Trápí mě výše uvedený Trojan. Počítač je tragicky pomalý a v prohlížeči vyskakují okna...
FRST_log:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Work (administrator) on WORK-HK on 01-04-2015 13:05:41
Running from C:\Documents and Settings\Work\Plocha
Loaded Profiles: Work (Available profiles: Work)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(HP) C:\WINDOWS\system32\HPSIsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
() C:\WINDOWS\system32\atwtusb.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(FinePrint Software, LLC) C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
() C:\WINDOWS\system32\WTMKM.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
() C:\WINDOWS\system32\atwtusb.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [925696 2005-07-09] (Analog Devices, Inc.)
HKLM\...\Run: [pdfFactory Pro Dispatcher v2] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe [499712 2006-04-06] (FinePrint Software, LLC)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [339968 2004-09-07] (ATI Technologies, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [132496 2007-09-25] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [286720 2007-10-19] (Apple Inc.)
HKLM\...\Run: [MacrokeyManager] => C:\WINDOWS\system32\WTMKM.exe [7144448 2011-06-01] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5088456 2014-09-22] (ESET)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstall ... QA3ADQAMQA (the data entry has 213 more characters).
HKU\S-1-5-21-1390067357-1078145449-839522115-1006\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_16_0_0_305_Plugin.exe [960688 2015-02-05] (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Acrobat Assistant.lnk
ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe (Adobe Systems Inc.)
ShellIconOverlayIdentifiers: [Správa překryvné ikony digitálních podpisů AutoCADu ] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll (Autodesk, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1390067357-1078145449-839522115-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1390067357-1078145449-839522115-1006\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/sear ... earchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1390067357-1078145449-839522115-1006 -> {15004BC5-A2C8-4751-8FEB-9BED03A18FAC} URL = http://www.webhledani.cz/results.aspx?i ... earchTerms}
SearchScopes: HKU\S-1-5-21-1390067357-1078145449-839522115-1006 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-12] (Adobe Systems Incorporated)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25] (Sun Microsystems, Inc.)
BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-12] ()
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-12] ()
Toolbar: HKU\S-1-5-21-1390067357-1078145449-839522115-1006 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-12] ()
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mvadvd.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} http://plugin.fileopen.com/current/FileOpen.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\f3r283vj.default-1352817939000
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-18] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-11-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-11-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-11-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-11-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-11-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-11-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-11-23] (Apple Inc.)
FF Extension: Zoom It - C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\f3r283vj.default-1352817939000\Extensions\{bd505536-ca59-2fd8-867d-1d98ad80afc7} [2015-04-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-19]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2004-09-07] () [File not signed]
S3 Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [82584 2008-12-01] (Autodesk) [File not signed]
S3 Autodesk Network Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe [1322648 2008-06-06] (Autodesk, Inc.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1350112 2014-09-16] (ESET)
R2 NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2009-11-12] ()
R2 WTService; C:\WINDOWS\system32\atwtusb.exe [871936 2011-04-27] () [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AEAudioService; C:\WINDOWS\System32\drivers\AEAudio.sys [127872 2005-07-09] (Andrea Electronics Corporation)
R3 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [191928 2014-09-22] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [135296 2014-09-22] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [119792 2014-09-22] (ESET)
S3 GVCplDrv; C:\WINDOWS\system32\Drivers\GVCplDrv.sys [23040 2004-05-02] () [File not signed]
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2004-10-27] (Windows (R) Server 2003 DDK provider)
R3 moufiltr; C:\WINDOWS\System32\DRIVERS\moufiltr.sys [6144 2009-03-08] (Windows (R) Codename Longhorn DDK provider)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-14] ()
R3 SenFiltService; C:\WINDOWS\System32\drivers\Senfilt.sys [393088 2005-07-09] (Sensaura)
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5504 2009-11-12] () [File not signed]
R3 vhidmini; C:\WINDOWS\System32\DRIVERS\walvhid.sys [6144 2009-08-20] (Windows (R) Win 7 DDK provider)
R2 WIBUKEY; C:\WINDOWS\System32\DRIVERS\WibuKey.sys [72704 2006-11-22] (WIBU-SYSTEMS AG) [File not signed]
U3 Ap10isdefc; No ImagePath
S3 catchme; \??\C:\DOCUME~1\Work\LOCALS~1\Temp\catchme.sys [X]
U1 eamon; system32\DRIVERS\eamon.sys [X]
S4 IntelIde; No ImagePath
U5 NVStrap; C:\Windows\System32\Drivers\NVStrap.sys [3712 2006-05-21] () [File not signed]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-01 13:05 - 2015-04-01 13:05 - 00000000 ____D () C:\Documents and Settings\Work\Plocha\FRST-OlderVersion
2015-03-31 11:05 - 2015-03-31 11:15 - 01051904 _____ () C:\Documents and Settings\Work\Plocha\VDA-KOOSITU-R00.pln
2015-03-31 11:05 - 2015-03-31 11:12 - 01057520 _____ () C:\Documents and Settings\Work\Plocha\VDA-KOOSITU-R00.bpn
2015-03-31 10:50 - 2015-04-01 12:33 - 00003366 _____ () C:\WINDOWS\setupapi.log
2015-03-30 09:40 - 2015-03-30 09:40 - 00054156 ____H () C:\WINDOWS\QTFont.qfn
2015-03-30 09:40 - 2015-03-30 09:40 - 00001409 _____ () C:\WINDOWS\QTFont.for
2015-03-25 13:38 - 2014-11-24 17:33 - 08049935 _____ () C:\Documents and Settings\Work\Plocha\vyjádření_mlýn Hořenice.zip
2015-03-25 13:38 - 2014-11-24 17:33 - 03443087 _____ () C:\Documents and Settings\Work\Plocha\výkresy_mlýn Hořenice.zip
2015-03-19 17:02 - 2015-03-19 17:01 - 02800538 _____ () C:\Documents and Settings\Work\Plocha\pasport Hořenický mlýn 2015_03_18 (export dwg 2010).dwg
2015-03-19 09:59 - 2015-03-19 10:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-04 22:17 - 2015-03-04 22:17 - 00407006 _____ () C:\Documents and Settings\Work\Plocha\untitled(1).bmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-01 13:06 - 2015-02-10 14:12 - 00012735 _____ () C:\Documents and Settings\Work\Plocha\FRST.txt
2015-04-01 13:06 - 2015-02-03 11:05 - 00000000 ____D () C:\Documents and Settings\Work\Local Settings\temp
2015-04-01 13:05 - 2015-02-10 14:11 - 00000000 ____D () C:\FRST
2015-04-01 13:05 - 2014-09-11 11:57 - 01135104 _____ (Farbar) C:\Documents and Settings\Work\Plocha\FRST.exe
2015-04-01 13:05 - 2010-04-19 09:12 - 00000000 ____D () C:\Documents and Settings\Work\Plocha
2015-04-01 12:55 - 2012-02-01 12:27 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-01 12:37 - 2012-05-04 09:32 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-01 12:32 - 2014-03-17 14:13 - 00000220 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-04-01 12:32 - 2012-02-01 12:27 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-01 12:32 - 2006-05-19 00:36 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-04-01 12:32 - 2006-05-18 22:41 - 01892375 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-01 12:32 - 2004-08-18 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-01 12:32 - 2004-08-18 14:00 - 00000585 _____ () C:\WINDOWS\win.ini
2015-04-01 12:31 - 2006-05-19 00:36 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-04-01 12:31 - 2006-05-18 22:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-01 08:09 - 2010-05-03 10:21 - 00000000 ____D () C:\Documents and Settings\Work\Dokumenty\Stažené soubory
2015-03-31 13:37 - 2006-05-18 22:45 - 00032360 _____ () C:\WINDOWS\SchedLgU.Txt
2015-03-31 11:16 - 2012-01-31 14:18 - 00000000 ____D () C:\Documents and Settings\Work\Graphisoft
2015-03-30 12:32 - 2010-05-13 17:08 - 00000000 ____D () C:\Documents and Settings\Work\Data aplikací\AdobeUM
2015-03-30 09:28 - 2006-05-19 00:34 - 01057130 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-27 15:31 - 2013-11-13 19:08 - 00631504 _____ () C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
2015-03-27 15:31 - 2010-04-19 09:12 - 00000178 ___SH () C:\Documents and Settings\Work\ntuser.ini
2015-03-27 15:31 - 2010-04-19 09:12 - 00000000 ____D () C:\Documents and Settings\Work
2015-03-27 15:31 - 2006-05-18 22:45 - 00000000 ___HD () C:\Documents and Settings\LocalService\Local Settings\Data aplikací
2015-03-26 13:39 - 2012-01-31 14:06 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-03-23 10:04 - 2012-04-25 19:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-20 16:46 - 2012-01-19 15:46 - 00000000 ____D () C:\Documents and Settings\Work\Data aplikací\BitComet
2015-03-18 10:54 - 2013-07-22 23:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-18 10:49 - 2006-05-19 01:34 - 119837696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-08 16:00 - 2014-03-17 14:13 - 00000214 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-03-05 17:08 - 2010-04-19 09:12 - 00000000 ___HD () C:\Documents and Settings\Work\Okolní síť
2015-03-05 15:01 - 2012-08-03 14:56 - 00000000 ____D () C:\Documents and Settings\Work\Data aplikací\vlc
==================== Files in the root of some directories =======
2010-06-11 14:40 - 2014-05-16 12:33 - 0039424 _____ () C:\Documents and Settings\Work\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Trojský kůň JS/Kryptik.I
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Trojský kůň JS/Kryptik.I
Hned po spuštění prohlížeče se objeví okno viz příloha. Pak se začnou vyskakovat reklamy na gamesky, eshopy apod.
- Přílohy
-
- ESET_upozornění.jpg (32.81 KiB) Zobrazeno 2178 x
Re: Trojský kůň JS/Kryptik.I
1.AdwCleaner
# AdwCleaner v4.200 - Log vytvooen 02/04/2015 v 10:20:36
# Aktualizováno 29/03/2015 by Xplode
# Databáze : 2015-03-29.1 [Server]
# Operaení system : Microsoft Windows XP Service Pack 3 (x86)
# Uživatelské jméno : Work - WORK-HK
# Spuštino z : C:\Documents and Settings\Work\Plocha\adwcleaner_4.200.exe
# Nastavení : Eištiní
***** [ Služby ] *****
***** [ Soubory / Složky ] *****
***** [ Naplánované úlohy ] *****
***** [ Zástupci ] *****
***** [ Registry ] *****
***** [ Prohlížeee ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v36.0.1 (x86 cs)
*************************
AdwCleaner[R0].txt - [3529 bytu] - [10/02/2015 14:24:09]
AdwCleaner[R1].txt - [890 bytu] - [02/04/2015 10:18:22]
AdwCleaner[S0].txt - [3803 bytu] - [10/02/2015 14:37:22]
AdwCleaner[S1].txt - [816 bytu] - [02/04/2015 10:20:36]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [873 bytu] ##########
2. PChunter-viz příloha
# AdwCleaner v4.200 - Log vytvooen 02/04/2015 v 10:20:36
# Aktualizováno 29/03/2015 by Xplode
# Databáze : 2015-03-29.1 [Server]
# Operaení system : Microsoft Windows XP Service Pack 3 (x86)
# Uživatelské jméno : Work - WORK-HK
# Spuštino z : C:\Documents and Settings\Work\Plocha\adwcleaner_4.200.exe
# Nastavení : Eištiní
***** [ Služby ] *****
***** [ Soubory / Složky ] *****
***** [ Naplánované úlohy ] *****
***** [ Zástupci ] *****
***** [ Registry ] *****
***** [ Prohlížeee ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v36.0.1 (x86 cs)
*************************
AdwCleaner[R0].txt - [3529 bytu] - [10/02/2015 14:24:09]
AdwCleaner[R1].txt - [890 bytu] - [02/04/2015 10:18:22]
AdwCleaner[S0].txt - [3803 bytu] - [10/02/2015 14:37:22]
AdwCleaner[S1].txt - [816 bytu] - [02/04/2015 10:20:36]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [873 bytu] ##########
2. PChunter-viz příloha
- Přílohy
-
- PCHunter_LOG.rar
- (48.28 KiB) Staženo 58 x
Re: Trojský kůň JS/Kryptik.I
3.OTL-oba jsou moc velký-viz příloha
4.Proces neproběhne, po třech hodinách uploudování jsem to násilím ukončil...
4.Proces neproběhne, po třech hodinách uploudování jsem to násilím ukončil...
- Přílohy
-
- OTL_full.rar
- (32.19 KiB) Staženo 63 x
Re: Trojský kůň JS/Kryptik.I
Tady je ten druhý log z OTL.
- Přílohy
-
- Extras.rar
- (6.43 KiB) Staženo 61 x
Re: Trojský kůň JS/Kryptik.I
Nemusel jsem to ani spouštět, po restartu se to spustilo samo.
All processes killed
========== PROCESSES ==========
No active process named firefox.exe was found!
Process explorer.exe killed successfully!
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Unable to set value : HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-1390067357-1078145449-839522115-1006\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1390067357-1078145449-839522115-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1390067357-1078145449-839522115-1006\Software\Microsoft\Internet Explorer\SearchScopes\{15004BC5-A2C8-4751-8FEB-9BED03A18FAC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15004BC5-A2C8-4751-8FEB-9BED03A18FAC}\ not found.
Prefs.js: %7Bbd505536-ca59-2fd8-867d-1d98ad80afc7%7D:1.0 removed from extensions.enabledAddons
C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\f3r283vj.default-1352817939000\extensions\{bd505536-ca59-2fd8-867d-1d98ad80afc7}\modules\tools folder moved successfully.
C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\f3r283vj.default-1352817939000\extensions\{bd505536-ca59-2fd8-867d-1d98ad80afc7}\modules folder moved successfully.
C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\f3r283vj.default-1352817939000\extensions\{bd505536-ca59-2fd8-867d-1d98ad80afc7}\chrome\skin folder moved successfully.
C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\f3r283vj.default-1352817939000\extensions\{bd505536-ca59-2fd8-867d-1d98ad80afc7}\chrome\content folder moved successfully.
C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\f3r283vj.default-1352817939000\extensions\{bd505536-ca59-2fd8-867d-1d98ad80afc7}\chrome folder moved successfully.
C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\f3r283vj.default-1352817939000\extensions\{bd505536-ca59-2fd8-867d-1d98ad80afc7} folder moved successfully.
========== FILES ==========
C:\Documents and Settings\Work\Data aplikací\29254 folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 27844573 bytes
->Flash cache emptied: 642 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 799312 bytes
User: SIA 11
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 1158170 bytes
->FireFox cache emptied: 40401140 bytes
->Flash cache emptied: 1916616 bytes
User: Work
->Temp folder emptied: 16868647 bytes
->Temporary Internet Files folder emptied: 2692971 bytes
->FireFox cache emptied: 86762537 bytes
->Flash cache emptied: 506 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 42487906 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 103181 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 211,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: LocalService
->Flash cache emptied: 0 bytes
User: NetworkService
User: SIA 11
->Flash cache emptied: 0 bytes
User: Work
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
[EMPTYJAVA]
User: All Users
User: Default User
User: LocalService
User: NetworkService
User: SIA 11
->Java cache emptied: 0 bytes
User: Work
Total Java Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04032015_103306
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
ESET už nic nehlásí, a net běhá pěkně svižně, okna nevyskakují...
All processes killed
========== PROCESSES ==========
No active process named firefox.exe was found!
Process explorer.exe killed successfully!
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Unable to set value : HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-1390067357-1078145449-839522115-1006\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1390067357-1078145449-839522115-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1390067357-1078145449-839522115-1006\Software\Microsoft\Internet Explorer\SearchScopes\{15004BC5-A2C8-4751-8FEB-9BED03A18FAC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15004BC5-A2C8-4751-8FEB-9BED03A18FAC}\ not found.
Prefs.js: %7Bbd505536-ca59-2fd8-867d-1d98ad80afc7%7D:1.0 removed from extensions.enabledAddons
C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\f3r283vj.default-1352817939000\extensions\{bd505536-ca59-2fd8-867d-1d98ad80afc7}\modules\tools folder moved successfully.
C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\f3r283vj.default-1352817939000\extensions\{bd505536-ca59-2fd8-867d-1d98ad80afc7}\modules folder moved successfully.
C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\f3r283vj.default-1352817939000\extensions\{bd505536-ca59-2fd8-867d-1d98ad80afc7}\chrome\skin folder moved successfully.
C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\f3r283vj.default-1352817939000\extensions\{bd505536-ca59-2fd8-867d-1d98ad80afc7}\chrome\content folder moved successfully.
C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\f3r283vj.default-1352817939000\extensions\{bd505536-ca59-2fd8-867d-1d98ad80afc7}\chrome folder moved successfully.
C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\f3r283vj.default-1352817939000\extensions\{bd505536-ca59-2fd8-867d-1d98ad80afc7} folder moved successfully.
========== FILES ==========
C:\Documents and Settings\Work\Data aplikací\29254 folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 27844573 bytes
->Flash cache emptied: 642 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 799312 bytes
User: SIA 11
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 1158170 bytes
->FireFox cache emptied: 40401140 bytes
->Flash cache emptied: 1916616 bytes
User: Work
->Temp folder emptied: 16868647 bytes
->Temporary Internet Files folder emptied: 2692971 bytes
->FireFox cache emptied: 86762537 bytes
->Flash cache emptied: 506 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 42487906 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 103181 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 211,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: LocalService
->Flash cache emptied: 0 bytes
User: NetworkService
User: SIA 11
->Flash cache emptied: 0 bytes
User: Work
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
[EMPTYJAVA]
User: All Users
User: Default User
User: LocalService
User: NetworkService
User: SIA 11
->Java cache emptied: 0 bytes
User: Work
Total Java Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04032015_103306
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
ESET už nic nehlásí, a net běhá pěkně svižně, okna nevyskakují...
Re: Trojský kůň JS/Kryptik.I
Tak ta hláška od AV už je zase tady:(
Samovolně vyskakující okna se zatím neobjevují.
OTL logfile created on: 3.4.2015 16:47:45 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Work\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 71,54% Memory free
1,85 Gb Paging File | 1,55 Gb Available in Paging File | 83,63% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 22,35 Gb Free Space | 29,99% Space Free | Partition Type: NTFS
Drive D: | 74,53 Gb Total Space | 11,63 Gb Free Space | 15,60% Space Free | Partition Type: NTFS
Computer Name: WORK-HK | User Name: Work | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2015.04.02 10:58:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Work\Plocha\OTL.exe
PRC - [2014.09.22 15:10:26 | 005,088,456 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2014.09.16 11:08:52 | 001,350,112 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011.06.01 11:46:40 | 007,144,448 | ---- | M] () -- C:\WINDOWS\system32\WTMKM.exe
PRC - [2011.04.27 17:23:10 | 000,871,936 | ---- | M] () -- C:\WINDOWS\system32\atwtusb.exe
PRC - [2010.04.07 14:57:42 | 000,099,896 | ---- | M] (HP) -- C:\WINDOWS\system32\HPSIsvc.exe
PRC - [2009.11.12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.09.25 02:11:35 | 000,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
PRC - [2007.09.25 02:11:35 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
PRC - [2006.04.06 10:40:40 | 000,499,712 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe
PRC - [2003.07.17 21:50:42 | 000,217,180 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
========== Modules (No Company Name) ==========
MOD - [2011.06.01 11:46:40 | 007,144,448 | ---- | M] () -- C:\WINDOWS\system32\WTMKM.exe
MOD - [2011.04.27 17:23:10 | 000,871,936 | ---- | M] () -- C:\WINDOWS\system32\atwtusb.exe
MOD - [2010.03.04 17:55:34 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\HP1100LM.DLL
MOD - [2010.03.04 17:55:14 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll
MOD - [2009.11.12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2003.07.19 13:14:14 | 000,028,672 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\AcroTray.CZE
========== Services (SafeList) ==========
SRV - [2015.03.19 10:00:19 | 000,148,080 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015.02.05 13:37:10 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.09.16 11:08:52 | 001,350,112 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011.04.27 17:23:10 | 000,871,936 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\atwtusb.exe -- (WTService)
SRV - [2010.04.07 14:57:42 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
SRV - [2009.11.12 13:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008.12.01 12:56:19 | 000,082,584 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008.06.06 00:41:12 | 001,322,648 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Work\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Ap10isdefc)
DRV - [2014.09.22 08:20:06 | 000,191,928 | ---- | M] (ESET) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eamonm.sys -- (eamonm)
DRV - [2014.09.22 08:20:06 | 000,135,296 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2014.09.22 08:20:06 | 000,119,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.08.20 20:38:24 | 000,006,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\walvhid.sys -- (vhidmini)
DRV - [2009.03.08 21:15:14 | 000,006,144 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006.11.22 07:20:00 | 000,072,704 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WibuKey.sys -- (WIBUKEY)
DRV - [2005.08.19 02:40:10 | 000,074,752 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTL8023xp)
DRV - [2005.07.09 01:10:06 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2004.10.27 15:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.09.08 03:29:12 | 000,769,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004.08.14 20:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.05.02 10:47:08 | 000,023,040 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\GVCplDrv.sys -- (GVCplDrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.countryCode: "CZ"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.region: "CZ"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: %7Be4ec0a9a-31e2-5363-6c0e-4351415b6506%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:36.0.1
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2015.03.19 09:59:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2015.03.19 09:59:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2015.02.25 13:42:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2010.04.30 06:30:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Work\Data aplikací\Mozilla\Extensions
[2015.04.03 11:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\f3r283vj.default-1352817939000\extensions
[2015.04.02 14:20:59 | 000,000,000 | ---D | M] ("Zoom It") -- C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\f3r283vj.default-1352817939000\extensions\{e4ec0a9a-31e2-5363-6c0e-4351415b6506}
[2015.04.03 11:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\f3r283vj.default-1352817939000\extensions\staged
[2015.03.19 09:59:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2015.03.19 10:00:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\WORK\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\F3R283VJ.DEFAULT-1352817939000\EXTENSIONS\{E4EC0A9A-31E2-5363-6C0E-4351415B6506}
O1 HOSTS File: ([2015.02.03 11:03:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [MacrokeyManager] C:\WINDOWS\System32\WTMKM.exe ()
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [seznam-listicka-distribuce] C:\Program Files\Seznam.cz\distribution\szninstall.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe (Adobe Systems Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mvadvd.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc3.cab (Office Update Installation Engine)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} http://plugin.fileopen.com/current/FileOpen.CAB (FoInstaller Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB3C23EF-CBB1-417A-BB2B-1B4104E91040}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.05.18 22:42:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2015.04.03 10:33:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2015.04.02 11:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Plocha\OTL
[2015.04.02 10:58:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Work\Plocha\OTL.exe
[2015.04.02 10:38:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Plocha\PCHunter_free
[2015.04.02 10:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Plocha\AdwCleaner
[2015.04.01 13:05:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Plocha\FRST-OlderVersion
[2015.03.27 15:30:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Work\Recent
[2015.03.19 09:59:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
========== Files - Modified Within 30 Days ==========
[2015.04.03 16:37:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015.04.03 15:55:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015.04.03 13:55:00 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015.04.03 10:37:23 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2015.04.03 10:37:23 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
[2015.04.03 10:37:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015.04.02 12:39:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2015.04.02 11:05:40 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2015.04.02 10:58:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Work\Plocha\OTL.exe
[2015.04.02 10:38:08 | 006,739,485 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\PCHunter_free.zip
[2015.04.02 10:15:18 | 002,208,768 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\adwcleaner_4.200.exe
[2015.04.01 13:05:09 | 001,135,104 | ---- | M] (Farbar) -- C:\Documents and Settings\Work\Plocha\FRST.exe
[2015.03.31 11:15:52 | 001,051,904 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\VDA-KOOSITU-R00.pln
[2015.03.31 11:12:00 | 001,057,520 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\VDA-KOOSITU-R00.bpn
[2015.03.30 09:28:22 | 000,444,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2015.03.30 09:28:22 | 000,072,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2015.03.30 09:28:21 | 000,441,240 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2015.03.30 09:28:21 | 000,083,990 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2015.03.19 17:01:20 | 002,800,538 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\pasport Hořenický mlýn 2015_03_18 (export dwg 2010).dwg
[2015.03.08 16:00:00 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
[2015.03.04 22:17:06 | 000,407,006 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\untitled(1).bmp
========== Files Created - No Company Name ==========
[2015.04.02 11:05:40 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2015.04.02 10:37:32 | 006,739,485 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\PCHunter_free.zip
[2015.04.02 10:15:08 | 002,208,768 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\adwcleaner_4.200.exe
[2015.03.31 11:05:18 | 001,057,520 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\VDA-KOOSITU-R00.bpn
[2015.03.31 11:05:18 | 001,051,904 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\VDA-KOOSITU-R00.pln
[2015.03.25 13:38:19 | 008,049,935 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\vyjádření_mlýn Hořenice.zip
[2015.03.25 13:38:12 | 003,443,087 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\výkresy_mlýn Hořenice.zip
[2015.03.19 17:02:35 | 002,800,538 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\pasport Hořenický mlýn 2015_03_18 (export dwg 2010).dwg
[2015.03.04 22:17:06 | 000,407,006 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\untitled(1).bmp
[2015.02.03 10:50:36 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2015.02.03 10:50:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2015.02.03 10:50:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2015.02.03 10:50:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2015.02.03 10:50:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.11.13 19:08:47 | 000,631,504 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2013.05.16 15:59:59 | 000,057,552 | ---- | C] () -- C:\WINDOWS\System32\WkDos.exe
[2012.11.23 02:39:45 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\QTSBandwidthCache
[2012.05.15 10:19:25 | 000,024,772 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\P1100DEF.css
[2012.05.15 10:19:25 | 000,004,188 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\P1100OS.HTM
[2012.05.15 10:19:25 | 000,002,944 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\P1100SIG.GIF
[2010.06.11 14:40:57 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\Work\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.15 15:58:56 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
========== ZeroAccess Check ==========
[2006.05.19 11:54:42 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 08:51:56 | 001,499,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 08:52:06 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
Samovolně vyskakující okna se zatím neobjevují.
OTL logfile created on: 3.4.2015 16:47:45 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Work\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 71,54% Memory free
1,85 Gb Paging File | 1,55 Gb Available in Paging File | 83,63% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 22,35 Gb Free Space | 29,99% Space Free | Partition Type: NTFS
Drive D: | 74,53 Gb Total Space | 11,63 Gb Free Space | 15,60% Space Free | Partition Type: NTFS
Computer Name: WORK-HK | User Name: Work | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2015.04.02 10:58:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Work\Plocha\OTL.exe
PRC - [2014.09.22 15:10:26 | 005,088,456 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2014.09.16 11:08:52 | 001,350,112 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011.06.01 11:46:40 | 007,144,448 | ---- | M] () -- C:\WINDOWS\system32\WTMKM.exe
PRC - [2011.04.27 17:23:10 | 000,871,936 | ---- | M] () -- C:\WINDOWS\system32\atwtusb.exe
PRC - [2010.04.07 14:57:42 | 000,099,896 | ---- | M] (HP) -- C:\WINDOWS\system32\HPSIsvc.exe
PRC - [2009.11.12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.09.25 02:11:35 | 000,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
PRC - [2007.09.25 02:11:35 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
PRC - [2006.04.06 10:40:40 | 000,499,712 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe
PRC - [2003.07.17 21:50:42 | 000,217,180 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
========== Modules (No Company Name) ==========
MOD - [2011.06.01 11:46:40 | 007,144,448 | ---- | M] () -- C:\WINDOWS\system32\WTMKM.exe
MOD - [2011.04.27 17:23:10 | 000,871,936 | ---- | M] () -- C:\WINDOWS\system32\atwtusb.exe
MOD - [2010.03.04 17:55:34 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\HP1100LM.DLL
MOD - [2010.03.04 17:55:14 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll
MOD - [2009.11.12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2003.07.19 13:14:14 | 000,028,672 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\AcroTray.CZE
========== Services (SafeList) ==========
SRV - [2015.03.19 10:00:19 | 000,148,080 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015.02.05 13:37:10 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.09.16 11:08:52 | 001,350,112 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011.04.27 17:23:10 | 000,871,936 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\atwtusb.exe -- (WTService)
SRV - [2010.04.07 14:57:42 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
SRV - [2009.11.12 13:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008.12.01 12:56:19 | 000,082,584 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008.06.06 00:41:12 | 001,322,648 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Work\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Ap10isdefc)
DRV - [2014.09.22 08:20:06 | 000,191,928 | ---- | M] (ESET) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eamonm.sys -- (eamonm)
DRV - [2014.09.22 08:20:06 | 000,135,296 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2014.09.22 08:20:06 | 000,119,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.08.20 20:38:24 | 000,006,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\walvhid.sys -- (vhidmini)
DRV - [2009.03.08 21:15:14 | 000,006,144 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006.11.22 07:20:00 | 000,072,704 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WibuKey.sys -- (WIBUKEY)
DRV - [2005.08.19 02:40:10 | 000,074,752 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTL8023xp)
DRV - [2005.07.09 01:10:06 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2004.10.27 15:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.09.08 03:29:12 | 000,769,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004.08.14 20:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.05.02 10:47:08 | 000,023,040 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\GVCplDrv.sys -- (GVCplDrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.countryCode: "CZ"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.region: "CZ"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: %7Be4ec0a9a-31e2-5363-6c0e-4351415b6506%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:36.0.1
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2015.03.19 09:59:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2015.03.19 09:59:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2015.02.25 13:42:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2010.04.30 06:30:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Work\Data aplikací\Mozilla\Extensions
[2015.04.03 11:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\f3r283vj.default-1352817939000\extensions
[2015.04.02 14:20:59 | 000,000,000 | ---D | M] ("Zoom It") -- C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\f3r283vj.default-1352817939000\extensions\{e4ec0a9a-31e2-5363-6c0e-4351415b6506}
[2015.04.03 11:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\f3r283vj.default-1352817939000\extensions\staged
[2015.03.19 09:59:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2015.03.19 10:00:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\WORK\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\F3R283VJ.DEFAULT-1352817939000\EXTENSIONS\{E4EC0A9A-31E2-5363-6C0E-4351415B6506}
O1 HOSTS File: ([2015.02.03 11:03:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [MacrokeyManager] C:\WINDOWS\System32\WTMKM.exe ()
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [seznam-listicka-distribuce] C:\Program Files\Seznam.cz\distribution\szninstall.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe (Adobe Systems Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mvadvd.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc3.cab (Office Update Installation Engine)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} http://plugin.fileopen.com/current/FileOpen.CAB (FoInstaller Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB3C23EF-CBB1-417A-BB2B-1B4104E91040}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.05.18 22:42:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2015.04.03 10:33:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2015.04.02 11:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Plocha\OTL
[2015.04.02 10:58:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Work\Plocha\OTL.exe
[2015.04.02 10:38:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Plocha\PCHunter_free
[2015.04.02 10:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Plocha\AdwCleaner
[2015.04.01 13:05:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Plocha\FRST-OlderVersion
[2015.03.27 15:30:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Work\Recent
[2015.03.19 09:59:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
========== Files - Modified Within 30 Days ==========
[2015.04.03 16:37:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015.04.03 15:55:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015.04.03 13:55:00 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015.04.03 10:37:23 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2015.04.03 10:37:23 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
[2015.04.03 10:37:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015.04.02 12:39:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2015.04.02 11:05:40 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2015.04.02 10:58:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Work\Plocha\OTL.exe
[2015.04.02 10:38:08 | 006,739,485 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\PCHunter_free.zip
[2015.04.02 10:15:18 | 002,208,768 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\adwcleaner_4.200.exe
[2015.04.01 13:05:09 | 001,135,104 | ---- | M] (Farbar) -- C:\Documents and Settings\Work\Plocha\FRST.exe
[2015.03.31 11:15:52 | 001,051,904 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\VDA-KOOSITU-R00.pln
[2015.03.31 11:12:00 | 001,057,520 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\VDA-KOOSITU-R00.bpn
[2015.03.30 09:28:22 | 000,444,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2015.03.30 09:28:22 | 000,072,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2015.03.30 09:28:21 | 000,441,240 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2015.03.30 09:28:21 | 000,083,990 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2015.03.19 17:01:20 | 002,800,538 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\pasport Hořenický mlýn 2015_03_18 (export dwg 2010).dwg
[2015.03.08 16:00:00 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
[2015.03.04 22:17:06 | 000,407,006 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\untitled(1).bmp
========== Files Created - No Company Name ==========
[2015.04.02 11:05:40 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2015.04.02 10:37:32 | 006,739,485 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\PCHunter_free.zip
[2015.04.02 10:15:08 | 002,208,768 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\adwcleaner_4.200.exe
[2015.03.31 11:05:18 | 001,057,520 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\VDA-KOOSITU-R00.bpn
[2015.03.31 11:05:18 | 001,051,904 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\VDA-KOOSITU-R00.pln
[2015.03.25 13:38:19 | 008,049,935 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\vyjádření_mlýn Hořenice.zip
[2015.03.25 13:38:12 | 003,443,087 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\výkresy_mlýn Hořenice.zip
[2015.03.19 17:02:35 | 002,800,538 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\pasport Hořenický mlýn 2015_03_18 (export dwg 2010).dwg
[2015.03.04 22:17:06 | 000,407,006 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\untitled(1).bmp
[2015.02.03 10:50:36 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2015.02.03 10:50:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2015.02.03 10:50:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2015.02.03 10:50:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2015.02.03 10:50:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.11.13 19:08:47 | 000,631,504 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2013.05.16 15:59:59 | 000,057,552 | ---- | C] () -- C:\WINDOWS\System32\WkDos.exe
[2012.11.23 02:39:45 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\QTSBandwidthCache
[2012.05.15 10:19:25 | 000,024,772 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\P1100DEF.css
[2012.05.15 10:19:25 | 000,004,188 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\P1100OS.HTM
[2012.05.15 10:19:25 | 000,002,944 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\P1100SIG.GIF
[2010.06.11 14:40:57 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\Work\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.15 15:58:56 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
========== ZeroAccess Check ==========
[2006.05.19 11:54:42 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 08:51:56 | 001,499,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 08:52:06 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
Re: Trojský kůň JS/Kryptik.I
OK, necháme to na úterý.
Zatím díky a veselé Velikonoce:)
Zatím díky a veselé Velikonoce:)
Re: Trojský kůň JS/Kryptik.I
Zdravím,
odistalováno, vyzobáno a zpět nainstalováno. Zatím je klid.
Mám udělat ještě nějaký Log?
odistalováno, vyzobáno a zpět nainstalováno. Zatím je klid.
Mám udělat ještě nějaký Log?
Re: Trojský kůň JS/Kryptik.I
Tady to je:
OTL logfile created on: 8.4.2015 10:15:30 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Work\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 69,54% Memory free
1,85 Gb Paging File | 1,53 Gb Available in Paging File | 82,67% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 22,31 Gb Free Space | 29,94% Space Free | Partition Type: NTFS
Drive D: | 74,53 Gb Total Space | 11,63 Gb Free Space | 15,60% Space Free | Partition Type: NTFS
Computer Name: WORK-HK | User Name: Work | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2015.04.02 10:58:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Work\Plocha\OTL.exe
PRC - [2014.09.22 15:10:26 | 005,088,456 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2014.09.16 11:08:52 | 001,350,112 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011.06.01 11:46:40 | 007,144,448 | ---- | M] () -- C:\WINDOWS\system32\WTMKM.exe
PRC - [2011.04.27 17:23:10 | 000,871,936 | ---- | M] () -- C:\WINDOWS\system32\atwtusb.exe
PRC - [2010.04.07 14:57:42 | 000,099,896 | ---- | M] (HP) -- C:\WINDOWS\system32\HPSIsvc.exe
PRC - [2009.11.12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.04.06 10:40:40 | 000,499,712 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe
PRC - [2003.07.17 21:50:42 | 000,217,180 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
========== Modules (No Company Name) ==========
MOD - [2011.06.01 11:46:40 | 007,144,448 | ---- | M] () -- C:\WINDOWS\system32\WTMKM.exe
MOD - [2011.04.27 17:23:10 | 000,871,936 | ---- | M] () -- C:\WINDOWS\system32\atwtusb.exe
MOD - [2010.03.04 17:55:34 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\HP1100LM.DLL
MOD - [2010.03.04 17:55:14 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll
MOD - [2009.11.12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2003.07.19 13:14:14 | 000,028,672 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\AcroTray.CZE
========== Services (SafeList) ==========
SRV - [2015.04.03 07:37:50 | 000,148,080 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.09.16 11:08:52 | 001,350,112 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011.04.27 17:23:10 | 000,871,936 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\atwtusb.exe -- (WTService)
SRV - [2010.04.07 14:57:42 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
SRV - [2009.11.12 13:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008.12.01 12:56:19 | 000,082,584 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008.06.06 00:41:12 | 001,322,648 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Work\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Ap10isdefc)
DRV - [2014.09.22 08:20:06 | 000,191,928 | ---- | M] (ESET) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eamonm.sys -- (eamonm)
DRV - [2014.09.22 08:20:06 | 000,135,296 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2014.09.22 08:20:06 | 000,119,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.08.20 20:38:24 | 000,006,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\walvhid.sys -- (vhidmini)
DRV - [2009.03.08 21:15:14 | 000,006,144 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006.11.22 07:20:00 | 000,072,704 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WibuKey.sys -- (WIBUKEY)
DRV - [2005.08.19 02:40:10 | 000,074,752 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTL8023xp)
DRV - [2005.07.09 01:10:06 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2004.10.27 15:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.09.08 03:29:12 | 000,769,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004.08.14 20:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.05.02 10:47:08 | 000,023,040 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\GVCplDrv.sys -- (GVCplDrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.countryCode: "CZ"
FF - prefs.js..browser.search.hiddenOneOffs: "DuckDuckGo,Heuréka,Slunečnice,Wikipedie (cs)"
FF - prefs.js..browser.search.region: "CZ"
FF - prefs.js..browser.startup.homepage: "seznam.cz"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:37.0.1
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2015.04.03 12:16:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2015.04.07 10:18:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Work\Data aplikací\Mozilla\Extensions
[2015.04.07 13:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\wrac459j.default\extensions
[2015.04.07 10:17:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2015.04.07 10:17:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2015.02.03 11:03:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [MacrokeyManager] C:\WINDOWS\System32\WTMKM.exe ()
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [seznam-listicka-distribuce] C:\Program Files\Seznam.cz\distribution\szninstall.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe (Adobe Systems Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mvadvd.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc3.cab (Office Update Installation Engine)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} http://plugin.fileopen.com/current/FileOpen.CAB (FoInstaller Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB3C23EF-CBB1-417A-BB2B-1B4104E91040}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.05.18 22:42:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2015.04.07 12:27:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Data aplikací\Macromedia
[2015.04.07 10:24:35 | 000,778,928 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2015.04.07 10:24:35 | 000,142,512 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2015.04.07 10:17:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Local Settings\Data aplikací\Mozilla
[2015.04.07 10:17:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Data aplikací\Mozilla
[2015.04.07 10:17:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Mozilla
[2015.04.07 10:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2015.04.07 10:14:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Work\Recent
[2015.04.03 12:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2015.04.03 10:33:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2015.04.02 11:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Plocha\OTL
[2015.04.02 10:58:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Work\Plocha\OTL.exe
[2015.04.02 10:38:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Plocha\PCHunter_free
[2015.04.02 10:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Plocha\AdwCleaner
[2015.04.01 13:05:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Plocha\FRST-OlderVersion
========== Files - Modified Within 30 Days ==========
[2015.04.08 09:55:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015.04.07 13:55:00 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015.04.07 10:24:35 | 000,778,928 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2015.04.07 10:24:35 | 000,142,512 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2015.04.07 10:17:48 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
[2015.04.07 09:15:04 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
[2015.04.07 09:15:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2015.04.07 09:11:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015.04.02 12:39:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2015.04.02 11:05:40 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2015.04.02 10:58:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Work\Plocha\OTL.exe
[2015.04.02 10:38:08 | 006,739,485 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\PCHunter_free.zip
[2015.04.02 10:15:18 | 002,208,768 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\adwcleaner_4.200.exe
[2015.04.01 13:05:09 | 001,135,104 | ---- | M] (Farbar) -- C:\Documents and Settings\Work\Plocha\FRST.exe
[2015.03.31 11:15:52 | 001,051,904 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\VDA-KOOSITU-R00.pln
[2015.03.31 11:12:00 | 001,057,520 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\VDA-KOOSITU-R00.bpn
[2015.03.30 09:28:22 | 000,444,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2015.03.30 09:28:22 | 000,072,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2015.03.30 09:28:21 | 000,441,240 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2015.03.30 09:28:21 | 000,083,990 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2015.03.19 17:01:20 | 002,800,538 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\pasport Hořenický mlýn 2015_03_18 (export dwg 2010).dwg
========== Files Created - No Company Name ==========
[2015.04.07 10:17:48 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk
[2015.04.07 10:17:48 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
[2015.04.02 11:05:40 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2015.04.02 10:37:32 | 006,739,485 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\PCHunter_free.zip
[2015.04.02 10:15:08 | 002,208,768 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\adwcleaner_4.200.exe
[2015.03.31 11:05:18 | 001,057,520 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\VDA-KOOSITU-R00.bpn
[2015.03.31 11:05:18 | 001,051,904 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\VDA-KOOSITU-R00.pln
[2015.03.25 13:38:19 | 008,049,935 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\vyjádření_mlýn Hořenice.zip
[2015.03.25 13:38:12 | 003,443,087 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\výkresy_mlýn Hořenice.zip
[2015.03.19 17:02:35 | 002,800,538 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\pasport Hořenický mlýn 2015_03_18 (export dwg 2010).dwg
[2015.02.03 10:50:36 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2015.02.03 10:50:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2015.02.03 10:50:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2015.02.03 10:50:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2015.02.03 10:50:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.11.13 19:08:47 | 000,631,504 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2013.05.16 15:59:59 | 000,057,552 | ---- | C] () -- C:\WINDOWS\System32\WkDos.exe
[2012.11.23 02:39:45 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\QTSBandwidthCache
[2012.05.15 10:19:25 | 000,024,772 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\P1100DEF.css
[2012.05.15 10:19:25 | 000,004,188 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\P1100OS.HTM
[2012.05.15 10:19:25 | 000,002,944 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\P1100SIG.GIF
[2010.06.11 14:40:57 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\Work\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.15 15:58:56 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
========== ZeroAccess Check ==========
[2006.05.19 11:54:42 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 08:51:56 | 001,499,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 08:52:06 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
OTL logfile created on: 8.4.2015 10:15:30 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Work\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 69,54% Memory free
1,85 Gb Paging File | 1,53 Gb Available in Paging File | 82,67% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 22,31 Gb Free Space | 29,94% Space Free | Partition Type: NTFS
Drive D: | 74,53 Gb Total Space | 11,63 Gb Free Space | 15,60% Space Free | Partition Type: NTFS
Computer Name: WORK-HK | User Name: Work | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2015.04.02 10:58:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Work\Plocha\OTL.exe
PRC - [2014.09.22 15:10:26 | 005,088,456 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2014.09.16 11:08:52 | 001,350,112 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011.06.01 11:46:40 | 007,144,448 | ---- | M] () -- C:\WINDOWS\system32\WTMKM.exe
PRC - [2011.04.27 17:23:10 | 000,871,936 | ---- | M] () -- C:\WINDOWS\system32\atwtusb.exe
PRC - [2010.04.07 14:57:42 | 000,099,896 | ---- | M] (HP) -- C:\WINDOWS\system32\HPSIsvc.exe
PRC - [2009.11.12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.04.06 10:40:40 | 000,499,712 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe
PRC - [2003.07.17 21:50:42 | 000,217,180 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
========== Modules (No Company Name) ==========
MOD - [2011.06.01 11:46:40 | 007,144,448 | ---- | M] () -- C:\WINDOWS\system32\WTMKM.exe
MOD - [2011.04.27 17:23:10 | 000,871,936 | ---- | M] () -- C:\WINDOWS\system32\atwtusb.exe
MOD - [2010.03.04 17:55:34 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\HP1100LM.DLL
MOD - [2010.03.04 17:55:14 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll
MOD - [2009.11.12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2003.07.19 13:14:14 | 000,028,672 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\AcroTray.CZE
========== Services (SafeList) ==========
SRV - [2015.04.03 07:37:50 | 000,148,080 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.09.16 11:08:52 | 001,350,112 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011.04.27 17:23:10 | 000,871,936 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\atwtusb.exe -- (WTService)
SRV - [2010.04.07 14:57:42 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
SRV - [2009.11.12 13:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008.12.01 12:56:19 | 000,082,584 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008.06.06 00:41:12 | 001,322,648 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Work\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Ap10isdefc)
DRV - [2014.09.22 08:20:06 | 000,191,928 | ---- | M] (ESET) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eamonm.sys -- (eamonm)
DRV - [2014.09.22 08:20:06 | 000,135,296 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2014.09.22 08:20:06 | 000,119,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.08.20 20:38:24 | 000,006,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\walvhid.sys -- (vhidmini)
DRV - [2009.03.08 21:15:14 | 000,006,144 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006.11.22 07:20:00 | 000,072,704 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WibuKey.sys -- (WIBUKEY)
DRV - [2005.08.19 02:40:10 | 000,074,752 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTL8023xp)
DRV - [2005.07.09 01:10:06 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2004.10.27 15:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.09.08 03:29:12 | 000,769,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004.08.14 20:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.05.02 10:47:08 | 000,023,040 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\GVCplDrv.sys -- (GVCplDrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.countryCode: "CZ"
FF - prefs.js..browser.search.hiddenOneOffs: "DuckDuckGo,Heuréka,Slunečnice,Wikipedie (cs)"
FF - prefs.js..browser.search.region: "CZ"
FF - prefs.js..browser.startup.homepage: "seznam.cz"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:37.0.1
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2015.04.03 12:16:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2015.04.07 10:18:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Work\Data aplikací\Mozilla\Extensions
[2015.04.07 13:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\wrac459j.default\extensions
[2015.04.07 10:17:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2015.04.07 10:17:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2015.02.03 11:03:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [MacrokeyManager] C:\WINDOWS\System32\WTMKM.exe ()
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [seznam-listicka-distribuce] C:\Program Files\Seznam.cz\distribution\szninstall.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe (Adobe Systems Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mvadvd.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc3.cab (Office Update Installation Engine)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} http://plugin.fileopen.com/current/FileOpen.CAB (FoInstaller Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB3C23EF-CBB1-417A-BB2B-1B4104E91040}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.05.18 22:42:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2015.04.07 12:27:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Data aplikací\Macromedia
[2015.04.07 10:24:35 | 000,778,928 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2015.04.07 10:24:35 | 000,142,512 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2015.04.07 10:17:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Local Settings\Data aplikací\Mozilla
[2015.04.07 10:17:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Data aplikací\Mozilla
[2015.04.07 10:17:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Mozilla
[2015.04.07 10:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2015.04.07 10:14:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Work\Recent
[2015.04.03 12:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2015.04.03 10:33:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2015.04.02 11:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Plocha\OTL
[2015.04.02 10:58:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Work\Plocha\OTL.exe
[2015.04.02 10:38:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Plocha\PCHunter_free
[2015.04.02 10:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Plocha\AdwCleaner
[2015.04.01 13:05:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Plocha\FRST-OlderVersion
========== Files - Modified Within 30 Days ==========
[2015.04.08 09:55:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015.04.07 13:55:00 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015.04.07 10:24:35 | 000,778,928 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2015.04.07 10:24:35 | 000,142,512 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2015.04.07 10:17:48 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
[2015.04.07 09:15:04 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
[2015.04.07 09:15:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2015.04.07 09:11:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015.04.02 12:39:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2015.04.02 11:05:40 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2015.04.02 10:58:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Work\Plocha\OTL.exe
[2015.04.02 10:38:08 | 006,739,485 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\PCHunter_free.zip
[2015.04.02 10:15:18 | 002,208,768 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\adwcleaner_4.200.exe
[2015.04.01 13:05:09 | 001,135,104 | ---- | M] (Farbar) -- C:\Documents and Settings\Work\Plocha\FRST.exe
[2015.03.31 11:15:52 | 001,051,904 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\VDA-KOOSITU-R00.pln
[2015.03.31 11:12:00 | 001,057,520 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\VDA-KOOSITU-R00.bpn
[2015.03.30 09:28:22 | 000,444,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2015.03.30 09:28:22 | 000,072,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2015.03.30 09:28:21 | 000,441,240 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2015.03.30 09:28:21 | 000,083,990 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2015.03.19 17:01:20 | 002,800,538 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\pasport Hořenický mlýn 2015_03_18 (export dwg 2010).dwg
========== Files Created - No Company Name ==========
[2015.04.07 10:17:48 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk
[2015.04.07 10:17:48 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
[2015.04.02 11:05:40 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2015.04.02 10:37:32 | 006,739,485 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\PCHunter_free.zip
[2015.04.02 10:15:08 | 002,208,768 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\adwcleaner_4.200.exe
[2015.03.31 11:05:18 | 001,057,520 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\VDA-KOOSITU-R00.bpn
[2015.03.31 11:05:18 | 001,051,904 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\VDA-KOOSITU-R00.pln
[2015.03.25 13:38:19 | 008,049,935 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\vyjádření_mlýn Hořenice.zip
[2015.03.25 13:38:12 | 003,443,087 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\výkresy_mlýn Hořenice.zip
[2015.03.19 17:02:35 | 002,800,538 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\pasport Hořenický mlýn 2015_03_18 (export dwg 2010).dwg
[2015.02.03 10:50:36 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2015.02.03 10:50:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2015.02.03 10:50:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2015.02.03 10:50:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2015.02.03 10:50:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.11.13 19:08:47 | 000,631,504 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2013.05.16 15:59:59 | 000,057,552 | ---- | C] () -- C:\WINDOWS\System32\WkDos.exe
[2012.11.23 02:39:45 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\QTSBandwidthCache
[2012.05.15 10:19:25 | 000,024,772 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\P1100DEF.css
[2012.05.15 10:19:25 | 000,004,188 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\P1100OS.HTM
[2012.05.15 10:19:25 | 000,002,944 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\P1100SIG.GIF
[2010.06.11 14:40:57 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\Work\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.15 15:58:56 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
========== ZeroAccess Check ==========
[2006.05.19 11:54:42 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 08:51:56 | 001,499,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 08:52:06 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
Re: Trojský kůň JS/Kryptik.I
Pls, ten odkaz nefachčí:
502 Bad Gateway
502 Bad Gateway
Re: Trojský kůň JS/Kryptik.I
Hotovo.
# DelFix v10.9 - Logfile created 10/04/2015 at 10:18:14
# Updated 27/02/2015 by Xplode
# Username : Work - WORK-HK
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
~ Removing disinfection tools ...
Deleted : C:\Qoobox
Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Documents and Settings\Work\Plocha\FRST-OlderVersion
Deleted : C:\Documents and Settings\Work\Plocha\Addition.txt
Deleted : C:\Documents and Settings\Work\Plocha\adwcleaner_4.200.exe
Deleted : C:\Documents and Settings\Work\Plocha\FRST.exe
Deleted : C:\Documents and Settings\Work\Plocha\FRST.txt
Deleted : C:\Documents and Settings\Work\Plocha\OTL.Txt
Deleted : C:\Documents and Settings\Work\Plocha\OTL.exe
Deleted : C:\WINDOWS\grep.exe
Deleted : C:\WINDOWS\PEV.exe
Deleted : C:\WINDOWS\NIRCMD.exe
Deleted : C:\WINDOWS\MBR.exe
Deleted : C:\WINDOWS\SED.exe
Deleted : C:\WINDOWS\SWREG.exe
Deleted : C:\WINDOWS\SWSC.exe
Deleted : C:\WINDOWS\SWXCACLS.exe
Deleted : C:\WINDOWS\Zip.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
########## - EOF - ##########
# DelFix v10.9 - Logfile created 10/04/2015 at 10:18:14
# Updated 27/02/2015 by Xplode
# Username : Work - WORK-HK
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
~ Removing disinfection tools ...
Deleted : C:\Qoobox
Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Documents and Settings\Work\Plocha\FRST-OlderVersion
Deleted : C:\Documents and Settings\Work\Plocha\Addition.txt
Deleted : C:\Documents and Settings\Work\Plocha\adwcleaner_4.200.exe
Deleted : C:\Documents and Settings\Work\Plocha\FRST.exe
Deleted : C:\Documents and Settings\Work\Plocha\FRST.txt
Deleted : C:\Documents and Settings\Work\Plocha\OTL.Txt
Deleted : C:\Documents and Settings\Work\Plocha\OTL.exe
Deleted : C:\WINDOWS\grep.exe
Deleted : C:\WINDOWS\PEV.exe
Deleted : C:\WINDOWS\NIRCMD.exe
Deleted : C:\WINDOWS\MBR.exe
Deleted : C:\WINDOWS\SED.exe
Deleted : C:\WINDOWS\SWREG.exe
Deleted : C:\WINDOWS\SWSC.exe
Deleted : C:\WINDOWS\SWXCACLS.exe
Deleted : C:\WINDOWS\Zip.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
########## - EOF - ##########
Re: Trojský kůň JS/Kryptik.I
Zdravím,
problémy ustaly. Minulý týden jsem byl mimo, takže dodatečně velké díky.
Zaslouží si to odměnu, posílám dar...
problémy ustaly. Minulý týden jsem byl mimo, takže dodatečně velké díky.
Zaslouží si to odměnu, posílám dar...
Přispějete na provoz fóra?