VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Neustále vyskakuje okno Symantec Email Proxy

https://forum.viry.cz:443/viewtopic.php?t=99604

Stránka 1 z 1

Neustále vyskakuje okno Symantec Email Proxy

Napsal: 01 dub 2010 20:36
od karelv
Dobrý večer,
Chtěl bych poprosit o kontrolu logu, neustále vyskakuje okno Symantec Email Proxy - s textem Your email message was unable to be sent because your mail server rejected the message: 550 5.7.0 spam rejected.

vypis logu RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Name at 2010-04-01 21:24:32
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 27 GB (47%) free of 57 GB
Total RAM: 2038 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24:40, on 1.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\CA\SC\CAM\bin\cam.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\Program Files\CA\DSM\bin\caf.exe
C:\Program Files\CA\DSM\Bin\cfsmsmd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CA\DSM\bin\cfSysTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\CA\DSM\Bin\ccnfagent.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe
C:\Program Files\Java\jre1.6.0_04\launch4j-tmp\frd.exe
C:\Program Files\CA\DSM\Bin\ccsmagtd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\CA\DSM\Bin\rcHost.exe
C:\Program Files\CA\DSM\Bin\amswmagt.exe
C:\Program Files\CA\DSM\PMAgent\capmuamagt.exe
C:\Program Files\CA\DSM\Bin\cfftplugin.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Spyware Terminator\Spywareterminator.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\SALAMAND.EXE
C:\Documents and Settings\vk\Dokumenty\FreeRapid-0.82\download\RSIT.exe
C:\Hijacker\vk.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.cz
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intranet.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data

aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {93935F7F-9C88-42F8-8445-95251D27FABC} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [systray] C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [CAF_SystemTray] "C:\Program Files\CA\DSM\bin\cfSysTray.exe"
O4 - HKLM\..\Run: [DsmSxplog] "C:\Program Files\CA\DSM\Bin\sxpstub.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O14 - IERESET.INF: START_PAGE_URL=http://intranet.cz
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6087.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0799145406
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = data.corp
O17 - HKLM\Software\..\Telephony: DomainName = data.corp
O17 - HKLM\System\CCS\Services\Tcpip\..\{A17C31DD-9FD8-46DD-9598-573F515E9F03}: Domain = data.corp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = data.corp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = data.corp,sme.cz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = data.corp
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = data.corp,sme.cz
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = data.corp,sme.cz
O20 - Winlogon Notify: CAF - C:\Program Files\CA\DSM\Bin\cfwlogon.dll
O20 - Winlogon Notify: rcHostExt - C:\Program Files\CA\DSM\Bin\rcLoginExt.dll
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: CA Message Queuing Server (CA-MessageQueuing) - CA, Inc. - C:\Program Files\CA\SC\CAM\bin\cam.exe
O23 - Service: CA DSM r11 Common Application Framework. (caf) - CA - C:\Program Files\CA\DSM\bin\caf.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10750 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3342999723-3294208692-3402442069-16297.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3342999723-3294208692-3402442069-16297.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

[2010-03-03 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93935F7F-9C88-42F8-8445-95251D27FABC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-03-30 138008]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-03-30 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-03-30 138008]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]
"systray"=C:\Program Files\Dell\Dell Mobile Broadband\systray.exe [2007-06-23 331851]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-03-16 1392640]
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2004-08-17 143872]
"CAF_SystemTray"=C:\Program Files\CA\DSM\bin\cfSysTray.exe [2008-07-04 124168]
"DsmSxplog"=C:\Program Files\CA\DSM\Bin\sxpstub.exe [2008-07-04 24328]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-08-14 115560]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"IntelZeroConfig"=C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [2009-05-21 1372160]
"IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2009-05-21 1202448]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-03-03 202256]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
""= []
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-04-01 3037696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2009-11-25 95632]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk -

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CAF]
C:\Program Files\CA\DSM\Bin\cfwlogon.dll [2008-07-04 27400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-03-30 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rcHostExt]
C:\Program Files\CA\DSM\Bin\rcLoginExt.dll [2008-07-04 11528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoColorChoice"=1
"NoVisualStyleChoice"=1
"SetVisualStyle"=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=0
"disablecad"=0
"HideStartupScripts"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMHelp"=1
"NoStartMenuNetworkPlaces"=1
"Intellimenus"=1
"NoSimpleStartMenu"=1
"NoSMBalloonTip"=1
"NoDesktopCleanupWizard"=1
"DisablePersonalDirChange"=1
"ForceClassicControlPanel"=1
"NoThemesTab"=1
"NoWelcomeScreen"=1
"NoPublishingWizard"=1
"NoWebServices"=1
"NoOnlinePrintsWizard"=1
"NoActiveDesktop"=1
"NoWindowsUpdate"=1
"ForceStartMenuLogOff"=1
"NoStartMenuPinnedList"=1
"NoStartMenuMFUprogramsList"=1
"NoSMConfigurePrograms"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveTypeAutoRun"=
"NoWelcomeScreen"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Acronis\LicenseServer\LicenseServerConsole.exe"="C:\Program Files\Acronis\LicenseServer\LicenseServerConsole.exe:*:Enabled:LicenseServerConsole"
"C:\Program Files\Acronis\TrueImageEchoWorkstation\TrueImage.exe"="C:\Program Files\Acronis\TrueImageEchoWorkstation\TrueImage.exe:*:Enabled:Acronis True Image"
"C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\SAP\FrontEnd\SAPgui\saplgpad.exe"="C:\Program Files\SAP\FrontEnd\SAPgui\saplgpad.exe:*:Enabled:SAP Logon Pad for Windows"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:HP Network Device Rediscovery Service"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Programy\md93\WMDisp2.exe"="C:\Programy\md93\WMDisp2.exe:*:Enabled:Zobrazovač systému Mikrodispečink"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service

Layer Host Process "
"C:\Documents and Settings\vk\Dokumenty\miranda-im-v0.6.8-unicode\miranda32.exe"="C:\Documents and

Settings\vk\Dokumenty\miranda-im-v0.6.8-unicode\miranda32.exe:*:Enabled:Miranda IM"
"C:\Documents and Settings\vk\Dokumenty\miranda-im-v0.5.0.0pr2-unicode\miranda32.exe"="C:\Documents and

Settings\vk\Dokumenty\miranda-im-v0.5.0.0pr2-unicode\miranda32.exe:*:Enabled:Miranda IM"
"C:\Documents and Settings\vk\Dokumenty\AAA\miranda-im-v0[1].8.4-unicode\miranda32.exe"="C:\Documents and

Settings\vk\Dokumenty\AAA\miranda-im-v0[1].8.4-unicode\miranda32.exe:*:Enabled:Miranda IM"
"C:\Documents and Settings\vk\Dokumenty\miranda-im-v0[1].8.4-unicode\miranda32.exe"="C:\Documents and Settings\vk
\Dokumenty\miranda-im-v0[1].8.4-unicode\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Java\jre1.6.0_04\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_04\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre1.6.0_04\bin\java.exe"="C:\Program Files\Java\jre1.6.0_04\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe"="C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Servis\8500\OJP8500vA909_Full_12\setup\hpznui01.exe"="C:\Servis\8500\OJP8500vA909_Full_12\setup\hpznui01.exe:*:Enabled:hpznui01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe"
"C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe"
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe"="C:\Program Files\HP\Digital Imaging\Smart Web

Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\SAP\FrontEnd\SAPgui\saplgpad.exe"="C:\Program Files\SAP\FrontEnd\SAPgui\saplgpad.exe:*:Enabled:SAP Logon Pad for Windows"
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe"="C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service"
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE"="C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service"
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email"
"C:\Servis\HP_OJ_6310\setup\HPZnet01.exe"="C:\Servis\HP_OJ_6310\setup\HPZnet01.exe:*:Enabled:hpznet01.exe"
"C:\Servis\HP_OJ_6310\setup\hponicifs01.exe"="C:\Servis\HP_OJ_6310\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Servis\8500\OJP8500vA909_Full_12\setup\hpznui01.exe"="C:\Servis\8500\OJP8500vA909_Full_12\setup\hpznui01.exe:*:Enabled:hpznui01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe"
"C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe"
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe"="C:\Program Files\HP\Digital Imaging\Smart Web

Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"

