Kontrola logu -> notebook odesílá obrovské množství dat Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: memphisto, Mods_senior, Security team

P.O.B
Level 2
Level 2
Příspěvky: 215
Registrován: listopad 06
Bydliště: Třinec
Pohlaví: Muž

Re: Kontrola logu -> notebook odesílá obrovské množství dat

Příspěvekod P.O.B » 12 pro 2009 23:12

Tak ok ;-)


logy jsou tady: (ve dvou postech, prý sem překročil limit znaků :(

OTL.txt:

OTL logfile created on: 12.12.2009 22:53:50 - Run 1
OTL by OldTimer - Version 3.1.16.0 Folder = C:\Documents and Settings\Admin\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,50 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 69,79% Memory free
3,55 Gb Paging File | 3,08 Gb Available in Paging File | 86,93% Paging File free
Paging file location(s): D:\pagefile.sys 2250 2250 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34,57 Gb Total Space | 2,32 Gb Free Space | 6,72% Space Free | Partition Type: FAT32
Drive D: | 35,06 Gb Total Space | 6,17 Gb Free Space | 17,60% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 1,86 Gb Total Space | 1,66 Gb Free Space | 89,06% Space Free | Partition Type: FAT
Drive G: | 963,70 Mb Total Space | 953,08 Mb Free Space | 98,90% Space Free | Partition Type: FAT
Drive H: | 3,76 Gb Total Space | 3,07 Gb Free Space | 81,82% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: ACER-ASPIRE-1
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009.12.12 22:49:12 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Plocha\OTL.exe
PRC - [2009.06.05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009.02.11 10:27:56 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009.01.19 14:49:36 | 00,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2008.04.14 05:22:56 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008.04.14 05:22:22 | 01,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.07.25 09:34:04 | 01,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007.03.12 18:30:16 | 00,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2006.11.02 20:40:12 | 00,174,656 | ---- | M] () -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
PRC - [2006.07.25 18:03:44 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006.04.28 16:43:34 | 00,401,408 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2006.04.06 19:30:46 | 00,086,016 | ---- | M] (Logitech) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2006.04.04 18:08:44 | 00,421,888 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2006.03.31 16:39:28 | 00,204,800 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
PRC - [2006.03.30 13:56:56 | 00,471,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2006.03.29 20:53:34 | 00,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2006.03.27 11:37:58 | 00,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
PRC - [2006.03.16 17:24:00 | 00,088,204 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2006.02.27 17:28:16 | 16,005,120 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2006.02.22 11:39:16 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006.02.17 15:26:32 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005.11.15 13:28:04 | 00,085,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2005.11.15 13:27:54 | 01,756,912 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2005.11.15 13:27:44 | 00,020,208 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2005.10.04 12:42:50 | 00,177,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005.10.04 12:42:42 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005.10.04 12:42:40 | 00,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005.02.16 16:15:20 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004.08.18 20:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe


========== Modules (SafeList) ==========

MOD - [2009.12.12 22:49:12 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Plocha\OTL.exe
MOD - [2008.04.14 05:21:46 | 01,028,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2006.04.06 19:30:46 | 00,086,016 | ---- | M] (Logitech) -- C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
MOD - [2005.10.11 13:18:54 | 00,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2004.08.18 20:00:00 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42loc.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - [2009.07.09 09:22:16 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca0066f5bf90) Služba Google Update (gupdate1ca0066f5bf90)
SRV - [2009.06.05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009.02.11 10:27:56 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009.01.19 14:49:36 | 00,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2007.11.07 15:21:52 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007.07.25 09:34:04 | 01,174,152 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007.03.12 18:30:16 | 00,517,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2006.11.02 20:40:12 | 00,174,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe -- (ProtexisLicensing)
SRV - [2006.07.25 18:03:44 | 02,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006.07.25 18:03:44 | 00,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006.04.06 19:30:46 | 00,086,016 | ---- | M] (Logitech) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2006.03.29 20:53:34 | 00,028,672 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2006.02.22 11:39:16 | 00,405,504 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006.02.17 15:26:32 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005.11.15 13:27:56 | 00,169,200 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005.11.15 13:27:54 | 01,756,912 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005.11.15 13:27:44 | 00,020,208 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005.11.14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.10.19 17:39:34 | 00,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005.10.04 12:42:50 | 00,177,776 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005.10.04 12:42:48 | 00,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005.10.04 12:42:42 | 00,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005.03.30 21:48:22 | 00,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2004.07.15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2003.07.28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009.08.29 09:46:36 | 00,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009.08.27 10:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091208.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2009.08.27 10:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009.08.27 10:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091208.002\NAVENG.SYS -- (NAVENG)
DRV - [2009.01.19 14:49:34 | 00,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008.04.13 20:36:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008.04.13 20:36:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008.04.13 18:36:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2007.11.13 11:25:52 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007.03.08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2006.04.21 13:54:40 | 00,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006.04.21 12:28:12 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2006.04.14 15:27:46 | 00,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (tvicport)
DRV - [2006.04.14 15:27:44 | 00,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)
DRV - [2006.04.14 15:27:44 | 00,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport)
DRV - [2006.04.06 19:30:46 | 02,400,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2006.04.06 19:30:46 | 00,016,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2006.04.06 03:46:42 | 01,097,472 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv321av.sys -- (lv321av) Logitech USB PC Camera (VC0321)
DRV - [2006.04.06 03:42:54 | 00,039,424 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006.03.16 17:24:00 | 01,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.02.27 18:47:00 | 04,241,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.02.22 11:46:26 | 01,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.01.18 18:41:58 | 00,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005.11.28 14:20:20 | 01,353,820 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005.11.27 07:36:08 | 01,427,968 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005.11.02 13:24:24 | 00,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005.10.19 17:39:04 | 00,195,728 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005.10.19 17:38:58 | 00,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005.09.20 10:30:00 | 00,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005.09.17 00:20:06 | 00,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005.08.26 14:22:50 | 00,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005.08.26 14:22:48 | 00,334,984 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005.04.24 11:08:36 | 00,003,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Unlocker\UnlockerDriver4.sys -- (UnlockerDriver4)
DRV - [2005.04.22 16:57:06 | 00,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005.04.22 16:57:06 | 00,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2005.03.30 21:48:20 | 00,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005.01.08 07:03:42 | 00,191,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004.12.08 14:10:00 | 00,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2004.08.18 20:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004.08.18 20:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004.08.18 20:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004.08.18 20:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004.08.18 20:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004.08.18 20:00:00 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004.08.18 20:00:00 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004.08.18 20:00:00 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004.08.18 20:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004.08.18 20:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004.08.18 20:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004.08.18 20:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004.08.18 20:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004.08.18 20:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004.08.18 20:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004.08.18 20:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4166220038-3016952256-2426117202-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
IE - HKU\S-1-5-21-4166220038-3016952256-2426117202-1011\S-1-5-21-4166220038-3016952256-2426117202-1011\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.07.09 09:25:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008.02.17 10:47:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008.02.17 10:47:08 | 00,000,000 | ---D | M]

