VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

po prihlaseni do xp se hned sami odhlásí a chteji znovu prih

https://forum.viry.cz:443/viewtopic.php?t=95802

Stránka 1 z 1

po prihlaseni do xp se hned sami odhlásí a chteji znovu prih

Napsal: 05 led 2010 13:25
od grubero
Prosím o radu

Když se potřebuji zalogovat do win xp při první tabulce zadám jméno heslo objedví se Načítání osobního nastevení,v tu ránu se přemění na odhlášení a ukládání zastavení
Zkoušel jsem i stav nouze ale je to pořád to samé
jediný co rozjedu je konzole pro zotavení

Díky za radu

Re: po prihlaseni do xp se hned sami odhlásí a chteji znovu prih

Napsal: 05 led 2010 13:41
od grubero
combofix jsem pouzíval práve proto mam naistalovanou konzolu pro zotavení
zhruba za 20 minut budu mit stažený hirens bootcd ,jede to nějak pomalu
sedim ted u jineho kompu tak je to v pohode

Re: po prihlaseni do xp se hned sami odhlásí a chteji znovu prih

Napsal: 05 led 2010 14:18
od grubero
DDS_BootCD_Version (Ver_09-10-04.01) - NTFSx86
Run at 14:16:26.15 on Tue 01/05/2010
Internet Explorer: 8.0.6001.18702

============== Pseudo HJT Report ===============

S-1-5-21-3531303196-66749204-1919733637-1133_Start Page = hxxp://www.seznam.cz/
S-1-5-21-3531303196-66749204-1919733637-1133_Default_Page_URL = hxxp://companyweb
mWinlogon: Userinit=c:\windows\system32\winlogon86.exe
BHO: Podpora odkazu pro Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Podpora odkazu pro Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
S-1-5-21-2301848253-1634142342-161658051-1005_Run: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
S-1-5-21-2301848253-1634142342-161658051-500_Run: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
S-1-5-21-3531303196-66749204-1919733637-1133_Run: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
S-1-5-21-3531303196-66749204-1919733637-1133_Run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
S-1-5-21-3531303196-66749204-1919733637-1133_RunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [WinGuard Pro] c:\windows\system32\wgp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [winupdate86.exe] c:\windows\system32\winupdate86.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} - hxxp://server/ConnectComputer/nshelp.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163686495906
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

ekrn; "c:\program files\eset\eset nod32 antivirus\ekrn.exe"
epfwtdir; system32\DRIVERS\epfwtdir.sys
silabenm; system32\DRIVERS\silabenm.sys
silabser; system32\DRIVERS\silabser.sys
{1DE3F693-AECB-4532-8CA6-6BD9E780A769}; [x]

=============== Created Last 30 ================

OTL SE JESTE STAHUJE

Re: po prihlaseni do xp se hned sami odhlásí a chteji znovu prih

Napsal: 05 led 2010 14:22
od grubero
OMLOUVAM SE TADZ JE CELY

DDS_BootCD_Version (Ver_09-10-04.01) - NTFSx86
Run at 14:16:26.15 on Tue 01/05/2010
Internet Explorer: 8.0.6001.18702

============== Pseudo HJT Report ===============

S-1-5-21-3531303196-66749204-1919733637-1133_Start Page = hxxp://www.seznam.cz/
S-1-5-21-3531303196-66749204-1919733637-1133_Default_Page_URL = hxxp://companyweb
mWinlogon: Userinit=c:\windows\system32\winlogon86.exe
BHO: Podpora odkazu pro Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Podpora odkazu pro Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
S-1-5-21-2301848253-1634142342-161658051-1005_Run: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
S-1-5-21-2301848253-1634142342-161658051-500_Run: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
S-1-5-21-3531303196-66749204-1919733637-1133_Run: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
S-1-5-21-3531303196-66749204-1919733637-1133_Run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
S-1-5-21-3531303196-66749204-1919733637-1133_RunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [WinGuard Pro] c:\windows\system32\wgp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [winupdate86.exe] c:\windows\system32\winupdate86.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} - hxxp://server/ConnectComputer/nshelp.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163686495906
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

ekrn; "c:\program files\eset\eset nod32 antivirus\ekrn.exe"
epfwtdir; system32\DRIVERS\epfwtdir.sys
silabenm; system32\DRIVERS\silabenm.sys
silabser; system32\DRIVERS\silabser.sys
{1DE3F693-AECB-4532-8CA6-6BD9E780A769}; [x]

=============== Created Last 30 ================

2010-01-05 14:16 412,501 a------- C:\dds-bootcd.exe
2010-01-05 12:02 10,534 a------- c:\program files\common files\acpiec.sys
2010-01-05 11:56 19,327 a------- c:\windows\system32\lpt2cap.vxd
2010-01-05 11:56 19,327 a------- c:\windows\system32\dos2usb.vxd
2010-01-05 11:56 8,386 a------- c:\windows\system32\GSN.vxd
2010-01-05 11:56 1,851 a------- c:\windows\system32\xpdrvr.exe
2010-01-05 11:56 <DIR> --d----- c:\program files\DOS2USB
2010-01-05 11:55 10,534 a------- c:\program files\common files\lmouse.sys
2010-01-05 10:54 <DIR> --d----- C:\DosPrint
2010-01-05 10:43 10,534 a------- c:\documents and settings\all users\rndismp.sys
2010-01-05 10:14 <DIR> --d----- C:\pos_2

==================== Find3M ====================

2009-12-09 09:24 428,750 a------- c:\windows\system32\perfh005.dat
2009-12-09 09:24 77,872 a------- c:\windows\system32\perfc005.dat
2009-10-29 07:43 916,480 a------- c:\windows\system32\wininet.dll
2009-10-21 05:40 75,776 a------- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 25,088 a------- c:\windows\system32\httpapi.dll
2009-10-13 10:34 271,360 a------- c:\windows\system32\oakley.dll
2009-10-12 13:40 150,016 a------- c:\windows\system32\rastls.dll
2009-10-12 13:40 79,872 a------- c:\windows\system32\raschap.dll
2006-11-20 14:42 262,144 a------- c:\documents and settings\all users\ntuser.dat
2008-08-07 07:59 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080720080808\index.dat