======List of files/folders created in the last 1 months======

2010-04-01 21:24:32 ----D---- C:\rsit
2010-04-01 20:42:48 ----D---- C:\Program Files\Ultimate Process Manager
2010-04-01 20:39:59 ----D---- C:\Documents and Settings\vk\Data aplikací\Spyware Terminator
2010-04-01 20:39:52 ----D---- C:\Program Files\Spyware Terminator
2010-04-01 20:39:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-03-31 15:50:50 ----D---- C:\Hijacker
2010-03-31 06:48:38 ----D---- C:\Program Files\PC Connectivity Solution
2010-03-31 06:48:14 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2010-03-31 06:48:13 ----A---- C:\WINDOWS\system32\wdfcoinstaller01007.dll
2010-03-30 06:27:53 ----HDC---- C:\WINDOWS\$NtUninstallKB977165-v2$
2010-03-30 06:25:46 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-23 13:50:10 ----A---- C:\WINDOWS\hpqEmlSz.INI
2010-03-22 18:44:16 ----A---- C:\WINDOWS\system32\MSPGIMME.DLL
2010-03-22 18:44:16 ----A---- C:\WINDOWS\system32\MSPCORE.DLL
2010-03-22 18:44:16 ----A---- C:\WINDOWS\system32\MDIVWCTL.DLL
2010-03-22 18:44:16 ----A---- C:\WINDOWS\system32\ijl11.dll
2010-03-22 09:11:09 ----D---- C:\Documents and Settings\vk\Data aplikací\HPAppData
2010-03-22 08:48:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\WEBREG
2010-03-22 08:46:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\HP Product Assistant
2010-03-22 08:44:20 ----D---- C:\WINDOWS\hpojp8500a909
2010-03-22 08:43:22 ----A---- C:\WINDOWS\system32\hpf3l082.dll
2010-03-22 08:41:51 ----D---- C:\Program Files\Common Files\HP
2010-03-22 08:41:50 ----D---- C:\Program Files\Hewlett-Packard
2010-03-22 08:41:09 ----A---- C:\WINDOWS\system32\hpwwiax5.dll
2010-03-22 08:41:09 ----A---- C:\WINDOWS\system32\hpwtiop4.dll
2010-03-22 08:41:09 ----A---- C:\WINDOWS\system32\hppldcoi.dll
2010-03-22 08:41:09 ----A---- C:\WINDOWS\system32\hpovst11.dll
2010-03-16 09:19:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-03-16 09:17:51 ----RHD---- C:\MSOCache
2010-03-12 22:52:08 ----D---- C:\Program Files\Microsoft Research
2010-03-09 07:28:53 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-03-09 07:28:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-03-09 07:28:13 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-03-09 07:28:04 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-03-09 07:27:53 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-03-09 07:27:40 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-03-09 07:26:46 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-03-03 22:51:26 ----D---- C:\Program Files\Common Files\xing shared
2010-03-02 19:37:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\TEMP

======List of files/folders modified in the last 1 months======

2010-04-01 21:24:40 ----D---- C:\WINDOWS\Prefetch
2010-04-01 21:24:39 ----D---- C:\WINDOWS\Temp
2010-04-01 20:43:35 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-01 20:42:48 ----RD---- C:\Program Files
2010-04-01 20:40:03 ----D---- C:\WINDOWS\system32\drivers
2010-04-01 20:28:36 ----SD---- C:\WINDOWS\Tasks
2010-04-01 20:26:20 ----D---- C:\WINDOWS\system32
2010-04-01 20:26:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-01 20:21:50 ----D---- C:\WINDOWS
2010-04-01 20:20:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-01 19:18:59 ----SHD---- C:\WINDOWS\CSC
2010-04-01 07:56:08 ----D---- C:\WINDOWS\security
2010-03-31 15:52:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\OviInstallerCache
2010-03-31 15:52:16 ----SHD---- C:\WINDOWS\Installer
2010-03-31 15:52:16 ----HD---- C:\Config.Msi
2010-03-31 15:50:01 ----D---- C:\Program Files\Common Files\Nokia
2010-03-31 14:59:29 ----HD---- C:\WINDOWS\inf
2010-03-31 07:04:51 ----D---- C:\Documents and Settings\vk\Data aplikací\Nokia
2010-03-31 07:04:46 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-31 06:49:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\Installations
2010-03-31 06:48:51 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-03-31 06:48:08 ----D---- C:\Program Files\Nokia
2010-03-30 17:08:32 ----D---- C:\Program Files\Windows Live Safety Center
2010-03-30 16:24:17 ----D---- C:\Documents and Settings\vk\Data aplikací\vlc
2010-03-30 13:16:14 ----D---- C:\WINDOWS\WinSxS
2010-03-30 11:56:59 ----SD---- C:\Documents and Settings\vk\Data aplikací\Microsoft
2010-03-30 07:09:32 ----D---- C:\WINDOWS\system32\wbem
2010-03-30 06:27:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-30 06:27:47 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-30 06:27:23 ----A---- C:\WINDOWS\win.ini
2010-03-30 06:26:02 ----A---- C:\WINDOWS\imsins.BAK
2010-03-30 06:25:50 ----D---- C:\Program Files\Movie Maker
2010-03-26 21:06:53 ----D---- C:\Program Files\Mozilla Firefox
2010-03-26 15:23:43 ----D---- C:\WINDOWS\system32\LogFiles
2010-03-25 13:09:46 ----AOT---- C:\WINDOWS\saplogon.ini
2010-03-23 13:49:22 ----D---- C:\TEMP
2010-03-23 11:45:12 ----D---- C:\Documents and Settings\vk\Data aplikací\foobar2000
2010-03-22 18:20:40 ----A---- C:\WINDOWS\IE4 Error Log.txt
2010-03-22 16:56:10 ----D---- C:\Program Files\foobar2000
2010-03-22 14:34:48 ----D---- C:\Documents and Settings\vk\Data aplikací\dvdcss
2010-03-22 08:47:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\HP
2010-03-22 08:46:31 ----D---- C:\Program Files\HP
2010-03-22 08:43:21 ----D---- C:\WINDOWS\twain_32
2010-03-22 08:41:51 ----D---- C:\Program Files\Common Files
2010-03-22 08:35:39 ----D---- C:\Servis
2010-03-16 09:39:49 ----A---- C:\WINDOWS\ODBC.INI
2010-03-16 09:33:24 ----RSD---- C:\WINDOWS\assembly
2010-03-16 09:33:17 ----D---- C:\WINDOWS\system32\config
2010-03-16 09:33:08 ----D---- C:\Program Files\Microsoft Works
2010-03-16 09:32:52 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-03-16 09:32:45 ----RSD---- C:\WINDOWS\Fonts
2010-03-16 09:20:06 ----D---- C:\WINDOWS\SHELLNEW
2010-03-16 08:44:19 ----D---- C:\WINDOWS\ČEZ screensaver Uninstaller
2010-03-16 08:44:02 ----AC---- C:\WINDOWS\OEWABLog.txt
2010-03-16 08:43:48 ----D---- C:\Documents and Settings
2010-03-09 18:19:43 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-09 11:50:49 ----D---- C:\KD
2010-03-03 22:54:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Real
2010-03-03 22:52:47 ----D---- C:\Documents and Settings\vk\Data aplikací\Real
2010-03-03 22:51:50 ----D---- C:\Program Files\Common Files\Real
2010-03-03 22:51:46 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2010-03-03 22:51:39 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-03-03 22:51:39 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-03-03 22:51:36 ----D---- C:\Program Files\Real
2010-03-03 22:50:58 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-03-02 19:52:14 ----D---- C:\Program Files\SourceTec

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 eusk2par;EUTRON SmartKey Parallel Driver; \??\C:\WINDOWS\system32\Drivers\eusk2par.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-10-13 279600]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-10-13 43824]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-08-21 191536]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R1 WPS;WPS; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 BASFND;BASFND; \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2008-08-13 11904]
R2 UIUSysq;UIUSysq; \??\C:\WINDOWS\System32\DRIVERS\UIUSysq.sys []
R2 WGX;Extend WG Protocol Driver; C:\WINDOWS\System32\Drivers\WGX.SYS [2008-12-08 38056]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-26 142720]
R3 BthEnum;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024]
R3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-04 38016]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-04 100992]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-12-23 68696]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-03-30 5704672]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100401.002\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100401.002\NAVEX15.SYS []
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2009-05-28 4203392]
R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-06-01 178176]
R3 rcSmCard;rcSmCard; C:\WINDOWS\system32\DRIVERS\rcSmCard.sys [2008-07-04 26128]
R3 rcVidCap;rcVidCap; C:\WINDOWS\system32\DRIVERS\rcVidMpt.sys [2008-07-04 9872]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-08-21 27696]
R3 Teefer2;Teefer2 Miniport; C:\WINDOWS\system32\DRIVERS\teefer2.sys [2008-10-14 49536]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS []
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-01-21 18048]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-12-30 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-12-30 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-12-30 8320]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2007-05-30 27072]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-01-30 47360]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-10-13 319664]
S3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-12-30 7936]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-12-30 7936]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpsHelper;WpsHelper; \??\C:\WINDOWS\system32\drivers\WpsHelper.sys []
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-17 73344]
S4 SysPlant;SysPlant for NT; C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys [2008-12-08 92488]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASFIPmon;Broadcom ASF IP Monitor; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2005-10-18 61440]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 caf;CA DSM r11 Common Application Framework.; C:\Program Files\CA\DSM\bin\caf.exe [2008-07-04 193800]
R2 CA-MessageQueuing;CA Message Queuing Server; C:\Program Files\CA\SC\CAM\bin\cam.exe [2006-12-12 147456]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-08-14 108392]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-08-14 108392]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-05-21 874768]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-05-21 473360]
R2 S24EventMonitor;Intel(R) PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2009-05-21 909312]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-04-01 488960]
R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2008-12-08 2440120]
R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [2009-05-21 348160]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-03-16 20480]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 SmcService;Symantec Management Client; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [2008-12-08 1795400]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2008-06-30 3093872]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]
S3 SNAC;Symantec Network Access Control; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [2008-12-08 320840]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 Autodata Limited License Service;Autodata Limited License Service; C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [2010-02-23 68608]
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe []

-----------------EOF-----------------

Re: Neustále vyskakuje okno Symantec Email Proxy

Napsal: 01 dub 2010 21:21
od Roli
Zdravím, doinstaluj Service Pack 3

V HJT fixni :

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

HJT najdeš zde :

C:\Hijacker\volnykar.exe

Fix znamená že spustíš HJT Obrázek

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

Čištění registru je třeba několikrát zopakovat !


Nakonec použij Mbam z mého podpisu.

Re: Neustále vyskakuje okno Symantec Email Proxy

Napsal: 02 dub 2010 15:18
od karelv
tak tady je vypis z Mbam:
(to okno vyskakuje, i když jsem pustil Symantec Norton)

ComboFix 10-04-01.02 - volnykar 02.04.2010 15:37:14.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2038.1355 [GMT 2:00]
Spuštěný z: c:\documents and settings\vk\Dokumenty\FreeRapid-0.82\download\Malware\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\S-1-5-21-2709034636-2289793265-702513507-1003
c:\recycler\S-1-5-21-776561741-838170752-725345543-1003
c:\windows\AppPatch\AcAdProc.dll
c:\windows\system32\ieuinit.inf
c:\windows\system32\Ijl11.dll

----- BITS: Možné infikované stránky -----

hxxp://sucz7ovr01.data.corp
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-02 do 2010-04-02 )))))))))))))))))))))))))))))))
.

2010-04-01 20:42 . 2010-04-01 20:42 -------- d-----w- c:\program files\CCleaner
2010-04-01 19:24 . 2010-04-01 20:52 -------- d-----w- C:\rsit
2010-04-01 18:42 . 2010-04-01 18:47 -------- d-----w- c:\program files\Ultimate Process Manager
2010-03-31 13:50 . 2010-04-01 20:42 -------- d-----w- C:\Hijacker
2010-03-31 04:48 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-03-31 04:48 . 2010-03-31 04:48 -------- d-----w- c:\program files\PC Connectivity Solution
2010-03-31 04:48 . 2009-12-30 09:25 8320 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2010-03-31 04:48 . 2009-12-30 09:30 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-03-31 04:48 . 2009-12-30 09:30 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-03-31 04:48 . 2009-12-30 09:25 137344 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2010-03-31 04:48 . 2009-12-30 09:30 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-03-31 04:48 . 2010-01-21 12:53 18048 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-03-31 04:48 . 2009-12-30 09:30 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-03-31 04:48 . 2009-10-06 09:55 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2010-03-30 14:24 . 2010-03-30 14:24 12192 ----a-w- c:\windows\system32\drivers\UIUSysq.sys
2010-03-26 11:14 . 2010-03-26 11:17 23736 ----a-w- c:\windows\hpqins15.dat
2010-03-22 16:44 . 2003-06-18 16:31 16384 ----a-w- c:\windows\system32\MSPGIMME.DLL
2010-03-22 16:44 . 2003-06-18 16:31 443904 ----a-w- c:\windows\system32\MDIVWCTL.DLL
2010-03-22 16:44 . 2003-06-18 16:31 1033216 ----a-w- c:\windows\system32\MSPCORE.DLL
2010-03-22 06:44 . 2010-03-22 06:44 -------- d-----w- c:\windows\hpojp8500a909
2010-03-22 06:43 . 2008-08-12 09:58 118272 ----a-w- c:\windows\system32\hpf3l082.dll
2010-03-22 06:43 . 2008-08-12 09:58 314880 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp082.dll
2010-03-22 06:41 . 2010-03-22 06:41 -------- d-----w- c:\program files\Common Files\HP
2010-03-22 06:41 . 2010-03-22 06:41 -------- d-----w- c:\program files\Hewlett-Packard
2010-03-22 06:41 . 2008-10-06 11:11 741376 ----a-w- c:\windows\system32\hpwwiax5.dll
2010-03-22 06:41 . 2008-10-06 11:11 966656 ----a-w- c:\windows\system32\hpwtiop4.dll
2010-03-22 06:41 . 2007-07-09 10:13 364544 ----a-w- c:\windows\system32\hppldcoi.dll
2010-03-22 06:41 . 2007-07-06 10:48 294912 ----a-w- c:\windows\system32\hpovst11.dll
2010-03-22 06:37 . 2010-03-23 11:52 214657 ----a-w- c:\windows\hpwins22.dat
2010-03-22 06:37 . 2008-10-25 01:40 2979 ------w- c:\windows\hpwmdl22.dat
2010-03-16 07:17 . 2010-03-16 07:17 -------- d-----r- C:\MSOCache
2010-03-16 06:42 . 2010-03-16 06:42 -------- d--h--r- c:\documents and settings\qrlesakmir\Data aplikací
2010-03-16 06:42 . 2010-03-16 06:42 -------- d-----r- c:\documents and settings\qrlesakmir\Oblíbené položky
2010-03-16 06:42 . 2010-03-16 06:42 -------- d-----r- c:\documents and settings\qrlesakmir\Dokumenty
2010-03-16 06:42 . 2009-04-03 08:54 -------- d--h--w- c:\documents and settings\qrlesakmir\Okolní tiskárny
2010-03-16 06:42 . 2009-04-03 08:54 -------- d--h--w- c:\documents and settings\qrlesakmir\Okolní síť
2010-03-16 06:42 . 2009-04-03 08:54 -------- d-----w- c:\documents and settings\qrlesakmir\Plocha
2010-03-16 06:42 . 2009-04-03 08:54 -------- d-----r- c:\documents and settings\qrlesakmir\Nabídka Start
2010-03-16 06:42 . 2009-04-03 07:03 -------- d--h--w- c:\documents and settings\qrlesakmir\Šablony
2010-03-16 06:42 . 2010-03-16 06:42 -------- d-----w- c:\documents and settings\qrlesakmir
2010-03-12 20:52 . 2010-03-12 20:52 -------- d-----w- c:\program files\Microsoft Research
2010-03-09 05:20 . 2009-11-27 17:35 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2010-03-09 05:20 . 2009-11-27 16:40 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2010-03-09 05:20 . 2009-11-27 16:40 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2010-03-03 20:51 . 2010-03-03 20:51 -------- d-----w- c:\program files\Common Files\xing shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-02 13:47 . 2002-09-23 10:00 74894 ----a-w- c:\windows\system32\perfc005.dat
2010-04-02 13:47 . 2002-09-23 10:00 401742 ----a-w- c:\windows\system32\perfh005.dat
2010-03-31 13:50 . 2009-11-13 13:35 -------- d-----w- c:\program files\Common Files\Nokia
2010-03-31 04:48 . 2009-07-14 16:45 -------- d-----w- c:\program files\Nokia
2010-03-30 15:08 . 2009-07-14 19:30 -------- d-----w- c:\program files\Windows Live Safety Center
2010-03-22 14:56 . 2009-08-03 18:36 -------- d-----w- c:\program files\foobar2000
2010-03-22 06:46 . 2009-07-21 06:29 -------- d-----w- c:\program files\HP
2010-03-16 07:33 . 2009-11-18 08:22 -------- d-----w- c:\program files\Microsoft Works
2010-03-03 20:51 . 2009-12-25 08:51 -------- d-----w- c:\program files\Common Files\Real
2010-03-03 20:51 . 2009-12-25 08:51 -------- d-----w- c:\program files\Real
2010-03-02 17:52 . 2010-02-20 16:58 -------- d-----w- c:\program files\SourceTec
2010-02-26 07:01 . 2009-11-19 16:23 -------- d-----w- c:\program files\Tracker Software
2010-02-25 12:08 . 2009-07-25 07:55 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-23 13:55 . 2010-02-23 13:55 -------- d-----w- c:\program files\Common Files\Autodata Limited Shared
2010-02-11 07:39 . 2010-01-05 06:24 -------- d-----w- c:\program files\application
2010-02-07 17:51 . 2010-02-07 17:51 -------- d--h--w- c:\program files\Zero G Registry
2010-01-30 11:54 . 2010-01-19 12:16 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-01-12 16:57 . 2008-06-19 21:12 162048 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2006-12-29 14:15 . 2009-11-18 09:40 3100672 ----a-w- c:\program files\Common Files\sapxlhelper.dll
2006-12-29 14:15 . 2009-11-18 09:40 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll
2006-12-29 14:15 . 2009-11-18 09:40 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll
2006-12-29 14:15 . 2009-11-18 09:40 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx
2006-12-07 09:26 . 2009-11-18 09:40 1129984 ----a-w- c:\program files\Common Files\SAPActiveXL.xlt
2006-12-07 09:26 . 2009-11-18 09:40 1124864 ----a-w- c:\program files\Common Files\SAPActiveXL_nosig.xlt
1998-05-24 12:26 . 2009-07-14 11:38 351232 ----a-w- c:\program files\SALAMAND.EXE
2009-07-27 20:26 . 2009-07-27 20:26 2 --shatr- c:\windows\winstart.bat
.

------- Sigcheck -------

[-] 2009-04-03 . 518144DD283CF02B6F07F2A1122C9C7A . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"systray"="c:\program files\Dell\Dell Mobile Broadband\systray.exe" [2007-06-23 331851]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-17 143872]
"CAF_SystemTray"="c:\program files\CA\DSM\bin\cfSysTray.exe" [2008-07-04 124168]
"DsmSxplog"="c:\program files\CA\DSM\Bin\sxpstub.exe" [2008-07-04 24328]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-14 115560]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-05-21 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-05-21 1202448]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoStartMenuNetworkPlaces"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoPublishingWizard"= 1 (0x1)
"NoWebServices"= 1 (0x1)
"NoOnlinePrintsWizard"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\CAF]
2008-07-04 09:02 27400 ----a-w- c:\program files\CA\DSM\bin\cfWlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rcHostExt]
2008-07-04 09:02 11528 ----a-w- c:\program files\CA\DSM\bin\rcLoginExt.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0DfSDKBt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2009-11-25 19:42 95632 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"=
"c:\\Program Files\\SAP\\FrontEnd\\SAPgui\\saplgpad.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Programy\\md93\\WMDisp2.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Documents and Settings\\vk\\Dokumenty\\miranda-im-v0[1].8.4-unicode\\miranda32.exe"=
"c:\\Program Files\\Java\\jre1.6.0_04\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.6.0_04\\bin\\java.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Servis\\8500\\OJP8500vA909_Full_12\\setup\\hpznui01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4104:UDP"= 4104:UDP:USD-SS-4104
"4725:UDP"= 4725:UDP:USD-SS-4725
"8222:TCP"= 8222:TCP:USD-SS-8222
"8230:TCP"= 8230:TCP:USD-SS-8230
"798:TCP"= 798:TCP:USD-RCO-798
"4728:TCP"= 4728:TCP:DSM-RC-4728

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [17.1.2010 20:37 30656]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [18.10.2005 17:11 61440]
R2 caf;CA DSM r11 Common Application Framework.;c:\program files\CA\DSM\bin\CAF.exe [4.7.2008 11:02 193800]
R2 UIUSysq;UIUSysq;c:\windows\system32\drivers\UIUSysq.sys [30.3.2010 16:24 12192]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [24.3.2010 17:29 102448]
R3 rcSmCard;rcSmCard;c:\windows\system32\drivers\rcSmCard.sys [4.7.2008 11:02 26128]
R3 rcVidCap;rcVidCap;c:\windows\system32\drivers\rcVidMpt.sys [4.7.2008 11:02 9872]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\coh_mon.sys [18.11.2008 18:17 23888]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [31.3.2010 6:48 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [31.3.2010 6:48 8320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'

2010-04-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3342999723-3294208692-3402442069-16297.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-04-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3342999723-3294208692-3402442069-16297.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://intranet.cz
uInternet Connection Wizard,ShellNext = hxxp://intranet.cz/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\vk\Data aplikací\Mozilla\Firefox\Profiles\bj9hxcc4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\vk\Data aplikací\Mozilla\Firefox\Profiles\bj9hxcc4.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\nsCatcher.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\program files\Microsoft Research\HD View\nphdview.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Notify-dimsntfy - (no file)
SafeBoot-Symantec Antvirus



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-02 15:44
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3342999723-3294208692-3402442069-16297\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1296)
c:\program files\CA\DSM\Bin\cfwlogon.dll
c:\program files\CA\DSM\Bin\rcLoginExt.dll
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'explorer.exe'(2064)
c:\windows\system32\netprovcredman.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\program files\CA\SC\CAM\bin\cam.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Intel\WiFi\bin\WLKeeper.exe
c:\program files\CA\DSM\Bin\cfsmsmd.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\CA\DSM\Bin\ccnfagent.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\CA\DSM\Bin\cfnotsrvd.exe
c:\program files\CA\DSM\Bin\ccsmagtd.exe
c:\program files\CA\DSM\Bin\rcHost.exe
c:\program files\CA\DSM\Bin\amswmagt.exe
c:\program files\CA\DSM\PMAgent\capmuamagt.exe
c:\program files\CA\DSM\Bin\cfftplugin.exe
.
**************************************************************************
.
Celkový čas: 2010-04-02 15:50:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-02 13:50

