ahoj Lidi sem tam se mi laguje pc a opera driv sem to resil pres spravce uloh a pres procesy jenze procesy sou uz delsi dobu fuc takze misto toho musim odlognout a lognout pc nebo restartovat tu je po pouziti combofix se m iukazal tento log
ComboFix 11-08-17.03 - admin 18.08.2011 0:09.1.2 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1791.1054 [GMT 2:00]
Spuštěný z: c:\documents and settings\admin\Plocha\Novß slo×ka\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.htmlx
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTmlmu.dll
c:\program files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\2.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\2.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\2.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\2.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\2.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\2.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\2.bin\M3HTml.dll
c:\program files\MyWebSearch\bar\2.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MSg.dll
c:\program files\MyWebSearch\bar\2.bin\M3OUtlcn.dll
c:\program files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\2.bin\M3TPINST.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSMLBTN.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSUABTN.DLL
c:\program files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\001DE997
c:\program files\MyWebSearch\bar\Cache\001E0E07
c:\program files\MyWebSearch\bar\Cache\001E101B
c:\program files\MyWebSearch\bar\Cache\001E1192
c:\program files\MyWebSearch\bar\Cache\00F94A4C.bmp
c:\program files\MyWebSearch\bar\Cache\00F94CFB.bin
c:\program files\MyWebSearch\bar\Cache\01654463
c:\program files\MyWebSearch\bar\Cache\0619577D.bin
c:\program files\MyWebSearch\bar\Cache\06195858.bmp
c:\program files\MyWebSearch\bar\Cache\061958C5.bin
c:\program files\MyWebSearch\bar\Cache\06195914.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\ehome\medctrro.exe
c:\windows\system32\f3PSSavr.scr
c:\windows\Uninstall.ini
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-17 do 2011-08-17 )))))))))))))))))))))))))))))))
.
.
2011-08-16 22:43 . 2011-08-16 22:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Tunngle
2011-08-16 22:43 . 2011-08-16 22:43 -------- d-----w- c:\documents and settings\admin\Data aplikací\Tunngle
2011-08-16 22:43 . 2009-09-16 06:02 27136 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2011-08-16 21:28 . 2011-08-16 21:28 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\LogMeIn Hamachi
2011-08-16 21:28 . 2011-08-16 21:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\LogMeIn Hamachi
2011-08-16 21:28 . 2011-08-16 21:28 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-08-14 19:29 . 2011-08-14 19:29 -------- d-----w- c:\documents and settings\admin\Data aplikací\FOG Downloader
2011-08-11 18:22 . 2011-08-11 18:22 -------- d-----w- c:\documents and settings\admin\Data aplikací\PhotoFiltre Studio X
2011-08-11 18:21 . 2011-08-11 18:21 -------- d-----w- c:\program files\PhotoFiltre Studio X
2011-08-10 13:20 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 13:18 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-08 21:00 . 2011-08-08 21:00 -------- d-----w- c:\program files\GamesforFree
2011-08-05 14:45 . 2011-08-05 14:45 -------- d-----w- c:\program files\EA SPORTS
2011-08-04 13:28 . 2011-08-04 13:28 -------- d-----w- C:\FOUND.002
2011-07-29 22:51 . 2011-07-29 22:51 -------- d-----w- C:\FOUND.001
2011-07-29 14:44 . 2011-07-29 14:44 -------- d-----w- C:\FOUND.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 1979-12-31 22:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-10 23:33 . 2011-07-10 23:33 0 ---ha-w- c:\documents and settings\admin\Local Settings\Data aplikací\BIT8.tmp
2011-07-10 23:33 . 2011-07-10 23:33 0 ---ha-w- c:\documents and settings\admin\Local Settings\Data aplikací\BIT7.tmp
2011-07-08 14:02 . 1979-12-31 22:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-04 11:43 . 2010-12-14 13:17 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-12-14 13:17 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2006-12-08 20:24 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-12-14 12:17 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-12-14 12:17 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2010-12-14 12:17 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2010-12-14 12:17 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2010-12-14 12:17 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-12-14 12:17 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2010-12-14 12:17 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-24 14:10 . 2004-10-11 09:56 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 1979-12-31 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 1979-12-31 22:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:31 . 1979-12-31 22:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 1979-12-31 22:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 1979-12-31 22:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-19 15:02 . 2011-06-19 15:01 21022914 ----a-w- C:\vlc-1.1.10-win32.exe
2011-06-09 16:18 . 2011-01-09 15:37 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-06-06 11:35 . 1980-01-01 00:00 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
"{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files\BrotherSoft_Extreme\prxtbBro0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 10:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
2011-01-17 14:54 175912 ----a-w- c:\program files\BrotherSoft_Extreme\prxtbBro0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-12-09 10:51 3911776 ----a-w- c:\program files\BitTorrentBar\tbBitT.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 11:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files\BrotherSoft_Extreme\prxtbBro0.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
"{51A86BB3-6602-4C85-92A5-130EE4864F13}"= "c:\program files\BrotherSoft_Extreme\prxtbBro0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2006-12-09 400760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-21 40960]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=
"c:\\Program Files\\3DO\\Heroes of Might and Magic IV\\heroes4c.exe"=
"c:\\WINDOWS\\System32\\dpnsvr.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\Documents and Settings\\ADMIN\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\ADMIN\\Plocha\\Valve\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Documents and Settings\\ADMIN\\Plocha\\Warcraft III\\Warcraft III.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [6.4.2010 14:55 76544]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.12.2010 17:56 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8.12.2006 22:24 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14.12.2010 14:17 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.12.2010 14:17 19544]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [4.8.2011 14:34 1361288]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [30.12.2010 18:54 247096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31.12.2010 1:04 135664]
S3 EraserUtilDrvI11;EraserUtilDrvI11;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI11.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI11.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [31.12.2010 1:04 135664]
S3 IPN2220;acer IPN2220 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [1.1.1980 160896]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-17 c:\windows\Tasks\User_Feed_Synchronization-{8760895B-642B-4A0B-990D-E6C87E371125}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-30 23:03]
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-30 23:03]
.
2011-08-17 c:\windows\Tasks\Norton Security Scan for admin.job
- c:\progra~1\NORTON~2\Engine\300~1.103\Nss.exe [2011-01-19 02:19]
.
2011-08-17 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-05-17 11:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
LSP: c:\progra~1\SPEEDB~2\SBLSP.dll
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\nki7qhf7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2342185&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Hero Fighter Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2342185&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: BrotherSoft Extreme Community Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - %profile%\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
FF - Ext: Hero Fighter Community Toolbar: {b12785f5-d8d0-4530-a3ea-5c4263b85bef} - %profile%\extensions\{b12785f5-d8d0-4530-a3ea-5c4263b85bef}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: SearchPredict: searchpredict@speedbit.com - c:\program files\SearchPredict\PRFireFox
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{3017FB3E-9A77-4396-88C5-0EC9548FB42F} - c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
HKCU-Run-PlayNC Launcher - (no file)
HKCU-Run-ICQ - c:\program files\ICQ7.2\ICQ.exe
HKLM-Run-NWEReboot - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-18 00:33
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-689203858-595698994-2622159404-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\sxs.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(784)
c:\progra~1\SPEEDB~2\SBLSP.dll
.
- - - - - - - > 'explorer.exe'(2464)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\progra~1\SPEEDB~2\SBLSP.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-08-18 00:43:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-17 22:43
.