==== Installed Programs ======================


1.59.83
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8 - Czech
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Aktualizace systému Windows Internet Explorer 8 (KB971180)
Aktualizace systému Windows Internet Explorer 8 (KB976749)
Aktualizace systému Windows XP (KB951072-v2)
Aktualizace systému Windows XP (KB951978)
Aktualizace systému Windows XP (KB955839)
Aktualizace systému Windows XP (KB967715)
Aktualizace systému Windows XP (KB968389)
Aktualizace systému Windows XP (KB971737)
Aktualizace systému Windows XP (KB973687)
Aktualizace systému Windows XP (KB973815)
Aktualizace zabezpecení aplikace Windows Media Player (KB911564)
Aktualizace zabezpecení aplikace Windows Media Player (KB952069)
Aktualizace zabezpecení aplikace Windows Media Player (KB954155)
Aktualizace zabezpecení aplikace Windows Media Player (KB968816)
Aktualizace zabezpecení aplikace Windows Media Player (KB973540)
Aktualizace zabezpecení aplikace Windows Media Player 11 (KB936782)
Aktualizace zabezpecení aplikace Windows Media Player 11 (KB954154)
Aktualizace zabezpecení aplikace Windows Media Player 6.4 (KB925398)
Aktualizace zabezpecení aplikace Windows Media Player 9 (KB917734)
Aktualizace zabezpecení aplikace Windows Media Player 9 (KB936782)
Aktualizace zabezpecení produktu Windows XP (KB923689)
Aktualizace zabezpecení produktu Windows XP (KB941569)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB928090)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB929969)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB931768)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB933566)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB937143)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB938127)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB939653)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB942615)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB944533)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB950759)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB953838)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB956390)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB958215)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB960714)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB961260)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB963027)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB969897)
Aktualizace zabezpecení systému Windows Internet Explorer 8 (KB969897)
Aktualizace zabezpecení systému Windows Internet Explorer 8 (KB971961)
Aktualizace zabezpecení systému Windows Internet Explorer 8 (KB972260)
Aktualizace zabezpecení systému Windows Internet Explorer 8 (KB974455)
Aktualizace zabezpecení systému Windows Internet Explorer 8 (KB976325)
Aktualizace zabezpecení systému Windows XP (KB923561)
Aktualizace zabezpecení systému Windows XP (KB923789)
Aktualizace zabezpecení systému Windows XP (KB938464)
Aktualizace zabezpecení systému Windows XP (KB946648)
Aktualizace zabezpecení systému Windows XP (KB950760)
Aktualizace zabezpecení systému Windows XP (KB950762)
Aktualizace zabezpecení systému Windows XP (KB950974)
Aktualizace zabezpecení systému Windows XP (KB951066)
Aktualizace zabezpecení systému Windows XP (KB951376-v2)
Aktualizace zabezpecení systému Windows XP (KB951376)
Aktualizace zabezpecení systému Windows XP (KB951698)
Aktualizace zabezpecení systému Windows XP (KB951748)
Aktualizace zabezpecení systému Windows XP (KB952004)
Aktualizace zabezpecení systému Windows XP (KB952954)
Aktualizace zabezpecení systému Windows XP (KB953839)
Aktualizace zabezpecení systému Windows XP (KB954211)
Aktualizace zabezpecení systému Windows XP (KB954459)
Aktualizace zabezpecení systému Windows XP (KB954600)
Aktualizace zabezpecení systému Windows XP (KB955069)
Aktualizace zabezpecení systému Windows XP (KB956391)
Aktualizace zabezpecení systému Windows XP (KB956572)
Aktualizace zabezpecení systému Windows XP (KB956744)
Aktualizace zabezpecení systému Windows XP (KB956802)
Aktualizace zabezpecení systému Windows XP (KB956803)
Aktualizace zabezpecení systému Windows XP (KB956841)
Aktualizace zabezpecení systému Windows XP (KB956844)
Aktualizace zabezpecení systému Windows XP (KB957095)
Aktualizace zabezpecení systému Windows XP (KB957097)
Aktualizace zabezpecení systému Windows XP (KB958644)
Aktualizace zabezpecení systému Windows XP (KB958687)
Aktualizace zabezpecení systému Windows XP (KB958690)
Aktualizace zabezpecení systému Windows XP (KB958869)
Aktualizace zabezpecení systému Windows XP (KB959426)
Aktualizace zabezpecení systému Windows XP (KB960225)
Aktualizace zabezpecení systému Windows XP (KB960715)
Aktualizace zabezpecení systému Windows XP (KB960803)
Aktualizace zabezpecení systému Windows XP (KB960859)
Aktualizace zabezpecení systému Windows XP (KB961371)
Aktualizace zabezpecení systému Windows XP (KB961373)
Aktualizace zabezpecení systému Windows XP (KB961501)
Aktualizace zabezpecení systému Windows XP (KB968537)
Aktualizace zabezpecení systému Windows XP (KB969059)
Aktualizace zabezpecení systému Windows XP (KB969898)
Aktualizace zabezpecení systému Windows XP (KB969947)
Aktualizace zabezpecení systému Windows XP (KB970238)
Aktualizace zabezpecení systému Windows XP (KB970430)
Aktualizace zabezpecení systému Windows XP (KB971486)
Aktualizace zabezpecení systému Windows XP (KB971557)
Aktualizace zabezpecení systému Windows XP (KB971633)
Aktualizace zabezpecení systému Windows XP (KB971657)
Aktualizace zabezpecení systému Windows XP (KB973346)
Aktualizace zabezpecení systému Windows XP (KB973354)
Aktualizace zabezpecení systému Windows XP (KB973507)
Aktualizace zabezpecení systému Windows XP (KB973525)
Aktualizace zabezpecení systému Windows XP (KB973869)
Aktualizace zabezpecení systému Windows XP (KB973904)
Aktualizace zabezpecení systému Windows XP (KB974112)
Aktualizace zabezpecení systému Windows XP (KB974318)
Aktualizace zabezpecení systému Windows XP (KB974392)
Aktualizace zabezpecení systému Windows XP (KB974571)
Aktualizace zabezpecení systému Windows XP (KB975025)
Aktualizace zabezpecení systému Windows XP (KB975467)
BSPlayer
Canon LBP2900
CODEWARE Synch 1.00
Duležitá aktualizace aplikace Windows Media Player 11 (KB959772)
Empathy 1.0
ESET NOD32 Antivirus
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections
Java(TM) 6 Update 14
Java(TM) 6 Update 7
K-Lite Codec Pack 2.84 Full
Klient služby Stínová kopie svazku
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
OpenOffice.org 2.3
Oprava hotfix aplikace Windows Media Player 11 (KB939683)
Oprava Hotfix systému Windows Internet Explorer 7 (KB947864)
Oprava Hotfix systému Windows XP (KB952287)
Oprava Hotfix systému Windows XP (KB961118)
Oprava Hotfix systému Windows XP (KB970653-v3)
Oprava Hotfix systému Windows XP (KB976098-v2)
SeaTools for Windows
SigmaTel Audio
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista
Total Commander (Remove or Repair)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VNC Free Edition 4.1.2
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Support Tools
Windows XP Service Pack 3
WinGuard Pro 2007

============= FINISH: 14:16:46.92 ===============

Re: po prihlaseni do xp se hned sami odhlásí a chteji znovu prih

Napsal: 05 led 2010 14:27
od grubero
ALE JE TO FAKT DLOUHO CO JSEM HO POUSTEL

ComboFix 09-08-10.06 - pos 12.08.2009 8:57.1.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.501.239 [GMT 2:00]
Spuštìný z: c:\documents and settings\pos\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1220945662-413027322-1801674531-1003
c:\windows\system32\wbem\proquota.exe

Nakažená kopie c:\windows\system32\userinit.exe byla nalezena a vyléèena.
Obnovena kopie z - c:\system volume information\_restore{322AF48E-D6A9-41CD-9965-07D4CEE9755F}\RP859\A0046143.exe

c:\windows\system32\proquota.exe chybìl.
Obnovena kopie z - c:\system volume information\_restore{322AF48E-D6A9-41CD-9965-07D4CEE9755F}\RP859\A0046148.exe

.
((((((((((((((((((((((((( Soubory vytvoøené od 2009-07-12 do 2009-08-12 )))))))))))))))))))))))))))))))
.

2009-08-12 07:04 . 2008-04-14 06:52 50176 ----a-w- c:\windows\system32\proquota.exe
2009-08-12 06:48 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-07 07:13 . 2009-08-07 07:13 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-07 07:12 . 2009-08-07 07:12 -------- d-----w- c:\program files\MSBuild
2009-08-07 07:12 . 2009-08-07 07:12 -------- d-----w- c:\program files\Reference Assemblies
2009-08-07 07:11 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-07 07:11 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-07 07:11 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-07 07:11 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-07 07:11 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-07 07:11 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-07 07:11 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-07 07:11 . 2009-08-07 07:12 -------- d-----w- C:\529a7885fc2b924860a61f
2009-08-07 07:10 . 2009-08-07 08:49 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-07 07:02 . 2009-08-07 07:02 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-17 19:04 . 2009-07-17 19:04 58880 -c----w- c:\windows\system32\dllcache\atl.dll
2009-07-14 11:13 . 2008-04-14 06:52 26112 ----a-w- c:\windows\system32\stu2.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-07 07:18 . 2006-03-02 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2009-08-07 07:18 . 2006-03-02 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2009-07-17 19:04 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-03 16:59 . 2006-03-02 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:40 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2006-03-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:45 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:45 . 2006-03-02 12:00 81408 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:15 . 2006-03-02 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2006-11-16 13:36 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:16 . 2006-03-02 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:11 . 2006-03-02 12:00 1293824 ----a-w- c:\windows\system32\quartz.dll
.

