Logfile of HijackThis v1.99.1
Scan saved at 17:08:11, on 11.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\afinding.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wserving.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Documents and Settings\čihi\Plocha\sampkeys02\sampkeys02.exe
C:\Documents and Settings\čihi\Plocha\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zaparit.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BM3b4e745f] Rundll32.exe "C:\WINDOWS\system32\wpbqblmj.dll",s
O4 - HKLM\..\Run: [387d47c3] rundll32.exe "C:\WINDOWS\system32\ckukcdab.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\DOCUME~1\IHI~1\LOCALS~1\Temp\E_S4D2.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\system32\afinding.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe
HJT kontrola pls
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: HJT kontrola pls
Vítej na fóru
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: HJT kontrola pls
čekal sem asi 20 minut a s tim modrym oknem se nic nestalo? Tak sem restartoval počítač je to spatny?
-
Argoneus
- Level 3.5
- Příspěvky: 939
- Registrován: prosinec 07
- Bydliště: Praha
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: HJT kontrola pls
Ono to může trvat i hodinu a víc
CPU: AMD Athlon 64 X2 5000+ EE @ 2,6 Ghz GPU: Sapphire HD 3850 512MB, PCI-E
Zákl. deska: Gigabyte GA-M52L-S3 - nForce 520 RAM: A-DATA 2x1GB DDR2 PC800 Extreme Edition
HDD: Samsung Spin Point F1 HD322HJ 320GB Zdroj: Seasonic SS-500ET-T3 500W
Case: THERMALTAKE VG1000BNS Wing RS100 Black
Zákl. deska: Gigabyte GA-M52L-S3 - nForce 520 RAM: A-DATA 2x1GB DDR2 PC800 Extreme Edition
HDD: Samsung Spin Point F1 HD322HJ 320GB Zdroj: Seasonic SS-500ET-T3 500W
Case: THERMALTAKE VG1000BNS Wing RS100 Black
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: HJT kontrola pls
Nevadí. Odpoj se od internetu a vypni před použitím Eset Smart Security:
Pokud nemáš ComboFix na ploše tak si ho tam ulož.
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře:
"%userprofile%\Plocha\ComboFix.exe" /killall
a dej Ok.
- spustí se ti CF, pak se po čase restartuje a při najetí zpět do Win. dokonči svou práci.
Pokud by nedokončil svou činnost do 45 min, tak dej vědět půjdeme na to jinak.
Pokud nemáš ComboFix na ploše tak si ho tam ulož.
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře:
"%userprofile%\Plocha\ComboFix.exe" /killall
a dej Ok.
- spustí se ti CF, pak se po čase restartuje a při najetí zpět do Win. dokonči svou práci.
Pokud by nedokončil svou činnost do 45 min, tak dej vědět půjdeme na to jinak.
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: HJT kontrola pls
ComboFix 08-05-11.1 - čihi 2008-05-11 20:21:04.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.611 [GMT 2:00]
Running from: C:\Documents and Settings\čihi\Plocha\ComboFix.exe
Command switches used :: /killall
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\čihi\Data aplikací\ShoppingReport
C:\Documents and Settings\čihi\Data aplikací\ShoppingReport\cs\Config.xml
C:\Documents and Settings\čihi\Data aplikací\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\čihi\Data aplikací\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\čihi\Data aplikací\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\čihi\Data aplikací\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\čihi\Data aplikací\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\čihi\Data aplikací\ShoppingReport\cs\res2\WhiteList.dbs
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Uninst.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\andt.sys
C:\WINDOWS\system32\badckukc.ini
C:\WINDOWS\system32\comsa32.sys
C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\onWayccf.ini
C:\WINDOWS\system32\onWayccf.ini2
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\urqNEUMg.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PERFMONS
-------\Legacy_ROUTING
-------\Service_perfmons
-------\Service_Routing
((((((((((((((((((((((((( Files Created from 2008-04-11 to 2008-05-11 )))))))))))))))))))))))))))))))
.
2008-05-11 20:29 . 2008-05-11 20:29 22 --a------ C:\WINDOWS\pskt.ini
2008-05-11 18:29 . 2008-05-11 18:29 <DIR> d-------- C:\WINDOWS\system32\cs-CZ
2008-05-11 18:24 . 2008-05-11 18:24 <DIR> d-------- C:\Program Files\MSBuild
2008-05-11 18:23 . 2008-05-11 18:29 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-11 18:23 . 2008-05-11 18:23 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-05-11 18:22 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-05-11 18:20 . 2008-05-11 18:20 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-11 13:23 . 2008-05-11 13:23 116,736 --a------ C:\WINDOWS\system32\ckukcdab.dll
2008-05-11 13:20 . 2008-05-11 13:20 2,048 --a------ C:\WINDOWS\system32\gjdhvanw.exe
2008-05-11 13:18 . 2008-05-11 13:18 126,976 --a------ C:\WINDOWS\system32\wpbqblmj.dll
2008-05-10 08:24 . 2008-05-11 20:30 109,892 --a------ C:\WINDOWS\BM3b4e745f.xml
2008-05-09 11:10 . 2008-05-09 11:10 373,248 --a------ C:\WINDOWS\system32\fccyaWno.dll
2008-05-08 14:23 . 2008-05-08 14:23 <DIR> d-------- C:\Program Files\AutoHotkey
2008-05-07 14:05 . 2008-05-07 14:05 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-05-07 13:58 . 2008-05-07 13:58 <DIR> d-------- C:\WINDOWS\San Andreas Mod Installer
2008-05-07 13:58 . 2008-05-07 13:59 <DIR> d-------- C:\Program Files\San Andreas Mod Installer
2008-05-06 17:53 . 2008-05-06 17:53 23 --a------ C:\WINDOWS\BlendSettings.ini
2008-05-06 15:39 . 2008-05-06 15:39 <DIR> d-------- C:\Program Files\Bethesda Softworks
2008-05-06 06:12 . 2008-05-06 06:12 <DIR> d---s---- C:\Documents and Settings\LocalService\UserData
2008-05-05 21:27 . 2008-05-05 21:27 <DIR> d-------- C:\Program Files\MTA San Andreas
2008-05-04 15:21 . <DIR> C:\Documents and Settings\cihi
2008-05-04 15:17 . 2008-05-04 15:17 <DIR> d-------- C:\Program Files\EA GAMES
2008-05-04 13:15 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-04 13:14 . 2008-05-04 13:15 <DIR> d-------- C:\Program Files\Java
2008-05-04 13:10 . 2008-05-04 13:10 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-03 19:20 . 2008-05-03 19:20 <DIR> d-------- C:\Program Files\Rockstar Games
2008-05-03 19:16 . 2007-10-30 19:20 360,064 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.old
2008-04-30 22:50 . 2008-04-30 22:51 <DIR> d-------- C:\Program Files\uTorrent
2008-04-30 13:27 . 2008-04-30 13:27 <DIR> d-------- C:\Program Files\Zaparit
2008-04-27 18:14 . 2008-04-27 18:14 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2008-04-27 18:13 . 2008-04-27 18:14 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-04-26 13:34 . 2008-04-26 13:34 <DIR> d-------- C:\Program Files\DIFX
2008-04-26 13:34 . 2008-04-26 13:34 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-04-26 13:33 . 2008-04-26 13:34 <DIR> d-------- C:\Program Files\Nokia
2008-04-26 13:33 . 2008-04-26 13:34 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-04-25 22:38 . 2008-05-03 19:56 <DIR> d-------- C:\Program Files\FlashGet
2008-04-25 13:51 . 2008-04-25 13:51 <DIR> d-------- C:\Program Files\Postal2
2008-04-25 13:47 . 1999-12-17 08:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-04-25 13:44 . 2008-04-26 09:17 <DIR> d-------- C:\Program Files\Postal2STP
2008-04-23 00:29 . 2008-04-23 00:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-04-20 14:30 . 2008-04-20 14:30 <DIR> d-------- C:\Program Files\Bonjour
2008-04-20 14:24 . 2008-04-20 14:24 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-20 10:39 . 2008-05-06 17:18 79 --a------ C:\WINDOWS\wcx_ftp.ini
2008-04-20 10:38 . 2008-04-20 10:38 <DIR> d-------- C:\totalcmd
2008-04-20 10:38 . 2008-05-06 17:18 864 --a------ C:\WINDOWS\wincmd.ini
2008-04-20 10:38 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\UC.PIF
2008-04-20 10:38 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\RAR.PIF
2008-04-20 10:38 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-04-20 10:38 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-04-20 10:38 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-04-20 10:38 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\LHA.PIF
2008-04-20 10:38 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\ARJ.PIF
2008-04-19 18:36 . 2008-04-19 18:36 <DIR> d-------- C:\Program Files\PowerISO
2008-04-19 14:39 . 2008-04-19 14:39 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-18 21:32 . 2008-04-18 21:33 5,120 --a------ C:\WINDOWS\system32\BReWErS.dll
2008-04-18 11:53 . 2008-05-08 19:20 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-18 11:40 . 2008-04-18 12:14 <DIR> d-------- C:\Program Files\Nero
2008-04-18 11:40 . 2008-04-18 11:41 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-18 10:57 . 2008-04-18 10:57 <DIR> d-------- C:\Program Files\AMD
2008-04-18 10:57 . 2007-06-29 14:47 34,304 --a------ C:\WINDOWS\system32\drivers\AmdLLD.sys
2008-04-17 20:21 . 2008-04-18 13:12 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-17 16:30 . 2008-04-17 16:34 <DIR> d-----
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.611 [GMT 2:00]
Running from: C:\Documents and Settings\čihi\Plocha\ComboFix.exe
Command switches used :: /killall
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\čihi\Data aplikací\ShoppingReport
C:\Documents and Settings\čihi\Data aplikací\ShoppingReport\cs\Config.xml
C:\Documents and Settings\čihi\Data aplikací\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\čihi\Data aplikací\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\čihi\Data aplikací\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\čihi\Data aplikací\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\čihi\Data aplikací\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\čihi\Data aplikací\ShoppingReport\cs\res2\WhiteList.dbs
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Uninst.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\andt.sys
C:\WINDOWS\system32\badckukc.ini
C:\WINDOWS\system32\comsa32.sys
C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\onWayccf.ini
C:\WINDOWS\system32\onWayccf.ini2
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\urqNEUMg.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PERFMONS
-------\Legacy_ROUTING
-------\Service_perfmons
-------\Service_Routing
((((((((((((((((((((((((( Files Created from 2008-04-11 to 2008-05-11 )))))))))))))))))))))))))))))))
.
2008-05-11 20:29 . 2008-05-11 20:29 22 --a------ C:\WINDOWS\pskt.ini
2008-05-11 18:29 . 2008-05-11 18:29 <DIR> d-------- C:\WINDOWS\system32\cs-CZ
2008-05-11 18:24 . 2008-05-11 18:24 <DIR> d-------- C:\Program Files\MSBuild
2008-05-11 18:23 . 2008-05-11 18:29 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-11 18:23 . 2008-05-11 18:23 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-05-11 18:22 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-05-11 18:20 . 2008-05-11 18:20 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-11 13:23 . 2008-05-11 13:23 116,736 --a------ C:\WINDOWS\system32\ckukcdab.dll
2008-05-11 13:20 . 2008-05-11 13:20 2,048 --a------ C:\WINDOWS\system32\gjdhvanw.exe
2008-05-11 13:18 . 2008-05-11 13:18 126,976 --a------ C:\WINDOWS\system32\wpbqblmj.dll
2008-05-10 08:24 . 2008-05-11 20:30 109,892 --a------ C:\WINDOWS\BM3b4e745f.xml
2008-05-09 11:10 . 2008-05-09 11:10 373,248 --a------ C:\WINDOWS\system32\fccyaWno.dll
2008-05-08 14:23 . 2008-05-08 14:23 <DIR> d-------- C:\Program Files\AutoHotkey
2008-05-07 14:05 . 2008-05-07 14:05 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-05-07 13:58 . 2008-05-07 13:58 <DIR> d-------- C:\WINDOWS\San Andreas Mod Installer
2008-05-07 13:58 . 2008-05-07 13:59 <DIR> d-------- C:\Program Files\San Andreas Mod Installer
2008-05-06 17:53 . 2008-05-06 17:53 23 --a------ C:\WINDOWS\BlendSettings.ini
2008-05-06 15:39 . 2008-05-06 15:39 <DIR> d-------- C:\Program Files\Bethesda Softworks
2008-05-06 06:12 . 2008-05-06 06:12 <DIR> d---s---- C:\Documents and Settings\LocalService\UserData
2008-05-05 21:27 . 2008-05-05 21:27 <DIR> d-------- C:\Program Files\MTA San Andreas
2008-05-04 15:21 . <DIR> C:\Documents and Settings\cihi
2008-05-04 15:17 . 2008-05-04 15:17 <DIR> d-------- C:\Program Files\EA GAMES
2008-05-04 13:15 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-04 13:14 . 2008-05-04 13:15 <DIR> d-------- C:\Program Files\Java
2008-05-04 13:10 . 2008-05-04 13:10 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-03 19:20 . 2008-05-03 19:20 <DIR> d-------- C:\Program Files\Rockstar Games
2008-05-03 19:16 . 2007-10-30 19:20 360,064 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.old
2008-04-30 22:50 . 2008-04-30 22:51 <DIR> d-------- C:\Program Files\uTorrent
2008-04-30 13:27 . 2008-04-30 13:27 <DIR> d-------- C:\Program Files\Zaparit
2008-04-27 18:14 . 2008-04-27 18:14 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2008-04-27 18:13 . 2008-04-27 18:14 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-04-26 13:34 . 2008-04-26 13:34 <DIR> d-------- C:\Program Files\DIFX
2008-04-26 13:34 . 2008-04-26 13:34 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-04-26 13:33 . 2008-04-26 13:34 <DIR> d-------- C:\Program Files\Nokia
2008-04-26 13:33 . 2008-04-26 13:34 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-04-25 22:38 . 2008-05-03 19:56 <DIR> d-------- C:\Program Files\FlashGet
2008-04-25 13:51 . 2008-04-25 13:51 <DIR> d-------- C:\Program Files\Postal2
2008-04-25 13:47 . 1999-12-17 08:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-04-25 13:44 . 2008-04-26 09:17 <DIR> d-------- C:\Program Files\Postal2STP
2008-04-23 00:29 . 2008-04-23 00:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-04-20 14:30 . 2008-04-20 14:30 <DIR> d-------- C:\Program Files\Bonjour
2008-04-20 14:24 . 2008-04-20 14:24 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-20 10:39 . 2008-05-06 17:18 79 --a------ C:\WINDOWS\wcx_ftp.ini
2008-04-20 10:38 . 2008-04-20 10:38 <DIR> d-------- C:\totalcmd
2008-04-20 10:38 . 2008-05-06 17:18 864 --a------ C:\WINDOWS\wincmd.ini
2008-04-20 10:38 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\UC.PIF
2008-04-20 10:38 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\RAR.PIF
2008-04-20 10:38 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-04-20 10:38 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-04-20 10:38 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-04-20 10:38 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\LHA.PIF
2008-04-20 10:38 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\ARJ.PIF
2008-04-19 18:36 . 2008-04-19 18:36 <DIR> d-------- C:\Program Files\PowerISO
2008-04-19 14:39 . 2008-04-19 14:39 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-18 21:32 . 2008-04-18 21:33 5,120 --a------ C:\WINDOWS\system32\BReWErS.dll
2008-04-18 11:53 . 2008-05-08 19:20 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-18 11:40 . 2008-04-18 12:14 <DIR> d-------- C:\Program Files\Nero
2008-04-18 11:40 . 2008-04-18 11:41 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-18 10:57 . 2008-04-18 10:57 <DIR> d-------- C:\Program Files\AMD
2008-04-18 10:57 . 2007-06-29 14:47 34,304 --a------ C:\WINDOWS\system32\drivers\AmdLLD.sys
2008-04-17 20:21 . 2008-04-18 13:12 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-17 16:30 . 2008-04-17 16:34 <DIR> d-----
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: HJT kontrola pls
Log z CF není celý, vlož sem zbytek co tu není.
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 98 hostů