Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Security Central-blokuje pc

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
csaba
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 31 pro 2009 20:57

Security Central-blokuje pc

#1 Příspěvek od csaba »

ahoj

do pc sa my dostal Security Central a zablokoval vsetko co sa da spustit..nasiel som tu podobne problemy tak som postupoval podla navodu v nich..v nudzovom rezime som pustil FixBlast a po restarte znova v nudzovom rezime OTL prikladam reporty..

fixblast-W32.Blaster.Worm has not been found on your computer.

OTL logfile created on: 31.12.2009 20:42:19 - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Administrator\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 023,00 Mb Total Physical Memory | 856,00 Mb Available Physical Memory | 84,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 98,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 17,76 Gb Free Space | 60,64% Space Free | Partition Type: NTFS
Drive D: | 119,75 Gb Total Space | 11,74 Gb Free Space | 9,80% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 1,90 Gb Total Space | 1,67 Gb Free Space | 87,65% Space Free | Partition Type: FAT

Computer Name: CSABA
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009.12.31 18:54:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
PRC - [2004.08.17 14:49:24 | 01,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2009.12.31 18:54:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
MOD - [2004.08.17 14:48:02 | 01,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009.08.16 14:01:16 | 00,222,968 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.05.31 14:40:39 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009.05.14 14:54:22 | 00,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.05.14 14:47:54 | 00,731,840 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008.12.01 21:38:42 | 00,598,016 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2008.12.01 14:35:00 | 00,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2008.11.12 19:00:38 | 01,017,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2008.11.12 19:00:34 | 00,337,800 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2005.07.25 20:25:18 | 00,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcgcoms.exe -- (lxcg_device)


========== Driver Services (SafeList) ==========

DRV - [2009.05.14 14:49:32 | 00,094,360 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009.05.14 14:47:14 | 00,107,256 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.05.14 14:41:10 | 00,114,472 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009.01.02 19:04:56 | 00,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.12.01 23:13:40 | 03,452,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.11.12 19:00:40 | 00,042,376 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2008.11.12 17:47:32 | 00,010,536 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Hmonitor.sys -- (hmonitor)
DRV - [2008.10.08 18:08:05 | 00,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.07.25 11:42:33 | 00,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (Pcouffin)
DRV - [2007.12.24 20:31:38 | 00,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys -- (LGDDCDevice)
DRV - [2007.12.24 20:31:38 | 00,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys -- (LGII2CDevice)
DRV - [2007.12.10 14:53:28 | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2007.12.10 14:53:28 | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2007.10.19 14:57:08 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007.03.08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005.04.28 11:47:02 | 02,947,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005.01.19 23:30:52 | 00,067,200 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3132.sys -- (SI3132)
DRV - [2005.01.07 16:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004.11.01 20:21:32 | 00,010,368 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2004.08.23 08:49:30 | 00,121,472 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004.06.16 06:51:56 | 00,614,272 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CnxEtU.sys -- (CnxEtU)
DRV - [2004.06.16 06:51:56 | 00,060,416 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CnxTgNP.sys -- (CnxTgNP)
DRV - [2004.06.16 06:51:50 | 00,131,072 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CnxEtP.sys -- (CnxEtP)
DRV - [2001.10.25 15:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.12.18 07:12:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.12.18 07:12:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009.07.06 07:03:44 | 00,000,000 | ---D | M]

[2009.12.30 22:20:48 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.12.29 19:26:07 | 00,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.09.10 14:23:26 | 00,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2008.09.10 14:23:26 | 00,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2008.09.10 14:23:26 | 00,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2008.09.10 14:23:26 | 00,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2008.09.10 14:23:26 | 00,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: (737 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll (ICQ Inc.)
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (WebTransBHO Class) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [CnxDslTaskBar] File not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LXCGCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.DLL ()
O4 - HKLM..\Run: [Security Central] C:\Program Files\Security Central\Security Central.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-2052111302-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - Reg Error: Key error. File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.08.02 10:32:33 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 7 Days ==========

[2009.12.31 20:40:52 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2009.12.31 20:19:28 | 00,135,360 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Administrator\Plocha\FixBlast.exe
[2009.12.31 20:18:35 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
[2009.12.31 20:18:35 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies
[2009.12.31 20:18:35 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Data aplikací
[2009.12.31 20:18:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Microsoft
[2009.12.31 20:18:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dokumenty
[2009.12.31 20:18:34 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2009.12.31 20:18:34 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Nabídka Start
[2009.12.31 20:18:34 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Šablony
[2009.12.31 20:18:34 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent
[2009.12.31 20:18:34 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Okolní tiskárny
[2009.12.31 20:18:34 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Okolní síť
[2009.12.31 20:18:34 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2009.12.31 20:18:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha
[2009.12.31 20:18:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Oblíbené položky
[2009.12.31 01:20:28 | 00,000,000 | ---D | C] -- C:\Program Files\Security Central
[2009.12.29 19:25:00 | 00,000,000 | ---D | C] -- C:\Program Files\ICQ6.5
[2009.10.12 18:44:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET
[2009.04.09 06:54:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Help
[2009.04.09 06:54:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\Help
[2008.02.06 08:14:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2008.02.06 08:14:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\ICQ Toolbar
[2007.08.02 10:49:33 | 00,151,552 | R--- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[2007.08.02 10:35:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2007.08.02 10:32:30 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2007.08.02 10:32:30 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2005.07.25 20:31:30 | 01,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgserv.dll
[2005.07.25 20:27:22 | 00,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcglmpm.dll
[2005.07.25 20:26:58 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomm.dll
[2005.07.25 20:25:26 | 00,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgpplc.dll
[2005.07.25 20:24:46 | 00,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomc.dll
[2005.07.25 20:24:14 | 00,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgprox.dll
[2005.07.25 20:19:36 | 01,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgusb1.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2009.12.31 20:39:57 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.12.31 20:38:38 | 00,524,288 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2009.12.31 20:38:38 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2009.12.31 20:38:35 | 03,712,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\IconCache.db
[2009.12.31 20:15:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.12.31 18:54:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2009.12.31 18:53:08 | 00,135,360 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Administrator\Plocha\FixBlast.exe
[2009.12.31 01:17:03 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009.12.29 10:55:53 | 00,110,012 | ---- | M] () -- C:\WINDOWS\War3Unin.dat
[2009.12.29 09:53:19 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009.12.31 20:18:36 | 00,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2009.12.31 20:18:34 | 00,524,288 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2009.03.04 16:20:49 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.03.04 16:20:46 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.03.04 16:20:46 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.03.04 16:20:45 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009.03.04 16:20:44 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.03.04 16:20:44 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.01.06 19:33:24 | 00,010,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\Hmonitor.sys
[2008.08.15 08:46:10 | 00,002,455 | ---- | C] () -- C:\WINDOWS\TRNCOM.INI
[2008.07.26 15:03:50 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008.07.26 15:03:50 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008.07.26 15:03:50 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007.08.24 17:28:39 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2007.08.24 17:28:39 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2007.08.15 16:29:18 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007.08.03 10:34:25 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.08.02 11:22:52 | 00,000,442 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.08.02 10:42:04 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005.08.09 05:58:34 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\lxcginsr.dll
[2005.08.09 05:58:08 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\lxcgjswr.dll
[2005.07.07 10:12:28 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcgvs.dll
[2004.08.17 14:49:10 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2002.03.21 13:39:02 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[1998.08.25 06:34:52 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\MSPRPSK.DLL

========== LOP Check ==========

[2007.09.01 07:06:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ACD Systems
[2009.07.06 07:03:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2009.12.29 19:26:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2009.01.22 18:00:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\LangSoft
[2008.01.15 20:34:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\OrbNetworks
[2009.01.11 22:42:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2008.07.26 01:51:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\vsosdk
[2008.02.06 08:14:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\ICQ Toolbar
[2007.09.01 07:07:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\pc\Data aplikací\ACD Systems
[2008.06.14 15:45:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\pc\Data aplikací\BSplayer PRO
[2009.01.02 19:04:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\pc\Data aplikací\DAEMON Tools
[2008.05.28 15:02:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\pc\Data aplikací\ICQ
[2007.08.24 17:43:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\pc\Data aplikací\ICQ Toolbar
[2008.05.03 13:29:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\pc\Data aplikací\ICQLite
[2007.08.29 14:40:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\pc\Data aplikací\InterVideo
[2008.09.29 15:06:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\pc\Data aplikací\LangSoft
[2009.08.30 22:59:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\pc\Data aplikací\Octoshape
[2009.12.30 15:55:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\pc\Data aplikací\Vso

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2
< End of report >

OTL Extras logfile created on: 31.12.2009 20:42:19 - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Administrator\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 023,00 Mb Total Physical Memory | 856,00 Mb Available Physical Memory | 84,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 98,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 17,76 Gb Free Space | 60,64% Space Free | Partition Type: NTFS
Drive D: | 119,75 Gb Total Space | 11,74 Gb Free Space | 9,80% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 1,90 Gb Total Space | 1,67 Gb Free Space | 87,65% Space Free | Partition Type: FAT

Computer Name: CSABA
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 9.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe -- (ICQ, LLC.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\pc\Plocha\CabalTemp\ESTdnheadless.exe" = C:\Documents and Settings\pc\Plocha\CabalTemp\ESTdnheadless.exe:*:Disabled:EST! download engine -- File not found
"C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord -- (http://www.BitLord.com)
"C:\Program Files\InterVideo\WinDVD4PR\WinDVD.exe" = C:\Program Files\InterVideo\WinDVD4PR\WinDVD.exe:*:Disabled:WinDVD -- (InterVideo Inc.)
"D:\Hry\World of Warcraft\BackgroundDownloader.exe" = D:\Hry\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"D:\Hry\Nová složka\Warcraft III\Warcraft III.exe" = D:\Hry\Nová složka\Warcraft III\Warcraft III.exe:*:Disabled:Warcraft III -- File not found
"C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- ()
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe -- (ICQ, LLC.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0002041B-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Standard
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.0.0.16
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{8DC9BEFF-07FC-4631-BBF4-8F00F74953C2}" = InterVideo WinDVD Platinum
"{91B323B5-A79C-4D23-BD6D-046C565F9BCF}" = MadOnion.com/3DMark2001 SE
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{AC76BA86-7AD7-1029-7B44-A81200000003}" = Adobe Reader 8 - Czech
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}" = ACDSee 9 Photo Manager
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{CFEBE886-3EF2-4389-96D0-B0808E58BC3E}" = HipHop 6
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}" = forteManager
"{DF62F79C-BD69-4737-8C74-93F26B895B91}" = ESET NOD32 Antivirus
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"BitLord" = BitLord 1.1
"Conexant ADSL USB Modem" = Conexant AccessRunner ADSL
"Diablo II" = Diablo II
"eMusic Promotion" = eMusic - 50 Free MP3 offer
"Eurobattle.net Installer1.22" = Eurobattle.net Installer
"Hamachi" = Hamachi 1.0.2.5
"Hardware sensors monitor 4.4_is1" = Hardware sensors monitor 4.4
"ICQToolbar" = ICQ Toolbar
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.7.0
"Lexmark 2300 Series" = Lexmark 2300 Series
"Lexmark Fax Solutions" = Faxové funkce Lexmark
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.16)" = Mozilla Firefox (3.0.16)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Orb" = Winamp Remote
"PC Translator 2007 DEMO" = PC Translator 2007 DEMO
"PC Translator DEMO" = PC Translator DEMO
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Skype_is1" = Skype 2.5
"Spyware Doctor" = Spyware Doctor 5.5
"ST6UNST #1" = Hero Editor V0.96
"Winamp" = Winamp
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR
"WinZip" = WinZip
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18.11.2009 4:24:10 | Computer Name = CSABA | Source = Application Error | ID = 1000
Description = Chybující aplikace isuspm.exe, verze 3.0.100.1131, chybující modul
isuspm.exe, verze 3.0.100.1131, adresa chyby 0x0001648b.

Error - 25.11.2009 3:24:08 | Computer Name = CSABA | Source = Application Error | ID = 1000
Description = Chybující aplikace isuspm.exe, verze 3.0.100.1131, chybující modul
isuspm.exe, verze 3.0.100.1131, adresa chyby 0x0001648b.

Error - 2.12.2009 5:44:20 | Computer Name = CSABA | Source = Application Error | ID = 1000
Description = Chybující aplikace isuspm.exe, verze 3.0.100.1131, chybující modul
isuspm.exe, verze 3.0.100.1131, adresa chyby 0x0001648b.

Error - 9.12.2009 4:44:14 | Computer Name = CSABA | Source = Application Error | ID = 1000
Description = Chybující aplikace isuspm.exe, verze 3.0.100.1131, chybující modul
isuspm.exe, verze 3.0.100.1131, adresa chyby 0x0001648b.

Error - 16.12.2009 9:48:21 | Computer Name = CSABA | Source = Application Error | ID = 1000
Description = Chybující aplikace isuspm.exe, verze 3.0.100.1131, chybující modul
isuspm.exe, verze 3.0.100.1131, adresa chyby 0x00016501.

Error - 23.12.2009 8:47:59 | Computer Name = CSABA | Source = Application Error | ID = 1000
Description = Chybující aplikace isuspm.exe, verze 3.0.100.1131, chybující modul
isuspm.exe, verze 3.0.100.1131, adresa chyby 0x0001648b.

Error - 29.12.2009 14:27:00 | Computer Name = CSABA | Source = Application Error | ID = 1000
Description = Chybující aplikace icq.exe, verze 6.5.0.2024, chybující modul flash9.ocx,
verze 9.0.16.0, adresa chyby 0x0007f29b.

Error - 29.12.2009 14:27:43 | Computer Name = CSABA | Source = Application Error | ID = 1000
Description = Chybující aplikace icq.exe, verze 6.5.0.2024, chybující modul mshtml.dll,
verze 6.0.2900.2180, adresa chyby 0x00069953.

Error - 30.12.2009 7:47:30 | Computer Name = CSABA | Source = Application Error | ID = 1000
Description = Chybující aplikace isuspm.exe, verze 3.0.100.1131, chybující modul
isuspm.exe, verze 3.0.100.1131, adresa chyby 0x00016501.

Error - 30.12.2009 13:14:42 | Computer Name = CSABA | Source = Application Error | ID = 1000
Description = Chybující aplikace winamp.exe, verze 5.5.1.1763, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x1390a3dd.

[ System Events ]
Error - 31.12.2009 15:19:44 | Computer Name = CSABA | Source = Service Control Manager | ID = 7001
Description = Služba Služby IPSEC závisí na službě Ovladač IPSEC, která neuspěla
při spuštění v důsledku následující chyby: %%31

Error - 31.12.2009 15:19:44 | Computer Name = CSABA | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: AFD ehdrv epfwtdir Fips hmonitor intelppm IPSec MRxSmb NetBIOS NetBT RasAcd
Rdbss
Tcpip

Error - 31.12.2009 15:38:37 | Computer Name = CSABA | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 31.12.2009 15:40:16 | Computer Name = CSABA | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby netman
s argumenty za účelem spuštění serveru: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 31.12.2009 15:40:29 | Computer Name = CSABA | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 31.12.2009 15:41:19 | Computer Name = CSABA | Source = Service Control Manager | ID = 7001
Description = Služba Klient DHCP závisí na službě Rozhraní NetBios nad protokolem
TCP/IP, která neuspěla při spuštění v důsledku následující chyby: %%31

Error - 31.12.2009 15:41:19 | Computer Name = CSABA | Source = Service Control Manager | ID = 7001
Description = Služba Klient DNS závisí na službě Ovladač protokolu TCP/IP, která
neuspěla při spuštění v důsledku následující chyby: %%31

Error - 31.12.2009 15:41:19 | Computer Name = CSABA | Source = Service Control Manager | ID = 7001
Description = Služba Podpora rozhraní NetBIOS nad protokolem TCP/IP závisí na službě
AFD, která neuspěla při spuštění v důsledku následující chyby: %%31

Error - 31.12.2009 15:41:19 | Computer Name = CSABA | Source = Service Control Manager | ID = 7001
Description = Služba Služby IPSEC závisí na službě Ovladač IPSEC, která neuspěla
při spuštění v důsledku následující chyby: %%31

Error - 31.12.2009 15:41:19 | Computer Name = CSABA | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: AFD ehdrv epfwtdir Fips hmonitor intelppm IPSec MRxSmb NetBIOS NetBT RasAcd
Rdbss
Tcpip


< End of report >

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 112744
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Security Central-blokuje pc

#2 Příspěvek od Rudy »

Dejte log z Combofix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

csaba
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 31 pro 2009 20:57

Re: Security Central-blokuje pc

#3 Příspěvek od csaba »

ComboFix log:
ComboFix 09-12-31.08 - Administrator 01.01.2010 11:12:53.1.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.853 [GMT 1:00]
Spuštìný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe

VAROVÁNÍ - NA TOMTO POÈÍTAÈI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6.5\ICQLRun.exe
c:\program files\Security Central
c:\program files\Security Central\Security Central.exe
c:\windows\system32\ieuinit.inf
c:\windows\system32\MSPRPSK.DLL
c:\windows\system32\SIntf16.dll

.
((((((((((((((((((((((((( Soubory vytvoøené od 2009-12-01 do 2010-01-01 )))))))))))))))))))))))))))))))
.

2009-12-31 19:18 . 2010-01-01 10:12 -------- d--h--r- c:\documents and settings\Administrator\Data aplikací
2009-12-29 18:25 . 2010-01-01 10:16 -------- d-----w- c:\program files\ICQ6.5

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 06:45 . 2008-01-15 19:32 -------- d-----w- c:\program files\Winamp Remote
2009-12-29 18:26 . 2009-10-03 21:20 -------- d-----w- c:\program files\ICQ6Toolbar
2009-12-29 09:55 . 2008-10-08 19:22 110012 ----a-w- c:\windows\War3Unin.dat
2009-12-13 06:47 . 2007-08-24 16:27 -------- d-----w- c:\program files\Lx_cats
2009-10-27 13:31 . 2001-10-25 14:00 68916 ----a-w- c:\windows\system32\perfc005.dat
2009-10-27 13:31 . 2001-10-25 14:00 389938 ----a-w- c:\windows\system32\perfh005.dat
.

(((((((((((((((((((((((((((((((((( Spouštìcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="c:\program files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe Microcom\ADSL DeskPorte USB" [X]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 73728]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-31 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštìní^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštìní\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštìní^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštìní\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštìní^forteManager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštìní\forteManager.lnk
backup=c:\windows\pss\forteManager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštìní^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštìní\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštìní^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštìní\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-04-11 17:10 65536 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2005-08-01 12:05 94208 ----a-w- c:\program files\Lexmark 2300 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2005-07-12 13:36 299008 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-11-16 08:36 172792 ----a-w- c:\program files\ICQ6.5\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
2005-07-21 06:07 200704 ----a-w- c:\program files\Lexmark 2300 Series\lxcgmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
2008-01-07 20:02 495616 ----a-w- c:\program files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-04-28 11:05 14372352 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w3dr.exe]
2008-08-03 15:38 61440 ----a-w- d:\hry\Warcraft III\W3DR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-12-20 15:16 37376 ----a-w- c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\InterVideo\\WinDVD4PR\\WinDVD.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Hry\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.8.2007 16:29 717296]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [3.10.2009 22:20 222968]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [12.10.2009 16:59 131072]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [12.10.2009 16:59 614272]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\drivers\CnxTgNP.sys [12.10.2009 17:01 60416]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [30.12.2008 11:22 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [30.12.2008 11:22 13312]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [12.11.2008 18:57 337800]
.
.
------- Doplòkový sken -------
.
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} -
FF - ProfilePath -

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANÌNÉ Z REGISTRU - - - -

HKLM-Run-Security Central - c:\program files\Security Central\Security Central.exe
MSConfigStartUp-DAEMON Tools - c:\program files\DAEMON Tools\daemon.exe
AddRemove-PC Translator 2007 DEMO - c:\docume~1\pc\LOCALS~1\Temp\UN32.EXE
AddRemove-PC Translator DEMO - c:\docume~1\pc\LOCALS~1\Temp\UN32.EXE
AddRemove-Winamp Toolbar for Firefox - c:\documents and settings\pc\Data aplikací\Mozilla\Firefox\Profiles\z7c97qt6.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe



**************************************************************************
skenování skrytých procesù ...

skenování skrytých položek 'Po spuštìní' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

skenování skrytých souborù ...

sken byl úspešnì dokonèen
skryté soubory:

**************************************************************************
.
--------------------- Knihovny navázané na bìžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(232)
c:\windows\system32\Ati2evxx.dll
.
Celkový èas: 2010-01-01 11:19:21
ComboFix-quarantined-files.txt 2010-01-01 10:19

Pøed spuštìním: Volných bajtù: 19 059 224 576
Po spuštìní: Volných bajtù: 21 587 894 272

- - End Of File - - 385582350B73573B1D60A59497CB8B71

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 112744
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Security Central-blokuje pc

#4 Příspěvek od Rudy »

6 položek smazáno, zbytek logu vypadá čistý. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

csaba
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 31 pro 2009 20:57

Re: Security Central-blokuje pc

#5 Příspěvek od csaba »

vyzera to dobre pc ide ako pred problemom .velmi pekne dakujem za pomoc

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 112744
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Security Central-blokuje pc

#6 Příspěvek od Rudy »

Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět