Dobry den, PC bol zavireni asi cez USB kluc, kedze na nom nebol ziadni antivirus.
Po jeho nainstalovani odstranil toho dost, ale nie vsetko. Boli odstranene napr. userini.exe, vgdoqo.exe, C:\Documents and Settings\Admin\ctfmon.exe. Momentalne je PC odpojeny od internetu a to sa mu zjavne nepaci lebo stale vypisuje "Chyba pripojeni na siet internet".
Nejako je zablokovane aj Obnovenie systemu, ktore sa neda vypnut.
Za pomoc vopred dakujem.
Logfile of random's system information tool 1.07 (written by random/random)
Run by Admin at 2010-05-31 16:00:01
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 59 GB (40%) free of 149 GB
Total RAM: 2038 MB (74% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\Připomenutí registrace 2.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pre aplikáciu Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2006-02-02 110652]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Mouse Suite 98 Daemon"=C:\WINDOWS\system32\ICO.EXE [2005-04-13 49152]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2006-02-02 122940]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"LPManager"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2007-12-09 120096]
"AMSG"=C:\PROGRA~1\THINKV~1\AMSG\amsg.exe [2007-02-01 419376]
"DiskeeperSystray"=C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe [2006-05-18 196696]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-06-27 16875008]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-03-21 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-03-21 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-03-21 137752]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"WireLessKeyboard"=C:\Program Files\Keyboard Driver\StartAutorun.exe [2005-11-30 94208]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-02-26 2140880]
"tlactext"=C:\TOPSET\TEMP\tlactext.exe [2010-05-28 237622]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-03-17 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Konzola Microsoft Management Console"
"C:\Program Files\InterVideo\DVD6\WinDVD.exe"="C:\Program Files\InterVideo\DVD6\WinDVD.exe:*:Enabled:WinDVD"
"C:\SMOS\SMOS.EXE"="C:\SMOS\SMOS.EXE:*:Enabled:SMOS"
"C:\Program Files\KONICA MINOLTA\PageScope Network Setup\nstool.exe"="C:\Program Files\KONICA MINOLTA\PageScope Network Setup\nstool.exe:*:Enabled:PageScope Network Setup"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Disabled:Program pro přenos souborů"
"C:\SMOSRO\Smosro.exe"="C:\SMOSRO\Smosro.exe:*:Enabled:Smosro"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e845b4c-b7c6-11dd-bde6-001c25cba205}]
shell\AutoRun\command - F:\DRAGANA/pajic.exe
shell\open\command - F:\DRAGANA/pajic.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ffe0218-b4a5-11dd-bdca-001c25cba205}]
shell\AutoRun\command - calc.exe
======List of files/folders created in the last 1 months======
2010-05-31 14:42:44 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-05-28 12:52:34 ----D---- C:\rsit
2010-05-28 12:52:34 ----D---- C:\Program Files\trend micro
2010-05-28 12:51:39 ----D---- C:\Program Files\ToniArts
2010-05-27 18:40:58 ----D---- C:\Documents and Settings\Admin\Data aplikací\Malwarebytes
2010-05-27 18:40:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-05-27 18:40:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-27 17:56:54 ----A---- C:\WINDOWS\ntbtlog.txt
2010-05-27 12:14:29 ----D---- C:\WINDOWS\Minidump
2010-05-27 10:21:28 ----D---- C:\WINDOWS\pss
2010-05-27 10:14:03 ----D---- C:\Documents and Settings\Admin\Data aplikací\ESET
2010-05-27 10:12:37 ----D---- C:\Program Files\ESET
2010-05-27 10:12:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-05-26 16:50:18 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-05-12 16:49:11 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
======List of files/folders modified in the last 1 months======
2010-05-31 14:53:31 ----D---- C:\WINDOWS\Temp
2010-05-31 14:52:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-31 14:51:40 ----D---- C:\WINDOWS\Registration
2010-05-31 14:46:37 ----D---- C:\WINDOWS\Prefetch
2010-05-31 14:42:44 ----AD---- C:\WINDOWS\system32
2010-05-31 13:34:48 ----D---- C:\WINDOWS\system32\drivers
2010-05-31 13:34:48 ----D---- C:\WINDOWS\pchealth
2010-05-31 07:58:11 ----D---- C:\SWSHARE
2010-05-28 13:14:35 ----D---- C:\WINDOWS\system32\wbem
2010-05-28 13:13:48 ----D---- C:\Program Files\BOINC
2010-05-28 12:52:34 ----RD---- C:\Program Files
2010-05-28 12:51:39 ----HD---- C:\Program Files\InstallShield Installation Information
2010-05-28 07:58:08 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-05-27 19:03:58 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-05-27 18:13:33 ----RASH---- C:\boot.ini
2010-05-27 18:13:33 ----A---- C:\WINDOWS\win.ini
2010-05-27 18:13:33 ----A---- C:\WINDOWS\system.ini
2010-05-27 17:56:54 ----D---- C:\WINDOWS
2010-05-27 14:15:06 ----ASHD---- C:\WINDOWS\system32\dllcache
2010-05-27 14:15:02 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-27 10:13:51 ----SHD---- C:\WINDOWS\Installer
2010-05-27 10:13:48 ----SHD---- C:\Config.Msi
2010-05-27 10:13:37 ----HD---- C:\WINDOWS\inf
2010-05-26 12:31:23 ----A---- C:\WINDOWS\explorer.exe
2010-05-26 12:30:29 ----RSHD---- C:\RECYCLER
2010-05-25 10:48:25 ----D---- C:\Program Files\Mozilla Firefox
2010-05-19 07:55:40 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-18 14:08:29 ----D---- C:\WINDOWS\system32\config
2010-05-12 16:49:16 ----A---- C:\WINDOWS\imsins.BAK
2010-05-12 16:49:13 ----D---- C:\Program Files\Outlook Express
2010-05-12 07:47:34 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-07 10:16:01 ----D---- C:\TEMP
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-02-26 114984]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-02-26 55232]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 VBoxDrv;VirtualBox Service; C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-10-23 96016]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-10-23 41744]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-02-02 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-02-02 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-02-02 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-02-02 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-02-02 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-02-02 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-02-02 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-11-18 40544]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-02-26 139192]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-02-26 134488]
R2 MLPTDR_J;MLPTDR_J; \??\C:\WINDOWS\system32\MLPTDR_J.sys []
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 tvtfilter;tvtfilter; C:\WINDOWS\system32\DRIVERS\tvtfilter.sys [2008-09-23 33536]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-02-26 32584]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-03-17 5955872]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-06-27 4742656]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-05-22 21376]
R3 TVTI2C;Lenovo SM bus driver; C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2007-05-22 30336]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-06-27 289024]
S1 AtapiDrv;AtapiDrv; C:\WINDOWS\system32\drivers\AtapiDrv.sys []
S3 ac97intc;Služba instalace zvukového ovladače Intel(r) (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-10-24 117760]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 pelmouse;Mouse Suite Driver; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 16384]
S3 pelusblf;USB Mouse Low Filter Driver; C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2003-02-11 9216]
S3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 TVTPktFilter;TVT Packet Filter Service; C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2005-10-11 874240]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2006-05-23 622700]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-02-26 810120]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-09 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2008-10-20 28672]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-08-03 644408]
R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-07-11 569344]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2007-07-11 950272]
R2 TVT Scheduler;TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]
R2 tvtnetwk;tvtnetwk; C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe [2007-07-11 45056]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-02-26 33560]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\hpzipm12.exe [2003-10-22 65536]
S3 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
PC vytvara autorun na USB kluci, pokusa sa stahovat viry
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: PC vytvara autorun na USB kluci, pokusa sa stahovat viry
Hezké odpoledne 
Na disku F (asi fleška ) máte vir. Pokud budete combofix přenášet přes tuto flešku, je možné že si napadnete i ten druhý počítač. Zformátujte ji, pokud můžete. Nebo počítač na stažení combofixu připojte do sítě, ale pak ho zase odpojte
Zapojte do pc všechny usb klíče, flashky...co používáte
Zazálohujte si důležitá data, pro jistotu
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem
Na disku F (asi fleška ) máte vir. Pokud budete combofix přenášet přes tuto flešku, je možné že si napadnete i ten druhý počítač. Zformátujte ji, pokud můžete. Nebo počítač na stažení combofixu připojte do sítě, ale pak ho zase odpojte
Zapojte do pc všechny usb klíče, flashky...co používáte Zazálohujte si důležitá data, pro jistotu Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe - ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: PC vytvara autorun na USB kluci, pokusa sa stahovat viry
Vypisalo ze nie je nainstalovany Microsoft Windows Recovery Console a chce ho stiahnut, ale ja mam stale vypnuty internet. Mam ho zapojit?
Re: PC vytvara autorun na USB kluci, pokusa sa stahovat viry
A este ak teraz zapojim internet a je vypnuty antivirus, hned sa pokusi stiahnut win32/kryptik.eim a win32/kryptik.eon, ktore NOD32 predtym blokoval.
Re: PC vytvara autorun na USB kluci, pokusa sa stahovat viry
Recovery conzoli nestahujte, nechejte vypnutý internet.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: PC vytvara autorun na USB kluci, pokusa sa stahovat viry
Tak tu je vysledok ComboFixu
ComboFix 10-05-30.09 - Admin . 05. 2010 18:28:12.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.2038.1489 [GMT 2:00]
Running from: c:\documents and settings\Admin\Plocha\ComboFix.exe
AV: ESET Smart Security 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\mail.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\grpconv.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\grpconv.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_AtapiDrv
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-31 )))))))))))))))))))))))))))))))
.
2010-05-31 16:31 . 2008-04-14 03:22 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-05-31 16:31 . 2008-04-14 03:22 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe
2010-05-31 12:42 . 2010-05-31 12:42 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-05-28 10:52 . 2010-05-28 10:52 -------- d-----w- C:\rsit
2010-05-28 10:52 . 2010-05-28 10:52 -------- d-----w- c:\program files\trend micro
2010-05-28 10:51 . 2010-05-28 10:51 -------- d-----w- c:\program files\ToniArts
2010-05-27 16:40 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-27 16:40 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-27 16:40 . 2010-05-27 16:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-27 08:12 . 2010-05-27 08:12 -------- d-----w- c:\program files\ESET
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-28 11:13 . 2008-12-12 13:36 -------- d-----w- c:\program files\BOINC
2010-05-28 10:51 . 2008-09-23 04:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-26 10:31 . 2008-09-23 12:10 1034240 ----a-w- c:\windows\explorer.exe
2010-05-19 05:55 . 2008-09-23 12:09 83702 ----a-w- c:\windows\system32\perfc005.dat
2010-05-19 05:55 . 2008-09-23 12:09 440928 ----a-w- c:\windows\system32\perfh005.dat
2010-04-07 10:45 . 2008-09-23 04:04 -------- d-----w- c:\program files\Common Files\Java
2010-04-07 10:44 . 2008-09-23 04:04 -------- d-----w- c:\program files\Java
2010-03-11 12:36 . 2008-09-23 12:10 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:36 . 2008-09-23 12:10 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:36 . 2008-09-23 12:10 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:11 . 2008-09-23 12:10 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 02:28 . 2008-11-24 07:44 411368 ----a-w- c:\windows\system32\deploytk.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mouse Suite 98 Daemon"="ICO.EXE" [2005-04-13 49152]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-12-09 120096]
"AMSG"="c:\progra~1\THINKV~1\AMSG\amsg.exe" [2007-02-01 419376]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-27 16875008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-21 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-21 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-21 137752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"WireLessKeyboard"="c:\program files\Keyboard Driver\StartAutorun.exe" [2005-11-30 94208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-02-26 2140880]
"tlactext"="c:\topset\TEMP\tlactext.exe" [2010-05-28 237622]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-9-23 212992]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KONICA MINOLTA magicolor2300WStatusDisplay"=c:\windows\system32\MSTMON_P.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"c:\\SMOS\\SMOS.EXE"=
"c:\\Program Files\\KONICA MINOLTA\\PageScope Network Setup\\nstool.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\SMOSRO\\Smosro.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [26. 2. 2010 6:41 114984]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [17. 11. 2008 16:49 96016]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [17. 11. 2008 16:49 41744]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [26. 2. 2010 6:41 810120]
R2 MLPTDR_J;MLPTDR_J;c:\windows\system32\MLPTDR_J.SYS [31. 1. 2003 2:30 19904]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11. 7. 2007 20:38 569344]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22. 5. 2007 15:59 30336]
.
Contents of the 'Scheduled Tasks' folder
2010-05-31 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 14:54]
2008-11-12 c:\windows\Tasks\Připomenutí registrace 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-09-23 03:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\dl0qzmy4.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
AddRemove-Remove Multimedia Center - c:\swtools\apps\MMCfTO\customiz\sequencer.exe
AddRemove-SMOS-Účtovníctvo miestnych samospráv - c:\smos\ums\uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-31 18:33
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2136)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\windows\system32\ICO.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Keyboard Driver\PS2USBKbdDrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-05-31 18:36:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-31 16:36
Pre-Run: Volných bajtů: 62 124 433 408
Post-Run: Volných bajtů: 61 993 365 504
- - End Of File - - 802F0313A2BA6C6AFBDE874E9C190A94
ComboFix 10-05-30.09 - Admin . 05. 2010 18:28:12.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.2038.1489 [GMT 2:00]
Running from: c:\documents and settings\Admin\Plocha\ComboFix.exe
AV: ESET Smart Security 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\mail.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\grpconv.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\grpconv.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_AtapiDrv
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-31 )))))))))))))))))))))))))))))))
.
2010-05-31 16:31 . 2008-04-14 03:22 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-05-31 16:31 . 2008-04-14 03:22 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe
2010-05-31 12:42 . 2010-05-31 12:42 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-05-28 10:52 . 2010-05-28 10:52 -------- d-----w- C:\rsit
2010-05-28 10:52 . 2010-05-28 10:52 -------- d-----w- c:\program files\trend micro
2010-05-28 10:51 . 2010-05-28 10:51 -------- d-----w- c:\program files\ToniArts
2010-05-27 16:40 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-27 16:40 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-27 16:40 . 2010-05-27 16:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-27 08:12 . 2010-05-27 08:12 -------- d-----w- c:\program files\ESET
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-28 11:13 . 2008-12-12 13:36 -------- d-----w- c:\program files\BOINC
2010-05-28 10:51 . 2008-09-23 04:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-26 10:31 . 2008-09-23 12:10 1034240 ----a-w- c:\windows\explorer.exe
2010-05-19 05:55 . 2008-09-23 12:09 83702 ----a-w- c:\windows\system32\perfc005.dat
2010-05-19 05:55 . 2008-09-23 12:09 440928 ----a-w- c:\windows\system32\perfh005.dat
2010-04-07 10:45 . 2008-09-23 04:04 -------- d-----w- c:\program files\Common Files\Java
2010-04-07 10:44 . 2008-09-23 04:04 -------- d-----w- c:\program files\Java
2010-03-11 12:36 . 2008-09-23 12:10 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:36 . 2008-09-23 12:10 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:36 . 2008-09-23 12:10 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:11 . 2008-09-23 12:10 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 02:28 . 2008-11-24 07:44 411368 ----a-w- c:\windows\system32\deploytk.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mouse Suite 98 Daemon"="ICO.EXE" [2005-04-13 49152]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-12-09 120096]
"AMSG"="c:\progra~1\THINKV~1\AMSG\amsg.exe" [2007-02-01 419376]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-27 16875008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-21 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-21 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-21 137752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"WireLessKeyboard"="c:\program files\Keyboard Driver\StartAutorun.exe" [2005-11-30 94208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-02-26 2140880]
"tlactext"="c:\topset\TEMP\tlactext.exe" [2010-05-28 237622]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-9-23 212992]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KONICA MINOLTA magicolor2300WStatusDisplay"=c:\windows\system32\MSTMON_P.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"c:\\SMOS\\SMOS.EXE"=
"c:\\Program Files\\KONICA MINOLTA\\PageScope Network Setup\\nstool.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\SMOSRO\\Smosro.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [26. 2. 2010 6:41 114984]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [17. 11. 2008 16:49 96016]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [17. 11. 2008 16:49 41744]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [26. 2. 2010 6:41 810120]
R2 MLPTDR_J;MLPTDR_J;c:\windows\system32\MLPTDR_J.SYS [31. 1. 2003 2:30 19904]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11. 7. 2007 20:38 569344]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22. 5. 2007 15:59 30336]
.
Contents of the 'Scheduled Tasks' folder
2010-05-31 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 14:54]
2008-11-12 c:\windows\Tasks\Připomenutí registrace 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-09-23 03:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\dl0qzmy4.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
AddRemove-Remove Multimedia Center - c:\swtools\apps\MMCfTO\customiz\sequencer.exe
AddRemove-SMOS-Účtovníctvo miestnych samospráv - c:\smos\ums\uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-31 18:33
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2136)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\windows\system32\ICO.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Keyboard Driver\PS2USBKbdDrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-05-31 18:36:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-31 16:36
Pre-Run: Volných bajtů: 62 124 433 408
Post-Run: Volných bajtů: 61 993 365 504
- - End Of File - - 802F0313A2BA6C6AFBDE874E9C190A94
Re: PC vytvara autorun na USB kluci, pokusa sa stahovat viry
Zapněte antivir a na chvilku se zase připojte k netuarrow: Zapojte do pc všechny usb klíče, flashky...co používáte
Stáhněte na plochu http://usbfix.softonic.fr/universaldownloader-launch-spusťte, zvolte jazyk E - potvrdťe enter
-klikněte na volbu 2- enter
- po skenu sem vložte log , pokud na Vás nevyskočí, najdete ho C:\UsbFix.txt
Otestujte na http://www.virustotal.comc:\windows\system32\grpconv.exe
c:\windows\system32\dllcache\grpconv.exe
c:\topset\TEMP\tlactext.exe
-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky
-pokud se Vás zeptá, dejte soubor otestovat znovu, tak aby to byl soubor z Vašeho počítače
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: PC vytvara autorun na USB kluci, pokusa sa stahovat viry
############################## | UsbFix V6.059 |
User : Admin (Administrators) # LENOVO-ALENA
Update on 01/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 19:24:10 | 31. 5. 2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.11
Windows Firewall Status : Disabled
AV : ESET Smart Security 4.2 4.2 [ Enabled | Updated ]
FW : ESET personal firewall[ Enabled ]4.2.35.3
C:\ -> Místní pevný disk # 145,55 Go (57,75 Go free) [Preload] # NTFS
D:\ -> Disk CD-ROM
E:\ -> Vyměnitelný disk # 61,03 Mo (52,5 Mo free) # FAT32
############################## | Active processes |
C:\WINDOWS\System32\smss.exe 872
C:\WINDOWS\system32\csrss.exe 920
C:\WINDOWS\system32\winlogon.exe 948
C:\WINDOWS\system32\services.exe 992
C:\WINDOWS\system32\lsass.exe 1004
C:\WINDOWS\system32\svchost.exe 1196
C:\WINDOWS\system32\svchost.exe 1284
C:\WINDOWS\System32\svchost.exe 1408
C:\WINDOWS\system32\svchost.exe 1560
C:\WINDOWS\system32\svchost.exe 1656
C:\WINDOWS\system32\logonui.exe 1732
C:\WINDOWS\system32\spoolsv.exe 1864
C:\WINDOWS\Explorer.EXE 216
C:\WINDOWS\system32\svchost.exe 496
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe 564
C:\Program Files\ESET\ESET Smart Security\ekrn.exe 692
C:\WINDOWS\System32\svchost.exe 780
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe 824
C:\Program Files\Java\jre6\bin\jqs.exe 840
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 900
C:\WINDOWS\system32\svchost.exe 1224
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe 1908
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe 2028
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe 320
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe 396
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe 408
c:\program files\lenovo\system update\suservice.exe 472
C:\WINDOWS\system32\wuauclt.exe 636
C:\Program Files\Windows Media Player\WMPNetwk.exe 668
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe 2112
C:\WINDOWS\System32\alg.exe 2488
C:\WINDOWS\system32\wbem\wmiprvse.exe 2496
################## | Files # Infected Folders |
################## | Spyware.OnlineGames |
################## | Registry # Infected Keys |
Deleted ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
Deleted ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
Deleted ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
################## | Registry # Mountpoints2 |
################## | Listing of the present files |
[04. 12. 2008 15:12|--a------|1015] C:\081204.vyp
[09. 12. 2008 12:16|--a------|676] C:\081209.zsd
[09. 01. 2009 11:16|--a------|1128] C:\090109.vyp
[09. 01. 2009 12:46|--a------|676] C:\090109.zsd
[04. 02. 2009 10:43|--a------|1128] C:\090204.vyp
[05. 02. 2009 14:10|--a------|676] C:\090205.zsd
[04. 03. 2009 14:54|--a------|1241] C:\090304.vyp
[11. 03. 2009 11:02|--a------|789] C:\090311.zsd
[02. 04. 2009 13:01|--a------|1128] C:\090402.vyp
[09. 04. 2009 09:54|--a------|789] C:\090409.zsd
[14. 04. 2009 12:42|--a------|1128] C:\090414.vyp
[05. 05. 2009 10:40|--a------|1128] C:\090505.vyp
[11. 05. 2009 07:41|--a------|789] C:\090511.zsd
[03. 06. 2009 16:21|--a------|1015] C:\090603.vyp
[04. 06. 2009 13:33|--a------|1128] C:\090604.vyp
[09. 06. 2009 13:55|--a------|789] C:\090609.zsd
[16. 05. 2007 10:59|--a------|32768] C:\2006_19_R_priloha_1_2_3.xls
[06. 04. 2006 11:29|--a------|0] C:\AUTOEXEC.BAT
[27. 05. 2010 18:13|-rahs----|211] C:\boot.ini
[18. 08. 2004 14:00|-rahs----|4952] C:\bootfont.bin
[31. 05. 2010 18:36|--a------|11969] C:\ComboFix.txt
[06. 04. 2006 11:29|--a------|0] C:\CONFIG.SYS
[23. 09. 2008 06:05|--a------|2184] C:\drivez.log
[26. 02. 2008 09:00|--a------|55808] C:\Evidencia psov.xls
[31. 01. 2007 15:30|--a------|675193] C:\fs122006.pdf
[?|?|?] C:\hiberfil.sys
[06. 04. 2006 11:29|-rahs----|0] C:\IO.SYS
[06. 04. 2006 11:29|-rahs----|0] C:\MSDOS.SYS
[12. 01. 2009 11:57|--a------|1127] C:\n5140812.001
[11. 02. 2009 10:37|--a------|1018] C:\n5140901.001
[18. 08. 2004 14:00|-rahs----|47564] C:\NTDETECT.COM
[17. 11. 2008 15:56|-rahs----|250576] C:\NTLDR
[03. 01. 2008 11:45|--a------|47104] C:\n zvy do skrinky s k–Łźmi.doc
[?|?|?] C:\pagefile.sys
[22. 09. 2009 10:16|--a------|1752342] C:\POPL.ZIP
[12. 11. 2008 23:20|--a------|573] C:\RHDSetup.log
[23. 09. 2008 13:50|--a------|125] C:\syslevel.lgl
[31. 05. 2010 19:28|--a------|4752] C:\UsbFix.txt
[21. 01. 2010 15:22|--a------|162330] C:\w_maj.001
[14. 04. 2010 11:29|--a------|387263] C:\w_mzdy.001
[28. 05. 2010 11:34|--a------|5168640] E:\Věroźn spr va 2009.doc
[31. 05. 2010 17:04|--a------|3701740] E:\ComboFix.exe
[31. 05. 2010 18:36|--a------|11969] E:\ComboFix.txt
################## | Vaccination |
# C:\autorun.inf -> Folder created by UsbFix.
# E:\autorun.inf -> Folder created by UsbFix.
################## | Cracks / Keygens / Serials |
################## | ! End of report # UsbFix V6.059 ! |
User : Admin (Administrators) # LENOVO-ALENA
Update on 01/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 19:24:10 | 31. 5. 2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.11
Windows Firewall Status : Disabled
AV : ESET Smart Security 4.2 4.2 [ Enabled | Updated ]
FW : ESET personal firewall[ Enabled ]4.2.35.3
C:\ -> Místní pevný disk # 145,55 Go (57,75 Go free) [Preload] # NTFS
D:\ -> Disk CD-ROM
E:\ -> Vyměnitelný disk # 61,03 Mo (52,5 Mo free) # FAT32
############################## | Active processes |
C:\WINDOWS\System32\smss.exe 872
C:\WINDOWS\system32\csrss.exe 920
C:\WINDOWS\system32\winlogon.exe 948
C:\WINDOWS\system32\services.exe 992
C:\WINDOWS\system32\lsass.exe 1004
C:\WINDOWS\system32\svchost.exe 1196
C:\WINDOWS\system32\svchost.exe 1284
C:\WINDOWS\System32\svchost.exe 1408
C:\WINDOWS\system32\svchost.exe 1560
C:\WINDOWS\system32\svchost.exe 1656
C:\WINDOWS\system32\logonui.exe 1732
C:\WINDOWS\system32\spoolsv.exe 1864
C:\WINDOWS\Explorer.EXE 216
C:\WINDOWS\system32\svchost.exe 496
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe 564
C:\Program Files\ESET\ESET Smart Security\ekrn.exe 692
C:\WINDOWS\System32\svchost.exe 780
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe 824
C:\Program Files\Java\jre6\bin\jqs.exe 840
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 900
C:\WINDOWS\system32\svchost.exe 1224
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe 1908
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe 2028
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe 320
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe 396
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe 408
c:\program files\lenovo\system update\suservice.exe 472
C:\WINDOWS\system32\wuauclt.exe 636
C:\Program Files\Windows Media Player\WMPNetwk.exe 668
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe 2112
C:\WINDOWS\System32\alg.exe 2488
C:\WINDOWS\system32\wbem\wmiprvse.exe 2496
################## | Files # Infected Folders |
################## | Spyware.OnlineGames |
################## | Registry # Infected Keys |
Deleted ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
Deleted ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
Deleted ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
################## | Registry # Mountpoints2 |
################## | Listing of the present files |
[04. 12. 2008 15:12|--a------|1015] C:\081204.vyp
[09. 12. 2008 12:16|--a------|676] C:\081209.zsd
[09. 01. 2009 11:16|--a------|1128] C:\090109.vyp
[09. 01. 2009 12:46|--a------|676] C:\090109.zsd
[04. 02. 2009 10:43|--a------|1128] C:\090204.vyp
[05. 02. 2009 14:10|--a------|676] C:\090205.zsd
[04. 03. 2009 14:54|--a------|1241] C:\090304.vyp
[11. 03. 2009 11:02|--a------|789] C:\090311.zsd
[02. 04. 2009 13:01|--a------|1128] C:\090402.vyp
[09. 04. 2009 09:54|--a------|789] C:\090409.zsd
[14. 04. 2009 12:42|--a------|1128] C:\090414.vyp
[05. 05. 2009 10:40|--a------|1128] C:\090505.vyp
[11. 05. 2009 07:41|--a------|789] C:\090511.zsd
[03. 06. 2009 16:21|--a------|1015] C:\090603.vyp
[04. 06. 2009 13:33|--a------|1128] C:\090604.vyp
[09. 06. 2009 13:55|--a------|789] C:\090609.zsd
[16. 05. 2007 10:59|--a------|32768] C:\2006_19_R_priloha_1_2_3.xls
[06. 04. 2006 11:29|--a------|0] C:\AUTOEXEC.BAT
[27. 05. 2010 18:13|-rahs----|211] C:\boot.ini
[18. 08. 2004 14:00|-rahs----|4952] C:\bootfont.bin
[31. 05. 2010 18:36|--a------|11969] C:\ComboFix.txt
[06. 04. 2006 11:29|--a------|0] C:\CONFIG.SYS
[23. 09. 2008 06:05|--a------|2184] C:\drivez.log
[26. 02. 2008 09:00|--a------|55808] C:\Evidencia psov.xls
[31. 01. 2007 15:30|--a------|675193] C:\fs122006.pdf
[?|?|?] C:\hiberfil.sys
[06. 04. 2006 11:29|-rahs----|0] C:\IO.SYS
[06. 04. 2006 11:29|-rahs----|0] C:\MSDOS.SYS
[12. 01. 2009 11:57|--a------|1127] C:\n5140812.001
[11. 02. 2009 10:37|--a------|1018] C:\n5140901.001
[18. 08. 2004 14:00|-rahs----|47564] C:\NTDETECT.COM
[17. 11. 2008 15:56|-rahs----|250576] C:\NTLDR
[03. 01. 2008 11:45|--a------|47104] C:\n zvy do skrinky s k–Łźmi.doc
[?|?|?] C:\pagefile.sys
[22. 09. 2009 10:16|--a------|1752342] C:\POPL.ZIP
[12. 11. 2008 23:20|--a------|573] C:\RHDSetup.log
[23. 09. 2008 13:50|--a------|125] C:\syslevel.lgl
[31. 05. 2010 19:28|--a------|4752] C:\UsbFix.txt
[21. 01. 2010 15:22|--a------|162330] C:\w_maj.001
[14. 04. 2010 11:29|--a------|387263] C:\w_mzdy.001
[28. 05. 2010 11:34|--a------|5168640] E:\Věroźn spr va 2009.doc
[31. 05. 2010 17:04|--a------|3701740] E:\ComboFix.exe
[31. 05. 2010 18:36|--a------|11969] E:\ComboFix.txt
################## | Vaccination |
# C:\autorun.inf -> Folder created by UsbFix.
# E:\autorun.inf -> Folder created by UsbFix.
################## | Cracks / Keygens / Serials |
################## | ! End of report # UsbFix V6.059 ! |
Re: PC vytvara autorun na USB kluci, pokusa sa stahovat viry
c:\windows\system32\grpconv.exe
http://www.virustotal.com/analisis/82eb ... 1275327206
c:\windows\system32\dllcache\grpconv.exe
http://www.virustotal.com/analisis/82eb ... 1275327281
c:\topset\TEMP\tlactext.exe
http://www.virustotal.com/analisis/3a1e ... 1275327357
http://www.virustotal.com/analisis/82eb ... 1275327206
c:\windows\system32\dllcache\grpconv.exe
http://www.virustotal.com/analisis/82eb ... 1275327281
c:\topset\TEMP\tlactext.exe
http://www.virustotal.com/analisis/3a1e ... 1275327357
Re: PC vytvara autorun na USB kluci, pokusa sa stahovat viry
Poprosím o nový log ze rsitu.
jak to vypadá s počítačem? pokud ho pustíte na net, stahuje se něco do pc?
Tohle znáte?
[04. 12. 2008 15:12|--a------|1015] C:\081204.vyp
[09. 12. 2008 12:16|--a------|676] C:\081209.zsd
[09. 01. 2009 11:16|--a------|1128] C:\090109.vyp
[09. 01. 2009 12:46|--a------|676] C:\090109.zsd
[04. 02. 2009 10:43|--a------|1128] C:\090204.vyp
[05. 02. 2009 14:10|--a------|676] C:\090205.zsd
[04. 03. 2009 14:54|--a------|1241] C:\090304.vyp
[11. 03. 2009 11:02|--a------|789] C:\090311.zsd
[02. 04. 2009 13:01|--a------|1128] C:\090402.vyp
[09. 04. 2009 09:54|--a------|789] C:\090409.zsd
[14. 04. 2009 12:42|--a------|1128] C:\090414.vyp
[05. 05. 2009 10:40|--a------|1128] C:\090505.vyp
[11. 05. 2009 07:41|--a------|789] C:\090511.zsd
[03. 06. 2009 16:21|--a------|1015] C:\090603.vyp
[04. 06. 2009 13:33|--a------|1128] C:\090604.vyp
[09. 06. 2009 13:55|--a------|789] C:\090609.zsd
jak to vypadá s počítačem? pokud ho pustíte na net, stahuje se něco do pc?
Tohle znáte?
[04. 12. 2008 15:12|--a------|1015] C:\081204.vyp
[09. 12. 2008 12:16|--a------|676] C:\081209.zsd
[09. 01. 2009 11:16|--a------|1128] C:\090109.vyp
[09. 01. 2009 12:46|--a------|676] C:\090109.zsd
[04. 02. 2009 10:43|--a------|1128] C:\090204.vyp
[05. 02. 2009 14:10|--a------|676] C:\090205.zsd
[04. 03. 2009 14:54|--a------|1241] C:\090304.vyp
[11. 03. 2009 11:02|--a------|789] C:\090311.zsd
[02. 04. 2009 13:01|--a------|1128] C:\090402.vyp
[09. 04. 2009 09:54|--a------|789] C:\090409.zsd
[14. 04. 2009 12:42|--a------|1128] C:\090414.vyp
[05. 05. 2009 10:40|--a------|1128] C:\090505.vyp
[11. 05. 2009 07:41|--a------|789] C:\090511.zsd
[03. 06. 2009 16:21|--a------|1015] C:\090603.vyp
[04. 06. 2009 13:33|--a------|1128] C:\090604.vyp
[09. 06. 2009 13:55|--a------|789] C:\090609.zsd
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: PC vytvara autorun na USB kluci, pokusa sa stahovat viry
S pocitacom to vypada dobre. Nic sa uz nestahuje, ani NOD uz pri starte neprerusuje spojenie aby sa nestahovali Kryptiky. Uz funguje aj vypnutie Obnovenie systemu.
Tie subory neviem co znamenaju, ale vytvaral ich aj pod win98. Mozno to vytvara nejaky specificky program napr. Mzdy, Dane, Majetok, Uctovnictvo.. Alebo sa mylim?
Logfile of random's system information tool 1.07 (written by random/random)
Run by Admin at 2010-05-31 21:03:00
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 59 GB (40%) free of 149 GB
Total RAM: 2038 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:03:24, on 31. 5. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\TOPSET\TEMP\tlactext.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Keyboard Driver\PS2USBKbdDrv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\BOINC\projects\qah.uni-muenster.de\qasinoAlpha_5.01_windows_intelx86.exe
C:\Program Files\BOINC\projects\qah.uni-muenster.de\qasinoAlpha_5.01_windows_intelx86.exe
C:\Documents and Settings\Admin\Plocha\RSIT.exe
C:\Program Files\trend micro\Admin.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Softonic_France Toolbar - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Softonic_France Toolbar - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Softonic_France Toolbar - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Keyboard Driver\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [tlactext] C:\TOPSET\TEMP\tlactext.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
--
End of file - 9845 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\Připomenutí registrace 2.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pre aplikáciu Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
Softonic_France Toolbar - C:\Program Files\Softonic_France\tbSoft.dll [2010-03-17 2355224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2006-02-02 110652]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]
{4daac69c-cba7-45e2-9bc8-1044483d3352} - Softonic_France Toolbar - C:\Program Files\Softonic_France\tbSoft.dll [2010-03-17 2355224]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Mouse Suite 98 Daemon"=C:\WINDOWS\system32\ICO.EXE [2005-04-13 49152]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2006-02-02 122940]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"LPManager"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2007-12-09 120096]
"AMSG"=C:\PROGRA~1\THINKV~1\AMSG\amsg.exe [2007-02-01 419376]
"DiskeeperSystray"=C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe [2006-05-18 196696]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-06-27 16875008]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-03-21 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-03-21 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-03-21 137752]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"WireLessKeyboard"=C:\Program Files\Keyboard Driver\StartAutorun.exe [2005-11-30 94208]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-02-26 2140880]
"tlactext"=C:\TOPSET\TEMP\tlactext.exe [2010-05-28 237622]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-03-17 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=145
"HonorAutoRunSetting"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Konzola Microsoft Management Console"
"C:\Program Files\InterVideo\DVD6\WinDVD.exe"="C:\Program Files\InterVideo\DVD6\WinDVD.exe:*:Enabled:WinDVD"
"C:\SMOS\SMOS.EXE"="C:\SMOS\SMOS.EXE:*:Enabled:SMOS"
"C:\Program Files\KONICA MINOLTA\PageScope Network Setup\nstool.exe"="C:\Program Files\KONICA MINOLTA\PageScope Network Setup\nstool.exe:*:Enabled:PageScope Network Setup"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Disabled:Program pro přenos souborů"
"C:\SMOSRO\Smosro.exe"="C:\SMOSRO\Smosro.exe:*:Enabled:Smosro"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-05-31 19:28:41 ----RASHD---- C:\autorun.inf
2010-05-31 19:28:39 ----SHD---- C:\RECYCLER
2010-05-31 19:23:55 ----A---- C:\UsbFix.txt
2010-05-31 19:22:20 ----D---- C:\Program Files\Softonic_France
2010-05-31 19:21:57 ----D---- C:\UsbFix
2010-05-31 18:36:33 ----A---- C:\ComboFix.txt
2010-05-31 18:31:41 ----A---- C:\WINDOWS\system32\grpconv.exe
2010-05-31 17:14:36 ----A---- C:\WINDOWS\zip.exe
2010-05-31 17:14:36 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-05-31 17:14:36 ----A---- C:\WINDOWS\SWSC.exe
2010-05-31 17:14:36 ----A---- C:\WINDOWS\SWREG.exe
2010-05-31 17:14:36 ----A---- C:\WINDOWS\sed.exe
2010-05-31 17:14:36 ----A---- C:\WINDOWS\PEV.exe
2010-05-31 17:14:36 ----A---- C:\WINDOWS\NIRCMD.exe
2010-05-31 17:14:36 ----A---- C:\WINDOWS\MBR.exe
2010-05-31 17:14:36 ----A---- C:\WINDOWS\grep.exe
2010-05-31 17:14:31 ----D---- C:\WINDOWS\ERDNT
2010-05-31 17:14:30 ----D---- C:\ComboFix
2010-05-31 17:14:07 ----D---- C:\Qoobox
2010-05-31 14:42:44 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-05-28 12:52:34 ----D---- C:\rsit
2010-05-28 12:52:34 ----D---- C:\Program Files\trend micro
2010-05-28 12:51:39 ----D---- C:\Program Files\ToniArts
2010-05-27 18:40:58 ----D---- C:\Documents and Settings\Admin\Data aplikací\Malwarebytes
2010-05-27 18:40:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-05-27 18:40:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-27 17:56:54 ----A---- C:\WINDOWS\ntbtlog.txt
2010-05-27 12:14:29 ----D---- C:\WINDOWS\Minidump
2010-05-27 10:21:28 ----D---- C:\WINDOWS\pss
2010-05-27 10:14:03 ----D---- C:\Documents and Settings\Admin\Data aplikací\ESET
2010-05-27 10:12:37 ----D---- C:\Program Files\ESET
2010-05-27 10:12:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-05-26 16:50:18 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-05-12 16:49:11 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
======List of files/folders modified in the last 1 months======
2010-05-31 21:03:02 ----D---- C:\WINDOWS\Temp
2010-05-31 20:59:49 ----D---- C:\Program Files\BOINC
2010-05-31 20:49:09 ----RD---- C:\Program Files
2010-05-31 20:48:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-31 19:29:11 ----D---- C:\SWSHARE
2010-05-31 19:22:20 ----AD---- C:\WINDOWS\system32
2010-05-31 19:03:24 ----D---- C:\WINDOWS\system32\drivers
2010-05-31 19:03:23 ----HD---- C:\WINDOWS\inf
2010-05-31 18:35:21 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-31 18:33:56 ----D---- C:\WINDOWS\Prefetch
2010-05-31 18:33:17 ----D---- C:\WINDOWS
2010-05-31 18:33:17 ----A---- C:\WINDOWS\system.ini
2010-05-31 18:31:57 ----D---- C:\WINDOWS\system32\config
2010-05-31 18:31:46 ----ASHD---- C:\WINDOWS\system32\dllcache
2010-05-31 18:30:43 ----D---- C:\WINDOWS\AppPatch
2010-05-31 18:30:39 ----D---- C:\Program Files\Common Files
2010-05-31 14:51:40 ----D---- C:\WINDOWS\Registration
2010-05-31 13:34:48 ----D---- C:\WINDOWS\pchealth
2010-05-28 13:14:35 ----D---- C:\WINDOWS\system32\wbem
2010-05-28 12:51:39 ----HD---- C:\Program Files\InstallShield Installation Information
2010-05-28 07:58:08 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-05-27 19:03:58 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-05-27 18:13:33 ----RASH---- C:\boot.ini
2010-05-27 18:13:33 ----A---- C:\WINDOWS\win.ini
2010-05-27 10:13:51 ----SHD---- C:\WINDOWS\Installer
2010-05-27 10:13:48 ----D---- C:\Config.Msi
2010-05-26 12:31:23 ----A---- C:\WINDOWS\explorer.exe
2010-05-25 10:48:25 ----D---- C:\Program Files\Mozilla Firefox
2010-05-19 07:55:40 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-12 16:49:16 ----A---- C:\WINDOWS\imsins.BAK
2010-05-12 16:49:13 ----D---- C:\Program Files\Outlook Express
2010-05-12 07:47:34 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-07 10:16:01 ----D---- C:\TEMP
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-02-26 114984]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-02-26 55232]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 VBoxDrv;VirtualBox Service; C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-10-23 96016]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-10-23 41744]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-02-02 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-02-02 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-02-02 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-02-02 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-02-02 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-02-02 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-02-02 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-11-18 40544]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-02-26 139192]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-02-26 134488]
R2 MLPTDR_J;MLPTDR_J; \??\C:\WINDOWS\system32\MLPTDR_J.sys []
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 tvtfilter;tvtfilter; C:\WINDOWS\system32\DRIVERS\tvtfilter.sys [2008-09-23 33536]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-02-26 32584]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-03-17 5955872]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-06-27 4742656]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-05-22 21376]
R3 TVTI2C;Lenovo SM bus driver; C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2007-05-22 30336]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-06-27 289024]
S3 ac97intc;Služba instalace zvukového ovladače Intel(r) (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 Dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-10-24 117760]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 pelmouse;Mouse Suite Driver; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 16384]
S3 pelusblf;USB Mouse Low Filter Driver; C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2003-02-11 9216]
S3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 TVTPktFilter;TVT Packet Filter Service; C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2005-10-11 874240]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2006-05-23 622700]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-02-26 810120]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-09 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2008-10-20 28672]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-08-03 644408]
R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-07-11 569344]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2007-07-11 950272]
R2 TVT Scheduler;TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]
R2 tvtnetwk;tvtnetwk; C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe [2007-07-11 45056]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-02-26 33560]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\hpzipm12.exe [2003-10-22 65536]
S3 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Tie subory neviem co znamenaju, ale vytvaral ich aj pod win98. Mozno to vytvara nejaky specificky program napr. Mzdy, Dane, Majetok, Uctovnictvo.. Alebo sa mylim?
Logfile of random's system information tool 1.07 (written by random/random)
Run by Admin at 2010-05-31 21:03:00
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 59 GB (40%) free of 149 GB
Total RAM: 2038 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:03:24, on 31. 5. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\TOPSET\TEMP\tlactext.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Keyboard Driver\PS2USBKbdDrv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\BOINC\projects\qah.uni-muenster.de\qasinoAlpha_5.01_windows_intelx86.exe
C:\Program Files\BOINC\projects\qah.uni-muenster.de\qasinoAlpha_5.01_windows_intelx86.exe
C:\Documents and Settings\Admin\Plocha\RSIT.exe
C:\Program Files\trend micro\Admin.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Softonic_France Toolbar - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Softonic_France Toolbar - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Softonic_France Toolbar - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Keyboard Driver\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [tlactext] C:\TOPSET\TEMP\tlactext.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
--
End of file - 9845 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\Připomenutí registrace 2.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pre aplikáciu Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
Softonic_France Toolbar - C:\Program Files\Softonic_France\tbSoft.dll [2010-03-17 2355224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2006-02-02 110652]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]
{4daac69c-cba7-45e2-9bc8-1044483d3352} - Softonic_France Toolbar - C:\Program Files\Softonic_France\tbSoft.dll [2010-03-17 2355224]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Mouse Suite 98 Daemon"=C:\WINDOWS\system32\ICO.EXE [2005-04-13 49152]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2006-02-02 122940]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"LPManager"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2007-12-09 120096]
"AMSG"=C:\PROGRA~1\THINKV~1\AMSG\amsg.exe [2007-02-01 419376]
"DiskeeperSystray"=C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe [2006-05-18 196696]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-06-27 16875008]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-03-21 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-03-21 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-03-21 137752]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"WireLessKeyboard"=C:\Program Files\Keyboard Driver\StartAutorun.exe [2005-11-30 94208]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-02-26 2140880]
"tlactext"=C:\TOPSET\TEMP\tlactext.exe [2010-05-28 237622]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-03-17 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=145
"HonorAutoRunSetting"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Konzola Microsoft Management Console"
"C:\Program Files\InterVideo\DVD6\WinDVD.exe"="C:\Program Files\InterVideo\DVD6\WinDVD.exe:*:Enabled:WinDVD"
"C:\SMOS\SMOS.EXE"="C:\SMOS\SMOS.EXE:*:Enabled:SMOS"
"C:\Program Files\KONICA MINOLTA\PageScope Network Setup\nstool.exe"="C:\Program Files\KONICA MINOLTA\PageScope Network Setup\nstool.exe:*:Enabled:PageScope Network Setup"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Disabled:Program pro přenos souborů"
"C:\SMOSRO\Smosro.exe"="C:\SMOSRO\Smosro.exe:*:Enabled:Smosro"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-05-31 19:28:41 ----RASHD---- C:\autorun.inf
2010-05-31 19:28:39 ----SHD---- C:\RECYCLER
2010-05-31 19:23:55 ----A---- C:\UsbFix.txt
2010-05-31 19:22:20 ----D---- C:\Program Files\Softonic_France
2010-05-31 19:21:57 ----D---- C:\UsbFix
2010-05-31 18:36:33 ----A---- C:\ComboFix.txt
2010-05-31 18:31:41 ----A---- C:\WINDOWS\system32\grpconv.exe
2010-05-31 17:14:36 ----A---- C:\WINDOWS\zip.exe
2010-05-31 17:14:36 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-05-31 17:14:36 ----A---- C:\WINDOWS\SWSC.exe
2010-05-31 17:14:36 ----A---- C:\WINDOWS\SWREG.exe
2010-05-31 17:14:36 ----A---- C:\WINDOWS\sed.exe
2010-05-31 17:14:36 ----A---- C:\WINDOWS\PEV.exe
2010-05-31 17:14:36 ----A---- C:\WINDOWS\NIRCMD.exe
2010-05-31 17:14:36 ----A---- C:\WINDOWS\MBR.exe
2010-05-31 17:14:36 ----A---- C:\WINDOWS\grep.exe
2010-05-31 17:14:31 ----D---- C:\WINDOWS\ERDNT
2010-05-31 17:14:30 ----D---- C:\ComboFix
2010-05-31 17:14:07 ----D---- C:\Qoobox
2010-05-31 14:42:44 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-05-28 12:52:34 ----D---- C:\rsit
2010-05-28 12:52:34 ----D---- C:\Program Files\trend micro
2010-05-28 12:51:39 ----D---- C:\Program Files\ToniArts
2010-05-27 18:40:58 ----D---- C:\Documents and Settings\Admin\Data aplikací\Malwarebytes
2010-05-27 18:40:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-05-27 18:40:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-27 17:56:54 ----A---- C:\WINDOWS\ntbtlog.txt
2010-05-27 12:14:29 ----D---- C:\WINDOWS\Minidump
2010-05-27 10:21:28 ----D---- C:\WINDOWS\pss
2010-05-27 10:14:03 ----D---- C:\Documents and Settings\Admin\Data aplikací\ESET
2010-05-27 10:12:37 ----D---- C:\Program Files\ESET
2010-05-27 10:12:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-05-26 16:50:18 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-05-12 16:49:11 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
======List of files/folders modified in the last 1 months======
2010-05-31 21:03:02 ----D---- C:\WINDOWS\Temp
2010-05-31 20:59:49 ----D---- C:\Program Files\BOINC
2010-05-31 20:49:09 ----RD---- C:\Program Files
2010-05-31 20:48:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-31 19:29:11 ----D---- C:\SWSHARE
2010-05-31 19:22:20 ----AD---- C:\WINDOWS\system32
2010-05-31 19:03:24 ----D---- C:\WINDOWS\system32\drivers
2010-05-31 19:03:23 ----HD---- C:\WINDOWS\inf
2010-05-31 18:35:21 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-31 18:33:56 ----D---- C:\WINDOWS\Prefetch
2010-05-31 18:33:17 ----D---- C:\WINDOWS
2010-05-31 18:33:17 ----A---- C:\WINDOWS\system.ini
2010-05-31 18:31:57 ----D---- C:\WINDOWS\system32\config
2010-05-31 18:31:46 ----ASHD---- C:\WINDOWS\system32\dllcache
2010-05-31 18:30:43 ----D---- C:\WINDOWS\AppPatch
2010-05-31 18:30:39 ----D---- C:\Program Files\Common Files
2010-05-31 14:51:40 ----D---- C:\WINDOWS\Registration
2010-05-31 13:34:48 ----D---- C:\WINDOWS\pchealth
2010-05-28 13:14:35 ----D---- C:\WINDOWS\system32\wbem
2010-05-28 12:51:39 ----HD---- C:\Program Files\InstallShield Installation Information
2010-05-28 07:58:08 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-05-27 19:03:58 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-05-27 18:13:33 ----RASH---- C:\boot.ini
2010-05-27 18:13:33 ----A---- C:\WINDOWS\win.ini
2010-05-27 10:13:51 ----SHD---- C:\WINDOWS\Installer
2010-05-27 10:13:48 ----D---- C:\Config.Msi
2010-05-26 12:31:23 ----A---- C:\WINDOWS\explorer.exe
2010-05-25 10:48:25 ----D---- C:\Program Files\Mozilla Firefox
2010-05-19 07:55:40 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-12 16:49:16 ----A---- C:\WINDOWS\imsins.BAK
2010-05-12 16:49:13 ----D---- C:\Program Files\Outlook Express
2010-05-12 07:47:34 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-07 10:16:01 ----D---- C:\TEMP
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-02-26 114984]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-02-26 55232]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 VBoxDrv;VirtualBox Service; C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-10-23 96016]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-10-23 41744]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-02-02 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-02-02 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-02-02 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-02-02 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-02-02 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-02-02 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-02-02 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-11-18 40544]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-02-26 139192]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-02-26 134488]
R2 MLPTDR_J;MLPTDR_J; \??\C:\WINDOWS\system32\MLPTDR_J.sys []
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 tvtfilter;tvtfilter; C:\WINDOWS\system32\DRIVERS\tvtfilter.sys [2008-09-23 33536]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-02-26 32584]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-03-17 5955872]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-06-27 4742656]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-05-22 21376]
R3 TVTI2C;Lenovo SM bus driver; C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2007-05-22 30336]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-06-27 289024]
S3 ac97intc;Služba instalace zvukového ovladače Intel(r) (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 Dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-10-24 117760]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 pelmouse;Mouse Suite Driver; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 16384]
S3 pelusblf;USB Mouse Low Filter Driver; C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2003-02-11 9216]
S3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 TVTPktFilter;TVT Packet Filter Service; C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2005-10-11 874240]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2006-05-23 622700]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-02-26 810120]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-09 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2008-10-20 28672]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-08-03 644408]
R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-07-11 569344]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2007-07-11 950272]
R2 TVT Scheduler;TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]
R2 tvtnetwk;tvtnetwk; C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe [2007-07-11 45056]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-02-26 33560]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\hpzipm12.exe [2003-10-22 65536]
S3 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Re: PC vytvara autorun na USB kluci, pokusa sa stahovat viry
Už to vypadá v pořádku, pár těch souborů, co neznáme, otestujte na www.virustotal.com
Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:
ComboFix /Uninstall
-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
***********
Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe
-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir
***********
Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner
záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít
Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.
Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
***********
Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech
***********
Odinstalujte combofix přes Start - Spustit- zkopírujte do okénka:
ComboFix /Uninstall
-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
***********
Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe
-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir
***********
Z mého podpisu stahněte Ccleaner- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner
záložka Registry- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy
ok zavřít Záložka Nástroje- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.
Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
***********
Stahněte OTC a použijtehttp://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech
***********
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: PC vytvara autorun na USB kluci, pokusa sa stahovat viry
Tu su na ukazku otestovane 2 subory. Tieto subory vznikli vzdy, ked vyhodilo istice (ale neviem to naistotu-nie je to moj pocitac,ale kolegynin) a bol zapnuty nejaky uctovnicky program a ten pracoval este pod DOS-om.Uz su vsetky pod WIN a pri vypadku elektriny uz ich asi nevytvara, kedze istice vyhodilo uz aj tento rok.
081204.vyp
http://www.virustotal.com/analisis/3437 ... 1275335621
081209.zsd
http://www.virustotal.com/analisis/f2df ... 1275335929
Ostatne veci som spravil ako ste napisali.
Ked zajtra rano pride kolegyna do prace, bude velmi rada, ze je uz vsetko v poriadku a urcite Vam bude velmi vdacna ako aj ja. Som maximalne spokojny s takouto sluzbou co tu robite pre ostanich ludi.
Velka vdaka.
081204.vyp
http://www.virustotal.com/analisis/3437 ... 1275335621
081209.zsd
http://www.virustotal.com/analisis/f2df ... 1275335929
Ostatne veci som spravil ako ste napisali.
Ked zajtra rano pride kolegyna do prace, bude velmi rada, ze je uz vsetko v poriadku a urcite Vam bude velmi vdacna ako aj ja. Som maximalne spokojny s takouto sluzbou co tu robite pre ostanich ludi.
Velka vdaka.
Re: PC vytvara autorun na USB kluci, pokusa sa stahovat viry
U usbfixu zmáčkněte volbu 5., odinstaluje se. otestujte na www. virustotal.comC:\WINDOWS\system32\MLPTDR_J.sys
-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky
-pokud se Vás zeptá, dejte soubor otestovat znovu, tak aby to byl soubor z Vašeho počítače
Spouští se Vám dost programů po startu, můžete to omezit třeba přes ccleanerccleaner - záložka nástroje - start
Jsou ještě nějaké problémy s počítačem?Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: PC vytvara autorun na USB kluci, pokusa sa stahovat viry
No akurat som prisiel domov z prace, takze tieto posledne kroky spravim az zajtra rano.
Ak budu nejake problemy urcite sa ozvem.
MLPTDR_J.sys - predpokladam ze to suvisi s ovladacmi k zdielanej tlaciarni Konica Magicolor, ale na 100% zajtra.
Viem ze sa spusta dost programov po starte. Na mojom PC v praci je to o 20 procesov menej, ale ten som si instaloval sam a nemam tam vselijake "zbytocnosti". Na tomto PC uz bola vacsina programov naistalovana pri kupe (PC Lenovo ThinkCentre). Neodvazil som sa ich dat prec.
Dakujem za doterajsiu pomoc.Dobru noc.
Ak budu nejake problemy urcite sa ozvem.
MLPTDR_J.sys - predpokladam ze to suvisi s ovladacmi k zdielanej tlaciarni Konica Magicolor, ale na 100% zajtra.
Viem ze sa spusta dost programov po starte. Na mojom PC v praci je to o 20 procesov menej, ale ten som si instaloval sam a nemam tam vselijake "zbytocnosti". Na tomto PC uz bola vacsina programov naistalovana pri kupe (PC Lenovo ThinkCentre). Neodvazil som sa ich dat prec.
Dakujem za doterajsiu pomoc.Dobru noc.
Přispějete na provoz fóra?