[2009.11.26 06:59:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Extensions
[2009.11.26 06:59:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\6n5sxu7i.default\extensions
[2008.02.17 10:47:08 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.11.03 02:45:38 | 00,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.11.03 02:45:38 | 00,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.11.03 02:45:38 | 00,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.11.03 02:45:38 | 00,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.11.03 02:45:38 | 00,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: (737 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-4166220038-3016952256-2426117202-1011\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKU\S-1-5-21-4166220038-3016952256-2426117202-1011\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe ()
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
O4 - Startup: C:\Documents and Settings\Kucerova\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 1 = C:\WINDOWS\system32\portmap.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-4166220038-3016952256-2426117202-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4166220038-3016952256-2426117202-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O29 - HKLM SecurityProviders - (mcenspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.04.21 12:28:48 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 7 Days ==========

[2009.12.12 22:49:03 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Plocha\OTL.exe
[2009.12.12 19:08:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009.12.12 18:37:50 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009.12.12 18:37:50 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009.12.12 18:37:50 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009.12.12 18:37:50 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009.12.12 18:37:13 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009.12.12 18:36:46 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009.12.11 09:11:36 | 00,000,000 | -HSD | C] -- C:\FOUND.001
[2009.12.11 08:48:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Data aplikací\WinRAR
[2009.12.11 08:47:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin\OkiData
[2009.12.11 08:44:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Data aplikací\Macromedia
[2009.12.11 08:44:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Data aplikací\Adobe
[2009.12.11 08:27:52 | 00,000,000 | -HSD | C] -- C:\FOUND.000
[2009.12.09 14:26:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Data aplikací\Real
[2009.12.09 14:13:10 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009.12.09 14:10:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009.12.09 14:05:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\Symantec
[2009.12.09 13:21:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Dokumenty\Stažené soubory
[2009.12.09 12:59:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Data aplikací\Malwarebytes
[2009.12.09 12:56:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Plocha\student
[2009.12.09 12:54:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Plocha
[2009.12.09 11:40:38 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2009.09.11 10:48:34 | 00,881,152 | ---- | C] (David Macek) -- C:\Program Files\JpegResampler.exe
[2009.05.27 07:07:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Google
[2009.05.25 13:00:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Google
[2008.09.26 16:10:58 | 01,495,112 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe
[2007.10.05 15:44:33 | 00,646,180 | ---- | C] (C. Ghisler & Co.) -- C:\Program Files\WinCmd32.exe
[2007.10.03 12:56:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Apple
[2006.04.21 12:08:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2006.04.21 12:08:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2006.04.21 11:58:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2006.04.21 11:58:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2006.02.22 11:20:14 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll
[2004.11.24 19:25:52 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[28 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2009.12.12 22:49:12 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Plocha\OTL.exe
[2009.12.12 18:57:12 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.12.12 18:57:10 | 00,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009.12.12 18:57:08 | 00,000,416 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job
[2009.12.12 18:56:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.12.12 18:55:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.12.12 18:55:38 | 16,086,99904 | -HS- | M] () -- C:\hiberfil.sys
[2009.12.12 18:35:48 | 03,850,336 | R--- | M] () -- C:\Documents and Settings\Admin\Plocha\ComboFix.exe
[2009.12.12 18:31:58 | 00,554,320 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2009.12.12 18:30:12 | 01,749,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.12.12 18:29:16 | 01,048,576 | -H-- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2009.12.12 18:28:52 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Admin\ntuser.ini
[2009.12.11 12:44:02 | 00,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009.12.11 08:33:36 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\dds.scr
[2009.12.11 08:31:20 | 00,897,536 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009.12.11 08:31:20 | 00,384,930 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009.12.11 08:31:20 | 00,384,380 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2009.12.11 08:31:20 | 00,064,362 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2009.12.11 08:31:20 | 00,054,614 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009.12.11 07:55:58 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009.12.09 22:54:08 | 00,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009.12.09 14:13:14 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009.12.09 11:46:34 | 00,307,220 | ---- | M] () -- C:\Documents and Settings\Admin\Dokumenty\cc_20091209_114628.reg
[2009.12.09 11:46:04 | 00,148,324 | ---- | M] () -- C:\Documents and Settings\Admin\Dokumenty\cc_20091209_114524.reg
[28 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009.12.12 18:37:50 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009.12.12 18:37:50 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009.12.12 18:37:50 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009.12.12 18:35:13 | 03,850,336 | R--- | C] () -- C:\Documents and Settings\Admin\Plocha\ComboFix.exe
[2009.12.11 08:33:36 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Admin\Plocha\dds.scr
[2009.12.11 07:54:34 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009.12.09 14:13:13 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009.12.09 14:13:11 | 00,261,312 | ---- | C] () -- C:\cmldr
[2009.12.09 14:12:19 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009.12.09 14:12:18 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009.12.09 11:46:29 | 00,307,220 | ---- | C] () -- C:\Documents and Settings\Admin\Dokumenty\cc_20091209_114628.reg
[2009.12.09 11:45:59 | 00,148,324 | ---- | C] () -- C:\Documents and Settings\Admin\Dokumenty\cc_20091209_114524.reg
[2009.11.23 06:59:00 | 00,000,125 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\fusioncache.dat
[2009.06.03 08:26:36 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009.06.03 08:26:36 | 00,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009.05.13 13:37:04 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009.01.15 12:43:10 | 00,426,161 | ---- | C] () -- C:\Program Files\JpegResamplerNI.zip
[2008.07.29 13:13:21 | 00,000,326 | ---- | C] () -- C:\WINDOWS\OPHH.INI
[2008.04.14 08:54:25 | 00,001,379 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\QTSBandwidthCache
[2008.04.03 18:06:07 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2008.03.31 10:41:14 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2007.11.15 07:49:02 | 00,000,110 | ---- | C] () -- C:\WINDOWS\DEERFO~1.ini
[2007.10.29 13:43:11 | 00,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1018.dll
[2007.10.25 17:26:10 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007.10.10 09:41:01 | 00,000,990 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2007.09.10 08:04:27 | 00,000,365 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2007.07.30 14:15:42 | 00,011,521 | ---- | C] () -- C:\WINDOWS\MSUMLT_Q.ini
[2007.07.27 08:37:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007.07.23 07:55:20 | 00,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007.07.23 07:55:20 | 00,000,008 | RHS- | C] () -- C:\WINDOWS\System32\C3D517195C.sys
[2007.07.01 11:12:14 | 03,145,728 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007.07.01 10:59:22 | 00,517,632 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007.06.17 11:43:56 | 00,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007.06.12 11:21:26 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007.01.09 17:05:50 | 00,026,112 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2006.09.07 11:26:41 | 00,001,544 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2006.09.04 10:11:32 | 00,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.08.23 20:44:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NT.INI
[2006.08.23 20:42:15 | 00,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2006.08.23 20:38:20 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006.05.02 12:30:18 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.04.21 12:29:14 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2006.04.21 12:28:16 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2006.04.21 12:28:16 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2006.04.21 12:28:16 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2006.04.21 12:28:16 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2006.04.06 19:30:46 | 02,400,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys
[2006.04.06 19:30:46 | 00,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2006.03.31 18:19:42 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15.sys
[2006.03.31 18:19:42 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15_64.sys
[2006.03.10 14:15:44 | 00,036,404 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006.02.22 11:20:14 | 00,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll
[2005.12.14 20:59:52 | 00,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005.11.30 19:48:46 | 00,013,227 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2005.10.31 18:17:38 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005.10.14 11:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 11:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.03.28 15:45:26 | 00,000,083 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2004.10.03 17:50:54 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004.08.18 20:00:00 | 00,003,568 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.01.13 18:46:00 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003.05.14 14:20:44 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\HPBVNSTP.dll
[2003.04.09 15:38:04 | 00,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001.12.26 15:12:30 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001.10.28 17:42:30 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2001.09.03 22:46:38 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1999.01.27 13:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997.06.13 07:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2007.07.27 11:00:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ACD Systems
[2008.01.09 10:38:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.06.09 17:05:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2009.07.09 12:01:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009.08.03 13:32:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SweetIM
[2009.08.21 13:55:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Winferno
[2007.10.07 14:54:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kucerova\Data aplikací\ACD Systems
[2007.10.10 08:49:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kucerova\Data aplikací\PDFCreator
[2007.10.23 17:00:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kucerova\Data aplikací\InterVideo
[2007.12.24 16:11:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kucerova\Data aplikací\BSplayer
[2007.12.24 16:11:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kucerova\Data aplikací\BSplayer Pro
[2008.01.09 10:38:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kucerova\Data aplikací\Souptoys
[2008.06.21 11:32:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kucerova\Data aplikací\PanoramaStudio
[2008.09.23 14:02:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kucerova\Data aplikací\Jpeg Resampler
[2008.10.11 23:13:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kucerova\Data aplikací\uTorrent
[2008.11.10 10:47:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kucerova\Data aplikací\XnView
[2009.04.20 14:55:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kucerova\Data aplikací\Opera
[2009.06.03 08:25:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kucerova\Data aplikací\Samsung
[2009.07.30 06:19:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kucerova\Data aplikací\Bitstream
[2007.12.29 10:57:54 | 00,000,112 | ---- | M] () -- C:\WINDOWS\Tasks\Critical Battery Alarm Program.job
[2008.08.13 16:25:32 | 00,000,112 | ---- | M] () -- C:\WINDOWS\Tasks\Low Battery Alarm Program.job
[2009.12.12 18:57:08 | 00,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\PCConfidential.job

========== Purity Check ==========


< End of report >



Reklama
P.O.B
Level 2
Level 2
Příspěvky: 215
Registrován: listopad 06
Bydliště: Třinec
Pohlaví: Muž

Re: Kontrola logu -> notebook odesílá obrovské množství dat

Příspěvekod P.O.B » 12 pro 2009 23:16

Extras.txt:


OTL Extras logfile created on: 12.12.2009 22:53:50 - Run 1
OTL by OldTimer - Version 3.1.16.0 Folder = C:\Documents and Settings\Admin\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,50 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 69,79% Memory free
3,55 Gb Paging File | 3,08 Gb Available in Paging File | 86,93% Paging File free
Paging file location(s): D:\pagefile.sys 2250 2250 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34,57 Gb Total Space | 2,32 Gb Free Space | 6,72% Space Free | Partition Type: FAT32
Drive D: | 35,06 Gb Total Space | 6,17 Gb Free Space | 17,60% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 1,86 Gb Total Space | 1,66 Gb Free Space | 89,06% Space Free | Partition Type: FAT
Drive G: | 963,70 Mb Total Space | 953,08 Mb Free Space | 98,90% Space Free | Partition Type: FAT
Drive H: | 3,76 Gb Total Space | 3,07 Gb Free Space | 81,82% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: ACER-ASPIRE-1
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [JpegResamplerDir] -- Reg Error: Key error.
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acer\Acer Arcade\PCMService.exe" = C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- File not found
"C:\DC\StrongDC.exe" = C:\DC\StrongDC.exe:*:Enabled:StrongDC++ -- File not found
"C:\Program Files\QIP\qip.exe" = C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager -- File not found
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath -- File not found
"C:\Documents and Settings\Kucerova\Plocha\QIP\qip.exe" = C:\Documents and Settings\Kucerova\Plocha\QIP\qip.exe:*:Enabled:Quiet Internet Pager -- File not found
"C:\Documents and Settings\Kucerova\Local Settings\Temp\Rar$EX05.687\StrongDC.exe" = C:\Documents and Settings\Kucerova\Local Settings\Temp\Rar$EX05.687\StrongDC.exe:*:Enabled:StrongDC++ -- File not found
"C:\Documents and Settings\Kucerova\Local Settings\Temp\Rar$EX67.953\StrongDC.exe" = C:\Documents and Settings\Kucerova\Local Settings\Temp\Rar$EX67.953\StrongDC.exe:*:Enabled:StrongDC++ -- File not found
"C:\Documents and Settings\Kucerova\Local Settings\Temp\Rar$EX06.046\StrongDC.exe" = C:\Documents and Settings\Kucerova\Local Settings\Temp\Rar$EX06.046\StrongDC.exe:*:Enabled:StrongDC++ -- File not found
"C:\Documents and Settings\Kucerova\Local Settings\Temp\Rar$EX00.984\StrongDC.exe" = C:\Documents and Settings\Kucerova\Local Settings\Temp\Rar$EX00.984\StrongDC.exe:*:Enabled:StrongDC++ -- File not found
"C:\Documents and Settings\Kucerova\Plocha\StrongDC.exe" = C:\Documents and Settings\Kucerova\Plocha\StrongDC.exe:*:Enabled:StrongDC++ -- File not found
"C:\Documents and Settings\Kucerova\Local Settings\Temp\Rar$EX02.438\CZDCPlusPlus.exe" = C:\Documents and Settings\Kucerova\Local Settings\Temp\Rar$EX02.438\CZDCPlusPlus.exe:*:Enabled:CZDC++ -- File not found
"C:\Documents and Settings\Kucerova\Local Settings\Temp\Rar$EX00.141\StrongDC.exe" = C:\Documents and Settings\Kucerova\Local Settings\Temp\Rar$EX00.141\StrongDC.exe:*:Enabled:StrongDC++ -- File not found
"C:\Documents and Settings\Kucerova\Local Settings\Temp\Rar$EX00.359\StrongDC.exe" = C:\Documents and Settings\Kucerova\Local Settings\Temp\Rar$EX00.359\StrongDC.exe:*:Enabled:StrongDC++ -- File not found
"C:\Documents and Settings\Kucerova\Local Settings\Temp\Rar$EX02.391\StrongDC.exe" = C:\Documents and Settings\Kucerova\Local Settings\Temp\Rar$EX02.391\StrongDC.exe:*:Enabled:StrongDC++ -- File not found
"C:\Program Files\StrongDC++2.03\StrongDC.exe" = C:\Program Files\StrongDC++2.03\StrongDC.exe:*:Enabled:StrongDC++ -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Digsby\LIB\digsby-app.exe" = C:\Program Files\Digsby\LIB\digsby-app.exe:*:Enabled:Digsby IM -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{63218538-4A69-497F-8455-904261B0E9E4}" = CorelDRAW Graphics Suite X3
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator 0.8.0
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}" = Acer eSettings Management
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32A72502-BC2C-4C39-ACEA-BC3D463F0697}" = EN
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{46B63F23-2B4A-4525-A827-688026BE5E40}" = Symantec AntiVirus
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{63218538-4A69-497F-8455-904261B0E9E4}" = CorelDRAW Graphics Suite X3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7057702F-6D71-4F30-8000-9E72BC771887}" = Acer ePerformance Management
"{76AC1AEB-1167-4ABC-8861-4E58392A5B7F}" = Acer OrbiCam Software
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}" = SweetIM Toolbar for Internet Explorer 3.4
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1029-7B44-A81200000003}" = Adobe Reader 8 - Czech
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
"{D755C7A3-C03E-4460-8C00-AC6E55505FB5}" = LightScribe 1.4.74.1
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E848C9C0-E6FF-4A3F-9D67-AE53AC3628FE}" = SweetIM for Messenger 2.7
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{FF698806-06EA-4C79-A944-329BF041B614}" = ATI Catalyst Control Center
"µTorrent CZ_is1" = µTorrent CZ 1.8.1 (build 12639)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Balíček ovladače systému Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Balíček ovladače systému Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"ACDSee 2009 Photo Manager Build 85" = Čeština do ACDSee 2009 Photo Manager Build 85
"AcerOrbiCamDrv" = Acer OrbiCam Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"ATI Display Driver" = ATI Display Driver
"BSPlayerf" = BS.Player FREE powered by AdVantage
"CCleaner" = CCleaner (remove only)
"České pohádky v MP3_is1" = 1.0h
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"HP-LaserJet 1018" = LaserJet 1018
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 6.0" = RealPlayer
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"Unlocker" = Unlocker 1.6.6
"Winamp" = Winamp
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XnView_is1" = XnView 1.82.4
"XP Codec Pack" = XP Codec Pack
"XStandard" = XStandard