(((((((((((((((((((((((((((((((((( Spouštìcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-06 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-06 94208]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-14 1410304]
"WinGuard Pro"="c:\windows\system32\wgp.exe" [2006-10-18 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2006-05-26 282624]
"NWTRAY"="NWTRAY.EXE" - c:\windows\system32\nwtray.exe [2002-03-12 28672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\CNAB4RPK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\ftp.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.11.2007 16:06 30728]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.11.2007 16:05 455936]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [17.12.2008 12:40 17920]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [17.12.2008 12:40 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Doplòkový sken -------
.
uStart Page = hxxp://www.yvesrocher.cz/
TCP: {1DE3F693-AECB-4532-8CA6-6BD9E780A769} = 195.250.128.34,195.250.128.38
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-12 09:07
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesù ...

skenování skrytých položek 'Po spuštìní' ...

skenování skrytých souborù ...

sken byl úspešnì dokonèen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na bìžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(2216)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\stacsv.exe
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\program files\OpenOffice.org 2.3\program\soffice.exe
c:\program files\OpenOffice.org 2.3\program\soffice.bin
c:\windows\system32\CNAB4RPK.EXE
.
**************************************************************************
.
Celkový èas: 2009-08-12 9:10 - poèítaè byl restartován
ComboFix-quarantined-files.txt 2009-08-12 07:10

Pøed spuštìním: Volných bajtù: 31 207 849 984
Po spuštìní: Volných bajtù: 31 277 613 056

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

130 --- E O F --- 2009-08-12 07:04

Re: po prihlaseni do xp se hned sami odhlásí a chteji znovu prih

Napsal: 05 led 2010 14:38
od grubero
NACHAZI se na trech mistech c:\windows\system32 ,c:\windows\servicepackfiles\i386 ,c:\windows\$Ntservicepackuninstall$

Re: po prihlaseni do xp se hned sami odhlásí a chteji znovu prih

Napsal: 05 led 2010 14:48
od grubero
File userinit.exe received on 2010.01.02 15:50:31 (UTC)
Current status: finished

Result: 1/40 (2.50%)
Compact
Print results
Antivirus Version Last Update Result
a-squared 4.5.0.46 2010.01.02 -
AhnLab-V3 5.0.0.2 2010.01.02 -
AntiVir 7.9.1.122 2009.12.31 -
Antiy-AVL 2.0.3.7 2009.12.31 -
Authentium 5.2.0.5 2010.01.02 -
Avast 4.8.1351.0 2010.01.02 -
AVG 8.5.0.430 2010.01.02 -
BitDefender 7.2 2010.01.02 -
CAT-QuickHeal 10.00 2010.01.02 -
ClamAV 0.94.1 2010.01.01 -
Comodo 3448 2010.01.02 -
DrWeb 5.0.1.12222 2010.01.02 -
eSafe 7.0.17.0 2009.12.31 -
eTrust-Vet 35.1.7210 2010.01.01 -
F-Prot 4.5.1.85 2010.01.02 -
F-Secure 9.0.15370.0 2010.01.02 -
Fortinet 4.0.14.0 2010.01.02 -
GData 19 2010.01.02 -
Ikarus T3.1.1.79.0 2009.12.31 -
Jiangmin 13.0.900 2010.01.02 -
K7AntiVirus 7.10.936 2010.01.02 -
Kaspersky 7.0.0.125 2010.01.02 -
McAfee 5849 2010.01.02 -
McAfee+Artemis 5849 2010.01.02 -
McAfee-GW-Edition 6.8.5 2010.01.01 Heuristic.LooksLike.Win32.Suspicious.L
Microsoft 1.5302 2010.01.02 -
NOD32 4737 2010.01.02 -
Norman 6.04.03 2009.12.31 -
nProtect 2009.1.8.0 2009.12.31 -
Panda 10.0.2.2 2010.01.02 -
PCTools 7.0.3.5 2010.01.02 -
Prevx 3.0 2010.01.02 -
Rising 22.28.03.04 2009.12.31 -
Sophos 4.49.0 2010.01.02 -
Sunbelt 3.2.1858.2 2010.01.01 -
TheHacker 6.5.0.3.125 2010.01.02 -
TrendMicro 9.120.0.1004 2010.01.02 -
VBA32 3.12.12.1 2010.01.01 -
ViRobot 2009.12.31.2118 2009.12.31 -
VirusBuster 5.0.21.0 2010.01.01 -
Additional information
File size: 26112 bytes
MD5 : 7dc1830f22e7d275b438127b68030239
SHA1 : 0c9f7759f7239904fba1fbdbe0af691190bc4e9d
SHA256: 6e41f5734339f6676738314d85de8645c21264d2f6b1f4378e263d2298694435
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x54AD
timedatestamp.....: 0x480251A8 (Sun Apr 13 20:32:08 2008)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x520E 0x5400 5.95 553eac703d59754a182d8568d5c8a925
.data 0x7000 0x14C 0x200 1.86 0bb948f267e82975313a03d8c0e8a1cf
.rsrc 0x8000 0xAD8 0xC00 3.98 c525d87d5409af3b2123a92cee05733b

( 0 imports )


( 0 exports )

TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ssdeep: 768:0nIJi8jDLIDSAaQFxfftjaLacmkLGKmHDU:0nIJbDMDSA7FxffJaLaSLGPHDU
PEiD : -
RDS : NSRL Reference Data Set

Re: po prihlaseni do xp se hned sami odhlásí a chteji znovu prih

Napsal: 05 led 2010 15:04
od grubero
OTL logfile created on: 1/5/2010 1:56:15 PM - Run
OTLPE by OldTimer - Version 3.1.20.1 Folder = X:\Programs\OTLPE
Windows XP Professional Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

501.00 Mb Total Physical Memory | 315.00 Mb Available Physical Memory | 63.00% Memory free
468.00 Mb Paging File | 341.00 Mb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 27.16 Gb Free Space | 72.87% Space Free | Partition Type: NTFS
Drive D: | 3.72 Gb Total Space | 1.96 Gb Free Space | 52.54% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 272.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Win32 Services (SafeList) ==========

SRV - [2009/08/16 06:32:51 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2007/11/14 09:07:52 | 00,018,176 | ---- | M] () [On_Demand] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2007/11/14 09:05:50 | 00,455,936 | ---- | M] (ESET) [Auto] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2006/05/26 09:58:54 | 00,086,016 | ---- | M] (SigmaTel, Inc.) [Auto] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2006/05/12 08:04:08 | 00,439,248 | ---- | M] (RealVNC Ltd.) [Auto] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2008/04/13 17:26:08 | 00,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 15:06:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/14 09:06:38 | 00,030,728 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2007/11/14 09:04:14 | 00,027,656 | ---- | M] (ESET) [Kernel | System] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2007/11/14 09:03:52 | 00,033,800 | ---- | M] (Eset ) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2007/11/13 05:25:52 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/11/02 08:40:42 | 00,061,440 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\silabser.sys -- (silabser)
DRV - [2007/11/02 08:40:42 | 00,017,920 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\silabenm.sys -- (silabenm)
DRV - [2006/10/06 08:24:00 | 01,181,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/05/26 09:59:12 | 01,177,032 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/02 07:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2006/03/02 07:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2006/03/02 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2006/03/02 07:00:00 | 00,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2006/03/02 07:00:00 | 00,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2006/01/12 03:27:48 | 00,163,328 | R--- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel(R)
DRV - [2005/12/02 19:38:04 | 00,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========




IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\DEFAULT_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\pos_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
IE - HKU\pos_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\pos_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinGuard Pro] C:\WINDOWS\system32\wgp.exe (WGP Security Software)
O4 - HKLM..\Run: [winupdate86.exe] C:\WINDOWS\System32\winupdate86.exe File not found
O4 - HKU\pos_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\__sbs_netsetup___ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\__sbs_netsetup___ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\DEFAULT_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\DEFAULT_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\DEFAULT_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\pos_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\pos_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\pos_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\pos_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} http://server/ConnectComputer/nshelp.dll (NSHelp Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 3686495906 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.16.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = YvesRocher.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon86.exe) - C:\WINDOWS\System32\winlogon86.exe File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/16 08:40:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 00,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/05 09:50:55 | 00,000,000 | ---D | C] -- C:\OTLPE
[2010/01/05 06:56:29 | 00,000,000 | ---D | C] -- C:\Program Files\DOS2USB
[2010/01/05 05:54:22 | 00,000,000 | ---D | C] -- C:\DosPrint
[2010/01/05 05:24:45 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/01/05 05:14:56 | 00,000,000 | ---D | C] -- C:\pos_2
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\pos\*.tmp files -> C:\Documents and Settings\pos\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/05 08:33:40 | 00,412,501 | ---- | M] () -- C:\dds-bootcd.exe
[2010/01/05 08:10:45 | 00,229,376 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/01/05 08:10:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/05 08:10:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/05 07:25:42 | 01,048,576 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/01/05 07:25:42 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/01/05 07:09:03 | 02,883,584 | -H-- | M] () -- C:\Documents and Settings\pos\NTUSER.DAT
[2010/01/05 07:09:03 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\pos\ntuser.ini
[2010/01/05 07:08:05 | 00,107,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/05 07:07:21 | 05,325,396 | -H-- | M] () -- C:\Documents and Settings\pos\Local Settings\Data aplikací\IconCache.db
[2010/01/05 07:05:36 | 00,003,000 | ---- | M] () -- C:\Documents and Settings\pos\dos2usb.spl
[2010/01/05 07:02:46 | 00,010,534 | ---- | M] () -- C:\Program Files\Common Files\acpiec.sys
[2010/01/05 06:55:38 | 00,010,534 | ---- | M] () -- C:\Program Files\Common Files\lmouse.sys
[2010/01/05 06:00:43 | 00,001,640 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/01/05 05:54:51 | 00,000,571 | ---- | M] () -- C:\Documents and Settings\pos\Nabídka Start\Programy\Po spuštění\Dosprint.lnk
[2010/01/05 05:43:35 | 00,000,789 | ---- | M] () -- C:\Documents and Settings\pos\Nabídka Start\Programy\Po spuštění\DOS2USB.lnk
[2010/01/05 05:31:38 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/05 05:31:21 | 03,229,640 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\IconCache.db
[2010/01/05 04:27:44 | 00,002,855 | ---- | M] () -- C:\Documents and Settings\pos\Plocha\prikopy NPOS.pif
[2010/01/04 07:05:40 | 00,112,640 | ---- | M] () -- C:\Documents and Settings\pos\Plocha\INV 03 31_12_2009 K DOHLEDANI.XLS
[2010/01/03 14:08:22 | 00,162,304 | ---- | M] () -- C:\Documents and Settings\pos\Plocha\inventura darkovych seku.xls
[2009/12/29 08:18:06 | 00,208,974 | ---- | M] () -- C:\Documents and Settings\pos\Plocha\Václavské náměstí 47.eml
[2009/12/23 04:29:00 | 00,157,184 | ---- | M] () -- C:\Documents and Settings\pos\Plocha\navod dan 20%.doc
[2009/12/16 06:15:37 | 00,010,031 | ---- | M] () -- C:\Documents and Settings\pos\Plocha\RE_ pronájem.eml
[2009/12/15 05:37:44 | 00,066,720 | ---- | M] () -- C:\Documents and Settings\pos\Plocha\arch_A4.pdf
[2009/12/13 14:03:13 | 00,060,662 | ---- | M] () -- C:\Documents and Settings\pos\Dokumenty\E030731.ARJ
[2009/12/09 04:24:33 | 00,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/09 04:24:33 | 00,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/09 04:24:32 | 01,020,148 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/09 04:24:32 | 00,428,750 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2009/12/09 04:24:32 | 00,077,872 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2009/12/09 03:03:57 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\pos\*.tmp files -> C:\Documents and Settings\pos\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/05 09:16:14 | 00,412,501 | ---- | C] () -- C:\dds-bootcd.exe
[2010/01/05 07:02:46 | 00,010,534 | ---- | C] () -- C:\Program Files\Common Files\acpiec.sys
[2010/01/05 06:56:31 | 00,019,327 | ---- | C] () -- C:\WINDOWS\System32\lpt2cap.vxd
[2010/01/05 06:56:31 | 00,019,327 | ---- | C] () -- C:\WINDOWS\System32\dos2usb.vxd
[2010/01/05 06:56:31 | 00,008,386 | ---- | C] () -- C:\WINDOWS\System32\GSN.vxd
[2010/01/05 06:56:31 | 00,001,851 | ---- | C] () -- C:\WINDOWS\System32\xpdrvr.exe
[2010/01/05 06:55:38 | 00,010,534 | ---- | C] () -- C:\Program Files\Common Files\lmouse.sys
[2010/01/05 05:54:51 | 00,000,571 | ---- | C] () -- C:\Documents and Settings\pos\Nabídka Start\Programy\Po spuštění\Dosprint.lnk
[2010/01/05 05:45:24 | 00,000,789 | ---- | C] () -- C:\Documents and Settings\pos\Nabídka Start\Programy\Po spuštění\DOS2USB.lnk
[2010/01/05 05:43:51 | 00,003,000 | ---- | C] () -- C:\Documents and Settings\pos\dos2usb.spl
[2010/01/05 05:15:51 | 00,002,855 | ---- | C] () -- C:\Documents and Settings\pos\Plocha\prikopy NPOS.pif
[2010/01/04 07:05:39 | 00,112,640 | ---- | C] () -- C:\Documents and Settings\pos\Plocha\INV 03 31_12_2009 K DOHLEDANI.XLS
[2009/12/29 08:01:43 | 00,208,974 | ---- | C] () -- C:\Documents and Settings\pos\Plocha\Václavské náměstí 47.eml
[2009/12/23 04:29:00 | 00,157,184 | ---- | C] () -- C:\Documents and Settings\pos\Plocha\navod dan 20%.doc
[2009/12/16 06:15:36 | 00,010,031 | ---- | C] () -- C:\Documents and Settings\pos\Plocha\RE_ pronájem.eml
[2009/12/15 05:37:44 | 00,066,720 | ---- | C] () -- C:\Documents and Settings\pos\Plocha\arch_A4.pdf
[2009/12/13 14:03:47 | 00,060,662 | ---- | C] () -- C:\Documents and Settings\pos\Dokumenty\E030731.ARJ
[2007/11/14 09:06:38 | 00,030,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2007/08/02 02:48:32 | 00,000,056 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2007/08/02 02:47:55 | 00,002,028 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007/04/12 03:46:14 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\pos\Local Settings\Data aplikací\PUTTY.RND
[2007/02/19 05:42:57 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/02/19 05:42:57 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/02/19 05:42:57 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/02/19 05:42:56 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/02/19 05:42:56 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/02/19 03:41:57 | 00,005,632 | ---- | C] () -- C:\Documents and Settings\pos\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/06 03:58:19 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/11/20 08:11:04 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/20 08:03:31 | 00,040,376 | ---- | C] () -- C:\Documents and Settings\pos\Local Settings\Data aplikací\FASTWiz.log
[2006/11/16 09:44:31 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll
[2006/11/16 09:00:25 | 00,192,512 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4596.dll
[2006/11/16 09:00:21 | 00,447,120 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2005/04/18 02:43:00 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2003/08/09 05:30:52 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\empalib.dll
[2001/10/04 08:40:54 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll

========== LOP Check ==========


========== Purity Check ==========


< End of report >

Re: po prihlaseni do xp se hned sami odhlásí a chteji znovu prih

Napsal: 05 led 2010 15:23
od grubero
tohle jsem nenasel
2. [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
ma krom jinych i hodnoty:
winupdate86.exe
WinGuard Pro

a normalne to nenajelo

DDS_BootCD_Version (Ver_09-10-04.01) - NTFSx86
Run at 15:19:29.39 on Tue 01/05/2010
Internet Explorer: 8.0.6001.18702

============== Pseudo HJT Report ===============

S-1-5-21-3531303196-66749204-1919733637-1133_Start Page = hxxp://www.seznam.cz/
S-1-5-21-3531303196-66749204-1919733637-1133_Default_Page_URL = hxxp://companyweb
mWinlogon: Userinit=c:\windows\system32\winlogon86.exe
BHO: Podpora odkazu pro Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Podpora odkazu pro Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
S-1-5-21-2301848253-1634142342-161658051-1005_Run: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
S-1-5-21-2301848253-1634142342-161658051-500_Run: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
S-1-5-21-3531303196-66749204-1919733637-1133_Run: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
S-1-5-21-3531303196-66749204-1919733637-1133_Run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
S-1-5-21-3531303196-66749204-1919733637-1133_RunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [WinGuard Pro] c:\windows\system32\wgp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [winupdate86.exe] c:\windows\system32\winupdate86.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} - hxxp://server/ConnectComputer/nshelp.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163686495906
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

ekrn; "c:\program files\eset\eset nod32 antivirus\ekrn.exe"
epfwtdir; system32\DRIVERS\epfwtdir.sys
silabenm; system32\DRIVERS\silabenm.sys
silabser; system32\DRIVERS\silabser.sys
{1DE3F693-AECB-4532-8CA6-6BD9E780A769}; [x]

=============== Created Last 30 ================

2010-01-05 14:50 <DIR> --d----- C:\OTLPE
2010-01-05 14:16 412,501 a------- C:\dds-bootcd.exe
2010-01-05 12:02 10,534 a------- c:\program files\common files\acpiec.sys
2010-01-05 11:56 19,327 a------- c:\windows\system32\lpt2cap.vxd
2010-01-05 11:56 19,327 a------- c:\windows\system32\dos2usb.vxd
2010-01-05 11:56 8,386 a------- c:\windows\system32\GSN.vxd
2010-01-05 11:56 1,851 a------- c:\windows\system32\xpdrvr.exe
2010-01-05 11:56 <DIR> --d----- c:\program files\DOS2USB
2010-01-05 11:55 10,534 a------- c:\program files\common files\lmouse.sys
2010-01-05 10:54 <DIR> --d----- C:\DosPrint
2010-01-05 10:14 <DIR> --d----- C:\pos_2

==================== Find3M ====================

2009-12-09 09:24 428,750 a------- c:\windows\system32\perfh005.dat
2009-12-09 09:24 77,872 a------- c:\windows\system32\perfc005.dat
2009-10-29 07:43 916,480 a------- c:\windows\system32\wininet.dll
2009-10-21 05:40 75,776 a------- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 25,088 a------- c:\windows\system32\httpapi.dll
2009-10-13 10:34 271,360 a------- c:\windows\system32\oakley.dll
2009-10-12 13:40 150,016 a------- c:\windows\system32\rastls.dll
2009-10-12 13:40 79,872 a------- c:\windows\system32\raschap.dll
2008-08-07 07:59 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080720080808\index.dat

==== Installed Programs ======================


1.59.83
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8 - Czech
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Aktualizace systému Windows Internet Explorer 8 (KB971180)
Aktualizace systému Windows Internet Explorer 8 (KB976749)
Aktualizace systému Windows XP (KB951072-v2)
Aktualizace systému Windows XP (KB951978)
Aktualizace systému Windows XP (KB955839)
Aktualizace systému Windows XP (KB967715)
Aktualizace systému Windows XP (KB968389)
Aktualizace systému Windows XP (KB971737)
Aktualizace systému Windows XP (KB973687)
Aktualizace systému Windows XP (KB973815)
Aktualizace zabezpecení aplikace Windows Media Player (KB911564)
Aktualizace zabezpecení aplikace Windows Media Player (KB952069)
Aktualizace zabezpecení aplikace Windows Media Player (KB954155)
Aktualizace zabezpecení aplikace Windows Media Player (KB968816)
Aktualizace zabezpecení aplikace Windows Media Player (KB973540)
Aktualizace zabezpecení aplikace Windows Media Player 11 (KB936782)
Aktualizace zabezpecení aplikace Windows Media Player 11 (KB954154)
Aktualizace zabezpecení aplikace Windows Media Player 6.4 (KB925398)
Aktualizace zabezpecení aplikace Windows Media Player 9 (KB917734)
Aktualizace zabezpecení aplikace Windows Media Player 9 (KB936782)
Aktualizace zabezpecení produktu Windows XP (KB923689)
Aktualizace zabezpecení produktu Windows XP (KB941569)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB928090)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB929969)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB931768)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB933566)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB937143)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB938127)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB939653)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB942615)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB944533)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB950759)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB953838)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB956390)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB958215)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB960714)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB961260)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB963027)
Aktualizace zabezpecení systému Windows Internet Explorer 7 (KB969897)
Aktualizace zabezpecení systému Windows Internet Explorer 8 (KB969897)
Aktualizace zabezpecení systému Windows Internet Explorer 8 (KB971961)
Aktualizace zabezpecení systému Windows Internet Explorer 8 (KB972260)
Aktualizace zabezpecení systému Windows Internet Explorer 8 (KB974455)
Aktualizace zabezpecení systému Windows Internet Explorer 8 (KB976325)
Aktualizace zabezpecení systému Windows XP (KB923561)
Aktualizace zabezpecení systému Windows XP (KB923789)
Aktualizace zabezpecení systému Windows XP (KB938464)
Aktualizace zabezpecení systému Windows XP (KB946648)
Aktualizace zabezpecení systému Windows XP (KB950760)
Aktualizace zabezpecení systému Windows XP (KB950762)
Aktualizace zabezpecení systému Windows XP (KB950974)
Aktualizace zabezpecení systému Windows XP (KB951066)
Aktualizace zabezpecení systému Windows XP (KB951376-v2)
Aktualizace zabezpecení systému Windows XP (KB951376)
Aktualizace zabezpecení systému Windows XP (KB951698)
Aktualizace zabezpecení systému Windows XP (KB951748)
Aktualizace zabezpecení systému Windows XP (KB952004)
Aktualizace zabezpecení systému Windows XP (KB952954)
Aktualizace zabezpecení systému Windows XP (KB953839)
Aktualizace zabezpecení systému Windows XP (KB954211)
Aktualizace zabezpecení systému Windows XP (KB954459)
Aktualizace zabezpecení systému Windows XP (KB954600)
Aktualizace zabezpecení systému Windows XP (KB955069)
Aktualizace zabezpecení systému Windows XP (KB956391)
Aktualizace zabezpecení systému Windows XP (KB956572)
Aktualizace zabezpecení systému Windows XP (KB956744)
Aktualizace zabezpecení systému Windows XP (KB956802)
Aktualizace zabezpecení systému Windows XP (KB956803)
Aktualizace zabezpecení systému Windows XP (KB956841)
Aktualizace zabezpecení systému Windows XP (KB956844)
Aktualizace zabezpecení systému Windows XP (KB957095)
Aktualizace zabezpecení systému Windows XP (KB957097)
Aktualizace zabezpecení systému Windows XP (KB958644)
Aktualizace zabezpecení systému Windows XP (KB958687)
Aktualizace zabezpecení systému Windows XP (KB958690)
Aktualizace zabezpecení systému Windows XP (KB958869)
Aktualizace zabezpecení systému Windows XP (KB959426)
Aktualizace zabezpecení systému Windows XP (KB960225)
Aktualizace zabezpecení systému Windows XP (KB960715)
Aktualizace zabezpecení systému Windows XP (KB960803)
Aktualizace zabezpecení systému Windows XP (KB960859)
Aktualizace zabezpecení systému Windows XP (KB961371)
Aktualizace zabezpecení systému Windows XP (KB961373)
Aktualizace zabezpecení systému Windows XP (KB961501)
Aktualizace zabezpecení systému Windows XP (KB968537)
Aktualizace zabezpecení systému Windows XP (KB969059)
Aktualizace zabezpecení systému Windows XP (KB969898)
Aktualizace zabezpecení systému Windows XP (KB969947)
Aktualizace zabezpecení systému Windows XP (KB970238)
Aktualizace zabezpecení systému Windows XP (KB970430)
Aktualizace zabezpecení systému Windows XP (KB971486)
Aktualizace zabezpecení systému Windows XP (KB971557)
Aktualizace zabezpecení systému Windows XP (KB971633)
Aktualizace zabezpecení systému Windows XP (KB971657)
Aktualizace zabezpecení systému Windows XP (KB973346)
Aktualizace zabezpecení systému Windows XP (KB973354)
Aktualizace zabezpecení systému Windows XP (KB973507)
Aktualizace zabezpecení systému Windows XP (KB973525)
Aktualizace zabezpecení systému Windows XP (KB973869)
Aktualizace zabezpecení systému Windows XP (KB973904)
Aktualizace zabezpecení systému Windows XP (KB974112)
Aktualizace zabezpecení systému Windows XP (KB974318)
Aktualizace zabezpecení systému Windows XP (KB974392)
Aktualizace zabezpecení systému Windows XP (KB974571)
Aktualizace zabezpecení systému Windows XP (KB975025)
Aktualizace zabezpecení systému Windows XP (KB975467)
BSPlayer
Canon LBP2900
CODEWARE Synch 1.00
Duležitá aktualizace aplikace Windows Media Player 11 (KB959772)
Empathy 1.0
ESET NOD32 Antivirus
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections
Java(TM) 6 Update 14
Java(TM) 6 Update 7
K-Lite Codec Pack 2.84 Full
Klient služby Stínová kopie svazku
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
OpenOffice.org 2.3
Oprava hotfix aplikace Windows Media Player 11 (KB939683)
Oprava Hotfix systému Windows Internet Explorer 7 (KB947864)
Oprava Hotfix systému Windows XP (KB952287)
Oprava Hotfix systému Windows XP (KB961118)
Oprava Hotfix systému Windows XP (KB970653-v3)
Oprava Hotfix systému Windows XP (KB976098-v2)
SeaTools for Windows
SigmaTel Audio
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista
Total Commander (Remove or Repair)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VNC Free Edition 4.1.2
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Support Tools
Windows XP Service Pack 3
WinGuard Pro 2007

============= FINISH: 15:19:55.35 ===============

Re: po prihlaseni do xp se hned sami odhlásí a chteji znovu prih

Napsal: 05 led 2010 15:52
od grubero
soubor c:\windows\system32\winlogon86.exe jsem smazal a prepsal cestu v userinit ale zase se prepsala zbet,ted uz nenabehl ani login screen pred nim se comp sam resetoval

Re: po prihlaseni do xp se hned sami odhlásí a chteji znovu prih

Napsal: 05 led 2010 16:09
od grubero
HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
ma krom jinych i hodnoty:
winupdate86.exe hlavne tuhle.
WinGuard Pro

TYHLE HODNOTY V REGISTRECH NEJSOU VUBEC YKOUSEL JSEM JE I PROHLEDAVAT A YASE PRES LOGOVACIM SCREENEM SE REBOOTUJE A PREPISE SE ZPATKY USERINIT

Re: po prihlaseni do xp se hned sami odhlásí a chteji znovu prih

Napsal: 05 led 2010 16:31
od grubero
OTL logfile created on: 1/5/2010 3:28:39 PM - Run
OTLPE by OldTimer - Version 3.1.20.1 Folder = X:\Programs\OTLPE
Windows XP Professional Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

501.00 Mb Total Physical Memory | 313.00 Mb Available Physical Memory | 62.00% Memory free
468.00 Mb Paging File | 338.00 Mb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 27.16 Gb Free Space | 72.87% Space Free | Partition Type: NTFS
Drive D: | 3.72 Gb Total Space | 1.96 Gb Free Space | 52.54% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 272.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/11/16 08:39:29 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== LOP Check ==========


========== Purity Check ==========



========== Custom Scans ==========


< HKLM\Software\Microsoft\Windows\CurrentVersion\Run /s >
"SigmatelSysTrayApp" = sttray.exe -- [2006/05/26 09:58:00 | 00,282,624 | ---- | M] (SigmaTel, Inc.)
"IgfxTray" = C:\WINDOWS\system32\igfxtray.exe -- [2006/10/06 06:11:10 | 00,098,304 | ---- | M] (Intel Corporation)
"HotKeysCmds" = C:\WINDOWS\system32\hkcmd.exe -- [2006/10/06 06:13:28 | 00,114,688 | ---- | M] (Intel Corporation)
"Persistence" = C:\WINDOWS\system32\igfxpers.exe -- [2006/10/06 06:10:06 | 00,094,208 | ---- | M] (Intel Corporation)
"egui" = "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice -- [2007/11/14 09:05:24 | 01,410,304 | ---- | M] (ESET)
"WinGuard Pro" = C:\WINDOWS\system32\wgp.exe -- [2006/10/18 10:24:44 | 00,282,624 | ---- | M] (WGP Security Software)
"Adobe Reader Speed Launcher" = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" -- [2008/01/11 16:16:00 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre6\bin\jusched.exe" -- [2009/08/16 06:32:52 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
"winupdate86.exe" = C:\WINDOWS\system32\winupdate86.exe -- File not found
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
"" =
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed" = 1
"" =
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange" = 1
"Installed" = 1
"" =
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed" = 1
"" =

< HKU\Software\Microsoft\Windows\CurrentVersion\Run /s >

< HKCU\Software\Microsoft\Windows\CurrentVersion\Run /s >
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2008/04/14 01:52:38 | 01,695,232 | ---- | M] (Microsoft Corporation)
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008/04/14 01:52:18 | 00,015,360 | ---- | M] (Microsoft Corporation)

< HKLM\system\currentcontrolset\control\lsa /s >
"Authentication Packages" = msv1_0 [binary data] -- [2009/09/11 09:19:35 | 00,136,192 | ---- | M] (Microsoft Corporation)
"Bounds" = 0 [binary data]
"Security Packages" = kerberosmsv1_0schannelwdigest [binary data]
"ImpersonatePrivilegeUpgradeToolHasRun" = 1
"LsaPid" = 712
"SecureBoot" = 1
"auditbaseobjects" = 0
"crashonauditfail" = 0
"disabledomaincreds" = 0
"everyoneincludesanonymous" = 0
"fipsalgorithmpolicy" = 0
"forceguest" = 1
"fullprivilegeauditing" = [binary data]
"limitblankpassworduse" = 1
"lmcompatibilitylevel" = 0
"nodefaultadminowner" = 1
"nolmhash" = 0
"restrictanonymous" = 0
"restrictanonymoussam" = 1
"Notification Packages" = scecli [binary data] -- [2008/04/14 01:51:56 | 00,185,856 | ---- | M] (Microsoft Corporation)
"enabledcom" = y
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders]
"ProviderOrder" = Windows NT Access Provider [binary data]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath" = %SystemRoot%\system32\ntmarta.dll -- [2008/04/14 01:51:52 | 00,119,808 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit\PerUserAuditing]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit\PerUserAuditing\System]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data]
"Pattern" = 56 E8 F3 1B 81 D4 54 76 DB 96 01 AA 01 AA 64 26 36 64 34 36 38 62 34 65 00 00 00 00 7A 4E 00 00 9C D1 1B 00 99 D0 BD 71 88 D1 1B 00 10 00 00 00 00 00 00 00 3C D4 D5 14 B5 32 46 50 A4 A6 1C 6D [binary data]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG]
"GrafBlumGroup" = BA 8C 00 9E 59 3F 6C 2B B3 [binary data]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD]
"Lookup" = F6 F3 63 47 DF 40 [binary data]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos\Domains]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos\SidCache]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0]
"Auth132" = IISSUBA -- [2006/03/02 07:00:00 | 00,009,216 | ---- | M] (Microsoft Corporation)
"ntlmminclientsec" = 0
"ntlmminserversec" = 0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1]
"SkewMatrix" = 07 1A A5 E3 4C E6 FC 6E 43 DB 8F 02 02 52 90 E5 [binary data]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO\Passport1.4]
"SSOURL" = http://www.passport.com
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache]
"Time" = 76 12 E8 7C 63 F8 C8 01 [binary data]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\digest.dll]
"Name" = Digest
"Comment" = Digest SSPI Authentication Package
"Capabilities" = 16464
"RpcId" = 65535
"Version" = 1
"TokenSize" = 65535
"Time" = 00 A6 C5 FD FB 9D C8 01 [binary data]
"Type" = 49
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\msapsspc.dll]
"Name" = DPA
"Comment" = DPA Security Package
"Capabilities" = 55
"RpcId" = 17
"Version" = 1
"TokenSize" = 768
"Time" = 00 5A 8A 02 FC 9D C8 01 [binary data]
"Type" = 49
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\msnsspc.dll]
"Name" = MSN
"Comment" = MSN Security Package
"Capabilities" = 55
"RpcId" = 18
"Version" = 1
"TokenSize" = 768
"Time" = 00 87 BB 03 FC 9D C8 01 [binary data]
"Type" = 49

< HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon /s >
"AutoRestartShell" = 1
"DefaultUserName" = pos
"LegalNoticeCaption" =
"LegalNoticeText" =
"PowerdownAfterShutdown" = 0
"ReportBootOk" = 1
"Shell" = Explorer.exe -- [2008/04/14 01:52:24 | 01,034,240 | ---- | M] (Microsoft Corporation)
"ShutdownWithoutLogon" = 0
"System" =
"Userinit" = C:\WINDOWS\system32\winlogon86.exe -- File not found
"VmApplet" = rundll32 shell32,Control_RunDLL "sysdm.cpl" -- [2008/04/14 01:52:56 | 00,301,056 | ---- | M] (Microsoft Corporation)
"SfcQuota" = -1
"allocatecdroms" = 0
"allocatedasd" = 0
"allocatefloppies" = 0
"cachedlogonscount" = 10
"forceunlocklogon" = 0
"passwordexpirywarning" = 14
"scremoveoption" = 0
"AllowMultipleTSSessions" = 0
"UIHost" = logonui.exe -- [2008/04/14 01:52:30 | 00,515,072 | ---- | M] (Microsoft Corporation)
"LogonType" = 0
"DebugServerCommand" = no
"SFCDisable" = 0
"WinStationsDisabled" = 0
"HibernationPreviouslyEnabled" = 1
"ShowLogonOptions" = 1
"AltDefaultUserName" = pos
"AltDefaultDomainName" = YVESROCHER
"DefaultDomainName" = YVESROCHER
"ChangePasswordUseKerberos" = 1
"AutoAdminLogon" = 0
"AutoLogonCount" = 1
"DisableCAD" = 0
"CachePrimaryDomain" = YVESROCHER
"DCacheUpdate" = 81 04 03 C8 11 8E CA 01 [binary data]
"SyncForegroundPolicy" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\DomainCache]
"YVESROCHER" = YvesRocher.local
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
"" = Bezdrátové
"ProcessGroupPolicy" = ProcessWIRELESSPolicy
"DllName" = gptext.dll -- [2008/04/14 01:51:44 | 00,200,192 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
"" = Folder Redirection
"ProcessGroupPolicyEx" = ProcessGroupPolicyEx
"DllName" = fdeploy.dll -- [2008/04/14 01:51:42 | 00,074,240 | ---- | M] (Microsoft Corporation)
"NoMachinePolicy" = 1
"NoSlowLink" = 1
"PerUserLocalSettings" = 1
"NoGPOListChanges" = 0
"NoBackgroundPolicy" = 0
"GenerateGroupPolicy" = GenerateGroupPolicy
"EventSources" = (Folder Redirection,Application) [binary data]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}]
"Status" = 0
"RsopStatus" = 0
"LastPolicyTime" = 15719657
"PrevSlowLink" = 0
"PrevRsopLogging" = 1
"ForceRefreshFG" = 0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"" = Disková kvóta Microsoft
"NoMachinePolicy" = 0
"NoUserPolicy" = 1
"NoSlowLink" = 1
"NoBackgroundPolicy" = 1
"NoGPOListChanges" = 1
"PerUserLocalSettings" = 0
"RequiresSuccessfulRegistry" = 1
"EnableAsynchronousProcessing" = 0
"DllName" = dskquota.dll -- [2008/04/14 01:51:42 | 00,093,184 | ---- | M] (Microsoft Corporation)
"ProcessGroupPolicy" = ProcessGroupPolicy
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
"" = Plánovac paketu technologie QoS
"ProcessGroupPolicy" = ProcessPSCHEDPolicy
"DllName" = gptext.dll -- [2008/04/14 01:51:44 | 00,200,192 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
"" = Skripty
"ProcessGroupPolicy" = ProcessScriptsGroupPolicy
"ProcessGroupPolicyEx" = ProcessScriptsGroupPolicyEx
"GenerateGroupPolicy" = GenerateScriptsGroupPolicy
"DllName" = gptext.dll -- [2008/04/14 01:51:44 | 00,200,192 | ---- | M] (Microsoft Corporation)
"NoSlowLink" = 1
"NoGPOListChanges" = 1
"NotifyLinkTransition" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"" = Internet Explorer Zonemapping
"DllName" = C:\WINDOWS\system32\iedkcs32.dll -- [2009/10/29 02:43:43 | 00,387,584 | ---- | M] (Microsoft Corporation)
"ProcessGroupPolicy" = ProcessGroupPolicyForZoneMap
"NoGPOListChanges" = 1
"RequiresSucessfulRegistry" = 1
"DisplayName" = @C:\WINDOWS\system32\iedkcs32.dll.mui,-3051
"RequiresSuccessfulRegistry" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
"" = Internet Explorer User Accelerators
"DisplayName" = @C:\WINDOWS\system32\iedkcs32.dll.mui,-3051
"DllName" = C:\WINDOWS\system32\iedkcs32.dll -- [2009/10/29 02:43:43 | 00,387,584 | ---- | M] (Microsoft Corporation)
"NoGPOListChanges" = 1
"ProcessGroupPolicy" = ProcessGroupPolicyForActivities
"ProcessGroupPolicyEx" = ProcessGroupPolicyForActivitiesEx
"RequiresSuccessfulRegistry" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"ProcessGroupPolicy" = SceProcessSecurityPolicyGPO
"GenerateGroupPolicy" = SceGenerateGroupPolicy
"ExtensionRsopPlanningDebugLevel" = 1
"ProcessGroupPolicyEx" = SceProcessSecurityPolicyGPOEx
"ExtensionDebugLevel" = 1
"DllName" = scecli.dll -- [2008/04/14 01:51:56 | 00,185,856 | ---- | M] (Microsoft Corporation)
"" = Security -- [2008/04/14 01:51:56 | 00,005,632 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
"EnableAsynchronousProcessing" = 1
"MaxNoGPOListChangesInterval" = 960
"PreviousPolicyAreas" = 1
"Status" = 0
"RsopStatus" = 0
"LastPolicyTime" = 15785760
"PrevSlowLink" = 0
"PrevRsopLogging" = 1
"ForceRefreshFG" = 0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"ProcessGroupPolicyEx" = ProcessGroupPolicyEx
"GenerateGroupPolicy" = GenerateGroupPolicy
"ProcessGroupPolicy" = ProcessGroupPolicy
"DllName" = C:\WINDOWS\system32\iedkcs32.dll -- [2009/10/29 02:43:43 | 00,387,584 | ---- | M] (Microsoft Corporation)
"" = Internet Explorer Branding
"NoSlowLink" = 1
"NoBackgroundPolicy" = 0
"NoGPOListChanges" = 1
"NoMachinePolicy" = 1
"DisplayName" = @C:\WINDOWS\system32\iedkcs32.dll.mui,-3014
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"ProcessGroupPolicy" = SceProcessEFSRecoveryGPO
"DllName" = scecli.dll -- [2008/04/14 01:51:56 | 00,185,856 | ---- | M] (Microsoft Corporation)
"" = EFS recovery
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
"RequiresSuccessfulRegistry" = 1
"Status" = 0
"RsopStatus" = -2147024846
"LastPolicyTime" = 15719657
"PrevSlowLink" = 0
"PrevRsopLogging" = 1
"ForceRefreshFG" = 0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
"" = 802.3 Group Policy
"DisplayName" = @dot3gpclnt.dll,-100
"ProcessGroupPolicyEx" = ProcessLANPolicyEx
"GenerateGroupPolicy" = GenerateLANPolicy
"DllName" = dot3gpclnt.dll -- [2008/04/14 01:51:40 | 00,039,936 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
"" = Microsoft Offline Files
"DllName" = %SystemRoot%\System32\cscui.dll -- [2008/04/14 01:51:40 | 00,328,704 | ---- | M] (Microsoft Corporation)
"EnableAsynchronousProcessing" = 0
"NoBackgroundPolicy" = 0
"NoGPOListChanges" = 0
"NoMachinePolicy" = 0
"NoSlowLink" = 0
"NoUserPolicy" = 1
"PerUserLocalSettings" = 0
"ProcessGroupPolicy" = ProcessGroupPolicy
"RequiresSuccessfulRegistry" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"" = Instalace softwaru
"DllName" = appmgmts.dll -- [2008/04/14 01:51:38 | 00,171,008 | ---- | M] (Microsoft Corporation)
"ProcessGroupPolicyEx" = ProcessGroupPolicyObjectsEx
"GenerateGroupPolicy" = GenerateGroupPolicy
"NoBackgroundPolicy" = 0
"RequiresSucessfulRegistry" = 0
"NoSlowLink" = 1
"PerUserLocalSettings" = 1
"EventSources" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
"" = Internet Explorer Machine Accelerators
"DisplayName" = @C:\WINDOWS\system32\iedkcs32.dll.mui,-3051
"DllName" = C:\WINDOWS\system32\iedkcs32.dll -- [2009/10/29 02:43:43 | 00,387,584 | ---- | M] (Microsoft Corporation)
"NoGPOListChanges" = 1
"ProcessGroupPolicy" = ProcessGroupPolicyForActivities
"ProcessGroupPolicyEx" = ProcessGroupPolicyForActivitiesEx
"RequiresSuccessfulRegistry" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
"" = Zabezpecení protokolu IP
"ProcessGroupPolicy" = ProcessIPSECPolicy
"DllName" = gptext.dll -- [2008/04/14 01:51:44 | 00,200,192 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous" = 0
"Impersonate" = 0
"DllName" = crypt32.dll -- [2008/04/14 01:51:40 | 00,602,112 | ---- | M] (Microsoft Corporation)
"Logoff" = ChainWlxLogoffEvent
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous" = 0
"Impersonate" = 0
"DllName" = cryptnet.dll -- [2008/04/14 01:51:40 | 00,064,512 | ---- | M] (Microsoft Corporation)
"Logoff" = CryptnetWlxLogoffEvent
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName" = cscdll.dll -- [2008/04/14 01:51:40 | 00,102,400 | ---- | M] (Microsoft Corporation)
"Logon" = WinlogonLogonEvent
"Logoff" = WinlogonLogoffEvent
"ScreenSaver" = WinlogonScreenSaverEvent
"Startup" = WinlogonStartupEvent
"Shutdown" = WinlogonShutdownEvent
"StartShell" = WinlogonStartShellEvent
"Impersonate" = 0
"Asynchronous" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
"Asynchronous" = 1
"DllName" = %SystemRoot%\System32\dimsntfy.dll -- [2008/04/14 01:51:40 | 00,019,456 | ---- | M] (Microsoft Corporation)
"Startup" = WlDimsStartup
"Shutdown" = WlDimsShutdown
"Logon" = WlDimsLogon
"Logoff" = WlDimsLogoff
"StartShell" = WlDimsStartShell
"Lock" = WlDimsLock
"Unlock" = WlDimsUnlock
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
"" =
"DLLName" = igfxdev.dll -- [2006/10/06 06:09:04 | 00,155,648 | ---- | M] (Intel Corporation)
"Asynchronous" = 1
"Impersonate" = 1
"Unlock" = WinlogonUnlockEvent
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName" = wlnotify.dll -- [2008/04/14 01:52:06 | 00,092,672 | ---- | M] (Microsoft Corporation)
"Logon" = SCardStartCertProp
"Logoff" = SCardStopCertProp
"Lock" = SCardSuspendCertProp
"Unlock" = SCardResumeCertProp
"Enabled" = 1
"Impersonate" = 1
"Asynchronous" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous" = 0
"DllName" = wlnotify.dll -- [2008/04/14 01:52:06 | 00,092,672 | ---- | M] (Microsoft Corporation)
"Impersonate" = 0
"StartShell" = SchedStartShell
"Logoff" = SchedEventLogOff
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff" = WLEventLogoff
"Impersonate" = 0
"Asynchronous" = 1
"DllName" = sclgntfy.dll -- [2008/04/14 01:51:56 | 00,022,016 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName" = WlNotify.dll -- [2008/04/14 01:52:06 | 00,092,672 | ---- | M] (Microsoft Corporation)
"Lock" = SensLockEvent
"Logon" = SensLogonEvent
"Logoff" = SensLogoffEvent
"Safe" = 1
"MaxWait" = 600
"StartScreenSaver" = SensStartScreenSaverEvent
"StopScreenSaver" = SensStopScreenSaverEvent
"Startup" = SensStartupEvent
"Shutdown" = SensShutdownEvent
"StartShell" = SensStartShellEvent
"PostShell" = SensPostShellEvent
"Disconnect" = SensDisconnectEvent
"Reconnect" = SensReconnectEvent
"Unlock" = SensUnlockEvent
"Impersonate" = 1
"Asynchronous" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous" = 0
"DllName" = wlnotify.dll -- [2008/04/14 01:52:06 | 00,092,672 | ---- | M] (Microsoft Corporation)
"Impersonate" = 0
"Logoff" = TSEventLogoff
"Logon" = TSEventLogon
"PostShell" = TSEventPostShell
"Shutdown" = TSEventShutdown
"StartShell" = TSEventStartShell
"Startup" = TSEventStartup
"MaxWait" = 600
"Reconnect" = TSEventReconnect
"Disconnect" = TSEventDisconnect
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon" = WLEventLogon
"Logoff" = WLEventLogoff
"Startup" = WLEventStartup
"Shutdown" = WLEventShutdown
"StartScreenSaver" = WLEventStartScreenSaver
"StopScreenSaver" = WLEventStopScreenSaver
"Lock" = WLEventLock
"Unlock" = WLEventUnlock
"StartShell" = WLEventStartShell
"PostShell" = WLEventPostShell
"Disconnect" = WLEventDisconnect
"Reconnect" = WLEventReconnect
"Impersonate" = 1
"Asynchronous" = 0
"SafeMode" = 1
"MaxWait" = -1
"DllName" = WgaLogon.dll -- [2009/03/10 15:18:04 | 00,265,096 | ---- | M] (Microsoft Corporation)
"Event" = 4
"EulaAccepted" = 1
"InstallEvent" = 1.9.0040.0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
"" =
"Data" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName" = wlnotify.dll -- [2008/04/14 01:52:06 | 00,092,672 | ---- | M] (Microsoft Corporation)
"Logon" = RegisterTicketExpiredNotificationEvent
"Logoff" = UnregisterTicketExpiredNotificationEvent
"Impersonate" = 1
"Asynchronous" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
"HelpAssistant" = 0
"TsInternetUser" = 0
"SQLAgentCmdExec" = 0
"NetShowServices" = 0
"IWAM_" = 65536
"IUSR_" = 65536
"VUSR_" = 65536
< End of report >

Re: po prihlaseni do xp se hned sami odhlásí a chteji znovu prih

Napsal: 06 led 2010 11:35
od grubero
Díky moc už to běží
ale reset před logovací tabulkou byl zbusobenej smazáním winlogonx86.exe
nahrál jsem z jinýho kompu jenom winlogon.exe a je to v pohodě

Re: po prihlaseni do xp se hned sami odhlásí a chteji znovu prih

Napsal: 11 led 2010 15:22
od grubero
promiň nedostal jsem se dřív k tomu počítači tady posílám log

Logfile of random's system information tool 1.06 (written by random/random)
Run by pos at 2010-01-11 15:03:40
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 28 GB (73%) free of 38 GB
Total RAM: 501 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:04:02, on 11.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Outlook Express\msimn.exe
E:\RSIT.exe
C:\Program Files\trend micro\pos.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: DOS2USB.lnk = C:\Program Files\DOS2USB\DOS2USB.exe
O4 - Startup: Dosprint.lnk = C:\DosPrint\DOSPRINT.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://server/ConnectComputer/nshelp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3686495906
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = YvesRocher.local
O17 - HKLM\Software\..\Telephony: DomainName = YvesRocher.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = YvesRocher.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = YvesRocher.local
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 5418 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-16 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-16 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\WINDOWS\sttray.exe [2006-05-26 282624]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2006-10-06 98304]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-10-06 114688]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2006-10-06 94208]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2007-11-14 1410304]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-16 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\pos\Nabídka Start\Programy\Po spuštění
DOS2USB.lnk - C:\Program Files\DOS2USB\DOS2USB.exe
Dosprint.lnk - C:\DosPrint\DOSPRINT.EXE
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-10-06 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoWelcomeScreen"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\CNAB4RPK.EXE"="C:\WINDOWS\system32\CNAB4RPK.EXE:*:Enabled:Canon LBP2900 RPC Server Process"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:Program pro přenos souborů"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-01-11 15:03:43 ----D---- C:\Program Files\trend micro
2010-01-11 15:03:40 ----D---- C:\rsit
2010-01-06 12:03:44 ----D---- C:\_OTL
2010-01-06 07:11:27 ----A---- C:\WINDOWS\system32\winlogon.exe
2010-01-05 19:58:48 ----A---- C:\OTL.Txt
2010-01-05 15:50:55 ----D---- C:\OTLPE
2010-01-05 15:16:46 ----A---- C:\DDS.txt
2010-01-05 15:16:14 ----A---- C:\dds-bootcd.exe
2010-01-05 13:10:21 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-05 11:54:22 ----D---- C:\DosPrint
2010-01-05 11:14:56 ----D---- C:\pos_2

======List of files/folders modified in the last 1 months======

2010-01-11 15:03:47 ----D---- C:\WINDOWS\Prefetch
2010-01-11 15:03:46 ----D---- C:\WINDOWS\temp
2010-01-11 15:03:43 ----RD---- C:\Program Files
2010-01-11 15:03:18 ----D---- C:\POS
2010-01-11 11:06:48 ----D---- C:\Documents and Settings\pos\Data aplikací\OpenOffice.org2
2010-01-11 11:02:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-11 10:51:43 ----D---- C:\posta
2010-01-11 09:06:05 ----D---- C:\WINDOWS\security
2010-01-06 08:30:01 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-06 08:15:45 ----D---- C:\WINDOWS\system32
2010-01-05 15:23:12 ----SHD---- C:\RECYCLER
2010-01-05 13:10:21 ----D---- C:\WINDOWS
2010-01-05 13:02:46 ----D---- C:\Program Files\Common Files
2010-01-05 12:56:31 ----RSD---- C:\WINDOWS\Fonts
2010-01-05 11:24:49 ----A---- C:\WINDOWS\OEWABLog.txt
2010-01-05 11:13:18 ----HD---- C:\WINDOWS\inf
2009-12-14 15:27:12 ----SHD---- C:\WINDOWS\CSC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-11-14 27656]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-14 30728]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-11-14 33800]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2006-03-02 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2006-03-02 55936]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-01-12 163328]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-10-06 1181824]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-05-26 1177032]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-12-03 41728]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver; C:\WINDOWS\system32\DRIVERS\silabenm.sys [2007-11-02 17920]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver; C:\WINDOWS\system32\DRIVERS\silabser.sys [2007-11-02 61440]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-11-14 455936]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-16 152984]
R2 STacSV;SigmaTel Audio Service; C:\WINDOWS\system32\STacSV.exe [2006-05-26 86016]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2006-05-12 439248]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2007-11-14 18176]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz