Prosím o kontrolu logu
Napsal: 10 led 2010 17:05
Prosím o kontrolu logu
Logfile of random's system information tool 1.06 (written by random/random)
Run by uzivatel at 2010-01-10 17:02:22
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 32 GB (83%) free of 38 GB
Total RAM: 639 MB (72% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:28, on 10.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\uzivatel\Plocha\RSIT.exe
C:\Program Files\trend micro\uzivatel.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{74E40EF2-CDA0-4F22-8E7F-F0DDC462DFD7}: NameServer = 10.255.255.10,10.255.255.20
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 2700 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-01-10 17:02:22 ----D---- C:\rsit
2010-01-10 17:02:22 ----D---- C:\Program Files\trend micro
2010-01-10 16:38:45 ----D---- C:\Program Files\TrendMicro
2010-01-10 16:24:11 ----A---- C:\WINDOWS\system32\nvudisp.exe
2010-01-10 16:23:51 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2010-01-10 15:03:39 ----D---- C:\WINDOWS\nview
2010-01-10 14:52:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\NVIDIA
2010-01-10 14:45:46 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-10 12:52:37 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\Macromedia
2010-01-10 12:18:52 ----SHD---- C:\RECYCLER
2010-01-10 12:00:52 ----D---- C:\NVIDIA
2010-01-10 11:55:50 ----D---- C:\Program Files\Lavalys
======List of files/folders modified in the last 1 months======
2010-01-10 17:02:22 ----RD---- C:\Program Files
2010-01-10 16:38:47 ----SHD---- C:\WINDOWS\Installer
2010-01-10 16:38:47 ----SD---- C:\Documents and Settings\uzivatel\Data aplikací\Microsoft
2010-01-10 16:26:02 ----D---- C:\WINDOWS\Temp
2010-01-10 16:26:01 ----D---- C:\WINDOWS
2010-01-10 16:25:41 ----D---- C:\WINDOWS\system32
2010-01-10 16:25:41 ----D---- C:\WINDOWS\Help
2010-01-10 16:25:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-10 16:24:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-10 16:23:59 ----HD---- C:\WINDOWS\inf
2010-01-10 16:23:59 ----D---- C:\WINDOWS\system32\drivers
2010-01-10 16:23:59 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-10 16:23:59 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-10 13:33:08 ----D---- C:\Program Files\Common Files\InstallShield
2010-01-10 13:06:32 ----D---- C:\WINDOWS\system32\config
2010-01-10 13:06:19 ----D---- C:\WINDOWS\system32\wbem
2010-01-10 13:06:18 ----D---- C:\WINDOWS\Registration
2010-01-10 13:06:08 ----D---- C:\Program Files\ahead
2010-01-10 13:05:36 ----D---- C:\WINDOWS\system32\Restore
2010-01-10 11:29:15 ----A---- C:\WINDOWS\system.ini
2010-01-07 09:46:36 ----D---- C:\WINDOWS\Prefetch
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 VIAPFD;VIAPFD; C:\WINDOWS\System32\Drivers\VIAPFD.SYS [2001-12-18 3279]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudio.sys [2002-07-24 59264]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by uzivatel at 2010-01-10 17:02:22
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 32 GB (83%) free of 38 GB
Total RAM: 639 MB (72% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:28, on 10.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\uzivatel\Plocha\RSIT.exe
C:\Program Files\trend micro\uzivatel.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{74E40EF2-CDA0-4F22-8E7F-F0DDC462DFD7}: NameServer = 10.255.255.10,10.255.255.20
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 2700 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-01-10 17:02:22 ----D---- C:\rsit
2010-01-10 17:02:22 ----D---- C:\Program Files\trend micro
2010-01-10 16:38:45 ----D---- C:\Program Files\TrendMicro
2010-01-10 16:24:11 ----A---- C:\WINDOWS\system32\nvudisp.exe
2010-01-10 16:23:51 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2010-01-10 15:03:39 ----D---- C:\WINDOWS\nview
2010-01-10 14:52:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\NVIDIA
2010-01-10 14:45:46 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-10 12:52:37 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\Macromedia
2010-01-10 12:18:52 ----SHD---- C:\RECYCLER
2010-01-10 12:00:52 ----D---- C:\NVIDIA
2010-01-10 11:55:50 ----D---- C:\Program Files\Lavalys
======List of files/folders modified in the last 1 months======
2010-01-10 17:02:22 ----RD---- C:\Program Files
2010-01-10 16:38:47 ----SHD---- C:\WINDOWS\Installer
2010-01-10 16:38:47 ----SD---- C:\Documents and Settings\uzivatel\Data aplikací\Microsoft
2010-01-10 16:26:02 ----D---- C:\WINDOWS\Temp
2010-01-10 16:26:01 ----D---- C:\WINDOWS
2010-01-10 16:25:41 ----D---- C:\WINDOWS\system32
2010-01-10 16:25:41 ----D---- C:\WINDOWS\Help
2010-01-10 16:25:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-10 16:24:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-10 16:23:59 ----HD---- C:\WINDOWS\inf
2010-01-10 16:23:59 ----D---- C:\WINDOWS\system32\drivers
2010-01-10 16:23:59 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-10 16:23:59 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-10 13:33:08 ----D---- C:\Program Files\Common Files\InstallShield
2010-01-10 13:06:32 ----D---- C:\WINDOWS\system32\config
2010-01-10 13:06:19 ----D---- C:\WINDOWS\system32\wbem
2010-01-10 13:06:18 ----D---- C:\WINDOWS\Registration
2010-01-10 13:06:08 ----D---- C:\Program Files\ahead
2010-01-10 13:05:36 ----D---- C:\WINDOWS\system32\Restore
2010-01-10 11:29:15 ----A---- C:\WINDOWS\system.ini
2010-01-07 09:46:36 ----D---- C:\WINDOWS\Prefetch
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 VIAPFD;VIAPFD; C:\WINDOWS\System32\Drivers\VIAPFD.SYS [2001-12-18 3279]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudio.sys [2002-07-24 59264]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
-----------------EOF-----------------