Před spuštěním: Volných bajtů: 28 470 771 712
Po spuštění: Volných bajtů: 29 609 345 024

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINNT="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - EC5B37D5704F10E635720FD92FFF830C

Re: Neustále vyskakuje okno Symantec Email Proxy

Napsal: 02 dub 2010 19:14
od Roli
Člověče tohle není Mbam ale trošku větší kalibr ComboFix, no už se stalo.

Než budeme pokračovat tohle :

c:\windows\system32\sfcfiles.dll

otestuj na VIRUSTOTAL

(po načtení stránky klikni na tlačítko Procházet, najdi cestu k výše zmíněnému souboru a klikni na tlačítko Odeslat soubor

trvá to okolo deseti minut pak mi sem zkopíruj link, to je ten řádek nahoře v prohlížeči)

Re: Neustále vyskakuje okno Symantec Email Proxy

Napsal: 03 dub 2010 13:00
od karelv
vysledný link http://www.virustotal.com/cs/reanalisis ... 1270295953
Roli píše:Člověče tohle není Mbam ale trošku větší kalibr ComboFix, no už se stalo.

Než budeme pokračovat tohle :

c:\windows\system32\sfcfiles.dll

otestuj na VIRUSTOTAL

(po načtení stránky klikni na tlačítko Procházet, najdi cestu k výše zmíněnému souboru a klikni na tlačítko Odeslat soubor

trvá to okolo deseti minut pak mi sem zkopíruj link, to je ten řádek nahoře v prohlížeči)

Re: Neustále vyskakuje okno Symantec Email Proxy

Napsal: 03 dub 2010 19:55
od Roli
Prosím tě nech Otestovat soubor znovu a dej mi sem správný link

Re: Neustále vyskakuje okno Symantec Email Proxy

Napsal: 03 dub 2010 20:56
od karelv
Myslel jsi stálý odkaz: http://www.virustotal.com/cs/analisis/5 ... 1249051347 ?

Re: Neustále vyskakuje okno Symantec Email Proxy

Napsal: 04 dub 2010 16:16
od karelv
Tady je opožděný protokol z Mbam :

Malwarebytes' Anti-Malware 1.45
http://www.malwarebytes.org

Verze databáze: 3930

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

4.4.2010 17:13:15
mbam-log-2010-04-04 (17-13-15).txt

Typ skenu: Rychlý sken
Skenované objekty: 157982
Uplynulý čas: 18 minuta(y), 24 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 1
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\WINDOWS\system32\drivers\UIUSysq.sys (Rootkit.Agent) -> No action taken.

VIRUSTOTAL: http://www.virustotal.com/cs/analisis/1 ... 1269184043

Re: Neustále vyskakuje okno Symantec Email Proxy

Napsal: 04 dub 2010 18:45
od Roli
To co Mbam našel nech smazat.

Potřebuji abys znovu otestoval :

c:\windows\system32\sfcfiles.dll

protože ten link cos mi na něj dal nebude ten tvůj když je datován :

Soubor sfcfiles.dll - přijatý 2009.07.31 14:42:27

a ten druhý link nevím vůbec co to je a kde jsi k tomu přišel.

Re: Neustále vyskakuje okno Symantec Email Proxy

Napsal: 04 dub 2010 19:31
od karelv
Třetí pokus: http://www.virustotal.com/cs/analisis/5 ... 1270405610
Po smazání infikovaného souboru: C:\WINDOWS\system32\drivers\UIUSysq.sys to vypadá že už je klid. :worship: :worship:

Re: Neustále vyskakuje okno Symantec Email Proxy

Napsal: 04 dub 2010 21:53
od Roli
Bezva i testovaný soubor je v pořádku, už jen přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Jinak nemáš zač.

Re: Neustále vyskakuje okno Symantec Email Proxy

Napsal: 05 dub 2010 11:23
od karelv
Ještě jednou moc děkují.

Re: Neustále vyskakuje okno Symantec Email Proxy

Napsal: 05 dub 2010 20:03
od Roli
Není zač :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz