Prosím zkontrolovat log Vyřešeno

[notorik]

Prosím o kontrolu logu

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:28:18, on 14.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI

Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft

Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\KeePass Password Safe\KeePass.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page

= http://www.atlas.cz/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search

Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page

= http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: IE7Pro -

{00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program

Files\IEPro\iepro.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -

{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl -

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar -

{32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program

Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI

Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program

Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program

Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common

Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe"

-Embedding -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero

BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "D:\Program

Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL

SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK

SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program

Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to AMV Convert Tool... -

D:\Programy\AMVConverter\grab.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft

Office Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab

multimedia file - D:\Programy\MediaManager\grab.html
O9 - Extra button: IE7Pro Preferences -

{0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program

Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences -

{0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program

Files\IEPro\iepro.dll
O9 - Extra button: Přeložit -

{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program

Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) -

{2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program

Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... -

{2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program

Files\Verdict Free\etnxp.dll
O9 - Extra button: Zdroje informací -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B}

(OnlineScanner Control) -

http://www.eset.cz/buxus/docs/OnlineScanner.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4}

(MUCatalogWebControl Class) -

http://catalog.update.microsoft.com/v7/ ... l/en/x86/M

uCatalogWebControl.cab?1202995789281
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166}

(Windows Live Safety Center Base Module) -

http://cdn.scan.onecare.live.com/resour ... canner/wls

cbase1140.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://www.update.microsoft.com/microso ... 5Controls/

en/x86/client/muweb_site.cab?1199105007828
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}

(OnlineScanner Control) -

http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}

(Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/s ... bs/flash/s

wflash.cab
O16 - DPF: {F680B28A-3AEE-4C88-93ED-45AE9215C128}

(CryptSignX Control) -

http://adisspr.mfcr.cz/adistc/adis/idpr ... tsignx.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -

C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) -

Unknown owner - C:\Program

Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) -

Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset -

C:\Program Files\Eset\nod32krn.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 7280 bytes

[Reklama]

[Damned]

To bylo takhle v logu, nebo si to odsázel ty? Nebo si jen vybíral části co ti špatně znějí v uších? Příště sem log zkopíruj tak jak je v texťáku. Odinstaluj si Daemon Tools Toolbar.

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O24 - Desktop Component 0: (no name) - (no file)
****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[notorik]

Logy jsou vkládány přes Ctrl+A, +C, +V

Malwarebytes' Anti-Malware 1.40
Verze databáze: 2622
Windows 5.1.2600 Service Pack 3

14.8.2009 14:31:46
mbam-log-2009-08-14 (14-31-46).txt

Typ skenu: Rychlý sken
Objektu skenováno: 87247
Uplynulý cas: 3 minute(s), 39 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[Damned]

Pokud je to jen kontrola a nemáš problémy s PC, je to vše.

[notorik]

Díky za kontrolu a radu, jiné problémy s činností PC nemám.
Jediný "problém" momentálně mám s výsledkem testu bezpečnosti na www.paranoia.cz, který mi ukazuje jisté nedostatky zabezpečení PC, ale jsou v angličtině, takže nevím so s tím. Nemá s tím někdo nějaké zkušenosti?

[Damned]

Pokud máš z toho log, vlož ho sem.

Stáhni si Security Check by screen317 nebo Security Check by screen317 a ulož si ho na Plochu.
Dvojklikem ho spusť a následuj instrukce v černém okně. Po skončení se vytvoří soubor checkup.txt. Ten mi sem zkopíruj

[notorik]

Results of screen317's Security Check version 0.98.7
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner


Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner (remove only)
Java(TM) 6 Update 15
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 8 - Czech
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent

Eset nod32kui.exe
Eset nod32krn.exe

``````````````````````````````
DNS Vulnerability Check:
POOR! (NOT RANDOM-- Consider OPENDNS)

`````````End of Log```````````

[Damned]

Máš tam zbytečně starý verze Javy (Javu je asi lepší odinstalovat, vyčistit PC a registry a pak nainstalovat novější verzi).
Stará verze Adobe, já ho nemám, netuším jaká je novější.
Neaktualizovaný antivir. Asi starší verze než je dostupná. SCH to kontroluje na stránkách výrobce pomocí Update kanálu.

[Damned]

Ještě jsem zapoměl. Máš asi něco s DNS, buď tam je nějakej špatnej zápis, nebo ti někdo něco otvírá bez dovolení. Nebo máš nějaký volný porty pořžád otevřený.
Zkus si ten test udělat znovu, a napiš co ti píše, že je špatné. Mě to píše jen v zeleným.

[notorik]

Vybráno to špatné z výsledku testu:


domain (53/udp)

Synopsis :

The remote DNS server is vulnerable to cache snooping attacks.

Description :

The remote DNS server responds to queries for third-party domains
which do not have the recursion bit set.

This may allow a remote attacker to determine which domains have
recently been resolved via this name server, and therefore which hosts
have been recently visited.

For instance, if an attacker was interested in whether your company
utilizes the online services of a particular financial institution,
they would be able to use this attack to build a statistical model
regarding company usage of that financial institution. Of course, the
attack can also be used to find B2B partners, web-surfing patterns,
external mail servers, and more...

See also :
http://www.rootsecure.net/content/downl ... ooping.pdf

Risk factor : Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)


Synopsis :

The remote name server allows recursive queries to be performed
by the host running nessusd.

Description :

It is possible to query the remote name server for third party
names.

If this is your internal nameserver, then ignore this warning.

If you are probing a remote nameserver, then it allows anyone
to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against
this nameserver.

If the host allows these recursive queries via UDP, then the
host can be used to ’bounce’ Denial of Service attacks against
another network or system.

See also :
http://www.cert.org/advisories/CA-1997-22.html

Solution :

Restrict recursive queries to the hosts that should
use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction
’allow-recursion’ in the ’options’ section of your named.conf

If you are using bind 9, you can define a grouping of internal addresses
using the ’acl’ command

Then, within the options block, you can explicitly state:
’allow-recursion { hosts_defined_in_acl }’

If you are using another name server, consult its documentation.

Risk factor : Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVE :
http://www.cve.mitre.org/cgi-bin/cvenam ... -1999-0024

BID :
http://www.securityfocus.com/bid/136
http://www.securityfocus.com/bid/678
Other references OSVDB:438

[Damned]

Stáhni si RSIT, klikni na "Continue" a nech ho provést sken.
Za chvíli se vygeneruje log se jménem log.txt (pokud nebude log vygenerován, najdeš jej v C:\rsit\log.txt); jeho obsah mi sem zkopíruj.

[notorik]

Omlouvám se za dlouhé prodlevy. Mám doma řemeslníky na rekonstrukci koupelny a musejí se hlídat jako děcka se sirkami ve stohu (nejlíp je seřezat a vyhnat). Už potřetí předělávají to samé.
Zde je log.txt z RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Novak at 2009-08-14 20:07:25
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 9 GB (44%) free of 20 GB
Total RAM: 1023 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:07:33, on 14.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
D:\Program Files\KeePass Password Safe\KeePass.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
D:\stažené soubory\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\Novak.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - D:\Programy\AMVConverter\grab.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - D:\Programy\MediaManager\grab.html
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.cz/buxus/docs/OnlineScanner.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 2995789281
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se1140.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9105007828
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F680B28A-3AEE-4C88-93ED-45AE9215C128} (CryptSignX Control) - http://adisspr.mfcr.cz/adistc/adis/idpr ... tsignx.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 6894 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\SmartDefrag.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{EC14BF61-1DE6-43F6-8CB4-B2D5E21B036C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2008-05-20 736360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2007-12-07 917504]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-12-22 77824]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-08-03 419088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-07-14 1961984]
"Advanced SystemCare 3"=D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2009-06-30 2329224]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-04 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoResolveSearch"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Games\Age of Empires II Trial\EMPIRES2.EXE"="C:\Program Files\Microsoft Games\Age of Empires II Trial\EMPIRES2.EXE:*:Disabled:Age of Empires II"
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"
"C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe:*:Enabled:mbamservice.exe"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam-dor.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam-dor.exe:*:Enabled:mbam-dor.exe"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Průvodce přenesením souborů a nastavení"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Konzola Microsoft Management Console"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-08-14 20:07:25 ----D---- C:\rsit
2009-08-14 16:10:36 ----SHD---- C:\Config.Msi
2009-08-12 19:03:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-12 19:02:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-12 19:02:27 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-12 19:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-12 19:02:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-12 19:02:08 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-12 19:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-12 19:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-12 19:00:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-07-25 13:35:56 ----D---- C:\WINDOWS\Performance
2009-07-15 08:31:44 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 08:31:38 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 08:29:57 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$

======List of files/folders modified in the last 1 months======

2009-08-14 20:07:31 ----D---- C:\WINDOWS\Prefetch
2009-08-14 19:45:25 ----D---- C:\WINDOWS\Temp
2009-08-14 17:20:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-14 16:42:25 ----D---- C:\Program Files\Mozilla Firefox
2009-08-14 16:12:03 ----SHD---- C:\WINDOWS\Installer
2009-08-14 16:11:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2009-08-14 16:11:48 ----D---- C:\Program Files\Common Files\Adobe
2009-08-14 16:11:38 ----D---- C:\Program Files\Adobe
2009-08-14 16:11:34 ----D---- C:\WINDOWS\WinSxS
2009-08-14 16:10:08 ----D---- C:\WINDOWS\system32
2009-08-14 15:54:35 ----RD---- C:\Program Files
2009-08-14 15:51:50 ----D---- C:\Program Files\Common Files
2009-08-14 14:27:17 ----D---- C:\WINDOWS\system32\drivers
2009-08-14 14:19:15 ----D---- C:\WINDOWS
2009-08-14 14:19:13 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-14 09:02:16 ----D---- C:\Program Files\IrfanView
2009-08-12 19:09:33 ----D---- C:\Program Files\Outlook Express
2009-08-12 19:03:34 ----D---- C:\WINDOWS\inf
2009-08-12 19:03:32 ----DC---- C:\WINDOWS\system32\dllcache
2009-08-12 19:03:17 ----A---- C:\WINDOWS\win.ini
2009-08-12 19:02:35 ----A---- C:\WINDOWS\imsins.BAK
2009-08-12 19:02:20 ----D---- C:\WINDOWS\$hf_mig$
2009-08-12 14:42:40 ----D---- C:\WINDOWS\system32\config
2009-08-09 21:49:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-05 11:01:14 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-04 13:45:15 ----D---- C:\Program Files\MPlayer for Windows
2009-08-01 08:35:54 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-30 02:49:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-29 20:08:06 ----A---- C:\WINDOWS\system.ini
2009-07-29 08:23:22 ----D---- C:\Program Files\Internet Explorer
2009-07-29 08:23:13 ----D---- C:\WINDOWS\ie8updates
2009-07-25 05:23:00 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-24 11:03:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
2009-07-19 18:46:58 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-19 15:16:59 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-17 21:04:02 ----A---- C:\WINDOWS\system32\atl.dll
2009-07-16 17:32:51 ----D---- C:\WINDOWS\Help
2009-07-15 21:40:03 ----A---- C:\WINDOWS\RtlRack.ini
2009-07-15 21:07:33 ----D---- C:\Puzzle Tradiční české pohádky Freeware

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-22 2304320]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-04 2782208]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 a8y7fcj6;a8y7fcj6; C:\WINDOWS\system32\drivers\a8y7fcj6.sys []
S3 CrystalSysInfo;CrystalSysInfo; \??\D:\Program Files\MediaCoder\SysInfo.sys []
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 exFat;exFat; C:\WINDOWS\system32\drivers\exFat.sys [2008-09-29 133632]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-04 495616]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2006-11-10 99936]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2007-12-07 507904]
R2 SimpTcp;Jednoduché služby TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2001-10-25 19456]
R2 SNMP;SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-14 32768]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-12-05 593920]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNMPTRAP;Zachytávání pro službu SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------