Před spuštěním: Volných bajtů: 10 330 701 824
Po spuštění: Volných bajtů: 11 130 699 776
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - B57C57F68C0CBE6DD499CE0B157E5ECC
ale moc mi to nepomohlo stale to laguje a furt procesy nemam ukazany.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
problém se správcem úloh
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: problém se správcem úloh
Zdravim a pekny vecer preji 
vy umite pracovat s ComboFixem, cist jeho log a nasledne jej docistit pomoci skriptu kdyz jej tak aplikujete - ctete nize nebezpeci
Nebezpeci CFka
vy umite pracovat s ComboFixem, cist jeho log a nasledne jej docistit pomoci skriptu kdyz jej tak aplikujete - ctete nize nebezpeci Nebezpeci CFka
- Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
- Maze stopy po haveti, takze v logu z RSIT neni nic videt
- Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
- CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
- CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: problém se správcem úloh
Ptam se,a ybch vedel na cem jsem a jak tedy Vam psat navody do podrobna...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: problém se správcem úloh
neumim jen sem to zkusil na doporuceni, znameho no neva kdyz mi to bude zas lagovat tak to budu resit jako do ted odlog nebo cekat dokud se to neuklidni jakl to vysvetlim v online hrach nevim
Re: problém se správcem úloh
Znamemu bych doporucil at se necpe do neceho, cemu nerozumi, log je potreba docistit, jeikoz CF neumi mazat vse Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: File:: c:\documents and settings\admin\Local Settings\Data aplikací\BIT8.tmp c:\program files\BrotherSoft_Extreme\prxtbBro0.dll c:\documents and settings\admin\Local Settings\Data aplikací\BIT7.tmp c:\windows\Tasks\GoogleUpdateTaskMachineCore.job c:\windows\Tasks\GoogleUpdateTaskMachineUA.job c:\windows\Tasks\Norton Security Scan for admin.job c:\windows\Tasks\Scheduled Update for Ask Toolbar.job Folder:: c:\program files\BitTorrentBar c:\program files\Ask.com c:\program files\ICQ6Toolbar\ICQ Registry:: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"=- "{51a86bb3-6602-4c85-92a5-130ee4864f13}"=- [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"=- "{30F9B915-B755-4826-820B-08FBA6BD249D}"=- "{51a86bb3-6602-4c85-92a5-130ee4864f13}"=- "{D4027C7F-154A-4066-A1AD-4243D8127440}"=- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"=- "{30F9B915-B755-4826-820B-08FBA6BD249D}"=- "{51a86bb3-6602-4c85-92a5-130ee4864f13}"=- "{D4027C7F-154A-4066-A1AD-4243D8127440}"=- [-HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] [-HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}] [-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=- "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=- "BitTorrent"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"=- "Adobe ARM"=- "NeroFilterCheck"=- "SunJavaUpdateSched"=- "ApnUpdater"=- "LogMeIn Hamachi Ui"=- Driver:: ICQ Service gupdate gupdatem DDS:: uStart Page = hxxp://start.icq.com/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Firefox:: FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\nki7qhf7.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Hero Fighter Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT23421 ... hSource=13 FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.6&q= FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: BrotherSoft Extreme Community Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - %profile%\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13} FF - Ext: Hero Fighter Community Toolbar: {b12785f5-d8d0-4530-a3ea-5c4263b85bef} - %profile%\extensions\{b12785f5-d8d0-4530-a3ea-5c4263b85bef} FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com RegLock:: [HKEY_USERS\S-1-5-21-689203858-595698994-2622159404-1004\Software\Microsoft\SystemCertificates\AddressBook*] AtJob:: FixCSet:: Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: problém se správcem úloh
myslite ten rozbalovaci?, vubec nevim
Re: problém se správcem úloh
Stahnete si CF tedy odsud a ulozte jej primo na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: problém se správcem úloh
a dal postupovat podle posledn irady? takze du na to ale este jednou si to proctu
Re: problém se správcem úloh
Samozrejme, proctete a postupujte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: problém se správcem úloh
hotovo tady to je
ComboFix 11-08-18.02 - admin 18.08.2011 22:09:19.2.2 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1791.1243 [GMT 2:00]
Spuštěný z: c:\documents and settings\admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\admin\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\admin\Local Settings\Data aplikací\BIT7.tmp"
"c:\documents and settings\admin\Local Settings\Data aplikací\BIT8.tmp"
"c:\program files\BrotherSoft_Extreme\prxtbBro0.dll"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\Norton Security Scan for admin.job"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_99.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Updater\config.xml
c:\program files\Ask.com\Updater\Updater.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\BitTorrentBar
c:\program files\BitTorrentBar\BitTorrentBarToolbarHelper.exe
c:\program files\BitTorrentBar\GottenAppsContextMenu.xml
c:\program files\BitTorrentBar\INSTALL.LOG
c:\program files\BitTorrentBar\OtherAppsContextMenu.xml
c:\program files\BitTorrentBar\SharedAppsContextMenu.xml
c:\program files\BitTorrentBar\tbBitT.dll
c:\program files\BitTorrentBar\toolbar.cfg
c:\program files\BitTorrentBar\ToolbarContextMenu.xml
c:\program files\BitTorrentBar\UNWISE.EXE
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Legacy_ICQ_SERVICE
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_ICQ Service
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-18 do 2011-08-18 )))))))))))))))))))))))))))))))
.
.
2011-08-16 22:43 . 2011-08-16 22:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Tunngle
2011-08-16 22:43 . 2011-08-16 22:43 -------- d-----w- c:\documents and settings\admin\Data aplikací\Tunngle
2011-08-16 22:43 . 2009-09-16 06:02 27136 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2011-08-16 21:28 . 2011-08-16 21:28 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\LogMeIn Hamachi
2011-08-16 21:28 . 2011-08-16 21:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\LogMeIn Hamachi
2011-08-16 21:28 . 2011-08-16 21:28 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-08-14 19:29 . 2011-08-14 19:29 -------- d-----w- c:\documents and settings\admin\Data aplikací\FOG Downloader
2011-08-11 18:22 . 2011-08-11 18:22 -------- d-----w- c:\documents and settings\admin\Data aplikací\PhotoFiltre Studio X
2011-08-11 18:21 . 2011-08-11 18:21 -------- d-----w- c:\program files\PhotoFiltre Studio X
2011-08-10 13:20 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 13:18 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-08 21:00 . 2011-08-08 21:00 -------- d-----w- c:\program files\GamesforFree
2011-08-05 14:45 . 2011-08-05 14:45 -------- d-----w- c:\program files\EA SPORTS
2011-08-04 13:28 . 2011-08-04 13:28 -------- d-----w- C:\FOUND.002
2011-07-29 22:51 . 2011-07-29 22:51 -------- d-----w- C:\FOUND.001
2011-07-29 14:44 . 2011-07-29 14:44 -------- d-----w- C:\FOUND.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 1979-12-31 22:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-10 23:33 . 2011-07-10 23:33 0 ---ha-w- c:\documents and settings\admin\Local Settings\Data aplikací\BIT8.tmp
2011-07-10 23:33 . 2011-07-10 23:33 0 ---ha-w- c:\documents and settings\admin\Local Settings\Data aplikací\BIT7.tmp
2011-07-08 14:02 . 1979-12-31 22:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-04 11:43 . 2010-12-14 13:17 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-12-14 13:17 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2006-12-08 20:24 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-12-14 12:17 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-12-14 12:17 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2010-12-14 12:17 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2010-12-14 12:17 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2010-12-14 12:17 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-12-14 12:17 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2010-12-14 12:17 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-24 14:10 . 2004-10-11 09:56 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 1979-12-31 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 1979-12-31 22:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:31 . 1979-12-31 22:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 1979-12-31 22:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 1979-12-31 22:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-19 15:02 . 2011-06-19 15:01 21022914 ----a-w- C:\vlc-1.1.10-win32.exe
2011-06-09 16:18 . 2011-01-09 15:37 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-06-06 11:35 . 1980-01-01 00:00 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-17_22.33.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-18 20:27 . 2011-08-18 20:27 16384 c:\windows\temp\Perflib_Perfdata_828.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-21 40960]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=
"c:\\Program Files\\3DO\\Heroes of Might and Magic IV\\heroes4c.exe"=
"c:\\WINDOWS\\System32\\dpnsvr.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\Documents and Settings\\ADMIN\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\ADMIN\\Plocha\\Valve\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Documents and Settings\\ADMIN\\Plocha\\Warcraft III\\Warcraft III.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [6.4.2010 14:55 76544]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.12.2010 17:56 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8.12.2006 22:24 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14.12.2010 14:17 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.12.2010 14:17 19544]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [4.8.2011 14:34 1361288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 EraserUtilDrvI11;EraserUtilDrvI11;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI11.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI11.sys [?]
S3 IPN2220;acer IPN2220 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [1.1.1980 160896]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-18 c:\windows\Tasks\User_Feed_Synchronization-{8760895B-642B-4A0B-990D-E6C87E371125}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-30 23:03]
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-30 23:03]
.
2011-08-18 c:\windows\Tasks\Norton Security Scan for admin.job
- c:\progra~1\NORTON~2\Engine\300~1.103\Nss.exe [2011-01-19 02:19]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
LSP: c:\progra~1\SPEEDB~2\SBLSP.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\nki7qhf7.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: BrotherSoft Extreme Community Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - %profile%\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
FF - Ext: Hero Fighter Community Toolbar: {b12785f5-d8d0-4530-a3ea-5c4263b85bef} - %profile%\extensions\{b12785f5-d8d0-4530-a3ea-5c4263b85bef}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: SearchPredict: searchpredict@speedbit.com - c:\program files\SearchPredict\PRFireFox
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-BitTorrentBar Toolbar - c:\progra~1\BITTOR~2\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-18 22:28
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-689203858-595698994-2622159404-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(840)
c:\progra~1\SPEEDB~2\SBLSP.dll
.
- - - - - - - > 'explorer.exe'(3240)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\progra~1\SPEEDB~2\SBLSP.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\Java\jre6\bin\jqs.exe
.
**************************************************************************
.
Celkový čas: 2011-08-18 22:36:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-18 20:36
ComboFix2.txt 2011-08-17 22:43
.
Před spuštěním: Volných bajtů: 11 055 759 360
Po spuštění: Volných bajtů: 11 035 541 504
.
- - End Of File - - DA9497D63F173000869EC06F1E873DFF
ComboFix 11-08-18.02 - admin 18.08.2011 22:09:19.2.2 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1791.1243 [GMT 2:00]
Spuštěný z: c:\documents and settings\admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\admin\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\admin\Local Settings\Data aplikací\BIT7.tmp"
"c:\documents and settings\admin\Local Settings\Data aplikací\BIT8.tmp"
"c:\program files\BrotherSoft_Extreme\prxtbBro0.dll"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\Norton Security Scan for admin.job"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_99.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Updater\config.xml
c:\program files\Ask.com\Updater\Updater.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\BitTorrentBar
c:\program files\BitTorrentBar\BitTorrentBarToolbarHelper.exe
c:\program files\BitTorrentBar\GottenAppsContextMenu.xml
c:\program files\BitTorrentBar\INSTALL.LOG
c:\program files\BitTorrentBar\OtherAppsContextMenu.xml
c:\program files\BitTorrentBar\SharedAppsContextMenu.xml
c:\program files\BitTorrentBar\tbBitT.dll
c:\program files\BitTorrentBar\toolbar.cfg
c:\program files\BitTorrentBar\ToolbarContextMenu.xml
c:\program files\BitTorrentBar\UNWISE.EXE
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Legacy_ICQ_SERVICE
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_ICQ Service
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-18 do 2011-08-18 )))))))))))))))))))))))))))))))
.
.
2011-08-16 22:43 . 2011-08-16 22:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Tunngle
2011-08-16 22:43 . 2011-08-16 22:43 -------- d-----w- c:\documents and settings\admin\Data aplikací\Tunngle
2011-08-16 22:43 . 2009-09-16 06:02 27136 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2011-08-16 21:28 . 2011-08-16 21:28 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\LogMeIn Hamachi
2011-08-16 21:28 . 2011-08-16 21:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\LogMeIn Hamachi
2011-08-16 21:28 . 2011-08-16 21:28 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-08-14 19:29 . 2011-08-14 19:29 -------- d-----w- c:\documents and settings\admin\Data aplikací\FOG Downloader
2011-08-11 18:22 . 2011-08-11 18:22 -------- d-----w- c:\documents and settings\admin\Data aplikací\PhotoFiltre Studio X
2011-08-11 18:21 . 2011-08-11 18:21 -------- d-----w- c:\program files\PhotoFiltre Studio X
2011-08-10 13:20 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 13:18 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-08 21:00 . 2011-08-08 21:00 -------- d-----w- c:\program files\GamesforFree
2011-08-05 14:45 . 2011-08-05 14:45 -------- d-----w- c:\program files\EA SPORTS
2011-08-04 13:28 . 2011-08-04 13:28 -------- d-----w- C:\FOUND.002
2011-07-29 22:51 . 2011-07-29 22:51 -------- d-----w- C:\FOUND.001
2011-07-29 14:44 . 2011-07-29 14:44 -------- d-----w- C:\FOUND.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 1979-12-31 22:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-10 23:33 . 2011-07-10 23:33 0 ---ha-w- c:\documents and settings\admin\Local Settings\Data aplikací\BIT8.tmp
2011-07-10 23:33 . 2011-07-10 23:33 0 ---ha-w- c:\documents and settings\admin\Local Settings\Data aplikací\BIT7.tmp
2011-07-08 14:02 . 1979-12-31 22:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-04 11:43 . 2010-12-14 13:17 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-12-14 13:17 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2006-12-08 20:24 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-12-14 12:17 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-12-14 12:17 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2010-12-14 12:17 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2010-12-14 12:17 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2010-12-14 12:17 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-12-14 12:17 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2010-12-14 12:17 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-24 14:10 . 2004-10-11 09:56 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 1979-12-31 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 1979-12-31 22:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:31 . 1979-12-31 22:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 1979-12-31 22:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 1979-12-31 22:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-19 15:02 . 2011-06-19 15:01 21022914 ----a-w- C:\vlc-1.1.10-win32.exe
2011-06-09 16:18 . 2011-01-09 15:37 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-06-06 11:35 . 1980-01-01 00:00 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-17_22.33.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-18 20:27 . 2011-08-18 20:27 16384 c:\windows\temp\Perflib_Perfdata_828.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-21 40960]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=
"c:\\Program Files\\3DO\\Heroes of Might and Magic IV\\heroes4c.exe"=
"c:\\WINDOWS\\System32\\dpnsvr.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\Documents and Settings\\ADMIN\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\ADMIN\\Plocha\\Valve\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Documents and Settings\\ADMIN\\Plocha\\Warcraft III\\Warcraft III.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [6.4.2010 14:55 76544]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.12.2010 17:56 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8.12.2006 22:24 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14.12.2010 14:17 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.12.2010 14:17 19544]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [4.8.2011 14:34 1361288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 EraserUtilDrvI11;EraserUtilDrvI11;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI11.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI11.sys [?]
S3 IPN2220;acer IPN2220 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [1.1.1980 160896]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-18 c:\windows\Tasks\User_Feed_Synchronization-{8760895B-642B-4A0B-990D-E6C87E371125}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-30 23:03]
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-30 23:03]
.
2011-08-18 c:\windows\Tasks\Norton Security Scan for admin.job
- c:\progra~1\NORTON~2\Engine\300~1.103\Nss.exe [2011-01-19 02:19]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
LSP: c:\progra~1\SPEEDB~2\SBLSP.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\nki7qhf7.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: BrotherSoft Extreme Community Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - %profile%\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
FF - Ext: Hero Fighter Community Toolbar: {b12785f5-d8d0-4530-a3ea-5c4263b85bef} - %profile%\extensions\{b12785f5-d8d0-4530-a3ea-5c4263b85bef}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: SearchPredict: searchpredict@speedbit.com - c:\program files\SearchPredict\PRFireFox
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-BitTorrentBar Toolbar - c:\progra~1\BITTOR~2\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-18 22:28
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-689203858-595698994-2622159404-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(840)
c:\progra~1\SPEEDB~2\SBLSP.dll
.
- - - - - - - > 'explorer.exe'(3240)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\progra~1\SPEEDB~2\SBLSP.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\Java\jre6\bin\jqs.exe
.
**************************************************************************
.
Celkový čas: 2011-08-18 22:36:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-18 20:36
ComboFix2.txt 2011-08-17 22:43
.
Před spuštěním: Volných bajtů: 11 055 759 360
Po spuštění: Volných bajtů: 11 035 541 504
.
- - End Of File - - DA9497D63F173000869EC06F1E873DFF
Re: problém se správcem úloh
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu
- Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
- Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
- Zaskrtnete okenko Pro vsechny uzivatele
- Zaskrtnete okenko Kontrola na havet "LOP"
- Zaskrtnete okenko Kontrola na havet "Purity"
- Stari souboru zmente z 30 dnu na 7 dnu
- Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize
Kód: Vybrat vše
CREATERESTOREPOINT netsvcs drivers32 savembr:0 /md5start adp3132.sys AGP440.sys ahcix86.sys ahcix86s.sys atapi.sys autochk.exe cdrom.sys cngaudit.dll cryptsvc.dll eNetHook.dll eventlog.dll explorer.exe hal.dll Changer.sys iaStor.sys iastorv.sys IdeChnDr.sys isapnp.sys JakNDis.sys KR10N.sys logevent.dll lsass.exe mv61xx.sys ndis.sys netlogon.dll ntelogon.dll nvata.sys nvatabus.sys nvgts.sys nvraid.sys nvrd32.sys nvstor.sys nvstor32.sys scecli.dll sceclt.dll smss.exe svchost.exe symmpi.sys tcpip.sys userinit.exe vaxscsi.sys viamraid.sys viasraid.sys ViPrt.sys winlogon.exe ws2_32.dll /md5stop %systemroot%*.* /U /s %SYSTEMDRIVE%\*.exe %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %systemroot%\system32\drivers\*.sys /3 %systemroot%\system32\*.* /3 %SYSTEMDRIVE%\*.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c type c:\boot.ini >> test.txt /c %SystemDrive%\PhysicalMBR.bin /md5- Kliknete na tlacitko Prohledat
- Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: problém se správcem úloh
jak poznam esi pouzivam ten 64 ??
Re: problém se správcem úloh
Mate 32bit OS, takze nereste
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: problém se správcem úloh
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< >
< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.08.18 22:56:50 | 000,000,512 | ---- | M] () MD5=F9CA033FB32E731F55EC5563C1A6976E -- C:\PhysicalMBR.bin
< End of report >
OTL Extras logfile created on: 18.8.2011 22:52:52 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\admin\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1,75 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 51,57% Memory free
3,60 Gb Paging File | 2,77 Gb Available in Paging File | 77,04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,51 Gb Total Space | 10,31 Gb Free Space | 13,84% Space Free | Partition Type: FAT32
Drive D: | 2,13 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: ACER-POWERF5 | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-689203858-595698994-2622159404-1004\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ7.4\ICQ.exe" = C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe" = C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe:*:Enabled:speed -- ()
"C:\Program Files\3DO\Heroes of Might and Magic IV\heroes4c.exe" = C:\Program Files\3DO\Heroes of Might and Magic IV\heroes4c.exe:*:Disabled:Heroes of Might and Magic® IV: Winds of War™ -- (The 3DO Company)
"C:\WINDOWS\System32\dpnsvr.exe" = C:\WINDOWS\System32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\ICQ7.4\ICQ.exe" = C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)
"C:\Documents and Settings\ADMIN\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\ADMIN\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Documents and Settings\ADMIN\Plocha\Valve\hl.exe" = C:\Documents and Settings\ADMIN\Plocha\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Valve\hl.exe" = C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Documents and Settings\ADMIN\Plocha\Warcraft III\Warcraft III.exe" = C:\Documents and Settings\ADMIN\Plocha\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{192E2132-E977-4D3E-90BA-9DBCE1B57F8C}" = Heroes of Might and Magic® IV
"{1CC535A8-BD37-4AD5-BF85-1C366873BA47}" = Street Racing Syndicate (TM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{649E4B4B-9DBD-4C0D-9ECD-BDF3382992E2}" = Trainer Maker 4 for Windows
"{67E0C987-AAC3-E5A2-B32D-1BE48BC297E1}" = ATI Catalyst Install Manager
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6889EE56-1816-4E89-94DF-9F56E7804039}_is1" = Counter-Strike 1.6 Non-Steam patch v36
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A2DE62D8-EF1B-36CB-B461-B1E221ED8608}" = Microsoft .NET Framework 4 Extended CSY Language Pack
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.5 - Czech
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7EF883B-6320-4B13-00BB-B1B379303DA2}" = FIFA 06 Demo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C72D7008-266D-4DD8-BF3C-296B736127F6}" = Mafia
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A3B9-08C3-4A2F-B2CB-8EAC3F17F440}" = Ovladače ATI
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{E766BDE2-A6DF-4066-B495-2B7BDFF01BB0}" = Just Cause Demo 1.00.0000
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F17F7703-1E72-40C1-A0DD-E5B365661029}" = Nero 7 Essentials
"{FAB43061-FEFB-46E8-A159-96710395DB5E}" = OpenOffice.org 3.2
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"Battle for Wesnoth_is1" = Battle for Wesnoth 1.4.1
"BitTorrent" = BitTorrent
"Bombarďáci" = Bombarďáci
"BrotherSoft_Extreme Toolbar" = BrotherSoft Extreme Toolbar
"conduitEngine" = Conduit Engine
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Fraps" = Fraps (remove only)
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III Complete
"Heroes of Might and Magic® IV Big World Barbarian" = Heroes of Might and Magic® IV Big World Barbarian
"ICQToolbar" = ICQ Toolbar
"ie8" = Windows Internet Explorer 8
"Indeo® Software" = Indeo® Software
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{192E2132-E977-4D3E-90BA-9DBCE1B57F8C}" = Heroes of Might and Magic® IV
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.0 (Full)
"Little Fighter 2" = Little Fighter 2 1.9c
"Little Fighter 2 v1.9" = Little Fighter 2 v1.9
"Little Fighter 2.5 - v2.0" = Little Fighter 2.5 - v2.0
"Little Fighters 2.5" = Little Fighters 2.5
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended CSY Language Pack" = Microsoft .NET Framework 4 Extended CSY Language Pack
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.50.1074" = Opera 11.50
"Scorpions WinCheater 2.07 (s databází 118)_is1" = Scorpions WinCheater
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 1.1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-689203858-595698994-2622159404-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"NCsoft-AionEU" = Aion
"PhotoFiltre Studio X" = PhotoFiltre Studio X
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9.7.2011 8:26:54 | Computer Name = ACER-POWERF5 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.
Error - 10.7.2011 19:33:04 | Computer Name = ACER-POWERF5 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.
Error - 11.7.2011 10:20:47 | Computer Name = ACER-POWERF5 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.
Error - 12.7.2011 8:07:48 | Computer Name = ACER-POWERF5 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.
Error - 14.7.2011 13:57:51 | Computer Name = ACER-POWERF5 | Source = PerfNet | ID = 2005
Description = Nelze číst data o výkonu ze služby serveru. V tomto vzorku nebudou
vrácena žádná data o výkonu serveru. Vrácený chybový kód je v datech DWORD 0, IOSB.Status
je DWORD 1 a IOSB.Information je DWORD 2.
Error - 14.7.2011 13:57:51 | Computer Name = ACER-POWERF5 | Source = PerfNet | ID = 2006
Description = Nelze číst data o výkonu fronty ze služby serveru. V tomto vzorku nebudou
vrácena žádná data o výkonu fronty serveru. Vrácený chybový kód je v datech DWORD
0, IOSB.Status je DWORD 1 a IOSB.Information je DWORD 2.
Error - 15.7.2011 12:58:26 | Computer Name = ACER-POWERF5 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.
Error - 25.7.2011 17:59:58 | Computer Name = ACER-POWERF5 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace Little Fighter Saga.exe, verze 0.0.0.0, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 26.7.2011 10:23:10 | Computer Name = ACER-POWERF5 | Source = Application Error | ID = 1000
Description = Chybující aplikace setup.exe, verze 0.0.0.0, chybující modul setup.exe,
verze 0.0.0.0, adresa chyby 0x00008dc1.
Error - 26.7.2011 10:23:33 | Computer Name = ACER-POWERF5 | Source = Application Error | ID = 1000
Description = Chybující aplikace setup.exe, verze 0.0.0.0, chybující modul setup.exe,
verze 0.0.0.0, adresa chyby 0x00003ad4.
[ System Events ]
Error - 16.8.2011 17:45:11 | Computer Name = ACER-POWERF5 | Source = ipnathlp | ID = 31008
Description = Agentu serveru proxy služby DNS se nepodařilo načíst místní seznam
serverů pro překlad adres IP z registru. Uvedený údaj je kód chyby.
Error - 16.8.2011 19:01:03 | Computer Name = ACER-POWERF5 | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 7.20.1.193 pro síťovou kartu s adresou 00FFD25310A6
byla serverem DHCP 7.254.254.254 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).
Error - 16.8.2011 19:09:38 | Computer Name = ACER-POWERF5 | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 7.20.1.193 pro síťovou kartu s adresou 00FFD25310A6
byla serverem DHCP 7.254.254.254 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).
Error - 17.8.2011 10:33:52 | Computer Name = ACER-POWERF5 | Source = Server | ID = 2505
Description = Server nemohl vytvořit vazbu na přenos \Device\NetBT_Tcpip_{FE9CB4AC-23AB-40D1-BA00-D931122EF518},
protože jiný počítač v síti má stejný název. Server nelze spustit.
Error - 18.8.2011 16:09:03 | Computer Name = ACER-POWERF5 | Source = Service Control Manager | ID = 7034
Description = Služba ICQ Service byla neočekávaně ukončena. Tento stav nastal již
1krát.
Error - 18.8.2011 16:09:03 | Computer Name = ACER-POWERF5 | Source = Service Control Manager | ID = 7034
Description = Služba Zařazování tisku byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 18.8.2011 16:09:03 | Computer Name = ACER-POWERF5 | Source = Service Control Manager | ID = 7034
Description = Služba Ati HotKey Poller byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 18.8.2011 16:09:03 | Computer Name = ACER-POWERF5 | Source = Service Control Manager | ID = 7034
Description = Služba Služba brány aplikačního rozhraní byla neočekávaně ukončena.
Tento stav nastal již 1krát.
Error - 18.8.2011 16:09:03 | Computer Name = ACER-POWERF5 | Source = Service Control Manager | ID = 7034
Description = Služba Java Quick Starter byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 18.8.2011 16:09:03 | Computer Name = ACER-POWERF5 | Source = Service Control Manager | ID = 7034
Description = Služba LogMeIn Hamachi Tunneling Engine byla neočekávaně ukončena.
Tento stav nastal již 1krát.
< End of report >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< >
< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.08.18 22:56:50 | 000,000,512 | ---- | M] () MD5=F9CA033FB32E731F55EC5563C1A6976E -- C:\PhysicalMBR.bin
< End of report >
OTL Extras logfile created on: 18.8.2011 22:52:52 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\admin\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1,75 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 51,57% Memory free
3,60 Gb Paging File | 2,77 Gb Available in Paging File | 77,04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,51 Gb Total Space | 10,31 Gb Free Space | 13,84% Space Free | Partition Type: FAT32
Drive D: | 2,13 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: ACER-POWERF5 | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-689203858-595698994-2622159404-1004\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ7.4\ICQ.exe" = C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe" = C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe:*:Enabled:speed -- ()
"C:\Program Files\3DO\Heroes of Might and Magic IV\heroes4c.exe" = C:\Program Files\3DO\Heroes of Might and Magic IV\heroes4c.exe:*:Disabled:Heroes of Might and Magic® IV: Winds of War™ -- (The 3DO Company)
"C:\WINDOWS\System32\dpnsvr.exe" = C:\WINDOWS\System32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\ICQ7.4\ICQ.exe" = C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)
"C:\Documents and Settings\ADMIN\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\ADMIN\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Documents and Settings\ADMIN\Plocha\Valve\hl.exe" = C:\Documents and Settings\ADMIN\Plocha\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Valve\hl.exe" = C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Documents and Settings\ADMIN\Plocha\Warcraft III\Warcraft III.exe" = C:\Documents and Settings\ADMIN\Plocha\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{192E2132-E977-4D3E-90BA-9DBCE1B57F8C}" = Heroes of Might and Magic® IV
"{1CC535A8-BD37-4AD5-BF85-1C366873BA47}" = Street Racing Syndicate (TM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{649E4B4B-9DBD-4C0D-9ECD-BDF3382992E2}" = Trainer Maker 4 for Windows
"{67E0C987-AAC3-E5A2-B32D-1BE48BC297E1}" = ATI Catalyst Install Manager
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6889EE56-1816-4E89-94DF-9F56E7804039}_is1" = Counter-Strike 1.6 Non-Steam patch v36
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A2DE62D8-EF1B-36CB-B461-B1E221ED8608}" = Microsoft .NET Framework 4 Extended CSY Language Pack
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.5 - Czech
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7EF883B-6320-4B13-00BB-B1B379303DA2}" = FIFA 06 Demo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C72D7008-266D-4DD8-BF3C-296B736127F6}" = Mafia
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A3B9-08C3-4A2F-B2CB-8EAC3F17F440}" = Ovladače ATI
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{E766BDE2-A6DF-4066-B495-2B7BDFF01BB0}" = Just Cause Demo 1.00.0000
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F17F7703-1E72-40C1-A0DD-E5B365661029}" = Nero 7 Essentials
"{FAB43061-FEFB-46E8-A159-96710395DB5E}" = OpenOffice.org 3.2
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"Battle for Wesnoth_is1" = Battle for Wesnoth 1.4.1
"BitTorrent" = BitTorrent
"Bombarďáci" = Bombarďáci
"BrotherSoft_Extreme Toolbar" = BrotherSoft Extreme Toolbar
"conduitEngine" = Conduit Engine
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Fraps" = Fraps (remove only)
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III Complete
"Heroes of Might and Magic® IV Big World Barbarian" = Heroes of Might and Magic® IV Big World Barbarian
"ICQToolbar" = ICQ Toolbar
"ie8" = Windows Internet Explorer 8
"Indeo® Software" = Indeo® Software
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{192E2132-E977-4D3E-90BA-9DBCE1B57F8C}" = Heroes of Might and Magic® IV
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.0 (Full)
"Little Fighter 2" = Little Fighter 2 1.9c
"Little Fighter 2 v1.9" = Little Fighter 2 v1.9
"Little Fighter 2.5 - v2.0" = Little Fighter 2.5 - v2.0
"Little Fighters 2.5" = Little Fighters 2.5
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended CSY Language Pack" = Microsoft .NET Framework 4 Extended CSY Language Pack
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.50.1074" = Opera 11.50
"Scorpions WinCheater 2.07 (s databází 118)_is1" = Scorpions WinCheater
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 1.1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-689203858-595698994-2622159404-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"NCsoft-AionEU" = Aion
"PhotoFiltre Studio X" = PhotoFiltre Studio X
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9.7.2011 8:26:54 | Computer Name = ACER-POWERF5 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.
Error - 10.7.2011 19:33:04 | Computer Name = ACER-POWERF5 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.
Error - 11.7.2011 10:20:47 | Computer Name = ACER-POWERF5 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.
Error - 12.7.2011 8:07:48 | Computer Name = ACER-POWERF5 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.
Error - 14.7.2011 13:57:51 | Computer Name = ACER-POWERF5 | Source = PerfNet | ID = 2005
Description = Nelze číst data o výkonu ze služby serveru. V tomto vzorku nebudou
vrácena žádná data o výkonu serveru. Vrácený chybový kód je v datech DWORD 0, IOSB.Status
je DWORD 1 a IOSB.Information je DWORD 2.
Error - 14.7.2011 13:57:51 | Computer Name = ACER-POWERF5 | Source = PerfNet | ID = 2006
Description = Nelze číst data o výkonu fronty ze služby serveru. V tomto vzorku nebudou
vrácena žádná data o výkonu fronty serveru. Vrácený chybový kód je v datech DWORD
0, IOSB.Status je DWORD 1 a IOSB.Information je DWORD 2.
Error - 15.7.2011 12:58:26 | Computer Name = ACER-POWERF5 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.
Error - 25.7.2011 17:59:58 | Computer Name = ACER-POWERF5 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace Little Fighter Saga.exe, verze 0.0.0.0, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 26.7.2011 10:23:10 | Computer Name = ACER-POWERF5 | Source = Application Error | ID = 1000
Description = Chybující aplikace setup.exe, verze 0.0.0.0, chybující modul setup.exe,
verze 0.0.0.0, adresa chyby 0x00008dc1.
Error - 26.7.2011 10:23:33 | Computer Name = ACER-POWERF5 | Source = Application Error | ID = 1000
Description = Chybující aplikace setup.exe, verze 0.0.0.0, chybující modul setup.exe,
verze 0.0.0.0, adresa chyby 0x00003ad4.
[ System Events ]
Error - 16.8.2011 17:45:11 | Computer Name = ACER-POWERF5 | Source = ipnathlp | ID = 31008
Description = Agentu serveru proxy služby DNS se nepodařilo načíst místní seznam
serverů pro překlad adres IP z registru. Uvedený údaj je kód chyby.
Error - 16.8.2011 19:01:03 | Computer Name = ACER-POWERF5 | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 7.20.1.193 pro síťovou kartu s adresou 00FFD25310A6
byla serverem DHCP 7.254.254.254 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).
Error - 16.8.2011 19:09:38 | Computer Name = ACER-POWERF5 | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 7.20.1.193 pro síťovou kartu s adresou 00FFD25310A6
byla serverem DHCP 7.254.254.254 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).
Error - 17.8.2011 10:33:52 | Computer Name = ACER-POWERF5 | Source = Server | ID = 2505
Description = Server nemohl vytvořit vazbu na přenos \Device\NetBT_Tcpip_{FE9CB4AC-23AB-40D1-BA00-D931122EF518},
protože jiný počítač v síti má stejný název. Server nelze spustit.
Error - 18.8.2011 16:09:03 | Computer Name = ACER-POWERF5 | Source = Service Control Manager | ID = 7034
Description = Služba ICQ Service byla neočekávaně ukončena. Tento stav nastal již
1krát.
Error - 18.8.2011 16:09:03 | Computer Name = ACER-POWERF5 | Source = Service Control Manager | ID = 7034
Description = Služba Zařazování tisku byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 18.8.2011 16:09:03 | Computer Name = ACER-POWERF5 | Source = Service Control Manager | ID = 7034
Description = Služba Ati HotKey Poller byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 18.8.2011 16:09:03 | Computer Name = ACER-POWERF5 | Source = Service Control Manager | ID = 7034
Description = Služba Služba brány aplikačního rozhraní byla neočekávaně ukončena.
Tento stav nastal již 1krát.
Error - 18.8.2011 16:09:03 | Computer Name = ACER-POWERF5 | Source = Service Control Manager | ID = 7034
Description = Služba Java Quick Starter byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 18.8.2011 16:09:03 | Computer Name = ACER-POWERF5 | Source = Service Control Manager | ID = 7034
Description = Služba LogMeIn Hamachi Tunneling Engine byla neočekávaně ukončena.
Tento stav nastal již 1krát.
< End of report >
Re: problém se správcem úloh
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< >
< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.08.18 22:56:50 | 000,000,512 | ---- | M] () MD5=F9CA033FB32E731F55EC5563C1A6976E -- C:\PhysicalMBR.bin
< End of report >
OTL Extras logfile created on: 18.8.2011 22:52:52 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\admin\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1,75 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 51,57% Memory free
3,60 Gb Paging File | 2,77 Gb Available in Paging File | 77,04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,51 Gb Total Space | 10,31 Gb Free Space | 13,84% Space Free | Partition Type: FAT32
Drive D: | 2,13 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: ACER-POWERF5 | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-689203858-595698994-2622159404-1004\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ7.4\ICQ.exe" = C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe" = C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe:*:Enabled:speed -- ()
"C:\Program Files\3DO\Heroes of Might and Magic IV\heroes4c.exe" = C:\Program Files\3DO\Heroes of Might and Magic IV\heroes4c.exe:*:Disabled:Heroes of Might and Magic® IV: Winds of War™ -- (The 3DO Company)
"C:\WINDOWS\System32\dpnsvr.exe" = C:\WINDOWS\System32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\ICQ7.4\ICQ.exe" = C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)
"C:\Documents and Settings\ADMIN\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\ADMIN\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Documents and Settings\ADMIN\Plocha\Valve\hl.exe" = C:\Documents and Settings\ADMIN\Plocha\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Valve\hl.exe" = C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Documents and Settings\ADMIN\Plocha\Warcraft III\Warcraft III.exe" = C:\Documents and Settings\ADMIN\Plocha\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{192E2132-E977-4D3E-90BA-9DBCE1B57F8C}" = Heroes of Might and Magic® IV
"{1CC535A8-BD37-4AD5-BF85-1C366873BA47}" = Street Racing Syndicate (TM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{649E4B4B-9DBD-4C0D-9ECD-BDF3382992E2}" = Trainer Maker 4 for Windows
"{67E0C987-AAC3-E5A2-B32D-1BE48BC297E1}" = ATI Catalyst Install Manager
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6889EE56-1816-4E89-94DF-9F56E7804039}_is1" = Counter-Strike 1.6 Non-Steam patch v36
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A2DE62D8-EF1B-36CB-B461-B1E221ED8608}" = Microsoft .NET Framework 4 Extended CSY Language Pack
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.5 - Czech
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7EF883B-6320-4B13-00BB-B1B379303DA2}" = FIFA 06 Demo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C72D7008-266D-4DD8-BF3C-296B736127F6}" = Mafia
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A3B9-08C3-4A2F-B2CB-8EAC3F17F440}" = Ovladače ATI
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{E766BDE2-A6DF-4066-B495-2B7BDFF01BB0}" = Just Cause Demo 1.00.0000
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F17F7703-1E72-40C1-A0DD-E5B365661029}" = Nero 7 Essentials
"{FAB43061-FEFB-46E8-A159-96710395DB5E}" = OpenOffice.org 3.2
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"Battle for Wesnoth_is1" = Battle for Wesnoth 1.4.1
"BitTorrent" = BitTorrent
"Bombarďáci" = Bombarďáci
"BrotherSoft_Extreme Toolbar" = BrotherSoft Extreme Toolbar
"conduitEngine" = Conduit Engine
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Fraps" = Fraps (remove only)
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III Complete
"Heroes of Might and Magic® IV Big World Barbarian" = Heroes of Might and Magic® IV Big World Barbarian
"ICQToolbar" = ICQ Toolbar
"ie8" = Windows Internet Explorer 8
"Indeo® Software" = Indeo® Software
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{192E2132-E977-4D3E-90BA-9DBCE1B57F8C}" = Heroes of Might and Magic® IV
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.0 (Full)
"Little Fighter 2" = Little Fighter 2 1.9c
"Little Fighter 2 v1.9" = Little Fighter 2 v1.9
"Little Fighter 2.5 - v2.0" = Little Fighter 2.5 - v2.0
"Little Fighters 2.5" = Little Fighters 2.5
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended CSY Language Pack" = Microsoft .NET Framework 4 Extended CSY Language Pack
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.50.1074" = Opera 11.50
"Scorpions WinCheater 2.07 (s databází 118)_is1" = Scorpions WinCheater
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 1.1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-689203858-595698994-2622159404-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"NCsoft-AionEU" = Aion
"PhotoFiltre Studio X" = PhotoFiltre Studio X
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9.7.2011 8:26:54 | Computer Name = ACER-POWERF5 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.
Error - 10.7.2011 19:33:04 | Computer Name = ACER-POWERF5 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.
Error - 11.7.2011 10:20:47 | Computer Name = ACER-POWERF5 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.
Error - 12.7.2011 8:07:48 | Computer Name = ACER-POWERF5 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.
Error - 14.7.2011 13:57:51 | Computer Name = ACER-POWERF5 | Source = PerfNet | ID = 2005
Description = Nelze číst data o výkonu ze služby serveru. V tomto vzorku nebudou
vrácena žádná data o výkonu serveru. Vrácený chybový kód je v datech DWORD 0, IOSB.Status
je DWORD 1 a IOSB.Information je DWORD 2.
Error - 14.7.2011 13:57:51 | Computer Name = ACER-POWERF5 | Source = PerfNet | ID = 2006
Description = Nelze číst data o výkonu fronty ze služby serveru. V tomto vzorku nebudou
vrácena žádná data o výkonu fronty serveru. Vrácený chybový kód je v datech DWORD
0, IOSB.Status je DWORD 1 a IOSB.Information je DWORD 2.
Error - 15.7.2011 12:58:26 | Computer Name = ACER-POWERF5 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.
Error - 25.7.2011 17:59:58 | Computer Name = ACER-POWERF5 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace Little Fighter Saga.exe, verze 0.0.0.0, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 26.7.2011 10:23:10 | Computer Name = ACER-POWERF5 | Source = Application Error | ID = 1000
Description = Chybující aplikace setup.exe, verze 0.0.0.0, chybující modul setup.exe,
verze 0.0.0.0, adresa chyby 0x00008dc1.
Error - 26.7.2011 10:23:33 | Computer Name = ACER-POWERF5 | Source = Application Error | ID = 1000
Description = Chybující aplikace setup.exe, verze 0.0.0.0, chybující modul setup.exe,
verze 0.0.0.0, adresa chyby 0x00003ad4.
[ System Events ]
Error - 16.8.2011 17:45:11 | Computer Name = ACER-POWERF5 | Source = ipnathlp | ID = 31008
Description = Agentu serveru proxy služby DNS se nepodařilo načíst místní seznam
serverů pro překlad adres IP z registru. Uvedený údaj je kód chyby.
Error - 16.8.2011 19:01:03 | Computer Name = ACER-POWERF5 | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 7.20.1.193 pro síťovou kartu s adresou 00FFD25310A6
byla serverem DHCP 7.254.254.254 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).
Error - 16.8.2011 19:09:38 | Computer Name = ACER-POWERF5 | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 7.20.1.193 pro síťovou kartu s adresou 00FFD25310A6
byla serverem DHCP 7.254.254.254 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).
Error - 17.8.2011 10:33:52 | Computer Name = ACER-POWERF5 | Source = Server | ID = 2505
Description = Server nemohl vytvořit vazbu na přenos \Device\NetBT_Tcpip_{FE9CB4AC-23AB-40D1-BA00-D931122EF518},
protože jiný počítač v síti má stejný název. Server nelze spustit.
Error - 18.8.2011 16:09:03 | Computer Name = ACER-POWERF5 | Source = Service Control Manager | ID = 7034
Description = Služba ICQ Service byla neočekávaně ukončena. Tento stav nastal již
1krát.
Error - 18.8.2011 16:09:03 | Computer Name = ACER-POWERF5 | Source = Service Control Manager | ID = 7034
Description = Služba Zařazování tisku byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 18.8.2011 16:09:03 | Computer Name = ACER-POWERF5 | Source = Service Control Manager | ID = 7034
Description = Služba Ati HotKey Poller byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 18.8.2011 16:09:03 | Computer Name = ACER-POWERF5 | Source = Service Control Manager | ID = 7034
Description = Služba Služba brány aplikačního rozhraní byla neočekávaně ukončena.
Tento stav nastal již 1krát.
Error - 18.8.2011 16:09:03 | Computer Name = ACER-POWERF5 | Source = Service Control Manager | ID = 7034
Description = Služba Java Quick Starter byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 18.8.2011 16:09:03 | Computer Name = ACER-POWERF5 | Source = Service Control Manager | ID = 7034
Description = Služba LogMeIn Hamachi Tunneling Engine byla neočekávaně ukončena.
Tento stav nastal již 1krát.
< End of report >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< >
< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.08.18 22:56:50 | 000,000,512 | ---- | M] () MD5=F9CA033FB32E731F55EC5563C1A6976E -- C:\PhysicalMBR.bin
< End of report >
OTL Extras logfile created on: 18.8.2011 22:52:52 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\admin\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1,75 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 51,57% Memory free
3,60 Gb Paging File | 2,77 Gb Available in Paging File | 77,04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,51 Gb Total Space | 10,31 Gb Free Space | 13,84% Space Free | Partition Type: FAT32
Drive D: | 2,13 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: ACER-POWERF5 | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-689203858-595698994-2622159404-1004\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ7.4\ICQ.exe" = C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe" = C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe:*:Enabled:speed -- ()
"C:\Program Files\3DO\Heroes of Might and Magic IV\heroes4c.exe" = C:\Program Files\3DO\Heroes of Might and Magic IV\heroes4c.exe:*:Disabled:Heroes of Might and Magic® IV: Winds of War™ -- (The 3DO Company)
"C:\WINDOWS\System32\dpnsvr.exe" = C:\WINDOWS\System32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\ICQ7.4\ICQ.exe" = C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)
"C:\Documents and Settings\ADMIN\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\ADMIN\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Documents and Settings\ADMIN\Plocha\Valve\hl.exe" = C:\Documents and Settings\ADMIN\Plocha\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Valve\hl.exe" = C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Documents and Settings\ADMIN\Plocha\Warcraft III\Warcraft III.exe" = C:\Documents and Settings\ADMIN\Plocha\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{192E2132-E977-4D3E-90BA-9DBCE1B57F8C}" = Heroes of Might and Magic® IV
"{1CC535A8-BD37-4AD5-BF85-1C366873BA47}" = Street Racing Syndicate (TM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{649E4B4B-9DBD-4C0D-9ECD-BDF3382992E2}" = Trainer Maker 4 for Windows
"{67E0C987-AAC3-E5A2-B32D-1BE48BC297E1}" = ATI Catalyst Install Manager
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6889EE56-1816-4E89-94DF-9F56E7804039}_is1" = Counter-Strike 1.6 Non-Steam patch v36
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A2DE62D8-EF1B-36CB-B461-B1E221ED8608}" = Microsoft .NET Framework 4 Extended CSY Language Pack
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.5 - Czech
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7EF883B-6320-4B13-00BB-B1B379303DA2}" = FIFA 06 Demo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C72D7008-266D-4DD8-BF3C-296B736127F6}" = Mafia
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A3B9-08C3-4A2F-B2CB-8EAC3F17F440}" = Ovladače ATI
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{E766BDE2-A6DF-4066-B495-2B7BDFF01BB0}" = Just Cause Demo 1.00.0000
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F17F7703-1E72-40C1-A0DD-E5B365661029}" = Nero 7 Essentials
"{FAB43061-FEFB-46E8-A159-96710395DB5E}" = OpenOffice.org 3.2
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"Battle for Wesnoth_is1" = Battle for Wesnoth 1.4.1
"BitTorrent" = BitTorrent
"Bombarďáci" = Bombarďáci
"BrotherSoft_Extreme Toolbar" = BrotherSoft Extreme Toolbar
"conduitEngine" = Conduit Engine
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Fraps" = Fraps (remove only)
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III Complete
"Heroes of Might and Magic® IV Big World Barbarian" = Heroes of Might and Magic® IV Big World Barbarian
"ICQToolbar" = ICQ Toolbar
"ie8" = Windows Internet Explorer 8
"Indeo® Software" = Indeo® Software
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{192E2132-E977-4D3E-90BA-9DBCE1B57F8C}" = Heroes of Might and Magic® IV
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.0 (Full)
"Little Fighter 2" = Little Fighter 2 1.9c
"Little Fighter 2 v1.9" = Little Fighter 2 v1.9
"Little Fighter 2.5 - v2.0" = Little Fighter 2.5 - v2.0
"Little Fighters 2.5" = Little Fighters 2.5
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended CSY Language Pack" = Microsoft .NET Framework 4 Extended CSY Language Pack
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.50.1074" = Opera 11.50
"Scorpions WinCheater 2.07 (s databází 118)_is1" = Scorpions WinCheater
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 1.1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-689203858-595698994-2622159404-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"NCsoft-AionEU" = Aion
"PhotoFiltre Studio X" = PhotoFiltre Studio X
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9.7.2011 8:26:54 | Computer Name = ACER-POWERF5 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.
Error - 10.7.2011 19:33:04 | Computer Name = ACER-POWERF5 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.
Error - 11.7.2011 10:20:47 | Computer Name = ACER-POWERF5 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.
Error - 12.7.2011 8:07:48 | Computer Name = ACER-POWERF5 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.
Error - 14.7.2011 13:57:51 | Computer Name = ACER-POWERF5 | Source = PerfNet | ID = 2005
Description = Nelze číst data o výkonu ze služby serveru. V tomto vzorku nebudou
vrácena žádná data o výkonu serveru. Vrácený chybový kód je v datech DWORD 0, IOSB.Status
je DWORD 1 a IOSB.Information je DWORD 2.
Error - 14.7.2011 13:57:51 | Computer Name = ACER-POWERF5 | Source = PerfNet | ID = 2006
Description = Nelze číst data o výkonu fronty ze služby serveru. V tomto vzorku nebudou
vrácena žádná data o výkonu fronty serveru. Vrácený chybový kód je v datech DWORD
0, IOSB.Status je DWORD 1 a IOSB.Information je DWORD 2.
Error - 15.7.2011 12:58:26 | Computer Name = ACER-POWERF5 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.
Error - 25.7.2011 17:59:58 | Computer Name = ACER-POWERF5 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace Little Fighter Saga.exe, verze 0.0.0.0, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 26.7.2011 10:23:10 | Computer Name = ACER-POWERF5 | Source = Application Error | ID = 1000
Description = Chybující aplikace setup.exe, verze 0.0.0.0, chybující modul setup.exe,
verze 0.0.0.0, adresa chyby 0x00008dc1.
Error - 26.7.2011 10:23:33 | Computer Name = ACER-POWERF5 | Source = Application Error | ID = 1000
Description = Chybující aplikace setup.exe, verze 0.0.0.0, chybující modul setup.exe,
verze 0.0.0.0, adresa chyby 0x00003ad4.
[ System Events ]
Error - 16.8.2011 17:45:11 | Computer Name = ACER-POWERF5 | Source = ipnathlp | ID = 31008
Description = Agentu serveru proxy služby DNS se nepodařilo načíst místní seznam
serverů pro překlad adres IP z registru. Uvedený údaj je kód chyby.
Error - 16.8.2011 19:01:03 | Computer Name = ACER-POWERF5 | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 7.20.1.193 pro síťovou kartu s adresou 00FFD25310A6
byla serverem DHCP 7.254.254.254 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).
Error - 16.8.2011 19:09:38 | Computer Name = ACER-POWERF5 | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 7.20.1.193 pro síťovou kartu s adresou 00FFD25310A6
byla serverem DHCP 7.254.254.254 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).
Error - 17.8.2011 10:33:52 | Computer Name = ACER-POWERF5 | Source = Server | ID = 2505
Description = Server nemohl vytvořit vazbu na přenos \Device\NetBT_Tcpip_{FE9CB4AC-23AB-40D1-BA00-D931122EF518},
protože jiný počítač v síti má stejný název. Server nelze spustit.
Error - 18.8.2011 16:09:03 | Computer Name = ACER-POWERF5 | Source = Service Control Manager | ID = 7034
Description = Služba ICQ Service byla neočekávaně ukončena. Tento stav nastal již
1krát.
Error - 18.8.2011 16:09:03 | Computer Name = ACER-POWERF5 | Source = Service Control Manager | ID = 7034
Description = Služba Zařazování tisku byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 18.8.2011 16:09:03 | Computer Name = ACER-POWERF5 | Source = Service Control Manager | ID = 7034
Description = Služba Ati HotKey Poller byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 18.8.2011 16:09:03 | Computer Name = ACER-POWERF5 | Source = Service Control Manager | ID = 7034
Description = Služba Služba brány aplikačního rozhraní byla neočekávaně ukončena.
Tento stav nastal již 1krát.
Error - 18.8.2011 16:09:03 | Computer Name = ACER-POWERF5 | Source = Service Control Manager | ID = 7034
Description = Služba Java Quick Starter byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 18.8.2011 16:09:03 | Computer Name = ACER-POWERF5 | Source = Service Control Manager | ID = 7034
Description = Služba LogMeIn Hamachi Tunneling Engine byla neočekávaně ukončena.
Tento stav nastal již 1krát.
< End of report >
Přispějete na provoz fóra?