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11.12.2009 4:13:55 | Computer Name = ACER-ASPIRE-1 | Source = WinMgmt | ID = 24
Description = Zprostředkovatel událostí se pokusil zaregistrovat dotaz select *
from CIntelDot1xEvent, jehož cílová třída CIntelDot1xEvent neexistuje. Dotaz bude
přeskočen.

Error - 12.12.2009 12:50:30 | Computer Name = ACER-ASPIRE-1 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 12.12.2009 12:51:28 | Computer Name = ACER-ASPIRE-1 | Source = WinMgmt | ID = 24
Description = Zprostředkovatel událostí se pokusil zaregistrovat dotaz select *
from CIntelWLANEvent, jehož cílová třída CIntelWLANEvent neexistuje. Dotaz bude přeskočen.

Error - 12.12.2009 12:51:28 | Computer Name = ACER-ASPIRE-1 | Source = WinMgmt | ID = 24
Description = Zprostředkovatel událostí se pokusil zaregistrovat dotaz select *
from CIntelDot1xEvent, jehož cílová třída CIntelDot1xEvent neexistuje. Dotaz bude
přeskočen.

Error - 12.12.2009 13:30:34 | Computer Name = ACER-ASPIRE-1 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 12.12.2009 13:31:57 | Computer Name = ACER-ASPIRE-1 | Source = WinMgmt | ID = 24
Description = Zprostředkovatel událostí se pokusil zaregistrovat dotaz select *
from CIntelWLANEvent, jehož cílová třída CIntelWLANEvent neexistuje. Dotaz bude přeskočen.

Error - 12.12.2009 13:31:57 | Computer Name = ACER-ASPIRE-1 | Source = WinMgmt | ID = 24
Description = Zprostředkovatel událostí se pokusil zaregistrovat dotaz select *
from CIntelDot1xEvent, jehož cílová třída CIntelDot1xEvent neexistuje. Dotaz bude
přeskočen.

Error - 12.12.2009 13:56:22 | Computer Name = ACER-ASPIRE-1 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 12.12.2009 13:57:42 | Computer Name = ACER-ASPIRE-1 | Source = WinMgmt | ID = 24
Description = Zprostředkovatel událostí se pokusil zaregistrovat dotaz select *
from CIntelWLANEvent, jehož cílová třída CIntelWLANEvent neexistuje. Dotaz bude přeskočen.

Error - 12.12.2009 13:57:42 | Computer Name = ACER-ASPIRE-1 | Source = WinMgmt | ID = 24
Description = Zprostředkovatel událostí se pokusil zaregistrovat dotaz select *
from CIntelDot1xEvent, jehož cílová třída CIntelDot1xEvent neexistuje. Dotaz bude
přeskočen.

[ System Events ]
Error - 12.12.2009 13:38:05 | Computer Name = ACER-ASPIRE-1 | Source = NetBT | ID = 4321
Description = Název TRISIA TECHNIKA:1d nelze zaregistrovat v rozhraní s adresou
IP 10.0.0.3. Počítač s adresou IP 10.0.0.1 nepovolil získání názvu tímto počítačem.

Error - 12.12.2009 13:38:45 | Computer Name = ACER-ASPIRE-1 | Source = Service Control Manager | ID = 7034
Description = Služba ProtexisLicensing byla neočekávaně ukončena. Tento stav nastal
již 1krát.

Error - 12.12.2009 13:43:15 | Computer Name = ACER-ASPIRE-1 | Source = NetBT | ID = 4321
Description = Název TRISIA TECHNIKA:1d nelze zaregistrovat v rozhraní s adresou
IP 10.0.0.3. Počítač s adresou IP 10.0.0.1 nepovolil získání názvu tímto počítačem.

Error - 12.12.2009 13:45:10 | Computer Name = ACER-ASPIRE-1 | Source = NetBT | ID = 4321
Description = Název TRISIA TECHNIKA:1d nelze zaregistrovat v rozhraní s adresou
IP 10.0.0.3. Počítač s adresou IP 10.0.0.1 nepovolil získání názvu tímto počítačem.

Error - 12.12.2009 13:45:10 | Computer Name = ACER-ASPIRE-1 | Source = BROWSER | ID = 8009
Description = Prohledávač se nemůže povýšit na hlavní prohledávač. Za hlavní prohledávač
se
aktuálně považuje počítač MARIE.

Error - 12.12.2009 13:50:20 | Computer Name = ACER-ASPIRE-1 | Source = NetBT | ID = 4321
Description = Název TRISIA TECHNIKA:1d nelze zaregistrovat v rozhraní s adresou
IP 10.0.0.3. Počítač s adresou IP 10.0.0.1 nepovolil získání názvu tímto počítačem.

Error - 12.12.2009 13:56:48 | Computer Name = ACER-ASPIRE-1 | Source = Service Control Manager | ID = 7000
Description = Služba eLock2BurnerLockDriver neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 12.12.2009 13:56:48 | Computer Name = ACER-ASPIRE-1 | Source = Service Control Manager | ID = 7000
Description = Služba eLock2FSCTLDriver neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 12.12.2009 13:56:48 | Computer Name = ACER-ASPIRE-1 | Source = Service Control Manager | ID = 7000
Description = Služba Cyberlink RichVideo Service(CRVS) neuspěla při spuštění v důsledku
následující chyby: %%2

Error - 12.12.2009 17:48:47 | Computer Name = ACER-ASPIRE-1 | Source = MRxSmb | ID = 8003
Description = Hlavní prohledávač přijal oznámení serveru od počítače ADMINISTRATOR,
který
se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{52BC026B-17DA-.
Hlavní
prohledávač bude ukončen nebo bude vyvolána volba.


< End of report >


Tak to by mělo být vše... To jsou teda dlouhé logy...

pitimir
Level 3.5
Level 3.5
Příspěvky: 850
Registrován: srpen 09
Pohlaví: Muž

Re: Kontrola logu -> notebook odesílá obrovské množství dat

Příspěvekod pitimir » 13 pro 2009 11:00

1) ComboFixu sa ale nieco podarilo zmazat...

Skus najprv toto:
Start -> Spustit -> (napis) notepad C:\ComboFix.txt
Enter.

Mal by sa otvorit textovy subor, jeho obsah sem vloz. Pripadne sa este skus popozerat po textaku s nazvom bug.txt.


2) Skopiruj do policka pod nazvom "Custom Scans/Fixes":

Kód: Vybrat vše

:otl
SRV - File not found [Auto | Stopped] -- -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
O3 - HKU\S-1-5-21-4166220038-3016952256-2426117202-1011\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKU\S-1-5-21-4166220038-3016952256-2426117202-1011\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 1 = C:\WINDOWS\system32\portmap.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Obje
O29 - HKLM SecurityProviders - (mcenspc.dll) - File not found
[2009.12.11 09:11:36 | 00,000,000 | -HSD | C] -- C:\FOUND.001
[2009.12.11 08:27:52 | 00,000,000 | -HSD | C] -- C:\FOUND.000
[28 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

:commands
[reboot]

Klikni na "Run Fix". Program zacne pracovat, mozny je restart PC. Po nom by sa ti mal objavit log, ten by som rad videl.
Nemam rad amaterizmus...

A adresat odkazu to vie :)

P.O.B
Level 2
Level 2
Příspěvky: 215
Registrován: listopad 06
Bydliště: Třinec
Pohlaví: Muž

Re: Kontrola logu -> notebook odesílá obrovské množství dat

Příspěvekod P.O.B » 13 pro 2009 14:48

takže:

ad1) nide nic, bohužel ni jeden ze souborů nenalezen :-(

ad2) tady se mi něco "povedlo"
- nejdřív sem zkopíroval ten text do OTL a dal Run fix. Program normálně začal pracoval, jenže asi po minutě se vypla obrazovka a notebook nereagoval, ani nebylo slyšet ventilátor (který jinak hlučí fest), tak sem zmáčkl zypínací tlačítko a ouha, obraz se zapl a book začal vypínat... no, zanadával sem si jaký sem krypl a book znovu zapl...
- systém normálně najel ale samosebou, že žádný log tam nebyl... tak si říkám, ok, zkusím to znovu, asi OTL nedokončil práci, než sem ho vypnul... tak znovu zkopíruju text, a otevřu OTL a koukám, že on se mi spouští CF (nevím jak, prostě se mi podařilo poklepat špatnou ikonku...
Tak sem nechal CF pracovat (nezeptal se mne na zřeknutí záruky, tak sem ho jinak vypínat nechtěl... CF pracoval normálně (zase hláška s logitechem) až pak mezi dokončením fází a "mažu soubory" vypsal, že "System file is infected! Attempting to restore" (file C:\system32\Drivers\ndis.sys). Po "mažu soubory" CF opět spadl...
Po restartu sem tedy znovu spustil OTL a dal run fix, OTL dokončil co měl a chtěl restart, po restartu ale nikde žádný log...
Tak sem to zkusil ještě jednou, proces proběhl tentokráte bleskurychle a OTL zobrazil log:

========== OTL ==========
Error: No service named RichVideo) Cyberlink RichVideo Service(CRVS was found to stop!
Unable to stop service RichVideo) Cyberlink RichVideo Service(CRVS!
Error: No service named iPod Service was found to stop!
Unable to stop service iPod Service!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-4166220038-3016952256-2426117202-1011\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ not found.
Registry value HKEY_USERS\S-1-5-21-4166220038-3016952256-2426117202-1011\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\1 not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:mcenspc.dll deleted successfully.
Folder C:\FOUND.001\ not found.
Folder C:\FOUND.000\ not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
File boot] not found.

OTL by OldTimer - Version 3.1.16.0 log created on 12132009_142800



Tak, teď pochopím, když mi řekneš, že sem kretén, ať si s tím dělám chci...

vím, moc blbých náhod najednou (ale s tím vypnutím obrazu... ten book nevydrží ani sekundu na baterii, tak sem si opravdu myslel, že se vypnul, až pak sem se podíval, že je povytažený konektor napájení a obraz se vypínal, protože jel na baterku - což nechápu, protože na baterku je fakt mrtvý...)

pitimir
Level 3.5
Level 3.5
Příspěvky: 850
Registrován: srpen 09
Pohlaví: Muž

Re: Kontrola logu -> notebook odesílá obrovské množství dat

Příspěvekod pitimir » 13 pro 2009 15:04

Pre buducnost - treba si dat kafe a pockat, co to spravi...len velmi malo utilit robi dlhsie nez 10-15 minut.

K tvojmu problemu - moje predpovede sa potvrdili, mas infikovany driver a zjavne si s nim nikto a nic nevie poradit.


Takze:
- dostan sa do nudzoveho rezimu (odteraz robime vsetko v nom)
- spustis rkill
- spustis ComboFix s tymto CFScriptom:

Kód: Vybrat vše

KillAll::
StepDel::


Ak by sa nepodarilo ani tentokrat, sprav novy log z OTL. Uvidime, ako sme pokrocili tam, pozrieme sa po pripadnych nahradach za infikovany kus ovladaca a skusime este raz ComboFix.
Nemam rad amaterizmus...

A adresat odkazu to vie :)

P.O.B
Level 2
Level 2
Příspěvky: 215
Registrován: listopad 06
Bydliště: Třinec
Pohlaví: Muž

Re: Kontrola logu -> notebook odesílá obrovské množství dat

Příspěvekod P.O.B » 13 pro 2009 17:01

To bude asi tím, já kafe nepiju... Radši sem si dal čaj ;-)

Ale z5:

CombFix pracoval jak měl :-)

o logitechu už nic nepsal (myslí, teď mě to spletlo..)
před fázemi smazal C:\Thumbs.db
ve fázi 10 další výmazy
pak restart, po náběhu z5 do nouzového (se sítí) vypsal, že nemůže nalézt nějaký svůj soubor (bohužel sem si to nestihl napsat...)
a pak vyhodil log:


ComboFix 09-12-11.05 - Admin 13.12.2009 16:19:41.6.2 - FAT32x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1534.1288 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Symantec AntiVirus\SRTPV.DAT
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\documents and settings\Admin\Dokumenty\cc_20091209_114524.reg
c:\documents and settings\Kucerova\Dokumenty\cc_20091001_154913.reg
c:\documents and settings\Kucerova\Dokumenty\cc_20091001_154954.reg
C:\Thumbs.db
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Soubory vytvořené od 2009-11-13 do 2009-12-13 )))))))))))))))))))))))))))))))
.

2009-12-13 11:45 . 2009-12-13 11:45 -------- d-----w- C:\_OTL
2009-12-11 07:47 . 2009-12-11 07:47 -------- d-----w- c:\documents and settings\Admin\OkiData
2009-12-09 11:54 . 2009-12-09 11:54 -------- d-----w- c:\documents and settings\All Users\Plocha
2009-11-23 05:59 . 2009-11-23 05:59 -------- d-----r- c:\documents and settings\Admin\Oblíbené položky
2009-11-23 05:59 . 2009-11-23 05:59 -------- d-----r- c:\documents and settings\Admin\Dokumenty
2009-11-23 05:59 . 2006-04-21 10:58 -------- d--h--w- c:\documents and settings\Admin\Okolní tiskárny
2009-11-23 05:59 . 2006-04-21 10:58 -------- d--h--w- c:\documents and settings\Admin\Okolní síť
2009-11-23 05:59 . 2006-04-21 10:58 -------- d--h--w- c:\documents and settings\Admin\Šablony
2009-11-23 05:59 . 2006-04-21 10:58 -------- d--h--r- c:\documents and settings\Admin\Data aplikací
2009-11-23 05:59 . 2006-04-21 10:58 -------- d-----w- c:\documents and settings\Admin\Plocha
2009-11-23 05:59 . 2006-04-21 10:58 -------- d-----r- c:\documents and settings\Admin\Nabídka Start
2009-11-23 05:58 . 2009-11-23 05:59 -------- d-----w- c:\documents and settings\Admin

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-11 07:31 . 2006-05-02 13:00 64362 ----a-w- c:\windows\system32\perfc005.dat
2009-12-11 07:31 . 2006-05-02 13:00 384380 ----a-w- c:\windows\system32\perfh005.dat
2009-12-03 15:14 . 2009-06-08 10:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-06-08 10:48 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-13 07:16 . 2007-07-23 06:55 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-10-29 07:45 . 2006-01-09 19:08 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:45 . 2004-08-18 19:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:45 . 2004-08-18 19:00 17408 ------w- c:\windows\system32\corpol.dll
2009-10-23 11:35 . 2009-10-23 11:35 -------- d-----w- c:\program files\Xi
2009-10-21 05:40 . 2004-08-18 19:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-18 19:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-18 19:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2004-08-18 19:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2004-08-18 19:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2004-08-18 19:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-01-15 11:43 . 2009-01-15 11:43 426161 ----a-w- c:\program files\JpegResamplerNI.zip
2008-09-26 15:11 . 2008-09-26 15:10 1495112 ----a-w- c:\program files\install_flash_player.exe
2008-05-23 15:22 . 2009-09-11 09:48 881152 ----a-w- c:\program files\JpegResampler.exe
2002-09-16 04:11 . 2007-10-05 14:44 646180 ----a-w- c:\program files\WinCmd32.exe
2007-07-23 06:55 . 2007-07-23 06:55 8 --sh--r- c:\windows\system32\C3D517195C.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-05-20 13:36 1258808 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-16 88204]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-27 16005120]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 204800]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-04 421888]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 471040]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 401408]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-11-15 85744]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-09 198160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Kucerova\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-3-27 45056]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remove Temp OrderReminder Uninstaller]
del [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2005-08-25 13:21 53248 ------w- c:\program files\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImageItEncrypt]
2005-12-30 13:02 40960 ----a-w- c:\windows\system32\ImageItEncrypt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
2006-04-06 18:00 331776 ----a-w- c:\program files\Acer\OrbiCam\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
2004-11-01 17:22 262144 ----a-w- c:\windows\system32\ElkCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
2006-04-06 18:06 73728 ----a-w- c:\program files\Acer\OrbiCam\InstallHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-12-03 15:14 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2009-12-03 15:14 429392 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 16:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2009-05-20 14:11 111928 ----a-r- c:\program files\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\StrongDC++2.03\\StrongDC.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=

S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [3.6.2009 8:26 233472]
S2 gupdate1ca0066f5bf90;Služba Google Update (gupdate1ca0066f5bf90);c:\program files\Google\Update\GoogleUpdate.exe [9.7.2009 9:22 133104]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8.6.2009 16:01 102448]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [3.6.2009 8:26 36608]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [30.11.2005 20:28 1097472]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [15.11.2005 13:27 169200]
S3 UnlockerDriver4;UnlockerDriver4 Driver;c:\program files\Unlocker\UnlockerDriver4.sys [24.4.2005 11:08 3584]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://global.acer.com
mLocal Page =
mStart Page = hxxp://home.sweetim.com
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\6n5sxu7i.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\xstandard\Bin\NPXStandard.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-AutoStartNPSAgent - c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
AddRemove-_{63218538-4A69-497F-8455-904261B0E9E4} - c:\program files\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {63218538-4A69-497F-8455-904261B0E9E4}



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-13 16:46
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(208)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-12-13 16:50:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-13 15:50
ComboFix2.txt 2009-12-13 11:43

Před spuštěním: 4 103 274 496
Po spuštění: 4 100 030 464

- - End Of File - - E1A6F3ADE1C008F01EEC63B1C786EA35


Udělat ještě log i z OTL? Nebo zatím stačí toto?

P.O.B
Level 2
Level 2
Příspěvky: 215
Registrován: listopad 06
Bydliště: Třinec
Pohlaví: Muž

Re: Kontrola logu -> notebook odesílá obrovské množství dat

Příspěvekod P.O.B » 13 pro 2009 17:05

Teď koukám, že CF smazal taky nějaké zálohy registrů z Ccleaneru, když ho používám, dělat zálohy nebo je to potencionálně nebezpečné?

pitimir
Level 3.5
Level 3.5
Příspěvky: 850
Registrován: srpen 09
Pohlaví: Muž

Re: Kontrola logu -> notebook odesílá obrovské množství dat

Příspěvekod pitimir » 13 pro 2009 17:39

Pytal som sa na to uz pred casom autora CF, zatial sa nejak neunuval napisat...takze neviem v com je problem.
Ale z mojich skusenosti (a to uz CCleaner pouzivam nejaky ten piatok) backup robit netreba.

Mohol by si znova skusit spustit GMER? CF je cisty, pozrieme sa na rootkity.
Nemam rad amaterizmus...

A adresat odkazu to vie :)

P.O.B
Level 2
Level 2
Příspěvky: 215
Registrován: listopad 06
Bydliště: Třinec
Pohlaví: Muž

Re: Kontrola logu -> notebook odesílá obrovské množství dat

Příspěvekod P.O.B » 13 pro 2009 17:59

GMER sem spustil, ale po skončení scanu nevylezl žádný log automaticky, tak tady je obsah přes "Copy"


GMER 1.0.15.15273 - http://www.gmer.net
Rootkit quick scan 2009-12-13 17:54:53
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\pxtiiuob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----



Mám se dál řídit tvým návodem z předchozích postů?
tzn: zašrtnou položky kromě... a skenovat? nebo nechat zaškrtlé vše a skenovat znova?

Jo a disk D: není zašrtnutý, je to ok?

pitimir
Level 3.5
Level 3.5
Příspěvky: 850
Registrován: srpen 09
Pohlaví: Muž

Re: Kontrola logu -> notebook odesílá obrovské množství dat

Příspěvekod pitimir » 14 pro 2009 18:05

OK, teraz zaskrtni vsetko a sprav dalsi log.
Nemam rad amaterizmus...

A adresat odkazu to vie :)

P.O.B
Level 2
Level 2
Příspěvky: 215
Registrován: listopad 06
Bydliště: Třinec
Pohlaví: Muž

Re: Kontrola logu -> notebook odesílá obrovské množství dat

Příspěvekod P.O.B » 14 pro 2009 19:13

OK, zde je nový log ;-) Mám pocit, že vypadá stejně...


GMER 1.0.15.15273 - http://www.gmer.net
Rootkit scan 2009-12-14 19:11:41
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\pxtiiuob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

pitimir
Level 3.5
Level 3.5
Příspěvky: 850
Registrován: srpen 09
Pohlaví: Muž

Re: Kontrola logu -> notebook odesílá obrovské množství dat

Příspěvekod pitimir » 14 pro 2009 20:47

To sa mi nechce verit :)
Ale budiz, mozne je vsetko.

Stiahni MWAV. Spust ho a riad sa instrukciami. Aktualizuj ho a nastav parametre.

Po scane skopiruj log zo spodneho okna.
Nemam rad amaterizmus...

A adresat odkazu to vie :)


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 7 hostů