Dobrý den,
potřebovala bych udělat preventivní kontrolu logu, PC je nějaké pomalé, programy se otevírají hodně dlouho. Děkuji[/b]
Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2012-01-28 12:55:38
Systém Microsoft Windows XP Professional Service Pack 3
System drive D: has 33 GB (66%) free of 50 GB
Total RAM: 1023 MB (50% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:55:50, on 28.1.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\MSI\LAN Utility\DiagAP8169.exe
D:\WINDOWS\system32\RunDll32.exe
D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
D:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
D:\Program Files\Cyberlink\Shared files\brs.exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
D:\Program Files\Winamp\winampa.exe
D:\WINDOWS\system32\RunDLL32.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\MSI\SecureDoc\Logon.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Program Files\RSIT\RSIT.exe
D:\Program Files\trend micro\Administrator.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [DiagAP8169] D:\Program Files\MSI\LAN Utility\DiagAP8169 /hw
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SSBkgdUpdate] "D:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] D:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [RemoteControl10] "D:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] D:\Program Files\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] D:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1409082233-1275210071-725345543-1005\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SecureDoc.lnk = D:\Program Files\MSI\SecureDoc\Logon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://D:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
--
End of file - 6246 bytes
======Scheduled tasks folder======
D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1275210071-725345543-1003Core.job
D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1275210071-725345543-1003UA.job
=========Mozilla firefox=========
ProfilePath - D:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\1f6rqxva.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz"
prefs.js - "keyword.URL" - "http://slirsredirect.search.aol.com/red ... 011&query="
"{20a82645-c095-46ed-80e3-08825760534b}"=D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027]
"Description"=RealMedia Plugin
"Path"=D:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040]
"Description"=6.0.12.1040
"Path"=D:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=D:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
D:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
D:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
flashplayer.xpt
nppl3260.xpt
npwachk.xpt
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt
D:\Program Files\Mozilla Firefox\plugins\
npdnu.dll
npdnu.xpt
npdnupdater2.dll
npdnupdater2.xpt
npjp2.dll
NPOFFICE.DLL
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprpjplug.dll
npwachk.dll
QuickTimePlugin.class
D:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml
D:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\1f6rqxva.default\extensions\
{0b38152b-1b20-484d-a11f-5e04a9b0661f}
D:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\1f6rqxva.default\searchplugins\
aol-web-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DiagAP8169"=D:\Program Files\MSI\LAN Utility\DiagAP8169 /hw []
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"SSBkgdUpdate"=D:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]
"OpwareSE4"=D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]
"WrtMon.exe"=D:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe [2006-09-20 20480]
"RemoteControl10"=D:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [2010-02-03 87336]
"BDRegion"=D:\Program Files\Cyberlink\Shared files\brs.exe [2010-03-13 75048]
"NeroFilterCheck"=D:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"WinampAgent"=D:\Program Files\Winamp\winampa.exe [2010-01-12 37888]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"NvCplDaemon"=D:\WINDOWS\system32\NvCpl.dll [2011-10-08 16744256]
"nwiz"=D:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2011-10-08 1632360]
"Adobe Reader Speed Launcher"=D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-01-03 37296]
"Adobe ARM"=D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]
"egui"=D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-03-09 2140880]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
D:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
SecureDoc.lnk - D:\Program Files\MSI\SecureDoc\Logon.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
D:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - D:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"="D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=D:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=D:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
======List of files/folders created in the last 1 month======
2012-01-28 12:55:39 ----D---- D:\Program Files\trend micro
2012-01-28 12:55:38 ----D---- D:\rsit
2012-01-28 12:55:20 ----D---- D:\Program Files\RSIT
2012-01-28 12:45:33 ----HDC---- D:\WINDOWS\$NtUninstallKB2585542$
2012-01-24 18:24:28 ----D---- D:\Program Files\ESET
2012-01-24 18:24:28 ----D---- D:\Documents and Settings\All Users\Data aplikací\ESET
2012-01-12 19:58:30 ----D---- D:\Program Files\Adobe
2012-01-12 16:54:11 ----HDC---- D:\WINDOWS\$NtUninstallKB2646524$
2012-01-12 16:54:00 ----HDC---- D:\WINDOWS\$NtUninstallKB2631813$
2012-01-12 16:50:05 ----HDC---- D:\WINDOWS\$NtUninstallKB2598479$
2012-01-12 16:49:57 ----HDC---- D:\WINDOWS\$NtUninstallKB2603381$
2012-01-12 16:49:43 ----HDC---- D:\WINDOWS\$NtUninstallKB2584146$
======List of files/folders modified in the last 1 month======
2012-01-28 12:55:45 ----D---- D:\WINDOWS\Prefetch
2012-01-28 12:55:39 ----D---- D:\WINDOWS\Temp
2012-01-28 12:55:39 ----D---- D:\Program Files
2012-01-28 12:48:43 ----D---- D:\WINDOWS
2012-01-28 12:48:00 ----D---- D:\WINDOWS\system32
2012-01-28 12:46:37 ----A---- D:\WINDOWS\SchedLgU.Txt
2012-01-28 12:45:44 ----HD---- D:\WINDOWS\inf
2012-01-28 12:45:36 ----RSHDC---- D:\WINDOWS\system32\dllcache
2012-01-28 12:42:13 ----HD---- D:\WINDOWS\$hf_mig$
2012-01-28 12:42:06 ----D---- D:\WINDOWS\system32\CatRoot2
2012-01-25 16:28:43 ----D---- D:\Program Files\Mozilla Firefox
2012-01-24 21:21:55 ----SHD---- D:\WINDOWS\Installer
2012-01-24 18:25:49 ----D---- D:\WINDOWS\system32\drivers
2012-01-12 19:58:56 ----D---- D:\Documents and Settings\All Users\Data aplikací\Adobe
2012-01-12 19:57:45 ----D---- D:\Program Files\Common Files\Adobe
2012-01-12 16:54:15 ----A---- D:\WINDOWS\imsins.BAK
2012-01-12 16:50:45 ----A---- D:\WINDOWS\system32\MRT.exe
2012-01-01 11:10:57 ----RSD---- D:\WINDOWS\assembly
2012-01-01 11:08:11 ----D---- D:\WINDOWS\Microsoft.NET
2012-01-01 11:05:12 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2012-01-01 11:04:31 ----D---- D:\WINDOWS\WinSxS
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PxHelp20;PxHelp20; D:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R1 ehdrv;ehdrv; D:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-03-09 114984]
R1 epfwtdir;epfwtdir; D:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-03-09 95872]
R1 intelppm;Řadič procesoru Intel; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/11/06 08:18:12]; \??\D:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl []
R2 eamon;eamon; D:\WINDOWS\system32\DRIVERS\eamon.sys [2010-03-09 139192]
R2 irda;Protokol IrDA; D:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 LANPkt;Realtek LANPkt Protocol; D:\WINDOWS\system32\DRIVERS\LANPkt.sys [2003-09-17 8440]
R3 cmudax;C-Media High Definition Audio Interface; D:\WINDOWS\system32\drivers\cmudax.sys [2006-02-15 1301568]
R3 Diag69xp;Diag69xp; D:\WINDOWS\System32\Drivers\Diag69xp.sys [2003-09-02 11266]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 irsir;Microsoft Serial Infrared Driver; D:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 nv;nv; D:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-10-08 12791488]
R3 Rasirda;WAN Miniport (IrDA); D:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; D:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; D:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-10-12 255232]
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Ovladač třídy standardu HID; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 NTACCESS;NTACCESS; \??\G:\NTACCESS.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ekrn;ESET Service; D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-09 810120]
R2 Irmon;Sledování infračerveného přenosu; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 MDM;Machine Debug Manager; D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Driver Helper Service; D:\WINDOWS\system32\nvsvc32.exe [2011-10-08 298304]
R2 nvUpdatusService;NVIDIA Update Service Daemon; D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-08 2253120]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-03-09 33560]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; D:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
preventivka
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: preventivka
Zdravim 
Na logu se pracuje, bude to nejakou dobu trvat
Na logu se pracuje, bude to nejakou dobu trvat
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: preventivka
Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe , ulozte nejlepe na plochu a spustte.Do leveho okna zkopirujte tento skript
Kód: Vybrat vše
:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1275210071-725345543-1003Core.job
D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1275210071-725345543-1003UA.job
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"=-
"SSBkgdUpdate"=-
"RemoteControl10"=-
"BDRegion"=-
"NeroFilterCheck"=-
"WinampAgent"=-
"NvMediaCenter"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
:commands
[RESETHOSTS]
[Purity]
[EMPTYTEMP]
[EMPTYFLASH]Po restartu sem dejte log, ktery bude zde C:\_OTM\MovedFiles\
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: preventivka
Nevím jestli jsem Vám sem dala správný log.
All processes killed
========== FILES ==========
File/Folder D:\WINDOWS\system32\*.tmp.dll not found.
File/Folder D:\WINDOWS\system32\SET*.tmp not found.
D:\WINDOWS\002835_.tmp moved successfully.
D:\WINDOWS\SET3.tmp moved successfully.
D:\WINDOWS\SET4.tmp moved successfully.
D:\WINDOWS\SET8.tmp moved successfully.
D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1275210071-725345543-1003Core.job moved successfully.
D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1275210071-725345543-1003UA.job moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Cmaudio deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SSBkgdUpdate deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RemoteControl10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BDRegion deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NvMediaCenter deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
========== COMMANDS ==========
D:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 169726524 bytes
->Temporary Internet Files folder emptied: 41715740 bytes
->FireFox cache emptied: 57075283 bytes
->Google Chrome cache emptied: 58175216 bytes
->Flash cache emptied: 937 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: DOMA
->Temp folder emptied: 62255742 bytes
->Temporary Internet Files folder emptied: 507904 bytes
->FireFox cache emptied: 32159800 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 470 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2747257 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 405,00 mb
[EMPTYFLASH]
User: Administrator
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
User: DOMA
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: UpdatusUser
Total Flash Files Cleaned = 0,00 mb
OTM by OldTimer - Version 3.1.19.0 log created on 01282012_154930
Files moved on Reboot...
Registry entries deleted on Reboot...
All processes killed
========== FILES ==========
File/Folder D:\WINDOWS\system32\*.tmp.dll not found.
File/Folder D:\WINDOWS\system32\SET*.tmp not found.
D:\WINDOWS\002835_.tmp moved successfully.
D:\WINDOWS\SET3.tmp moved successfully.
D:\WINDOWS\SET4.tmp moved successfully.
D:\WINDOWS\SET8.tmp moved successfully.
D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1275210071-725345543-1003Core.job moved successfully.
D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1275210071-725345543-1003UA.job moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Cmaudio deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SSBkgdUpdate deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RemoteControl10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BDRegion deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NvMediaCenter deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
========== COMMANDS ==========
D:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 169726524 bytes
->Temporary Internet Files folder emptied: 41715740 bytes
->FireFox cache emptied: 57075283 bytes
->Google Chrome cache emptied: 58175216 bytes
->Flash cache emptied: 937 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: DOMA
->Temp folder emptied: 62255742 bytes
->Temporary Internet Files folder emptied: 507904 bytes
->FireFox cache emptied: 32159800 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 470 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2747257 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 405,00 mb
[EMPTYFLASH]
User: Administrator
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
User: DOMA
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: UpdatusUser
Total Flash Files Cleaned = 0,00 mb
OTM by OldTimer - Version 3.1.19.0 log created on 01282012_154930
Files moved on Reboot...
Registry entries deleted on Reboot...
Re: preventivka
Log je spravny
Program provedl co mel, nastala nejaka zmena?
Program provedl co mel, nastala nejaka zmena?
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: preventivka
Je to o trošku lepší, ale ještě to asi není ono.
Re: preventivka
OK. Vycistime to od neporadku a pak zapatrame hloubeji.
Stahnete si OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.
Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustte
Kliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat
Stahnete Ccleaner http://www.stahuj.centrum.cz/utility_a_ ... /ccleaner/ a spustte.
Pri instalaci pozor na toolbar, jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Jak vidite v odkazu, je vlevo spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vysype ho
Dale smaze vsechna hesla ulozene na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows, takze muzete pouzit take
Muzete defragmentovat disk
Stahnete napriklad program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci
Az vse provedete, restartujte jeste jednou pc a napiste, jak se chova. Podle toho budeme pokracovat
Stahnete si OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.
Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustteKliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat
Stahnete Ccleaner http://www.stahuj.centrum.cz/utility_a_ ... /ccleaner/ a spustte.Pri instalaci pozor na toolbar, jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Jak vidite v odkazu, je vlevo spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vysype ho
Dale smaze vsechna hesla ulozene na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows, takze muzete pouzit take
Muzete defragmentovat diskStahnete napriklad program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci
Az vse provedete, restartujte jeste jednou pc a napiste, jak se chova. Podle toho budeme pokracovat Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: preventivka
Dobrý den, po včerejší defragmentaci, která trvala několik hodin, je to lepší, ale PC startuje opět pomaleji, u programů docela dobrý.
Re: preventivka
Hezke nedelni dopoledne
Dejte mi sem novy log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=105895
Udelejte uplnou kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222
Kdyz neco najde, dejte sem log. Predem nic nemazte, MBAM obcas miva falesne detekce
Dejte mi sem novy log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=105895 Udelejte uplnou kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222Kdyz neco najde, dejte sem log. Predem nic nemazte, MBAM obcas miva falesne detekce
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: preventivka
RSIT
Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2012-01-29 09:30:27
Systém Microsoft Windows XP Professional Service Pack 3
System drive D: has 34 GB (67%) free of 50 GB
Total RAM: 1023 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:30:37, on 29.1.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\MSI\LAN Utility\DiagAP8169.exe
D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
D:\Program Files\MSI\SecureDoc\Logon.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Program Files\RSIT\RSIT.exe
D:\Program Files\trend micro\Administrator.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [DiagAP8169] D:\Program Files\MSI\LAN Utility\DiagAP8169 /hw
O4 - HKLM\..\Run: [OpwareSE4] "D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] D:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] D:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1409082233-1275210071-725345543-1005\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SecureDoc.lnk = D:\Program Files\MSI\SecureDoc\Logon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://D:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
--
End of file - 5286 bytes
=========Mozilla firefox=========
ProfilePath - D:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\1f6rqxva.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz"
prefs.js - "keyword.URL" - "http://slirsredirect.search.aol.com/red ... 011&query="
"{20a82645-c095-46ed-80e3-08825760534b}"=D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027]
"Description"=RealMedia Plugin
"Path"=D:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040]
"Description"=6.0.12.1040
"Path"=D:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=D:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
D:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
D:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
flashplayer.xpt
nppl3260.xpt
npwachk.xpt
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt
D:\Program Files\Mozilla Firefox\plugins\
npdnu.dll
npdnu.xpt
npdnupdater2.dll
npdnupdater2.xpt
npjp2.dll
NPOFFICE.DLL
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprpjplug.dll
npwachk.dll
QuickTimePlugin.class
D:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml
D:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\1f6rqxva.default\extensions\
{0b38152b-1b20-484d-a11f-5e04a9b0661f}
D:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\1f6rqxva.default\searchplugins\
aol-web-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DiagAP8169"=D:\Program Files\MSI\LAN Utility\DiagAP8169 /hw []
"OpwareSE4"=D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]
"WrtMon.exe"=D:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe [2006-09-20 20480]
"NvCplDaemon"=D:\WINDOWS\system32\NvCpl.dll [2011-10-08 16744256]
"nwiz"=D:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2011-10-08 1632360]
"egui"=D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-03-09 2140880]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
D:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
SecureDoc.lnk - D:\Program Files\MSI\SecureDoc\Logon.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
D:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - D:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"="D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=D:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=D:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
======List of files/folders created in the last 1 month======
2012-01-29 09:30:27 ----D---- D:\rsit
2012-01-28 16:50:14 ----D---- D:\Program Files\Defraggler
2012-01-28 12:55:39 ----D---- D:\Program Files\trend micro
2012-01-28 12:55:20 ----D---- D:\Program Files\RSIT
2012-01-28 12:45:33 ----HDC---- D:\WINDOWS\$NtUninstallKB2585542$
2012-01-24 18:24:28 ----D---- D:\Program Files\ESET
2012-01-24 18:24:28 ----D---- D:\Documents and Settings\All Users\Data aplikací\ESET
2012-01-12 19:58:30 ----D---- D:\Program Files\Adobe
2012-01-12 16:54:11 ----HDC---- D:\WINDOWS\$NtUninstallKB2646524$
2012-01-12 16:54:00 ----HDC---- D:\WINDOWS\$NtUninstallKB2631813$
2012-01-12 16:50:05 ----HDC---- D:\WINDOWS\$NtUninstallKB2598479$
2012-01-12 16:49:57 ----HDC---- D:\WINDOWS\$NtUninstallKB2603381$
2012-01-12 16:49:43 ----HDC---- D:\WINDOWS\$NtUninstallKB2584146$
======List of files/folders modified in the last 1 month======
2012-01-29 09:30:28 ----D---- D:\WINDOWS\Temp
2012-01-29 08:45:47 ----D---- D:\WINDOWS
2012-01-28 22:18:28 ----A---- D:\WINDOWS\SchedLgU.Txt
2012-01-28 16:50:45 ----D---- D:\WINDOWS\Prefetch
2012-01-28 16:50:14 ----D---- D:\Program Files
2012-01-28 16:46:14 ----D---- D:\Documents and Settings\Administrator\Data aplikací\Winamp
2012-01-28 16:45:57 ----D---- D:\WINDOWS\Debug
2012-01-28 15:49:47 ----D---- D:\WINDOWS\system32
2012-01-28 15:49:32 ----SD---- D:\WINDOWS\Tasks
2012-01-28 15:49:32 ----D---- D:\WINDOWS\system32\drivers\etc
2012-01-28 12:45:44 ----HD---- D:\WINDOWS\inf
2012-01-28 12:45:36 ----RSHDC---- D:\WINDOWS\system32\dllcache
2012-01-28 12:42:13 ----HD---- D:\WINDOWS\$hf_mig$
2012-01-28 12:42:06 ----D---- D:\WINDOWS\system32\CatRoot2
2012-01-25 16:28:43 ----D---- D:\Program Files\Mozilla Firefox
2012-01-24 21:21:55 ----SHD---- D:\WINDOWS\Installer
2012-01-24 18:25:49 ----D---- D:\WINDOWS\system32\drivers
2012-01-12 19:58:56 ----D---- D:\Documents and Settings\All Users\Data aplikací\Adobe
2012-01-12 19:57:45 ----D---- D:\Program Files\Common Files\Adobe
2012-01-12 16:50:45 ----A---- D:\WINDOWS\system32\MRT.exe
2012-01-01 11:10:57 ----RSD---- D:\WINDOWS\assembly
2012-01-01 11:08:11 ----D---- D:\WINDOWS\Microsoft.NET
2012-01-01 11:05:12 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2012-01-01 11:04:31 ----D---- D:\WINDOWS\WinSxS
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PxHelp20;PxHelp20; D:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R1 ehdrv;ehdrv; D:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-03-09 114984]
R1 epfwtdir;epfwtdir; D:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-03-09 95872]
R1 intelppm;Řadič procesoru Intel; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/11/06 08:18:12]; \??\D:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl []
R2 eamon;eamon; D:\WINDOWS\system32\DRIVERS\eamon.sys [2010-03-09 139192]
R2 irda;Protokol IrDA; D:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 LANPkt;Realtek LANPkt Protocol; D:\WINDOWS\system32\DRIVERS\LANPkt.sys [2003-09-17 8440]
R3 cmudax;C-Media High Definition Audio Interface; D:\WINDOWS\system32\drivers\cmudax.sys [2006-02-15 1301568]
R3 Diag69xp;Diag69xp; D:\WINDOWS\System32\Drivers\Diag69xp.sys [2003-09-02 11266]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 irsir;Microsoft Serial Infrared Driver; D:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 nv;nv; D:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-10-08 12791488]
R3 Rasirda;WAN Miniport (IrDA); D:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; D:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; D:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-10-12 255232]
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Ovladač třídy standardu HID; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 NTACCESS;NTACCESS; \??\G:\NTACCESS.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ekrn;ESET Service; D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-09 810120]
R2 Irmon;Sledování infračerveného přenosu; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 MDM;Machine Debug Manager; D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Driver Helper Service; D:\WINDOWS\system32\nvsvc32.exe [2011-10-08 298304]
R2 nvUpdatusService;NVIDIA Update Service Daemon; D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-08 2253120]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-03-09 33560]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; D:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
MBAM
Malwarebytes' Anti-Malware
www.malwarebytes.org
Verze databáze:
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
29.1.2012 11:34:56
mbam-log-2012-01-29 (11-34-56).txt
Typ: Úplná kontrola (C:\|D:\|E:\|F:\|)
Kontrolované objekty: 269333
Uplynulý čas: 1 hodin, 55 minut, 34 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2012-01-29 09:30:27
Systém Microsoft Windows XP Professional Service Pack 3
System drive D: has 34 GB (67%) free of 50 GB
Total RAM: 1023 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:30:37, on 29.1.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\MSI\LAN Utility\DiagAP8169.exe
D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
D:\Program Files\MSI\SecureDoc\Logon.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Program Files\RSIT\RSIT.exe
D:\Program Files\trend micro\Administrator.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [DiagAP8169] D:\Program Files\MSI\LAN Utility\DiagAP8169 /hw
O4 - HKLM\..\Run: [OpwareSE4] "D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] D:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] D:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1409082233-1275210071-725345543-1005\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SecureDoc.lnk = D:\Program Files\MSI\SecureDoc\Logon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://D:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
--
End of file - 5286 bytes
=========Mozilla firefox=========
ProfilePath - D:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\1f6rqxva.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz"
prefs.js - "keyword.URL" - "http://slirsredirect.search.aol.com/red ... 011&query="
"{20a82645-c095-46ed-80e3-08825760534b}"=D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027]
"Description"=RealMedia Plugin
"Path"=D:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040]
"Description"=6.0.12.1040
"Path"=D:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=D:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
D:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
D:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
flashplayer.xpt
nppl3260.xpt
npwachk.xpt
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt
D:\Program Files\Mozilla Firefox\plugins\
npdnu.dll
npdnu.xpt
npdnupdater2.dll
npdnupdater2.xpt
npjp2.dll
NPOFFICE.DLL
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprpjplug.dll
npwachk.dll
QuickTimePlugin.class
D:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml
D:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\1f6rqxva.default\extensions\
{0b38152b-1b20-484d-a11f-5e04a9b0661f}
D:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\1f6rqxva.default\searchplugins\
aol-web-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DiagAP8169"=D:\Program Files\MSI\LAN Utility\DiagAP8169 /hw []
"OpwareSE4"=D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]
"WrtMon.exe"=D:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe [2006-09-20 20480]
"NvCplDaemon"=D:\WINDOWS\system32\NvCpl.dll [2011-10-08 16744256]
"nwiz"=D:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2011-10-08 1632360]
"egui"=D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-03-09 2140880]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
D:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
SecureDoc.lnk - D:\Program Files\MSI\SecureDoc\Logon.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
D:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - D:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"="D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=D:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=D:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
======List of files/folders created in the last 1 month======
2012-01-29 09:30:27 ----D---- D:\rsit
2012-01-28 16:50:14 ----D---- D:\Program Files\Defraggler
2012-01-28 12:55:39 ----D---- D:\Program Files\trend micro
2012-01-28 12:55:20 ----D---- D:\Program Files\RSIT
2012-01-28 12:45:33 ----HDC---- D:\WINDOWS\$NtUninstallKB2585542$
2012-01-24 18:24:28 ----D---- D:\Program Files\ESET
2012-01-24 18:24:28 ----D---- D:\Documents and Settings\All Users\Data aplikací\ESET
2012-01-12 19:58:30 ----D---- D:\Program Files\Adobe
2012-01-12 16:54:11 ----HDC---- D:\WINDOWS\$NtUninstallKB2646524$
2012-01-12 16:54:00 ----HDC---- D:\WINDOWS\$NtUninstallKB2631813$
2012-01-12 16:50:05 ----HDC---- D:\WINDOWS\$NtUninstallKB2598479$
2012-01-12 16:49:57 ----HDC---- D:\WINDOWS\$NtUninstallKB2603381$
2012-01-12 16:49:43 ----HDC---- D:\WINDOWS\$NtUninstallKB2584146$
======List of files/folders modified in the last 1 month======
2012-01-29 09:30:28 ----D---- D:\WINDOWS\Temp
2012-01-29 08:45:47 ----D---- D:\WINDOWS
2012-01-28 22:18:28 ----A---- D:\WINDOWS\SchedLgU.Txt
2012-01-28 16:50:45 ----D---- D:\WINDOWS\Prefetch
2012-01-28 16:50:14 ----D---- D:\Program Files
2012-01-28 16:46:14 ----D---- D:\Documents and Settings\Administrator\Data aplikací\Winamp
2012-01-28 16:45:57 ----D---- D:\WINDOWS\Debug
2012-01-28 15:49:47 ----D---- D:\WINDOWS\system32
2012-01-28 15:49:32 ----SD---- D:\WINDOWS\Tasks
2012-01-28 15:49:32 ----D---- D:\WINDOWS\system32\drivers\etc
2012-01-28 12:45:44 ----HD---- D:\WINDOWS\inf
2012-01-28 12:45:36 ----RSHDC---- D:\WINDOWS\system32\dllcache
2012-01-28 12:42:13 ----HD---- D:\WINDOWS\$hf_mig$
2012-01-28 12:42:06 ----D---- D:\WINDOWS\system32\CatRoot2
2012-01-25 16:28:43 ----D---- D:\Program Files\Mozilla Firefox
2012-01-24 21:21:55 ----SHD---- D:\WINDOWS\Installer
2012-01-24 18:25:49 ----D---- D:\WINDOWS\system32\drivers
2012-01-12 19:58:56 ----D---- D:\Documents and Settings\All Users\Data aplikací\Adobe
2012-01-12 19:57:45 ----D---- D:\Program Files\Common Files\Adobe
2012-01-12 16:50:45 ----A---- D:\WINDOWS\system32\MRT.exe
2012-01-01 11:10:57 ----RSD---- D:\WINDOWS\assembly
2012-01-01 11:08:11 ----D---- D:\WINDOWS\Microsoft.NET
2012-01-01 11:05:12 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2012-01-01 11:04:31 ----D---- D:\WINDOWS\WinSxS
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PxHelp20;PxHelp20; D:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R1 ehdrv;ehdrv; D:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-03-09 114984]
R1 epfwtdir;epfwtdir; D:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-03-09 95872]
R1 intelppm;Řadič procesoru Intel; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/11/06 08:18:12]; \??\D:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl []
R2 eamon;eamon; D:\WINDOWS\system32\DRIVERS\eamon.sys [2010-03-09 139192]
R2 irda;Protokol IrDA; D:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 LANPkt;Realtek LANPkt Protocol; D:\WINDOWS\system32\DRIVERS\LANPkt.sys [2003-09-17 8440]
R3 cmudax;C-Media High Definition Audio Interface; D:\WINDOWS\system32\drivers\cmudax.sys [2006-02-15 1301568]
R3 Diag69xp;Diag69xp; D:\WINDOWS\System32\Drivers\Diag69xp.sys [2003-09-02 11266]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 irsir;Microsoft Serial Infrared Driver; D:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 nv;nv; D:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-10-08 12791488]
R3 Rasirda;WAN Miniport (IrDA); D:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; D:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; D:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-10-12 255232]
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Ovladač třídy standardu HID; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 NTACCESS;NTACCESS; \??\G:\NTACCESS.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ekrn;ESET Service; D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-09 810120]
R2 Irmon;Sledování infračerveného přenosu; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 MDM;Machine Debug Manager; D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Driver Helper Service; D:\WINDOWS\system32\nvsvc32.exe [2011-10-08 298304]
R2 nvUpdatusService;NVIDIA Update Service Daemon; D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-08 2253120]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-03-09 33560]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; D:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
MBAM
Malwarebytes' Anti-Malware
www.malwarebytes.org
Verze databáze:
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
29.1.2012 11:34:56
mbam-log-2012-01-29 (11-34-56).txt
Typ: Úplná kontrola (C:\|D:\|E:\|F:\|)
Kontrolované objekty: 269333
Uplynulý čas: 1 hodin, 55 minut, 34 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
Re: preventivka
Najdete tento soubor D:\Program Files\trend micro\Administrator.exe a dvojklikem ho spustteKliknete na Main menu a na Do a system scan only
U techto radku dejte vlevo zatrzitko:
(Jsou to veci, ktere se nemusi spoustet hned pri startu. Ale zalezi na vas. Jestli neco potrebujete hned pri startu, radek vynechte)
Kód: Vybrat vše
O4 - HKLM\..\Run: [DiagAP8169] D:\Program Files\MSI\LAN Utility\DiagAP8169 /hw
O4 - HKLM\..\Run: [OpwareSE4] "D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] D:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1409082233-1275210071-725345543-1005\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SecureDoc.lnk = D:\Program Files\MSI\SecureDoc\Logon.exe
Restartujte pc a dejte vedet, jestli se to zrychlilo
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: preventivka
Bohužel se startování PC nezměnilo, stále je to hodně pomalé.
Re: preventivka
Co to znamena "hodne pomale"? O kolik je to pomalejsi nez obvykle? Jak dlouho jsou s tim problemy?
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe , ulozte na plochu a spustte
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text
Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte.
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe , ulozte na plochu a spustteOznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text
Kód: Vybrat vše
CREATERESTOREPOINT
netsvcs
drivers32
savembr:0
/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop
%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5
*crack* /s
*keygen* /s
*loader* /sPo skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: preventivka
Je to asi přibližně 6 týdnů co se zpomalil PC, systém se spouštěl do 45 vteřin, teď se spouští jednou tak déle.
Posílám jen jeden log OTL, více jich ten program nevyhodnotil.
OTL logfile created on: 29.1.2012 13:13:18 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = D:\Documents and Settings\Administrator\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1023,29 Mb Total Physical Memory | 557,17 Mb Available Physical Memory | 54,45% Memory free
2,41 Gb Paging File | 2,09 Gb Available in Paging File | 86,85% Paging File free
Paging file location(s): D:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 29,29 Gb Total Space | 18,41 Gb Free Space | 62,85% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 32,97 Gb Free Space | 67,53% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 47,42 Gb Free Space | 97,11% Space Free | Partition Type: NTFS
Drive F: | 62,97 Gb Total Space | 61,40 Gb Free Space | 97,51% Space Free | Partition Type: NTFS
Computer Name: DOMA-9FCA21D8D1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.01.29 12:49:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Plocha\OTL.exe
PRC - [2011.10.21 05:45:48 | 001,036,344 | ---- | M] (Google Inc.) -- D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
PRC - [2011.10.08 05:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010.03.09 10:13:08 | 000,810,120 | ---- | M] (ESET) -- D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010.03.09 10:12:56 | 002,140,880 | ---- | M] (ESET) -- D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2011.10.21 05:45:46 | 000,420,920 | ---- | M] () -- D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\15.0.874.102\ppgooglenaclpluginchrome.dll
MOD - [2011.10.21 05:45:45 | 003,702,840 | ---- | M] () -- D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\15.0.874.102\pdf.dll
MOD - [2011.10.21 05:44:09 | 000,122,952 | ---- | M] () -- D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\15.0.874.102\avutil-51.dll
MOD - [2011.10.21 05:44:08 | 000,222,280 | ---- | M] () -- D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\15.0.874.102\avformat-53.dll
MOD - [2011.10.21 05:44:07 | 001,745,992 | ---- | M] () -- D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\15.0.874.102\avcodec-53.dll
MOD - [2011.06.16 00:14:48 | 000,331,776 | ---- | M] () -- D:\Program Files\WinRAR\rarlng.dll
MOD - [2011.05.28 22:04:58 | 000,140,288 | ---- | M] () -- D:\Program Files\WinRAR\RarExt.dll
MOD - [2001.10.30 13:36:54 | 000,045,056 | ---- | M] () -- D:\WINDOWS\system32\ginamsi.dll
MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- D:\WINDOWS\system32\pdfcmnnt.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011.10.08 05:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.03.09 10:14:36 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.03.09 10:13:08 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
========== Driver Services (SafeList) ==========
DRV - [2010.03.13 12:58:52 | 000,087,536 | ---- | M] (CyberLink Corp.) [2011/11/06 08:18:12] [Kernel | Auto | Running] -- D:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2010.03.09 10:13:32 | 000,095,872 | ---- | M] (ESET) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010.03.09 10:13:00 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.03.09 10:11:22 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2007.10.12 16:32:26 | 000,255,232 | R--- | M] (Marvell) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006.02.15 17:51:30 | 001,301,568 | ---- | M] (C-Media Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax)
DRV - [2003.09.17 15:57:22 | 000,008,440 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt)
DRV - [2001.08.17 22:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1409082233-1275210071-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AOL Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.winamp.com/search/search? ... 011&query="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163&ilc=12"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz"
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/red ... 011&query="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: D:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: D:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.11.06 09:02:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.01.12 19:59:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: D:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012.01.24 18:24:32 | 000,000,000 | ---D | M]
[2011.11.05 20:57:14 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Administrator\Data aplikací\Mozilla\Extensions
[2011.11.06 09:02:50 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\1f6rqxva.default\extensions
[2011.11.06 09:02:50 | 000,000,000 | ---D | M] (Winamp Toolbar) -- D:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\1f6rqxva.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2011.11.08 16:18:02 | 000,002,354 | ---- | M] () -- D:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\1f6rqxva.default\searchplugins\aol-web-search.xml
[2011.11.14 20:54:12 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\1F6RQXVA.DEFAULT\EXTENSIONS\{0B38152B-1B20-484D-A11F-5E04A9B0661F}
[2011.11.02 15:33:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.09.29 08:07:26 | 000,134,104 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browsercomps.dll
[2003.01.13 16:08:06 | 000,499,712 | ---- | M] (Morgan Multimedia) -- D:\Program Files\mozilla firefox\plugins\npjp2.dll
[2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- D:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.09.29 02:30:58 | 000,002,208 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2011.09.29 02:30:58 | 000,000,638 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.09.29 02:30:58 | 000,001,367 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2011.09.29 02:30:58 | 000,000,654 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011.09.29 02:30:58 | 000,001,179 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = D:\Documents and Settings\Administrator\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\15.0.874.102\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = D:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = D:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = D:\Documents and Settings\Administrator\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\15.0.874.102\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = D:\Documents and Settings\Administrator\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\15.0.874.102\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = D:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = D:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
O1 HOSTS File: ([2012.01.28 15:49:32 | 000,000,098 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [egui] D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] D:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1409082233-1275210071-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1409082233-1275210071-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://D:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.20.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{446A9BDD-7552-4B69-8FB2-67A40DED8C38}: DhcpNameServer = 192.168.20.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) -D:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (ginamsi.dll) -D:\WINDOWS\System32\ginamsi.dll ()
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.01.10 17:40:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - D:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - D:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - D:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - D:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
PhysicalDisk0 MBR saved to D:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2012.01.29 12:49:20 | 000,584,192 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Plocha\OTL.exe
[2012.01.29 09:30:27 | 000,000,000 | ---D | C] -- D:\rsit
[2012.01.28 16:50:16 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Nabídka Start\Programy\Defraggler
[2012.01.28 16:50:14 | 000,000,000 | ---D | C] -- D:\Program Files\Defraggler
[2012.01.28 16:45:56 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Administrator\Recent
[2012.01.28 12:55:39 | 000,000,000 | ---D | C] -- D:\Program Files\trend micro
[2012.01.28 12:55:20 | 000,000,000 | ---D | C] -- D:\Program Files\RSIT
[2012.01.24 18:24:28 | 000,000,000 | ---D | C] -- D:\Program Files\ESET
[2012.01.24 18:24:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Nabídka Start\Programy\ESET
[2012.01.24 18:24:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Data aplikací\ESET
[2012.01.12 19:58:30 | 000,000,000 | ---D | C] -- D:\Program Files\Adobe
========== Files - Modified Within 30 Days ==========
[2012.01.29 13:14:35 | 000,000,512 | ---- | M] () -- D:\PhysicalMBR.bin
[2012.01.29 12:49:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Plocha\OTL.exe
[2012.01.29 12:30:55 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2012.01.29 12:30:22 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2012.01.28 16:50:16 | 000,001,580 | ---- | M] () -- D:\Documents and Settings\All Users\Plocha\Defraggler.lnk
[2012.01.28 16:23:02 | 000,272,576 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2012.01.28 16:04:49 | 000,002,517 | ---- | M] () -- D:\Documents and Settings\Administrator\Plocha\Microsoft Office Excel 2003.lnk
[2012.01.28 15:49:32 | 000,000,098 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\Hosts
[2012.01.12 19:59:12 | 000,001,729 | ---- | M] () -- D:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2012.01.12 19:33:01 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- D:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.01.01 11:05:12 | 000,444,210 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2012.01.01 11:05:12 | 000,440,994 | ---- | M] () -- D:\WINDOWS\System32\perfh005.dat
[2012.01.01 11:05:12 | 000,083,744 | ---- | M] () -- D:\WINDOWS\System32\perfc005.dat
[2012.01.01 11:05:12 | 000,072,086 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
========== Files Created - No Company Name ==========
[2012.01.29 12:52:52 | 000,000,512 | ---- | C] () -- D:\PhysicalMBR.bin
[2012.01.28 16:50:16 | 000,001,580 | ---- | C] () -- D:\Documents and Settings\All Users\Plocha\Defraggler.lnk
[2012.01.12 19:59:12 | 000,001,804 | ---- | C] () -- D:\Documents and Settings\All Users\Nabídka Start\Programy\Adobe Reader 9.lnk
[2012.01.12 19:59:12 | 000,001,729 | ---- | C] () -- D:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2011.12.11 16:25:20 | 000,000,390 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2011.11.20 09:41:35 | 000,001,577 | ---- | C] () -- D:\WINDOWS\System32\.ini
[2011.11.12 19:01:15 | 000,000,000 | ---- | C] () -- D:\WINDOWS\_delis32.ini
[2011.11.06 08:56:51 | 000,000,133 | ---- | C] () -- D:\Documents and Settings\Administrator\Local Settings\Data aplikací\fusioncache.dat
[2011.11.06 08:56:30 | 000,116,224 | ---- | C] () -- D:\WINDOWS\System32\pdfcmnnt.dll
[2011.11.06 08:52:57 | 000,000,293 | ---- | C] () -- D:\WINDOWS\wincmd.ini
[2011.11.06 07:37:16 | 000,000,761 | ---- | C] () -- D:\WINDOWS\m3jp2k.ini
[2011.11.06 07:37:16 | 000,000,702 | ---- | C] () -- D:\WINDOWS\mmtvmj.ini
[2011.11.06 07:37:15 | 000,000,714 | ---- | C] () -- D:\WINDOWS\m3jpeg.ini
[2011.11.06 07:37:10 | 000,019,968 | ---- | C] () -- D:\WINDOWS\System32\cpuinf32.dll
[2011.11.06 07:37:08 | 000,152,064 | ---- | C] () -- D:\WINDOWS\System32\unrar.dll
[2011.11.06 07:37:04 | 000,761,856 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll
[2011.11.06 07:17:54 | 000,040,960 | ---- | C] () -- D:\WINDOWS\System32\IPPCPUID.DLL
[2011.11.06 07:16:23 | 000,011,776 | ---- | C] () -- D:\WINDOWS\System32\pmsbfn32.dll
[2011.11.06 07:14:51 | 000,000,416 | ---- | C] () -- D:\WINDOWS\MAXLINK.INI
[2011.11.06 07:11:45 | 000,000,332 | ---- | C] () -- D:\WINDOWS\System32\CNCMFP31.INI
[2011.11.02 13:54:40 | 000,285,176 | ---- | C] () -- D:\WINDOWS\System32\nvdrsdb1.bin
[2011.11.02 13:54:40 | 000,285,176 | ---- | C] () -- D:\WINDOWS\System32\nvdrsdb0.bin
[2011.11.02 13:54:40 | 000,000,001 | ---- | C] () -- D:\WINDOWS\System32\nvdrssel.bin
[2011.10.30 10:46:00 | 000,045,056 | ---- | C] () -- D:\WINDOWS\System32\SUSBKey.dll
[2011.10.30 10:46:00 | 000,045,056 | ---- | C] () -- D:\WINDOWS\System32\ginamsi.dll
[2011.10.30 07:18:28 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat
[2011.10.30 07:13:05 | 000,021,812 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat
[2011.05.21 06:01:00 | 002,130,002 | ---- | C] () -- D:\WINDOWS\System32\nvdata.data
[2011.01.11 08:03:35 | 000,004,249 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2011.01.11 08:02:22 | 000,272,576 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2004.08.17 14:58:58 | 000,001,804 | ---- | C] () -- D:\WINDOWS\System32\dcache.bin
[2004.08.16 15:04:46 | 000,237,568 | ---- | C] () -- D:\WINDOWS\System32\cmirmdrv.exe
[2004.08.02 13:20:40 | 000,004,569 | ---- | C] () -- D:\WINDOWS\System32\secupd.dat
[2004.07.27 17:18:30 | 000,001,176 | ---- | C] () -- D:\WINDOWS\ImpTable.bin
[2004.07.05 14:25:06 | 000,040,960 | ---- | C] () -- D:\WINDOWS\System32\WlanInstallDll.dll
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- D:\WINDOWS\System32\OUTLPERF.INI
[2003.02.18 18:26:28 | 000,028,672 | ---- | C] () -- D:\WINDOWS\System32\cmirmdrv.dll
[2001.10.25 12:00:00 | 013,107,200 | ---- | C] () -- D:\WINDOWS\System32\oembios.bin
[2001.10.25 12:00:00 | 000,673,088 | ---- | C] () -- D:\WINDOWS\System32\mlang.dat
[2001.10.25 12:00:00 | 000,444,210 | ---- | C] () -- D:\WINDOWS\System32\perfh009.dat
[2001.10.25 12:00:00 | 000,440,994 | ---- | C] () -- D:\WINDOWS\System32\perfh005.dat
[2001.10.25 12:00:00 | 000,272,128 | ---- | C] () -- D:\WINDOWS\System32\perfi009.dat
[2001.10.25 12:00:00 | 000,269,162 | ---- | C] () -- D:\WINDOWS\System32\perfi005.dat
[2001.10.25 12:00:00 | 000,218,003 | ---- | C] () -- D:\WINDOWS\System32\dssec.dat
[2001.10.25 12:00:00 | 000,083,744 | ---- | C] () -- D:\WINDOWS\System32\perfc005.dat
[2001.10.25 12:00:00 | 000,072,086 | ---- | C] () -- D:\WINDOWS\System32\perfc009.dat
[2001.10.25 12:00:00 | 000,046,258 | ---- | C] () -- D:\WINDOWS\System32\mib.bin
[2001.10.25 12:00:00 | 000,032,072 | ---- | C] () -- D:\WINDOWS\System32\perfd005.dat
[2001.10.25 12:00:00 | 000,028,626 | ---- | C] () -- D:\WINDOWS\System32\perfd009.dat
[2001.10.25 12:00:00 | 000,004,463 | ---- | C] () -- D:\WINDOWS\System32\oembios.dat
[2001.10.25 12:00:00 | 000,000,741 | ---- | C] () -- D:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2011.11.06 07:14:46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Data aplikací\ScanSoft
[2011.11.20 10:03:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2012.01.24 18:24:28 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Data aplikací\ESET
[2011.11.06 07:14:43 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Data aplikací\ScanSoft
[2011.11.06 08:15:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Data aplikací\Temp
========== Purity Check ==========
========== Custom Scans ==========
< >
< >
< MD5 for: AGP440.SYS >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011.11.02 14:23:13 | 023,890,583 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2011.11.02 14:23:13 | 023,890,583 | ---- | M] () .cab file -- D:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- D:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- D:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011.11.02 14:23:13 | 023,890,583 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2011.11.02 14:23:13 | 023,890,583 | ---- | M] () .cab file -- D:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- D:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- D:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 04:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- D:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 04:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- D:\WINDOWS\system32\autochk.exe
[2004.08.17 14:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- D:\WINDOWS\$NtServicePackUninstall$\autochk.exe
< MD5 for: CDROM.SYS >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2011.11.02 14:23:13 | 023,890,583 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2011.11.02 14:23:13 | 023,890,583 | ---- | M] () .cab file -- D:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- D:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- D:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.03 21:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- D:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2004.08.17 14:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- D:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 04:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- D:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 04:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- D:\WINDOWS\system32\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 04:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- D:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- D:\WINDOWS\system32\eventlog.dll
[2004.08.17 14:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- D:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- D:\WINDOWS\explorer.exe
[2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- D:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.17 14:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- D:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2011.11.02 14:23:13 | 023,890,583 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2011.11.02 14:23:13 | 023,890,583 | ---- | M] () .cab file -- D:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 19:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- D:\WINDOWS\system32\HAL.DLL
[2008.04.13 19:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- D:\WINDOWS\ServicePackFiles\i386\hal.dll
[2004.08.03 21:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- D:\WINDOWS\$NtServicePackUninstall$\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2011.11.02 14:23:13 | 023,890,583 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2011.11.02 14:23:13 | 023,890,583 | ---- | M] () .cab file -- D:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- D:\WINDOWS\ServicePackFiles\i386\changer.sys
< MD5 for: ISAPNP.SYS >
[2011.11.02 14:23:13 | 023,890,583 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2011.11.02 14:23:13 | 023,890,583 | ---- | M] () .cab file -- D:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2001.10.24 11:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- D:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2001.10.25 12:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- D:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\isapnp.sys
[2008.04.14 03:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- D:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 03:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- D:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2004.08.17 14:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- D:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 04:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- D:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 04:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- D:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- D:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- D:\WINDOWS\system32\drivers\ndis.sys
[2004.08.03 22:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- D:\WINDOWS\$NtServicePackUninstall$\ndis.sys
< MD5 for: NETLOGON.DLL >
[2009.02.06 19:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- D:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 19:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- D:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004.08.17 14:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- D:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 04:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- D:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- D:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004.08.17 14:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- D:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- D:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- D:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 14:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- D:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 04:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- D:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 04:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- D:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 04:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- D:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 04:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- D:\WINDOWS\system32\svchost.exe
[2004.08.17 14:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- D:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.06.20 11:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- D:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 11:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- D:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- D:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- D:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- D:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- D:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- D:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.03 22:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- D:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- D:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- D:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 04:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- D:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- D:\WINDOWS\system32\userinit.exe
[2004.08.17 14:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- D:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.17 14:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- D:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- D:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- D:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.17 14:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- D:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 04:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- D:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 04:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- D:\WINDOWS\system32\ws2_32.dll
< >
< %systemroot%*.* /U /s >
[12 D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[10 D:\WINDOWS\Installer\*.tmp files -> D:\WINDOWS\Installer\*.tmp -> ]
[1 D:\WINDOWS\Installer\{CC6B1BB4-4E06-4A5B-A166-B371B551324B}\*.tmp files -> D:\WINDOWS\Installer\{CC6B1BB4-4E06-4A5B-A166-B371B551324B}\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.11.05 23:05:58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Data aplikací\Adobe
[2011.11.06 08:39:38 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Data aplikací\CyberLink
[2011.11.06 07:59:39 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Data aplikací\FastStone
[2011.11.06 08:53:35 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Data aplikací\Help
[2011.11.05 20:36:26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Data aplikací\Identities
[2011.11.05 21:07:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Data aplikací\Macromedia
[2011.11.06 09:29:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
[2011.12.11 16:53:41 | 000,000,000 | --SD | M] -- D:\Documents and Settings\Administrator\Data aplikací\Microsoft
[2011.11.05 20:57:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Data aplikací\Mozilla
[2011.11.06 07:14:46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Data aplikací\ScanSoft
[2012.01.28 16:46:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Data aplikací\Winamp
[2011.11.05 21:19:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Data aplikací\WinRAR
< %APPDATA%\*.exe /s >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2011.01.11 08:01:37 | 000,094,208 | ---- | M] () -- D:\WINDOWS\System32\config\default.sav
[2011.01.11 08:01:37 | 000,663,552 | ---- | M] () -- D:\WINDOWS\System32\config\software.sav
[2011.01.11 08:01:37 | 000,454,656 | ---- | M] () -- D:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2012.01.28 16:23:02 | 000,272,576 | ---- | M] () -- D:\WINDOWS\system32\FNTCACHE.DAT
[2012.01.29 12:30:55 | 000,002,206 | ---- | M] () -- D:\WINDOWS\system32\wpa.dbl
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = D:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 04:22:17 | 000,015,360 | ---- | M] (Microsoft Corporation)
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
GINADLL REG_SZ ginamsi.dll
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< >
< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=1
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.01.29 13:14:35 | 000,000,512 | ---- | M] () MD5=EF29B65BE1CD58BAEC99DBEC084D6AA6 -- D:\PhysicalMBR.bin
< >
< *crack* /s >
< *keygen* /s >
< *loader* /s >
[2001.01.16 06:55:36 | 000,053,248 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\COLOADER.DLL
[2001.01.16 04:22:34 | 000,002,560 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\COLOADER.TLB
[2010.03.15 13:20:28 | 000,010,781 | ---- | M] () -- \Program Files\CyberLink\PowerDVD10\PowerDVD Cinema\mm\MediaCtrl\ImageLoader.kc
[2010.03.15 13:20:34 | 000,003,492 | ---- | M] () -- \Program Files\CyberLink\PowerDVD10\PowerDVD Cinema\widget\langloader.kc
[2010.03.15 13:20:34 | 000,013,453 | ---- | M] () -- \Program Files\CyberLink\PowerDVD10\PowerDVD Cinema\widget\layoutloader.kc
[2010.02.05 00:34:54 | 000,010,775 | ---- | M] () -- \Program Files\CyberLink\PowerDVD10\PowerDVD Cox\mm\MediaCtrl\ImageLoader.kc
[2010.02.05 00:34:54 | 000,003,486 | ---- | M] () -- \Program Files\CyberLink\PowerDVD10\PowerDVD Cox\widget\langloader.kc
[2010.02.05 00:34:54 | 000,013,369 | ---- | M] () -- \Program Files\CyberLink\PowerDVD10\PowerDVD Cox\widget\layoutloader.kc
[2004.08.17 14:49:06 | 000,035,840 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2008.04.14 04:21:39 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.13 19:31:47 | 000,230,912 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.13 19:31:48 | 000,278,528 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 04:21:39 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
< End of report >
Posílám jen jeden log OTL, více jich ten program nevyhodnotil.
OTL logfile created on: 29.1.2012 13:13:18 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = D:\Documents and Settings\Administrator\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1023,29 Mb Total Physical Memory | 557,17 Mb Available Physical Memory | 54,45% Memory free
2,41 Gb Paging File | 2,09 Gb Available in Paging File | 86,85% Paging File free
Paging file location(s): D:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 29,29 Gb Total Space | 18,41 Gb Free Space | 62,85% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 32,97 Gb Free Space | 67,53% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 47,42 Gb Free Space | 97,11% Space Free | Partition Type: NTFS
Drive F: | 62,97 Gb Total Space | 61,40 Gb Free Space | 97,51% Space Free | Partition Type: NTFS
Computer Name: DOMA-9FCA21D8D1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.01.29 12:49:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Plocha\OTL.exe
PRC - [2011.10.21 05:45:48 | 001,036,344 | ---- | M] (Google Inc.) -- D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
PRC - [2011.10.08 05:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010.03.09 10:13:08 | 000,810,120 | ---- | M] (ESET) -- D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010.03.09 10:12:56 | 002,140,880 | ---- | M] (ESET) -- D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2011.10.21 05:45:46 | 000,420,920 | ---- | M] () -- D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\15.0.874.102\ppgooglenaclpluginchrome.dll
MOD - [2011.10.21 05:45:45 | 003,702,840 | ---- | M] () -- D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\15.0.874.102\pdf.dll
MOD - [2011.10.21 05:44:09 | 000,122,952 | ---- | M] () -- D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\15.0.874.102\avutil-51.dll
MOD - [2011.10.21 05:44:08 | 000,222,280 | ---- | M] () -- D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\15.0.874.102\avformat-53.dll
MOD - [2011.10.21 05:44:07 | 001,745,992 | ---- | M] () -- D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\15.0.874.102\avcodec-53.dll
MOD - [2011.06.16 00:14:48 | 000,331,776 | ---- | M] () -- D:\Program Files\WinRAR\rarlng.dll
MOD - [2011.05.28 22:04:58 | 000,140,288 | ---- | M] () -- D:\Program Files\WinRAR\RarExt.dll
MOD - [2001.10.30 13:36:54 | 000,045,056 | ---- | M] () -- D:\WINDOWS\system32\ginamsi.dll
MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- D:\WINDOWS\system32\pdfcmnnt.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011.10.08 05:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.03.09 10:14:36 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.03.09 10:13:08 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
========== Driver Services (SafeList) ==========
DRV - [2010.03.13 12:58:52 | 000,087,536 | ---- | M] (CyberLink Corp.) [2011/11/06 08:18:12] [Kernel | Auto | Running] -- D:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2010.03.09 10:13:32 | 000,095,872 | ---- | M] (ESET) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010.03.09 10:13:00 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.03.09 10:11:22 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2007.10.12 16:32:26 | 000,255,232 | R--- | M] (Marvell) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006.02.15 17:51:30 | 001,301,568 | ---- | M] (C-Media Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax)
DRV - [2003.09.17 15:57:22 | 000,008,440 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt)
DRV - [2001.08.17 22:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1409082233-1275210071-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AOL Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.winamp.com/search/search? ... 011&query="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163&ilc=12"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz"
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/red ... 011&query="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: D:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: D:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.11.06 09:02:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.01.12 19:59:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: D:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012.01.24 18:24:32 | 000,000,000 | ---D | M]
[2011.11.05 20:57:14 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Administrator\Data aplikací\Mozilla\Extensions
[2011.11.06 09:02:50 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\1f6rqxva.default\extensions
[2011.11.06 09:02:50 | 000,000,000 | ---D | M] (Winamp Toolbar) -- D:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\1f6rqxva.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2011.11.08 16:18:02 | 000,002,354 | ---- | M] () -- D:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\1f6rqxva.default\searchplugins\aol-web-search.xml
[2011.11.14 20:54:12 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\1F6RQXVA.DEFAULT\EXTENSIONS\{0B38152B-1B20-484D-A11F-5E04A9B0661F}
[2011.11.02 15:33:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.09.29 08:07:26 | 000,134,104 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browsercomps.dll
[2003.01.13 16:08:06 | 000,499,712 | ---- | M] (Morgan Multimedia) -- D:\Program Files\mozilla firefox\plugins\npjp2.dll
[2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- D:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.09.29 02:30:58 | 000,002,208 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2011.09.29 02:30:58 | 000,000,638 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.09.29 02:30:58 | 000,001,367 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2011.09.29 02:30:58 | 000,000,654 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011.09.29 02:30:58 | 000,001,179 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = D:\Documents and Settings\Administrator\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\15.0.874.102\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = D:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = D:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = D:\Documents and Settings\Administrator\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\15.0.874.102\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = D:\Documents and Settings\Administrator\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\15.0.874.102\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = D:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = D:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
O1 HOSTS File: ([2012.01.28 15:49:32 | 000,000,098 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [egui] D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] D:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1409082233-1275210071-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1409082233-1275210071-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://D:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.20.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{446A9BDD-7552-4B69-8FB2-67A40DED8C38}: DhcpNameServer = 192.168.20.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) -D:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (ginamsi.dll) -D:\WINDOWS\System32\ginamsi.dll ()
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.01.10 17:40:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - D:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - D:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - D:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - D:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
PhysicalDisk0 MBR saved to D:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2012.01.29 12:49:20 | 000,584,192 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Plocha\OTL.exe
[2012.01.29 09:30:27 | 000,000,000 | ---D | C] -- D:\rsit
[2012.01.28 16:50:16 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Nabídka Start\Programy\Defraggler
[2012.01.28 16:50:14 | 000,000,000 | ---D | C] -- D:\Program Files\Defraggler
[2012.01.28 16:45:56 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Administrator\Recent
[2012.01.28 12:55:39 | 000,000,000 | ---D | C] -- D:\Program Files\trend micro
[2012.01.28 12:55:20 | 000,000,000 | ---D | C] -- D:\Program Files\RSIT
[2012.01.24 18:24:28 | 000,000,000 | ---D | C] -- D:\Program Files\ESET
[2012.01.24 18:24:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Nabídka Start\Programy\ESET
[2012.01.24 18:24:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Data aplikací\ESET
[2012.01.12 19:58:30 | 000,000,000 | ---D | C] -- D:\Program Files\Adobe
========== Files - Modified Within 30 Days ==========
[2012.01.29 13:14:35 | 000,000,512 | ---- | M] () -- D:\PhysicalMBR.bin
[2012.01.29 12:49:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Plocha\OTL.exe
[2012.01.29 12:30:55 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2012.01.29 12:30:22 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2012.01.28 16:50:16 | 000,001,580 | ---- | M] () -- D:\Documents and Settings\All Users\Plocha\Defraggler.lnk
[2012.01.28 16:23:02 | 000,272,576 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2012.01.28 16:04:49 | 000,002,517 | ---- | M] () -- D:\Documents and Settings\Administrator\Plocha\Microsoft Office Excel 2003.lnk
[2012.01.28 15:49:32 | 000,000,098 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\Hosts
[2012.01.12 19:59:12 | 000,001,729 | ---- | M] () -- D:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2012.01.12 19:33:01 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- D:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.01.01 11:05:12 | 000,444,210 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2012.01.01 11:05:12 | 000,440,994 | ---- | M] () -- D:\WINDOWS\System32\perfh005.dat
[2012.01.01 11:05:12 | 000,083,744 | ---- | M] () -- D:\WINDOWS\System32\perfc005.dat
[2012.01.01 11:05:12 | 000,072,086 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
========== Files Created - No Company Name ==========
[2012.01.29 12:52:52 | 000,000,512 | ---- | C] () -- D:\PhysicalMBR.bin
[2012.01.28 16:50:16 | 000,001,580 | ---- | C] () -- D:\Documents and Settings\All Users\Plocha\Defraggler.lnk
[2012.01.12 19:59:12 | 000,001,804 | ---- | C] () -- D:\Documents and Settings\All Users\Nabídka Start\Programy\Adobe Reader 9.lnk
[2012.01.12 19:59:12 | 000,001,729 | ---- | C] () -- D:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2011.12.11 16:25:20 | 000,000,390 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2011.11.20 09:41:35 | 000,001,577 | ---- | C] () -- D:\WINDOWS\System32\.ini
[2011.11.12 19:01:15 | 000,000,000 | ---- | C] () -- D:\WINDOWS\_delis32.ini
[2011.11.06 08:56:51 | 000,000,133 | ---- | C] () -- D:\Documents and Settings\Administrator\Local Settings\Data aplikací\fusioncache.dat
[2011.11.06 08:56:30 | 000,116,224 | ---- | C] () -- D:\WINDOWS\System32\pdfcmnnt.dll
[2011.11.06 08:52:57 | 000,000,293 | ---- | C] () -- D:\WINDOWS\wincmd.ini
[2011.11.06 07:37:16 | 000,000,761 | ---- | C] () -- D:\WINDOWS\m3jp2k.ini
[2011.11.06 07:37:16 | 000,000,702 | ---- | C] () -- D:\WINDOWS\mmtvmj.ini
[2011.11.06 07:37:15 | 000,000,714 | ---- | C] () -- D:\WINDOWS\m3jpeg.ini
[2011.11.06 07:37:10 | 000,019,968 | ---- | C] () -- D:\WINDOWS\System32\cpuinf32.dll
[2011.11.06 07:37:08 | 000,152,064 | ---- | C] () -- D:\WINDOWS\System32\unrar.dll
[2011.11.06 07:37:04 | 000,761,856 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll
[2011.11.06 07:17:54 | 000,040,960 | ---- | C] () -- D:\WINDOWS\System32\IPPCPUID.DLL
[2011.11.06 07:16:23 | 000,011,776 | ---- | C] () -- D:\WINDOWS\System32\pmsbfn32.dll
[2011.11.06 07:14:51 | 000,000,416 | ---- | C] () -- D:\WINDOWS\MAXLINK.INI
[2011.11.06 07:11:45 | 000,000,332 | ---- | C] () -- D:\WINDOWS\System32\CNCMFP31.INI
[2011.11.02 13:54:40 | 000,285,176 | ---- | C] () -- D:\WINDOWS\System32\nvdrsdb1.bin
[2011.11.02 13:54:40 | 000,285,176 | ---- | C] () -- D:\WINDOWS\System32\nvdrsdb0.bin
[2011.11.02 13:54:40 | 000,000,001 | ---- | C] () -- D:\WINDOWS\System32\nvdrssel.bin
[2011.10.30 10:46:00 | 000,045,056 | ---- | C] () -- D:\WINDOWS\System32\SUSBKey.dll
[2011.10.30 10:46:00 | 000,045,056 | ---- | C] () -- D:\WINDOWS\System32\ginamsi.dll
[2011.10.30 07:18:28 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat
[2011.10.30 07:13:05 | 000,021,812 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat
[2011.05.21 06:01:00 | 002,130,002 | ---- | C] () -- D:\WINDOWS\System32\nvdata.data
[2011.01.11 08:03:35 | 000,004,249 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2011.01.11 08:02:22 | 000,272,576 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2004.08.17 14:58:58 | 000,001,804 | ---- | C] () -- D:\WINDOWS\System32\dcache.bin
[2004.08.16 15:04:46 | 000,237,568 | ---- | C] () -- D:\WINDOWS\System32\cmirmdrv.exe
[2004.08.02 13:20:40 | 000,004,569 | ---- | C] () -- D:\WINDOWS\System32\secupd.dat
[2004.07.27 17:18:30 | 000,001,176 | ---- | C] () -- D:\WINDOWS\ImpTable.bin
[2004.07.05 14:25:06 | 000,040,960 | ---- | C] () -- D:\WINDOWS\System32\WlanInstallDll.dll
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- D:\WINDOWS\System32\OUTLPERF.INI
[2003.02.18 18:26:28 | 000,028,672 | ---- | C] () -- D:\WINDOWS\System32\cmirmdrv.dll
[2001.10.25 12:00:00 | 013,107,200 | ---- | C] () -- D:\WINDOWS\System32\oembios.bin
[2001.10.25 12:00:00 | 000,673,088 | ---- | C] () -- D:\WINDOWS\System32\mlang.dat
[2001.10.25 12:00:00 | 000,444,210 | ---- | C] () -- D:\WINDOWS\System32\perfh009.dat
[2001.10.25 12:00:00 | 000,440,994 | ---- | C] () -- D:\WINDOWS\System32\perfh005.dat
[2001.10.25 12:00:00 | 000,272,128 | ---- | C] () -- D:\WINDOWS\System32\perfi009.dat
[2001.10.25 12:00:00 | 000,269,162 | ---- | C] () -- D:\WINDOWS\System32\perfi005.dat
[2001.10.25 12:00:00 | 000,218,003 | ---- | C] () -- D:\WINDOWS\System32\dssec.dat
[2001.10.25 12:00:00 | 000,083,744 | ---- | C] () -- D:\WINDOWS\System32\perfc005.dat
[2001.10.25 12:00:00 | 000,072,086 | ---- | C] () -- D:\WINDOWS\System32\perfc009.dat
[2001.10.25 12:00:00 | 000,046,258 | ---- | C] () -- D:\WINDOWS\System32\mib.bin
[2001.10.25 12:00:00 | 000,032,072 | ---- | C] () -- D:\WINDOWS\System32\perfd005.dat
[2001.10.25 12:00:00 | 000,028,626 | ---- | C] () -- D:\WINDOWS\System32\perfd009.dat
[2001.10.25 12:00:00 | 000,004,463 | ---- | C] () -- D:\WINDOWS\System32\oembios.dat
[2001.10.25 12:00:00 | 000,000,741 | ---- | C] () -- D:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2011.11.06 07:14:46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Data aplikací\ScanSoft
[2011.11.20 10:03:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2012.01.24 18:24:28 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Data aplikací\ESET
[2011.11.06 07:14:43 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Data aplikací\ScanSoft
[2011.11.06 08:15:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Data aplikací\Temp
========== Purity Check ==========
========== Custom Scans ==========
< >
< >
< MD5 for: AGP440.SYS >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011.11.02 14:23:13 | 023,890,583 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2011.11.02 14:23:13 | 023,890,583 | ---- | M] () .cab file -- D:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- D:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- D:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011.11.02 14:23:13 | 023,890,583 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2011.11.02 14:23:13 | 023,890,583 | ---- | M] () .cab file -- D:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- D:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- D:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 04:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- D:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 04:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- D:\WINDOWS\system32\autochk.exe
[2004.08.17 14:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- D:\WINDOWS\$NtServicePackUninstall$\autochk.exe
< MD5 for: CDROM.SYS >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2011.11.02 14:23:13 | 023,890,583 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2011.11.02 14:23:13 | 023,890,583 | ---- | M] () .cab file -- D:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- D:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- D:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.03 21:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- D:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2004.08.17 14:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- D:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 04:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- D:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 04:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- D:\WINDOWS\system32\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 04:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- D:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- D:\WINDOWS\system32\eventlog.dll
[2004.08.17 14:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- D:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- D:\WINDOWS\explorer.exe
[2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- D:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.17 14:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- D:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2011.11.02 14:23:13 | 023,890,583 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2011.11.02 14:23:13 | 023,890,583 | ---- | M] () .cab file -- D:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 19:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- D:\WINDOWS\system32\HAL.DLL
[2008.04.13 19:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- D:\WINDOWS\ServicePackFiles\i386\hal.dll
[2004.08.03 21:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- D:\WINDOWS\$NtServicePackUninstall$\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2011.11.02 14:23:13 | 023,890,583 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2011.11.02 14:23:13 | 023,890,583 | ---- | M] () .cab file -- D:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- D:\WINDOWS\ServicePackFiles\i386\changer.sys
< MD5 for: ISAPNP.SYS >
[2011.11.02 14:23:13 | 023,890,583 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2011.11.02 14:23:13 | 023,890,583 | ---- | M] () .cab file -- D:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2001.10.24 11:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- D:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2001.10.25 12:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- D:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\isapnp.sys
[2008.04.14 03:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- D:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 03:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- D:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2004.08.17 14:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- D:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 04:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- D:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 04:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- D:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- D:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- D:\WINDOWS\system32\drivers\ndis.sys
[2004.08.03 22:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- D:\WINDOWS\$NtServicePackUninstall$\ndis.sys
< MD5 for: NETLOGON.DLL >
[2009.02.06 19:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- D:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 19:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- D:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004.08.17 14:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- D:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 04:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- D:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- D:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004.08.17 14:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- D:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- D:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- D:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 14:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- D:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 04:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- D:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 04:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- D:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 04:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- D:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 04:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- D:\WINDOWS\system32\svchost.exe
[2004.08.17 14:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- D:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.06.20 11:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- D:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 11:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- D:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- D:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- D:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- D:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- D:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- D:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.03 22:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- D:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- D:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- D:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 04:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- D:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- D:\WINDOWS\system32\userinit.exe
[2004.08.17 14:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- D:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.17 14:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- D:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- D:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- D:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.17 14:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- D:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 04:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- D:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 04:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- D:\WINDOWS\system32\ws2_32.dll
< >
< %systemroot%*.* /U /s >
[12 D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[10 D:\WINDOWS\Installer\*.tmp files -> D:\WINDOWS\Installer\*.tmp -> ]
[1 D:\WINDOWS\Installer\{CC6B1BB4-4E06-4A5B-A166-B371B551324B}\*.tmp files -> D:\WINDOWS\Installer\{CC6B1BB4-4E06-4A5B-A166-B371B551324B}\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.11.05 23:05:58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Data aplikací\Adobe
[2011.11.06 08:39:38 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Data aplikací\CyberLink
[2011.11.06 07:59:39 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Data aplikací\FastStone
[2011.11.06 08:53:35 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Data aplikací\Help
[2011.11.05 20:36:26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Data aplikací\Identities
[2011.11.05 21:07:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Data aplikací\Macromedia
[2011.11.06 09:29:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
[2011.12.11 16:53:41 | 000,000,000 | --SD | M] -- D:\Documents and Settings\Administrator\Data aplikací\Microsoft
[2011.11.05 20:57:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Data aplikací\Mozilla
[2011.11.06 07:14:46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Data aplikací\ScanSoft
[2012.01.28 16:46:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Data aplikací\Winamp
[2011.11.05 21:19:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Data aplikací\WinRAR
< %APPDATA%\*.exe /s >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2011.01.11 08:01:37 | 000,094,208 | ---- | M] () -- D:\WINDOWS\System32\config\default.sav
[2011.01.11 08:01:37 | 000,663,552 | ---- | M] () -- D:\WINDOWS\System32\config\software.sav
[2011.01.11 08:01:37 | 000,454,656 | ---- | M] () -- D:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2012.01.28 16:23:02 | 000,272,576 | ---- | M] () -- D:\WINDOWS\system32\FNTCACHE.DAT
[2012.01.29 12:30:55 | 000,002,206 | ---- | M] () -- D:\WINDOWS\system32\wpa.dbl
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = D:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 04:22:17 | 000,015,360 | ---- | M] (Microsoft Corporation)
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
GINADLL REG_SZ ginamsi.dll
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< >
< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=1
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.01.29 13:14:35 | 000,000,512 | ---- | M] () MD5=EF29B65BE1CD58BAEC99DBEC084D6AA6 -- D:\PhysicalMBR.bin
< >
< *crack* /s >
< *keygen* /s >
< *loader* /s >
[2001.01.16 06:55:36 | 000,053,248 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\COLOADER.DLL
[2001.01.16 04:22:34 | 000,002,560 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\COLOADER.TLB
[2010.03.15 13:20:28 | 000,010,781 | ---- | M] () -- \Program Files\CyberLink\PowerDVD10\PowerDVD Cinema\mm\MediaCtrl\ImageLoader.kc
[2010.03.15 13:20:34 | 000,003,492 | ---- | M] () -- \Program Files\CyberLink\PowerDVD10\PowerDVD Cinema\widget\langloader.kc
[2010.03.15 13:20:34 | 000,013,453 | ---- | M] () -- \Program Files\CyberLink\PowerDVD10\PowerDVD Cinema\widget\layoutloader.kc
[2010.02.05 00:34:54 | 000,010,775 | ---- | M] () -- \Program Files\CyberLink\PowerDVD10\PowerDVD Cox\mm\MediaCtrl\ImageLoader.kc
[2010.02.05 00:34:54 | 000,003,486 | ---- | M] () -- \Program Files\CyberLink\PowerDVD10\PowerDVD Cox\widget\langloader.kc
[2010.02.05 00:34:54 | 000,013,369 | ---- | M] () -- \Program Files\CyberLink\PowerDVD10\PowerDVD Cox\widget\layoutloader.kc
[2004.08.17 14:49:06 | 000,035,840 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2008.04.14 04:21:39 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.13 19:31:47 | 000,230,912 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.13 19:31:48 | 000,278,528 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 04:21:39 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
< End of report >
Re: preventivka
Znovu spustte OTL Do spodniho okna vlozte nasledujici text
Kód: Vybrat vše
:otl
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
[12 D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[10 D:\WINDOWS\Installer\*.tmp files -> D:\WINDOWS\Installer\*.tmp -> ]
[1 D:\WINDOWS\Installer\{CC6B1BB4-4E06-4A5B-A166-B371B551324B}\*.tmp files -> D:\WINDOWS\Installer\{CC6B1BB4-4E06-4A5B-A166-B371B551324B}\*.tmp -> ]
:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
:commands
[EMPTYTEMP]
[Purity]
[EMPTYFLASH]Po restartu se objevi novy log, ten sem dejte.
Pomalu mi zacinaji dochazet moznosti 
Logy neukazuji nic, co by to mohlo zpusobovat 
, pokud jsem teda neco neprehledl 
Uz si asi nevzpomenete, jestli to zaclo po nainstalovani neceho (ceho?), najednou, nebo se to zpomalovalo postupne?
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Přispějete na provoz fóra?