:\\Users\\Honzik\\Desktop\\Praktické\\Games\\StarCraft Portable 1.15.2\\StarCraft.exe"=
"e:\\Users\\Honzik\\Desktop\\Praktické\\SciLor's Grooveshark.com Downloader\\SciLors GrooveDownloader.exe"=
"d:\\Documents and Settings\\Honzik\\Data aplikací\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\SimpleComTools\\UDP Test Tool\\UDP_TestTool.exe"=
"i:\\Xilinx\\14.1\\ISE_DS\\ISE\\bin\\nt\\unwrapped\\isimgui.exe"=
"d:\\WINDOWS\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"33333:TCP"= 33333:TCP:GoodSync Server incoming connections
"33338:UDP"= 33338:UDP:GoodSync Server LAN discovery
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 DozeHDD;DozeHDD;d:\windows\system32\drivers\DOZEHDD.SYS [29.3.2013 15:09 24264]
R0 TPDIGIMN;TPDIGIMN;d:\windows\system32\drivers\ApsHM86.sys [6.9.2012 9:49 20328]
R1 ehdrv;ehdrv;d:\windows\system32\drivers\ehdrv.sys [17.9.2013 15:17 134248]
R1 lenovo.smi;Lenovo System Interface Driver;d:\windows\system32\drivers\smiif32.sys [28.10.2012 13:04 13680]
R2 bh560eth;Blackhawk 560 Ethernet JTAG Emulator Driver;d:\windows\system32\drivers\bh560eth.sys [26.4.2013 19:29 97776]
R2 DozeSvc;Lenovo Doze Mode Service;d:\program files\ThinkPad\Utilities\DOZESVC.EXE [29.3.2013 15:09 280640]
R2 ekrn;ESET Service;d:\program files\ESET\ESET Smart Security\ekrn.exe [12.9.2013 12:06 1337752]
R2 GsServer;GoodSync Server;d:\program files\Siber Systems\GoodSync\Gs-Server.exe [28.3.2012 5:00 3336880]
R2 Power Manager DBC Service;Power Manager DBC Service;d:\program files\ThinkPad\Utilities\PWMDBSVC.exe [29.3.2013 15:09 1645568]
R2 PwmEWSvc;Cisco EnergyWise Enabler;d:\program files\ThinkPad\Utilities\PWMEWSVC.exe [29.3.2013 15:09 1664656]
R2 sdiont;sdiont;d:\windows\system32\drivers\sdiont.sys [26.4.2013 19:33 4576]
R2 TeamViewer8;TeamViewer 8;d:\program files\TeamViewer\Version8\TeamViewer_Service.exe [28.3.2013 16:12 5087584]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;d:\program files\Lenovo\HOTKEY\tphkload.exe [28.10.2012 13:04 131432]
R2 TPHKSVC;On Screen Display;d:\program files\Lenovo\HOTKEY\TPHKSVC.exe [28.10.2012 13:04 142696]
R3 NETwLx32; Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows XP 32 Bit;d:\windows\system32\drivers\NETwLx32.sys [28.3.2013 12:36 6609920]
R3 teamviewervpn;TeamViewer VPN Adapter;d:\windows\system32\drivers\teamviewervpn.sys [28.3.2013 16:12 25088]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;d:\program files\Lenovo\HOTKEY\micmute.exe [28.10.2012 13:04 101736]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;d:\windows\system32\drivers\adusbser.sys [28.6.2013 12:53 106880]
S3 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [1.3.2013 2:48 36600]
S3 tapoas;TAP-Win32 Adapter OAS;d:\windows\system32\drivers\tapoas.sys [15.7.2012 9:48 26112]
S4 yate;Yet Another Telephony Engine;d:\program files\Yate\yate-service.exe -w "d:\program files\Yate" --> d:\program files\Yate\yate-service.exe -w d:\program files\Yate [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - PROCEXP152
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-15 20:06 1210320 ----a-w- d:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-27 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2013-12-01 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2013-03-27 21:07]
.
2013-12-01 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2013-03-27 21:07]
.
2013-12-01 d:\windows\Tasks\PMTask.job
- d:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2013-03-29 04:13]
.
.
------- Doplňkový sken -------
.
IE: &Download by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - d:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Odeslat do zařízení &Bluetooth... - d:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - d:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.65.55
TCP: Interfaces\{5F3C7A4D-F696-4501-9AD5-E80C8D9F012A}: NameServer = 8.8.8.8
TCP: Interfaces\{F6E317AC-EE6F-4EAF-90D7-A33C9437CF4C}: NameServer = 8.8.8.8
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-108FD9E-699B-CA47-F0B1-1AB511925780 - f:\ti\ti\ccsv5\..\bios_5_42_01_09\uninstall.exe
AddRemove-C++ Header Files and Peripheral Examples_is1 - f:\tidcs\c28\DSP2802x\v126\unins000.exe
AddRemove-5513-1208-7298-9440 - d:\program files\JDownloader\JDUninstall.exe
AddRemove-8061EC0-5803-3776-C143-32C8CFCE1A69 - d:\ti\ccsv5\..\bios_5_42_00_07\uninstall.exe
AddRemove-Code Composer Studio 5.3.0 - d:\ti/ccsv5\uninstall_CCSv5.exe
AddRemove-PokerStars - d:\program files\PokerStars\PokerStarsUninstall.exe
AddRemove-{0614FD5F-90E5-401A-B041-D40EF2B002B6}_is1 - f:\ti\controlSUITE\unins000.exe
AddRemove-{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} - d:\documents and settings\Honzik\Data aplikací\SwvUpdater\Updater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-01 12:22
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SynTPEnh = %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe????????????????????????????????????????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(476)
d:\windows\system32\igfxdev.dll
.
Celkový čas: 2013-12-01 12:25:07
ComboFix-quarantined-files.txt 2013-12-01 11:25
.
Před spuštěním: 2 860 834 816
Po spuštění: 2 850 144 256
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
; This boot.ini was automatically generated by NeoSmart Technologies' BootGrabber.exe
; Use EasyBCD from http://neosmart.net/dl.php?id=1 to manage your bootloader
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(4)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(4)\WINDOWS="Windows XP on E:\" /fastdetect
.
- - End Of File - - C48B4ABBD22A2C3A5198E2C29643BA6F
8E734BD7AA1D4F7E9AF58DF495F6CF9E

Re: Rozesílám spam, pořád

Napsal: 01 pro 2013 17:06
od Rudy
Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
KillAll::

File::
d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
d:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Reboot::
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: Rozesílám spam, pořád

Napsal: 02 pro 2013 14:00
od Honzikk
Tak hotovo. Log z combofixu:

ComboFix 13-11-27.01 - Honzik 01.12.2013 19:01:32.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3062.1206 [GMT 1:00]
Spuštěný z: d:\documents and settings\Honzik\Plocha\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\Honzik\Plocha\CFScript.txt
AV: ESET Smart Security 7.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personální firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Vytvořen nový Bod Obnovení
.
FILE ::
"d:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"d:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-01 do 2013-12-01 )))))))))))))))))))))))))))))))
.
.
2013-11-22 10:41 . 2013-11-22 10:41 -------- d-----w- d:\documents and settings\Honzik\Data aplikací\hte
2013-11-22 10:10 . 2013-11-22 10:11 -------- d-----w- D:\rsit
2013-11-22 09:37 . 2013-11-22 09:37 -------- d-----w- D:\FRST
2013-11-22 09:08 . 2013-11-22 09:43 -------- d-----w- d:\documents and settings\Honzik\Data aplikací\Yate
2013-11-22 09:08 . 2013-11-22 09:08 -------- d-----w- d:\program files\Yate
2013-11-22 09:02 . 2013-11-22 13:11 -------- d-----w- d:\program files\sox-14-4-1
2013-11-21 15:26 . 2013-11-21 15:27 -------- d-----w- d:\program files\HD Tune
2013-11-21 10:51 . 2013-11-21 10:51 -------- d-----w- d:\documents and settings\Honzik\Data aplikací\ESET
2013-11-21 10:50 . 2013-11-21 10:50 -------- d-----w- d:\documents and settings\Honzik\Local Settings\Data aplikací\ESET
2013-11-21 10:50 . 2013-11-21 10:50 -------- d-----w- d:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2013-11-21 10:49 . 2013-11-21 10:49 -------- d-----w- d:\program files\ESET
2013-11-21 10:49 . 2013-11-21 10:49 -------- d-----w- d:\documents and settings\All Users\Data aplikací\ESET
2013-11-20 22:12 . 2013-11-21 00:08 -------- d-----w- d:\documents and settings\Honzik\.dia
2013-11-20 22:12 . 2013-11-20 22:12 -------- d-----w- d:\program files\Dia
2013-11-18 00:54 . 2013-11-18 19:54 -------- d-----w- d:\documents and settings\Honzik\Data aplikací\SwvUpdater
2013-11-17 22:28 . 2013-11-17 22:28 -------- d-----w- d:\program files\TeaTimer (Spybot - Search & Destroy)
2013-11-17 22:28 . 2013-11-17 22:28 -------- d-----w- d:\program files\Misc. Support Library (Spybot - Search & Destroy)
2013-11-17 22:28 . 2013-11-17 22:28 -------- d-----w- d:\program files\SDHelper (Spybot - Search & Destroy)
2013-11-17 22:28 . 2013-11-17 22:28 -------- d-----w- d:\program files\File Scanner Library (Spybot - Search & Destroy)
2013-11-17 14:37 . 2013-11-17 14:37 -------- d---a-w- d:\windows\rundll16.exe
2013-11-17 14:37 . 2013-11-17 14:37 -------- d---a-w- d:\windows\logo1_.exe
2013-11-15 00:54 . 2013-11-27 15:56 -------- d-----w- d:\documents and settings\Honzik\Data aplikací\Wireshark
2013-11-14 15:37 . 2013-11-14 15:37 -------- d-----w- d:\program files\WinPcap
2013-11-14 15:36 . 2013-11-14 15:37 -------- d-----w- d:\program files\Wireshark
2013-11-13 20:34 . 2013-11-13 20:34 343456 ----a-w- d:\windows\system32\drivers\trufos.sys
2013-11-13 15:57 . 2013-11-17 22:35 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2013-11-11 11:31 . 2013-11-11 11:31 -------- d-----w- d:\documents and settings\Honzik\IBM
2013-11-10 13:49 . 2013-11-10 13:50 -------- d-----w- d:\documents and settings\Honzik\Data aplikací\Corel
2013-11-10 13:49 . 2013-11-10 13:49 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Protexis
2013-11-10 13:47 . 2013-11-10 13:47 348256 ----a-w- d:\documents and settings\All Users\Data aplikací\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
2013-11-10 13:46 . 2013-11-10 13:46 348256 ----a-w- d:\documents and settings\All Users\Data aplikací\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
2013-11-10 13:46 . 2013-11-10 13:46 416 ----a-w- d:\documents and settings\All Users\Data aplikací\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2013-11-10 13:45 . 2013-11-10 13:45 -------- d-----w- d:\documents and settings\Honzik\Local Settings\Data aplikací\Microsoft Help
2013-11-10 13:44 . 2013-11-10 13:44 -------- d-----w- d:\program files\Microsoft SDKs
2013-11-10 13:44 . 2013-11-10 13:44 -------- d-----w- d:\program files\Microsoft Visual Studio 9.0
2013-11-10 13:44 . 2013-11-10 13:47 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Microsoft Help
2013-11-10 13:43 . 2013-11-10 13:43 -------- d-----w- d:\program files\gs
2013-11-10 13:43 . 2013-11-10 13:43 -------- d-----w- d:\program files\Common Files\Corel
2013-11-10 13:43 . 2013-11-10 13:43 -------- d-----w- d:\program files\Common Files\Protexis
2013-11-10 13:43 . 2013-11-10 13:49 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Corel
2013-11-10 11:39 . 1998-10-02 19:00 327168 ----a-w- d:\windows\IsUninst.exe
2013-11-10 00:05 . 2013-12-01 16:09 1 ---ha-w- d:\windows\system32\m3.dll
2013-11-09 23:12 . 2013-11-09 23:13 -------- d-----w- D:\.Xilinx
2013-11-09 23:04 . 2013-11-09 23:04 -------- d-----w- d:\documents and settings\Honzik\Xilinx
2013-11-09 23:04 . 2013-11-09 23:04 -------- d-----w- d:\documents and settings\All Users\.cse
2013-11-09 23:04 . 2013-11-09 23:04 -------- d-----w- d:\program files\Common Files\Digilent
2013-11-09 23:04 . 2013-11-09 23:04 -------- d-----w- d:\program files\Digilent
2013-11-09 23:04 . 2012-04-24 06:35 16000 ----a-w- d:\windows\system32\drivers\xpc4drvr.sys
2013-11-09 23:03 . 2012-04-24 06:35 195968 ----a-w- d:\windows\system32\drivers\windrvr6.sys
2013-11-09 23:03 . 2013-12-01 15:28 -------- d-----w- d:\documents and settings\Honzik\Data aplikací\Xilinx
2013-11-09 22:57 . 2013-11-09 22:58 -------- d--h--w- d:\program files\Zero G Registry
2013-11-09 22:57 . 2013-11-09 22:57 -------- d--h--w- d:\documents and settings\Honzik\InstallAnywhere
2013-11-09 18:25 . 2013-11-09 21:50 -------- d-----w- d:\documents and settings\Honzik\Data aplikací\Download Manager
2013-11-05 21:41 . 2013-11-18 21:58 -------- d-----w- d:\documents and settings\Honzik\Local Settings\Data aplikací\Mathematica
2013-11-05 21:41 . 2013-11-05 21:42 -------- d-----w- d:\documents and settings\Honzik\Data aplikací\Mathematica
2013-11-05 21:40 . 2013-11-05 21:42 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Mathematica
2013-11-05 21:40 . 2013-11-05 21:40 -------- d-----w- d:\program files\Common Files\Wolfram Research
2013-11-05 21:40 . 2013-11-05 21:40 -------- d-----w- d:\program files\Common Files\ResearchSoft
2013-11-05 21:36 . 2011-02-23 17:33 335888 ----a-w- d:\windows\system32\mltcpip32.mlp
2013-11-05 21:36 . 2011-02-23 17:33 93712 ----a-w- d:\windows\system32\mltcp32.mlp
2013-11-05 21:36 . 2011-02-23 17:33 88080 ----a-w- d:\windows\system32\mlshm32.mlp
2013-11-05 21:36 . 2011-02-23 17:33 167952 ----a-w- d:\windows\system32\mlmodule32.dll
2013-11-05 21:36 . 2011-02-23 17:33 79376 ----a-w- d:\windows\system32\mlmap32.mlp
2013-11-05 21:36 . 2011-02-23 17:33 369680 ----a-w- d:\windows\system32\ml32i3.dll
2013-11-05 21:36 . 2011-02-23 17:33 260112 ----a-w- d:\windows\system32\ml32i2.dll
2013-11-05 21:36 . 2011-02-23 17:33 253968 ----a-w- d:\windows\system32\ml32i1.dll
2013-11-05 21:21 . 2013-11-05 21:21 -------- d-----w- d:\program files\jViewer
2013-11-03 19:29 . 2013-11-03 19:29 -------- d-----w- d:\documents and settings\Honzik\Local Settings\Data aplikací\Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-13 20:58 . 2013-10-27 16:58 851176 ----a-w- d:\windows\system32\WinUSBCoInstaller2.dll
2013-11-13 20:58 . 2013-05-05 18:01 1461992 ----a-w- d:\windows\system32\WdfCoInstaller01009.dll
2013-11-13 20:37 . 2013-11-13 20:36 8855060 ----a-w- d:\windows\REGBK00.ZIP
2013-10-08 06:50 . 2013-10-27 16:07 94632 ----a-w- d:\windows\system32\WindowsAccessBridge.dll
2013-10-08 06:29 . 2013-10-27 16:07 145408 ----a-w- d:\windows\system32\javacpl.cpl
2013-09-17 14:17 . 2013-09-17 14:17 61600 ----a-w- d:\windows\system32\drivers\epfwtdi.sys
2013-09-17 14:17 . 2013-09-17 14:17 38952 ----a-w- d:\windows\system32\drivers\epfwndis.sys
2013-09-17 14:17 . 2013-09-17 14:17 184664 ----a-w- d:\windows\system32\drivers\eamon.sys
2013-09-17 14:17 . 2013-09-17 14:17 174400 ----a-w- d:\windows\system32\drivers\epfw.sys
2013-09-17 14:17 . 2013-09-17 14:17 134248 ----a-w- d:\windows\system32\drivers\ehdrv.sys
2006-05-03 10:06 163328 --sha-r- d:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 --sha-r- d:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 --sha-r- d:\windows\system32\nbDX.dll
2011-02-11 10:26 112128 --sha-r- d:\windows\system32\OptimFROG.dll
2010-01-06 23:00 107520 --sha-r- d:\windows\system32\TAKDSDecoder.dll
2012-10-05 18:54 188416 --sha-r- d:\windows\system32\winDCE32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-06-12 . C71BB4782833750BF4C02AC30ED670B7 . 1571840 . . [5.1.2600.5512] . . d:\windows\system32\sfcfiles.dll
.
[-] 2013-06-03 . 70E758EACB9AB931C7E0E48EC3042950 . 295936 . . [5.1.2600.5512] . . d:\windows\system32\termsrv.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotkeyP"="e:\program files\hotkeyP\HotkeyP.exe" [2012-03-28 147456]
"ShowBatteryBar"="d:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 90624]
"F.lux"="d:\documents and settings\Honzik\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
"Winsplit"="d:\program files\WinSplit Revolution\WinSplit.exe" [2011-04-12 3951616]
"WinPatrol"="d:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2013-04-26 423144]
"ManicTime"="d:\program files\ManicTime\ManicTime.exe" [2013-10-09 250120]
"SpybotSD TeaTimer"="e:\users\Honzik\Desktop\Praktické\Antiviry\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"NokiaSuite.exe"="d:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2013-04-18 1090912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="d:\windows\system32\igfxtray.exe" [2008-03-05 141848]
"HotKeysCmds"="d:\windows\system32\hkcmd.exe" [2008-03-05 166424]
"Persistence"="d:\windows\system32\igfxpers.exe" [2008-03-05 137752]
"SoundMAXPnP"="d:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"LenovoAutoScrollUtility"="d:\program files\Lenovo\VIRTSCRL\virtscrl.exe" [2011-10-20 101440]
"PWRMGRTR"="d:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2012-12-26 3715216]
"TpShocks"="TpShocks.exe" [2012-09-20 186248]
"WinampAgent"="e:\program files\Winamp\winampa.exe" [2012-06-28 74752]
"PWRISOVM.EXE"="d:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"SynTPEnh"="d:\program files\Synaptics\SynTP\SynTPEnh.exe" [2013-04-17 2379504]
"APSDaemon"="d:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"egui"="d:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5110672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
d:\documents and settings\Honzik\Nabídka Start\Programy\Po spuštění\
Zástupce - procexp.lnk - e:\users\Honzik\Desktop\Praktické\procexp.exe [2012-10-28 4777280]
.
d:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth.lnk - d:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-9-22 607584]
TPFanControl.lnk - d:\program files\TPFanControl\TPFanControl.exe [2013-3-28 154112]
Windows Search.lnk - d:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "d:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Program Files\\Altap Salamander\\salamand.exe"=
"d:\\Program Files\\Siber Systems\\GoodSync\\GoodSync.exe"=
"d:\\Program Files\\Siber Systems\\GoodSync\\GsExplorer.exe"=
"d:\\Program Files\\Siber Systems\\GoodSync\\Gs-Server.exe"=
"d:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"d:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"d:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"d:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"e:\\ti\\ccsv5\\eclipse\\eclipsec.exe"=
"d:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"e:\\Users\\Honzik\\Desktop\\Praktické\\Games\\StarCraft Portable 1.15.2\\StarCraft.exe"=
"e:\\Users\\Honzik\\Desktop\\Praktické\\SciLor's Grooveshark.com Downloader\\SciLors GrooveDownloader.exe"=
"d:\\Documents and Settings\\Honzik\\Data aplikací\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\SimpleComTools\\UDP Test Tool\\UDP_TestTool.exe"=
"i:\\Xilinx\\14.1\\ISE_DS\\ISE\\bin\\nt\\unwrapped\\isimgui.exe"=
"d:\\WINDOWS\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"33333:TCP"= 33333:TCP:GoodSync Server incoming connections
"33338:UDP"= 33338:UDP:GoodSync Server LAN discovery
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 DozeHDD;DozeHDD;d:\windows\system32\drivers\DOZEHDD.SYS [29.3.2013 15:09 24264]
R0 TPDIGIMN;TPDIGIMN;d:\windows\system32\drivers\ApsHM86.sys [6.9.2012 9:49 20328]
R1 ehdrv;ehdrv;d:\windows\system32\drivers\ehdrv.sys [17.9.2013 15:17 134248]
R1 lenovo.smi;Lenovo System Interface Driver;d:\windows\system32\drivers\smiif32.sys [28.10.2012 13:04 13680]
R2 bh560eth;Blackhawk 560 Ethernet JTAG Emulator Driver;d:\windows\system32\drivers\bh560eth.sys [26.4.2013 19:29 97776]
R2 DozeSvc;Lenovo Doze Mode Service;d:\program files\ThinkPad\Utilities\DOZESVC.EXE [29.3.2013 15:09 280640]
R2 ekrn;ESET Service;d:\program files\ESET\ESET Smart Security\ekrn.exe [12.9.2013 12:06 1337752]
R2 GsServer;GoodSync Server;d:\program files\Siber Systems\GoodSync\Gs-Server.exe [28.3.2012 5:00 3336880]
R2 Power Manager DBC Service;Power Manager DBC Service;d:\program files\ThinkPad\Utilities\PWMDBSVC.exe [29.3.2013 15:09 1645568]
R2 PwmEWSvc;Cisco EnergyWise Enabler;d:\program files\ThinkPad\Utilities\PWMEWSVC.exe [29.3.2013 15:09 1664656]
R2 sdiont;sdiont;d:\windows\system32\drivers\sdiont.sys [26.4.2013 19:33 4576]
R2 TeamViewer8;TeamViewer 8;d:\program files\TeamViewer\Version8\TeamViewer_Service.exe [28.3.2013 16:12 5087584]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;d:\program files\Lenovo\HOTKEY\tphkload.exe [28.10.2012 13:04 131432]
R2 TPHKSVC;On Screen Display;d:\program files\Lenovo\HOTKEY\TPHKSVC.exe [28.10.2012 13:04 142696]
R3 NETwLx32; Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows XP 32 Bit;d:\windows\system32\drivers\NETwLx32.sys [28.3.2013 12:36 6609920]
R3 teamviewervpn;TeamViewer VPN Adapter;d:\windows\system32\drivers\teamviewervpn.sys [28.3.2013 16:12 25088]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;d:\program files\Lenovo\HOTKEY\micmute.exe [28.10.2012 13:04 101736]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;d:\windows\system32\drivers\adusbser.sys [28.6.2013 12:53 106880]
S3 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [1.3.2013 2:48 36600]
S3 tapoas;TAP-Win32 Adapter OAS;d:\windows\system32\drivers\tapoas.sys [15.7.2012 9:48 26112]
S4 yate;Yet Another Telephony Engine;d:\program files\Yate\yate-service.exe -w "d:\program files\Yate" --> d:\program files\Yate\yate-service.exe -w d:\program files\Yate [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - PROCEXP152
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-15 20:06 1210320 ----a-w- d:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-27 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2013-12-01 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2013-03-27 21:07]
.
2013-12-01 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2013-03-27 21:07]
.
2013-12-01 d:\windows\Tasks\PMTask.job
- d:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2013-03-29 04:13]
.
.
------- Doplňkový sken -------
.
IE: &Download by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - d:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Odeslat do zařízení &Bluetooth... - d:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - d:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{5F3C7A4D-F696-4501-9AD5-E80C8D9F012A}: NameServer = 8.8.8.8
TCP: Interfaces\{F6E317AC-EE6F-4EAF-90D7-A33C9437CF4C}: NameServer = 8.8.8.8
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-01 19:13
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SynTPEnh = %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe????????????????????????????????????????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(4652)
d:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
d:\windows\system32\btmmhook.dll
d:\program files\NetSpeedMonitor\nsm.dll
d:\program files\BatteryBar\BatteryBar.dll
d:\program files\BatteryBar\BatteryBar.Utilities.dll
d:\windows\system32\msi.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
e:\program files\Altap Salamander\plugins\salamext.dll
d:\windows\system32\btncopy.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\windows\system32\ibmpmsvc.exe
d:\program files\Intel\WiFi\bin\S24EvMon.exe
d:\program files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
d:\windows\system32\acs.exe
d:\program files\LENOVO\HOTKEY\tposdsvc.exe
d:\windows\system32\igfxsrvc.exe
d:\program files\Lenovo\HOTKEY\TPONSCR.exe
d:\program files\Lenovo\Zoom\TpScrex.exe
d:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
d:\windows\system32\rundll32.exe
d:\windows\system32\TpShocks.exe
d:\windows\system32\igfxext.exe
d:\program files\Synaptics\SynTP\SynTPLpr.exe
d:\documents and settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S30RP1.EXE
d:\program files\Intel\WiFi\bin\EvtEng.exe
d:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
d:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe
d:\windows\system32\wbem\unsecapp.exe
d:\program files\WinSplit Revolution\WinSplitDrvr32.exe
e:\program files\Java\jre7\bin\jqs.exe
d:\program files\Windows Desktop Search\WindowsSearch.exe
d:\program files\Common Files\Protexis\License Service\PsiService_2.exe
d:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
d:\windows\system32\SearchIndexer.exe
d:\windows\system32\wscntfy.exe
d:\program files\TeamViewer\Version8\TeamViewer.exe
d:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
d:\windows\system32\wbem\wmiapsrv.exe
d:\program files\PC Connectivity Solution\ServiceLayer.exe
d:\program files\TeamViewer\Version8\tv_w32.exe
d:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
d:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe
d:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
d:\program files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
d:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
.
**************************************************************************
.
Celkový čas: 2013-12-01 19:16:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-12-01 18:16
ComboFix2.txt 2013-12-01 11:25
.
Před spuštěním: 3 075 805 184
Po spuštění: 3 054 174 208
.
- - End Of File - - 47B94A5D7B61DE51DF4C3DFEB053CEBB
8E734BD7AA1D4F7E9AF58DF495F6CF9E
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz