Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Preventivka, ... i když sem tam padá Firefox i Explorer

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Jan7980
1. Stupeň Varování
Příspěvky: 66
Registrován: 04 dub 2006 15:36

Preventivka, ... i když sem tam padá Firefox i Explorer

#1 Příspěvek od Jan7980 »

Dobrý večer, žádám o preventivní kontrolu logu. Poslední cca 3 dny mi několikrát za den spadne spuštěný Firefox, nebo IExplorer.

Logfile of random's system information tool 1.06 (written by random/random)
Run by internet at 2010-03-18 22:06:32
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (22%) free of 15 GB
Total RAM: 3326 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:07:13, on 18.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
D:\XP\Program Files\USB Safely Remove\USBSRService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\astsrv.exe
D:\XP\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
D:\XP\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\XP\Program Files\OO Software\Defrag\oodag.exe
D:\XP\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
D:\Genius\ioCentre\gTaskBar.exe
D:\XP\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\GIGABYTE\ET6\GUI.exe
C:\WINDOWS\RTHDCPL.EXE
D:\Genius\ioCentre\gMouseTask.exe
D:\XP\Program Files\USB Safely Remove\USBSafelyRemove.exe
D:\Genius\ioCentre\gKbdTask.exe
D:\Genius\ioCentre\gIoCentreFunMgm.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Genius\ioCentre\gIoCentreFunMgm.exe
D:\XP\Program Files\Mozilla Firefox\firefox.exe
E:\RSIT.exe
D:\XP\Program Files\trend micro\internet.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\XP\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\XP\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [ioCentre] D:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [egui] "D:\XP\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [OODefragTray] D:\XP\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [USB Safely Remove] D:\XP\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "d:\xp\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\XP\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\XP\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1992342843
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BB9ECAC-95EF-4B0A-97AE-17BFB705EB9A}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{70DF0930-8FEA-49DE-8340-B4DB3ED3B381}: NameServer = 192.168.0.1
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\SYSTEM32\astsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - D:\XP\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - D:\XP\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\XP\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\XP\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - D:\XP\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - D:\XP\Program Files\USB Safely Remove\USBSRService.exe

--
End of file - 6162 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\XP\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\XP\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"EasyTuneVI"=C:\Program Files\GIGABYTE\ET6\ETcall.exe [2007-07-26 20480]
"ioCentre"=D:\Genius\ioCentre\gTaskBar.exe [2009-06-17 61440]
"egui"=D:\XP\Program Files\ESET\ESET Smart Security\egui.exe [2009-05-14 2029640]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-10-06 18750976]
"OODefragTray"=D:\XP\Program Files\OO Software\Defrag\oodtray.exe [2009-09-12 2524416]
"SunJavaUpdateSched"=D:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"USB Safely Remove"=D:\XP\Program Files\USB Safely Remove\USBSafelyRemove.exe [2010-01-03 3911680]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Steam"=d:\xp\program files\steam\steam.exe [2010-02-27 1217872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe -launchedbylogin []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update]
D:\XP\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe [2009-01-14 113680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
D:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-03-17 2289664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
D:\XP\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
D:\XP\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [2007-02-20 199752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^internet^Nabídka Start^Programy^Po spuštění^LimeWire On Startup.lnk]
D:\XP\PROGRA~1\LimeWire\LimeWire.exe [2009-09-30 503808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-07-21 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Hry\Wolfenstein - Enemy Territory\ET.exe"="D:\Hry\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\Program Files\GIGABYTE\@BIOS\gwflash.exe"="C:\Program Files\GIGABYTE\@BIOS\gwflash.exe:*:Enabled:@BIOS Application"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"D:\XP\Program Files\uTorrent\utorrent.exe"="D:\XP\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"D:\XP\Program Files\Pinnacle\Studio 14\Programs\RM.exe"="D:\XP\Program Files\Pinnacle\Studio 14\Programs\RM.exe:*:Enabled:Render Manager"
"D:\XP\Program Files\Pinnacle\Studio 14\Programs\Studio.exe"="D:\XP\Program Files\Pinnacle\Studio 14\Programs\Studio.exe:*:Enabled:Studio"
"D:\XP\Program Files\Pinnacle\Studio 14\Programs\umi.exe"="D:\XP\Program Files\Pinnacle\Studio 14\Programs\umi.exe:*:Enabled:umi"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-03-18 22:06:32 ----D---- C:\rsit
2010-03-17 20:01:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\BVRP Software
2010-03-17 20:00:25 ----A---- C:\Documents and Settings\All Users\Data aplikací\hpeB20.dll
2010-03-17 20:00:02 ----D---- D:\XP\Program Files\Sony Ericsson
2010-03-17 20:00:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sony Ericsson
2010-03-15 19:07:28 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2010-03-15 18:22:54 ----A---- C:\WINDOWS\IE4 Error Log.txt
2010-03-08 20:21:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2010-03-08 20:21:04 ----D---- D:\Program Files\Common Files\Java
2010-03-07 13:14:49 ----SHD---- C:\$RECYCLE.BIN
2010-03-07 08:25:33 ----HDC---- C:\WINDOWS\$NtUninstallKB977165-v2$
2010-02-27 11:01:12 ----D---- D:\XP\Program Files\Steam
2010-02-26 15:05:06 ----D---- C:\WinSetupFromUSB
2010-02-26 14:54:04 ----D---- C:\Downloads
2010-02-24 10:06:02 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-21 14:46:01 ----D---- D:\XP\Program Files\Rainlendar2
2010-02-20 10:50:46 ----D---- D:\XP\Program Files\MediaInfo

======List of files/folders modified in the last 1 months======

2010-03-18 22:07:09 ----D---- D:\XP\Program Files\trend micro
2010-03-18 22:06:32 ----D---- C:\WINDOWS\Temp
2010-03-18 22:06:25 ----D---- C:\WINDOWS\Prefetch
2010-03-18 22:06:21 ----D---- C:\Documents and Settings\internet\Data aplikací\uTorrent
2010-03-18 20:43:45 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-18 20:28:59 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-18 19:22:48 ----D---- C:\WINDOWS\system32
2010-03-18 15:14:04 ----AD---- C:\WINDOWS
2010-03-18 13:21:38 ----D---- D:\XP\Program Files\Mozilla Thunderbird
2010-03-18 10:09:06 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-03-17 22:15:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-17 20:58:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-03-17 20:02:43 ----D---- C:\WINDOWS\system32\drivers
2010-03-17 20:02:27 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-17 20:02:15 ----HD---- C:\WINDOWS\inf
2010-03-17 20:01:28 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-03-17 20:00:02 ----HD---- D:\XP\Program Files\InstallShield Installation Information
2010-03-16 21:48:02 ----D---- C:\Documents and Settings\internet\Data aplikací\365dni
2010-03-15 19:07:52 ----D---- C:\WINDOWS\system32\dllcache
2010-03-15 17:21:18 ----SHD---- C:\WINDOWS\Installer
2010-03-15 14:28:05 ----D---- C:\Documents and Settings\internet\Data aplikací\Adobe
2010-03-15 13:47:40 ----D---- D:\Program Files\Common Files\Adobe
2010-03-15 13:45:14 ----D---- D:\XP\Program Files\Adobe
2010-03-15 13:39:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-03-15 13:23:57 ----D---- C:\WINDOWS\Debug
2010-03-13 11:47:44 ----D---- D:\XP\Program Files\Mozilla Firefox
2010-03-11 07:44:53 ----A---- C:\WINDOWS\win.ini
2010-03-09 13:26:09 ----A---- C:\WINDOWS\Hposcv07.INI
2010-03-09 13:25:28 ----A---- C:\WINDOWS\DevMgr.ini
2010-03-08 20:18:10 ----D---- C:\Documents and Settings\internet\Data aplikací\VideoReDoPlus
2010-03-08 17:42:17 ----A---- C:\WINDOWS\WINCMD.INI
2010-03-08 14:50:00 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-03-07 08:25:24 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-02 06:30:12 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-26 18:02:34 ----RD---- C:\Program Files
2010-02-21 19:04:55 ----D---- C:\Documents and Settings\internet\Data aplikací\LimeWire
2010-02-19 16:24:21 ----D---- D:\XP\Program Files\totalcmd
2010-02-19 13:36:04 ----D---- D:\XP\Program Files\Digsby

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-05-14 55768]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys [2005-04-27 120995]
R1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys [2005-04-29 26672]
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-05-14 133000]
R2 MaVctrl;MaVctrl; C:\WINDOWS\system32\DRIVERS\MaVc2K.sys [2007-01-16 11986]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-07-21 3565056]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-05-14 33096]
R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
R3 gHidPnp;USB Device Enhanced Function Driver; C:\WINDOWS\System32\Drivers\gHidPnp.Sys [2009-06-27 20480]
R3 gMouUsb;USB Mouse Device Drv; C:\WINDOWS\system32\DRIVERS\gMouUsb.sys [2009-06-25 11520]
R3 GVTDrv;GVTDrv; \??\C:\WINDOWS\system32\Drivers\GVTDrv.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-10-06 5922816]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-07-28 143360]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
R4 atidgllk;atidgllk; \??\C:\Program Files\GIGABYTE\ET6\atidgllk.sys []
S2 AKEProtect;AKEProtect; \??\D:\XP\Program Files\Anti Keylogger Elite\AKEProtect.sys []
S3 2802W;SMC2802W 2.4GHz 54 Mbps Wireless PCI Driver; C:\WINDOWS\system32\DRIVERS\2802W.sys [2004-04-29 385920]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-14 48128]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-14 38912]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 gMouPS2;PS2 Scroll Mouse Device; C:\WINDOWS\system32\DRIVERS\gMouPS2.sys [2009-06-30 17408]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-14 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-06-27 47360]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys []
S3 vncmirror;vncmirror; C:\WINDOWS\system32\DRIVERS\vncmirror.sys [2008-05-06 4608]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 astcc;AST Service; C:\WINDOWS\SYSTEM32\astsrv.exe [2008-11-11 57344]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-07-21 602112]
R2 ekrn;ESET Service; D:\XP\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]
R2 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [2008-05-13 80392]
R2 JavaQuickStarterService;Java Quick Starter; D:\XP\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; D:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-17 73728]
R2 O&O Defrag;O&O Defrag; D:\XP\Program Files\OO Software\Defrag\oodag.exe [2009-09-12 1488128]
R2 OMSI download service;Sony Ericsson OMSI download service; D:\XP\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-07-21 75064]
R2 USBSafelyRemoveService;USB Safely Remove Assistant; D:\XP\Program Files\USB Safely Remove\USBSRService.exe [2009-11-26 261456]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-07-21 593920]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; D:\XP\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-05-14 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: Preventivka, ... i když sem tam padá Firefox i Explorer

#2 Příspěvek od Caroprd111 »

Zdravím :)

Na logu se pracuje, prosím o strpení.
Obrázek
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: Preventivka, ... i když sem tam padá Firefox i Explorer

#3 Příspěvek od Caroprd111 »

Obrázek Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
  • Spusťte program, poté klikněte na Run Scan
  • Po dokončení, sem vložte logy OTL.Txt a Extras.txt
Obrázek
Nahoru
Jan7980
1. Stupeň Varování
Příspěvky: 66
Registrován: 04 dub 2006 15:36

Re: Preventivka, ... i když sem tam padá Firefox i Explorer

#4 Příspěvek od Jan7980 »

OTL logfile created on: 19.3.2010 15:56:02 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\internet\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 79,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = D:\XP\Program Files
Drive C: | 14,65 Gb Total Space | 3,12 Gb Free Space | 21,29% Space Free | Partition Type: NTFS
Drive D: | 138,81 Gb Total Space | 11,00 Gb Free Space | 7,93% Space Free | Partition Type: NTFS
Drive E: | 420,39 Gb Total Space | 10,50 Gb Free Space | 2,50% Space Free | Partition Type: NTFS
Drive F: | 93,16 Gb Total Space | 1,58 Gb Free Space | 1,70% Space Free | Partition Type: NTFS
Drive G: | 22,33 Gb Total Space | 22,27 Gb Free Space | 99,71% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PO-AF8840645E3B
Current User Name: internet
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.03.19 15:55:51 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\internet\Plocha\OTL.exe
PRC - [2010.03.13 11:47:38 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\XP\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.01.03 19:13:37 | 003,911,680 | ---- | M] () -- D:\XP\Program Files\USB Safely Remove\USBSafelyRemove.exe
PRC - [2009.11.26 08:59:56 | 000,261,456 | ---- | M] () -- D:\XP\Program Files\USB Safely Remove\USBSRService.exe
PRC - [2009.09.12 00:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) -- D:\XP\Program Files\OO Software\Defrag\oodag.exe
PRC - [2009.06.18 12:55:24 | 000,172,032 | ---- | M] () -- D:\Genius\ioCentre\gKbdTask.exe
PRC - [2009.06.18 12:54:36 | 000,299,008 | ---- | M] () -- D:\Genius\ioCentre\gMouseTask.exe
PRC - [2009.06.17 16:47:18 | 000,061,440 | ---- | M] () -- D:\Genius\ioCentre\gTaskBar.exe
PRC - [2009.06.17 13:33:34 | 000,053,248 | ---- | M] (TODO: <Company name>) -- D:\Genius\ioCentre\gIoCentreFunMgm.exe
PRC - [2009.05.14 14:47:54 | 000,731,840 | ---- | M] (ESET) -- D:\XP\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009.05.14 14:47:08 | 002,029,640 | ---- | M] (ESET) -- D:\XP\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () -- D:\XP\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2008.11.11 18:23:22 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
PRC - [2008.05.13 18:07:24 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.25 17:21:56 | 000,219,656 | ---- | M] () -- C:\Program Files\GIGABYTE\ET6\GUI.exe


========== Modules (SafeList) ==========

MOD - [2010.03.19 15:55:51 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\internet\Plocha\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009.11.26 08:59:56 | 000,261,456 | ---- | M] () [Auto | Running] -- D:\XP\Program Files\USB Safely Remove\USBSRService.exe -- (USBSafelyRemoveService)
SRV - [2009.09.12 00:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) [Auto | Running] -- D:\XP\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV - [2009.05.14 14:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- D:\XP\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.05.14 14:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- D:\XP\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- D:\XP\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.11.11 18:23:22 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (astcc)
SRV - [2008.07.29 18:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.05.13 18:07:24 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2007.01.05 20:57:30 | 000,913,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006.10.26 18:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010.03.19 15:56:05 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010.03.19 12:12:10 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GVTDrv.sys -- (GVTDrv)
DRV - [2009.10.06 18:54:16 | 005,922,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.07.28 16:55:00 | 000,143,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009.07.21 17:30:48 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.06.30 11:13:12 | 000,017,408 | ---- | M] ( Mouse Upfilter Driver ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gMouPS2.sys -- (gMouPS2)
DRV - [2009.06.27 16:30:32 | 000,020,480 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gHidPnp.sys -- (gHidPnp)
DRV - [2009.06.25 16:04:28 | 000,011,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gMouUsb.sys -- (gMouUsb)
DRV - [2009.05.14 14:49:26 | 000,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009.05.14 14:49:26 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009.05.14 14:49:22 | 000,133,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009.05.14 14:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.05.14 14:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008.08.05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.06.20 12:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008.05.16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008.05.16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008.05.16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008.05.06 09:43:34 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2008.04.14 00:16:22 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008.04.14 00:16:22 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008.04.14 00:16:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008.04.13 21:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.02.18 00:15:34 | 000,232,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2007.01.29 06:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2007.01.16 10:44:46 | 000,011,986 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)
DRV - [2006.07.19 12:25:10 | 000,012,048 | R--- | M] (ATI Technologies Inc.) [Kernel | Disabled | Running] -- C:\Program Files\GIGABYTE\ET6\atidgllk.sys -- (atidgllk)
DRV - [2006.01.04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005.09.23 21:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005.04.29 10:17:50 | 000,026,672 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2005.04.29 09:59:26 | 000,018,208 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore.sys -- (hotcore)
DRV - [2005.04.27 11:03:24 | 000,120,995 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2004.04.29 13:19:56 | 000,385,920 | ---- | M] (SMC Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\2802W.sys -- (2802W)
DRV - [2003.07.16 13:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.cz/firefox?client=fir ... s:official"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: webmaster@keep-tube.com:1.0

FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port: 0
FF - user.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: D:\XP\Program Files\Mozilla Firefox\components [2010.03.13 11:47:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: D:\XP\Program Files\Mozilla Firefox\plugins [2010.03.13 11:47:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: D:\XP\Program Files\Mozilla Thunderbird\components [2009.12.26 14:42:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: D:\XP\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: D:\XP\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009.08.13 20:58:25 | 000,000,000 | ---D | M]

[2009.07.19 16:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\internet\Data aplikací\Mozilla\Extensions
[2010.03.18 22:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\internet\Data aplikací\Mozilla\Firefox\Profiles\jw8u0i1r.default\extensions
[2009.07.28 08:56:34 | 000,000,000 | ---D | M] (Custom Download Manager) -- C:\Documents and Settings\internet\Data aplikací\Mozilla\Firefox\Profiles\jw8u0i1r.default\extensions\{04b56b3f-c4f4-48ba-9ea1-30e04fb7d829}
[2010.02.12 21:20:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\internet\Data aplikací\Mozilla\Firefox\Profiles\jw8u0i1r.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.09.28 14:37:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\internet\Data aplikací\Mozilla\Firefox\Profiles\jw8u0i1r.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.02.12 21:20:25 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\internet\Data aplikací\Mozilla\Firefox\Profiles\jw8u0i1r.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009.10.10 15:14:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\internet\Data aplikací\Mozilla\Firefox\Profiles\jw8u0i1r.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009.07.19 16:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\internet\Data aplikací\Mozilla\Firefox\Profiles\jw8u0i1r.default\extensions\check4change-owner@mozdev.org
[2009.07.28 08:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\internet\Data aplikací\Mozilla\Firefox\Profiles\jw8u0i1r.default\extensions\max@subfighter.com
[2009.09.28 14:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\internet\Data aplikací\Mozilla\Firefox\Profiles\jw8u0i1r.default\extensions\netvideohunter@netvideohunter.com
[2010.02.12 21:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\internet\Data aplikací\Mozilla\Firefox\Profiles\jw8u0i1r.default\extensions\staged-xpis
[2010.02.12 21:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\internet\Data aplikací\Mozilla\Firefox\Profiles\jw8u0i1r.default\extensions\webmaster@keep-tube.com
[2010.03.18 22:16:41 | 000,000,000 | ---D | M] -- D:\XP\Program Files\Mozilla Firefox\extensions
[2010.03.13 11:47:39 | 000,000,638 | ---- | M] () -- D:\XP\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.03.13 11:47:39 | 000,001,687 | ---- | M] () -- D:\XP\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.03.13 11:47:39 | 000,001,367 | ---- | M] () -- D:\XP\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.03.13 11:47:39 | 000,000,654 | ---- | M] () -- D:\XP\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.03.13 11:47:39 | 000,001,179 | ---- | M] () -- D:\XP\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2009.12.24 21:56:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe ()
O4 - HKLM..\Run: [egui] D:\XP\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [ioCentre] D:\Genius\ioCentre\gTaskBar.exe ()
O4 - HKLM..\Run: [OODefragTray] D:\XP\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKCU..\Run: [Steam] d:\xp\program files\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [USB Safely Remove] D:\XP\Program Files\USB Safely Remove\USBSafelyRemove.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 1992342843 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - D:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - D:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\internet\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\internet\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.28 13:39:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.03.19 15:55:37 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\internet\Plocha\OTL.exe
[2010.03.19 08:24:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\internet\Recent
[2010.03.18 22:06:32 | 000,000,000 | ---D | C] -- C:\rsit
[2010.03.17 20:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\internet\Dokumenty\Sony Ericsson
[2010.03.17 20:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\internet\Local Settings\Data aplikací\Sony Ericsson
[2010.03.17 20:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\BVRP Software
[2010.03.17 20:00:38 | 000,115,752 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0016unic.sys
[2010.03.17 20:00:38 | 000,010,792 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0016cr.sys
[2010.03.17 20:00:37 | 000,114,216 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0016mgmt.sys
[2010.03.17 20:00:36 | 000,110,632 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0016obex.sys
[2010.03.17 20:00:35 | 000,025,512 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0016nd5.sys
[2010.03.17 20:00:34 | 000,120,744 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0016mdm.sys
[2010.03.17 20:00:34 | 000,015,016 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0016mdfl.sys
[2010.03.17 20:00:34 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0016cmnt.sys
[2010.03.17 20:00:34 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0016cm.sys
[2010.03.17 20:00:33 | 000,089,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0016bus.sys
[2010.03.17 20:00:33 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0016whnt.sys
[2010.03.17 20:00:33 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0016wh.sys
[2010.03.17 20:00:25 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Data aplikací\hpeB20.dll
[2010.03.17 20:00:02 | 000,000,000 | ---D | C] -- D:\XP\Program Files\Sony Ericsson
[2010.03.17 20:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Sony Ericsson
[2010.03.15 19:07:46 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2010.03.15 19:07:43 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2010.03.15 19:07:41 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2010.03.15 19:07:41 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2010.03.15 19:07:41 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2010.03.15 19:07:39 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2010.03.15 19:07:37 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2010.03.15 19:07:34 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2010.03.15 19:07:32 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2010.03.15 19:07:29 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2010.03.15 19:07:29 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2010.03.15 19:07:29 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2010.03.15 19:07:29 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2010.03.15 19:07:29 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2010.03.15 19:07:29 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax
[2010.03.15 19:07:28 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2010.03.15 19:07:28 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2010.03.15 19:07:28 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msdv.sys
[2010.03.15 19:07:28 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2010.03.15 19:07:28 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2010.03.15 19:07:28 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2010.03.15 19:07:24 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\avc.sys
[2010.03.15 19:07:24 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2010.03.15 19:07:21 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\61883.sys
[2010.03.15 19:07:21 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2010.03.08 20:21:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Sun
[2010.03.08 20:21:04 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Java
[2010.03.07 13:14:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.03.04 17:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\internet\Plocha\Bouračka Vectra
[2010.02.27 11:01:12 | 000,000,000 | ---D | C] -- D:\XP\Program Files\Steam
[2010.02.26 15:05:06 | 000,000,000 | ---D | C] -- C:\WinSetupFromUSB
[2010.02.26 14:54:04 | 000,000,000 | ---D | C] -- C:\Downloads
[2010.02.26 14:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\internet\Local Settings\Data aplikací\Deployment
[2010.02.21 14:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\internet\.rainlendar2
[2010.02.21 14:46:01 | 000,000,000 | ---D | C] -- D:\XP\Program Files\Rainlendar2
[2010.02.20 10:50:46 | 000,000,000 | ---D | C] -- D:\XP\Program Files\MediaInfo
[2009.12.12 12:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\VMware
[2009.09.25 10:59:56 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\internet\Data aplikací\pcouffin.sys
[2009.09.16 12:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Google
[2009.09.16 12:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Google
[2009.09.13 16:42:56 | 000,127,059 | ---- | C] ( ) -- C:\WINDOWS\System32\DSLLK189.dll
[2009.09.10 14:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Adobe
[2009.06.27 12:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET
[2009.03.29 19:00:44 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2009.03.28 13:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2009.03.28 13:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2009.03.28 13:39:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2004.12.13 07:57:36 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.03.19 15:56:44 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2010.03.19 15:55:51 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\internet\Plocha\OTL.exe
[2010.03.19 13:41:17 | 000,138,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.03.19 13:40:57 | 000,214,816 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010.03.19 12:12:10 | 000,024,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2010.03.19 12:12:10 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\GVTunner.ref
[2010.03.19 12:11:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.03.19 12:11:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.19 12:11:02 | 000,148,016 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2010.03.19 08:24:54 | 012,058,624 | -H-- | M] () -- C:\Documents and Settings\internet\NTUSER.DAT
[2010.03.19 08:24:54 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\internet\ntuser.ini
[2010.03.19 07:53:15 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.03.18 18:11:08 | 000,232,960 | ---- | M] () -- C:\Documents and Settings\internet\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.18 12:55:52 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\PCLECHAL.INI
[2010.03.18 10:08:13 | 000,767,126 | ---- | M] () -- C:\Documents and Settings\internet\Plocha\cenik_leden.pdf
[2010.03.18 08:56:24 | 000,002,231 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\IKEA Home Planner.lnk
[2010.03.17 20:00:26 | 000,001,779 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Sony Ericsson PC Suite 6.0.lnk
[2010.03.17 20:00:25 | 000,148,736 | ---- | M] (Avanquest Software) -- C:\Documents and Settings\All Users\Data aplikací\hpeB20.dll
[2010.03.16 19:16:02 | 000,115,937 | ---- | M] () -- C:\Documents and Settings\internet\Dokumenty\windows server 2003 cz.lbl
[2010.03.16 19:03:42 | 000,153,690 | ---- | M] () -- C:\Documents and Settings\internet\Dokumenty\windows 7.lbl
[2010.03.16 15:42:30 | 000,133,740 | ---- | M] () -- C:\Documents and Settings\internet\Dokumenty\windows server 2008.lbl
[2010.03.15 22:23:37 | 000,033,556 | ---- | M] () -- C:\Documents and Settings\internet\Dokumenty\cc_20100315_222324.reg
[2010.03.12 08:34:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.11 19:32:30 | 001,775,616 | ---- | M] () -- C:\Documents and Settings\internet\Plocha\Nový objekt - Dokument aplikace Microsoft Word.doc
[2010.03.11 07:44:53 | 000,000,622 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.03.09 18:13:45 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\internet\Dokumenty\profesní životopis.doc
[2010.03.09 13:44:37 | 000,082,640 | ---- | M] () -- C:\Documents and Settings\internet\Dokumenty\cc_20100309_134417.reg
[2010.03.09 13:26:09 | 000,000,020 | ---- | M] () -- C:\WINDOWS\Hposcv07.INI
[2010.03.09 13:25:28 | 000,002,724 | ---- | M] () -- C:\WINDOWS\DevMgr.ini
[2010.03.09 11:22:06 | 000,154,032 | ---- | M] () -- C:\Documents and Settings\internet\Plocha\identifikace_up.pdf
[2010.03.08 17:42:17 | 000,003,189 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2010.03.08 14:50:00 | 000,000,501 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini
[2010.02.27 11:07:14 | 000,001,576 | ---- | M] () -- C:\Documents and Settings\internet\Plocha\Half-Life 2 Deathmatch.lnk
[2010.02.27 11:01:12 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Steam.lnk
[2010.02.19 10:56:36 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\internet\Dokumenty\Platby a povinnosti.xls
[2010.02.19 10:39:27 | 000,955,572 | ---- | M] () -- C:\Documents and Settings\internet\Dokumenty\TP zadní strana.jpg
[2010.02.19 10:37:45 | 000,989,488 | ---- | M] () -- C:\Documents and Settings\internet\Dokumenty\TP přední strana.jpg
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.03.18 10:08:13 | 000,767,126 | ---- | C] () -- C:\Documents and Settings\internet\Plocha\cenik_leden.pdf
[2010.03.17 20:00:26 | 000,001,779 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Sony Ericsson PC Suite 6.0.lnk
[2010.03.16 19:13:31 | 000,115,937 | ---- | C] () -- C:\Documents and Settings\internet\Dokumenty\windows server 2003 cz.lbl
[2010.03.16 15:42:30 | 000,133,740 | ---- | C] () -- C:\Documents and Settings\internet\Dokumenty\windows server 2008.lbl
[2010.03.15 22:23:25 | 000,033,556 | ---- | C] () -- C:\Documents and Settings\internet\Dokumenty\cc_20100315_222324.reg
[2010.03.09 13:44:18 | 000,082,640 | ---- | C] () -- C:\Documents and Settings\internet\Dokumenty\cc_20100309_134417.reg
[2010.03.09 11:22:06 | 000,154,032 | ---- | C] () -- C:\Documents and Settings\internet\Plocha\identifikace_up.pdf
[2010.02.27 14:52:01 | 001,775,616 | ---- | C] () -- C:\Documents and Settings\internet\Plocha\Nový objekt - Dokument aplikace Microsoft Word.doc
[2010.02.27 11:07:14 | 000,001,576 | ---- | C] () -- C:\Documents and Settings\internet\Plocha\Half-Life 2 Deathmatch.lnk
[2010.02.27 11:01:12 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Steam.lnk
[2010.02.19 10:39:27 | 000,955,572 | ---- | C] () -- C:\Documents and Settings\internet\Dokumenty\TP zadní strana.jpg
[2010.02.19 10:37:45 | 000,989,488 | ---- | C] () -- C:\Documents and Settings\internet\Dokumenty\TP přední strana.jpg
[2010.02.07 23:10:31 | 000,005,775 | ---- | C] () -- C:\Documents and Settings\internet\Data aplikací\365dni.log
[2010.02.07 23:00:47 | 000,014,792 | ---- | C] () -- C:\Documents and Settings\internet\Data aplikací\365dniError.log
[2010.01.08 18:39:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinHDM.INI
[2010.01.08 18:37:18 | 003,870,720 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll
[2010.01.08 18:37:10 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\UimExt.dll
[2010.01.08 18:37:09 | 000,120,995 | ---- | C] () -- C:\WINDOWS\System32\drivers\Uim_IM.sys
[2010.01.08 18:37:09 | 000,006,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\UimFIO.sys
[2009.12.18 21:57:08 | 001,210,536 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2009.11.28 18:22:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009.10.24 11:27:24 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2009.10.23 12:03:24 | 000,003,244 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\__wdump.txt
[2009.10.12 12:21:38 | 000,000,533 | ---- | C] () -- C:\WINDOWS\Tcsofla.INI
[2009.10.05 14:24:01 | 000,000,546 | ---- | C] () -- C:\Documents and Settings\internet\Data aplikací\VideoReDo.Vprj
[2009.10.05 14:12:26 | 001,202,581 | ---- | C] () -- C:\Documents and Settings\internet\Data aplikací\VideoReDo.Log
[2009.09.29 21:37:59 | 000,000,563 | ---- | C] () -- C:\Documents and Settings\internet\Data aplikací\AutoGK.ini
[2009.09.25 10:59:56 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\internet\Data aplikací\inst.exe
[2009.09.25 10:59:56 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\internet\Data aplikací\pcouffin.cat
[2009.09.25 10:59:56 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\internet\Data aplikací\pcouffin.inf
[2009.09.25 10:59:56 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\internet\Data aplikací\pcouffin.log
[2009.09.13 16:18:00 | 000,000,024 | -H-- | C] () -- C:\WINDOWS\msrgctb.ini
[2009.09.13 16:18:00 | 000,000,024 | -H-- | C] () -- C:\WINDOWS\msrgcta.ini
[2009.09.05 12:47:58 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\internet\Local Settings\Data aplikací\PUTTY.RND
[2009.08.31 21:34:33 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\WnASPI32.dll
[2009.08.26 10:46:26 | 000,000,041 | ---- | C] () -- C:\WINDOWS\FtpUploader.ini
[2009.08.22 14:47:48 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\pavedius5db.dll
[2009.08.22 14:47:48 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\pavedius.dll
[2009.08.08 17:24:02 | 000,002,724 | ---- | C] () -- C:\WINDOWS\DevMgr.ini
[2009.08.08 17:20:57 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2009.08.07 21:36:06 | 000,000,222 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2009.08.07 21:35:14 | 000,000,107 | ---- | C] () -- C:\WINDOWS\VobEdit.INI
[2009.07.31 14:15:03 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\gHidPnp.sys
[2009.07.31 14:15:03 | 000,011,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\gMouUsb.sys
[2009.07.28 11:23:40 | 000,000,983 | ---- | C] () -- C:\WINDOWS\MyHeritage.INI
[2009.07.28 11:20:47 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
[2009.07.24 18:43:45 | 000,000,501 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2009.07.24 18:43:20 | 000,003,189 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2009.07.21 13:34:44 | 000,138,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.07.19 16:43:20 | 000,232,960 | ---- | C] () -- C:\Documents and Settings\internet\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.26 12:11:09 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.03.29 19:42:14 | 000,000,526 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.03.28 18:38:50 | 000,024,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2009.03.28 13:40:53 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.03.28 13:40:53 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.01.25 22:10:48 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.01.09 00:01:22 | 000,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006.08.16 15:13:34 | 001,382,280 | ---- | C] () -- C:\WINDOWS\System32\fftw3.dll
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:0888F409
< End of report >
Nahoru
Jan7980
1. Stupeň Varování
Příspěvky: 66
Registrován: 04 dub 2006 15:36

Re: Preventivka, ... i když sem tam padá Firefox i Explorer

#5 Příspěvek od Jan7980 »

OTL Extras logfile created on: 19.3.2010 15:56:02 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\internet\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 79,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = D:\XP\Program Files
Drive C: | 14,65 Gb Total Space | 3,12 Gb Free Space | 21,29% Space Free | Partition Type: NTFS
Drive D: | 138,81 Gb Total Space | 11,00 Gb Free Space | 7,93% Space Free | Partition Type: NTFS
Drive E: | 420,39 Gb Total Space | 10,50 Gb Free Space | 2,50% Space Free | Partition Type: NTFS
Drive F: | 93,16 Gb Total Space | 1,58 Gb Free Space | 1,70% Space Free | Partition Type: NTFS
Drive G: | 22,33 Gb Total Space | 22,27 Gb Free Space | 99,71% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PO-AF8840645E3B
Current User Name: internet
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\XP\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "D:\XP\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FOTOSVET Schlecker 2] -- "D:\XP\Program Files\Schlecker\FOTOSVET Schlecker 2\FOTOSVET Schlecker 2.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Hry\Wolfenstein - Enemy Territory\ET.exe" = D:\Hry\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET -- ()
"C:\Program Files\GIGABYTE\@BIOS\gwflash.exe" = C:\Program Files\GIGABYTE\@BIOS\gwflash.exe:*:Enabled:@BIOS Application -- ()
"D:\XP\Program Files\uTorrent\utorrent.exe" = D:\XP\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\XP\Program Files\Pinnacle\Studio 14\Programs\RM.exe" = D:\XP\Program Files\Pinnacle\Studio 14\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"D:\XP\Program Files\Pinnacle\Studio 14\Programs\Studio.exe" = D:\XP\Program Files\Pinnacle\Studio 14\Programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"D:\XP\Program Files\Pinnacle\Studio 14\Programs\umi.exe" = D:\XP\Program Files\Pinnacle\Studio 14\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1A05C238-2E6A-4CB5-8600-E6C1E509E0CB}" = Paragon Hard Disk Manager 6.0 Professional
"{1C52A42B-32D4-49E6-994B-8373E4718049}" = O&O MediaRecovery
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B08.0516.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = EOS Capture 1.5
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Ovladače videa společnosti Pinnacle
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0520.1
"{8075BC83-7F8F-4FE0-9792-685723B06713}" = ESET Smart Security
"{841D4524-7950-4A4F-A4E6-931A1A2E201C}" = TMPGEnc 4.0 XPress
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{9578C0CD-8108-4379-9026-4601F59859A0}" = Google Earth Pro
"{A2B4621B-CEB9-4E44-95FD-3500D4DB3727}" = ioCentre
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9 Lite
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.0
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CBF78A5F-7950-4CF1-A063-C4C7B2B82CE6}" = SoundSoap PE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED6C5ECD-5AA4-4054-BF67-8F49526E5765}" = O&O Defrag Professional
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"µTorrent CZ_is1" = µTorrent CZ 1.8.4 (build 16688)
"365dní6.0.7" = 365dní
"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ahnenblatt_is1" = Ahnenblatt 2.62
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"ATI Display Driver" = ATI Display Driver
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner (remove only)
"Collectorz.com Game Collector" = Collectorz.com Game Collector
"Digsby" = Digsby
"DVDFab 6_is1" = DVDFab 6.1.2.5 (27/10/2009)
"Family Tree Builder" = MyHeritage Family Tree Builder
"ffdshow_is1" = ffdshow [rev 3119] [2009-10-27]
"FOTOSVET Schlecker 2" = FOTOSVET Schlecker 2
"HijackThis" = HijackThis 2.0.2
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA Driver
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B08.0516.2
"InstallShield_{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = Canon Utilities EOS Capture 1.5
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"LimeWire" = LimeWire 5.3.6
"MediaInfo" = MediaInfo 0.7.27
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"PSPad editor_is1" = PSPad editor
"Steam App 320" = Half-Life 2: Deathmatch
"Totalcmd" = Total Commander (Remove or Repair)
"UltraISO_is1" = UltraISO Premium V9.35
"USB Safely Remove_is1" = USB Safely Remove 4.2
"VideoReDo-Plus_is1" = VideoReDo/Plus Version 2.5.5.512
"VISPRO" = Microsoft Office Visio Professional 2007
"VobSub" = VobSub v2.23 (Remove Only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"XviD4PSP5" = XviD4PSP 5.0
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZonerPhotoStudio12_CZ_is1" = Zoner Photo Studio 12

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DMGExtractor" = DMGExtractor

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: Preventivka, ... i když sem tam padá Firefox i Explorer

#6 Příspěvek od Caroprd111 »

Obrázek Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:0888F409

:COMMANDS
[EmptyTemp]
[ClearAllRestorePoints]
[Reboot]
Poté klikněte na Run fix, PC se restartuje, log vložte sem.



Obrázek Odinstalujte Spybot - Search & Destroy.
Obrázek
Nahoru
Jan7980
1. Stupeň Varování
Příspěvky: 66
Registrován: 04 dub 2006 15:36

Re: Preventivka, ... i když sem tam padá Firefox i Explorer

#7 Příspěvek od Jan7980 »

All processes killed
========== OTL ==========
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:0888F409 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: internet
->Temp folder emptied: 28282376 bytes
->Temporary Internet Files folder emptied: 7165990 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 86594003 bytes
->Flash cache emptied: 3347 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Počítač
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 83848338 bytes
->Flash cache emptied: 592 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2432895 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 212992 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 40900056 bytes

Total Files Cleaned = 238,00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.1.37.3 log created on 03192010_161813

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: Preventivka, ... i když sem tam padá Firefox i Explorer

#8 Příspěvek od Caroprd111 »

Jak to vypadá s PC :???:
Obrázek
Nahoru
Jan7980
1. Stupeň Varování
Příspěvky: 66
Registrován: 04 dub 2006 15:36

Re: Preventivka, ... i když sem tam padá Firefox i Explorer

#9 Příspěvek od Jan7980 »

PC zatím běží stabilně, čekám, jestli opět nespadne internetový browser.
Zatím Vám děkuji.
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: Preventivka, ... i když sem tam padá Firefox i Explorer

#10 Příspěvek od Caroprd111 »

Otestujte to a potom se ozvěte.
Obrázek
Nahoru
Jan7980
1. Stupeň Varování
Příspěvky: 66
Registrován: 04 dub 2006 15:36

Re: Preventivka, ... i když sem tam padá Firefox i Explorer

#11 Příspěvek od Jan7980 »

Bohužel, spadlo mi to znovu. A to, že to vždy spadne při neaktivitě okna internetového prohlížeče, ať už ho nechám spuštěné na pozadí, nebo spuštěné okno při neaktivitě na PC.
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: Preventivka, ... i když sem tam padá Firefox i Explorer

#12 Příspěvek od Caroprd111 »

Obrázek Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
  • Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
  • Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna :!:
  • Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
  • Během skenování může být počítač restartován.
Obrázek
Nahoru
Jan7980
1. Stupeň Varování
Příspěvky: 66
Registrován: 04 dub 2006 15:36

Re: Preventivka, ... i když sem tam padá Firefox i Explorer

#13 Příspěvek od Jan7980 »

ComboFix 10-03-18.02 - internet 19.03.2010 16:56:01.3.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2677 [GMT 1:00]
Spuštěný z: c:\documents and settings\internet\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2269691484-3948895443-4015588255-1000
c:\documents and settings\All Users\Data aplikací\hpeB20.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-19 do 2010-03-19 )))))))))))))))))))))))))))))))
.

2010-03-19 15:18 . 2010-03-19 15:18 -------- d-----w- C:\_OTL
2010-03-18 21:06 . 2010-03-18 21:07 -------- d-----w- C:\rsit
2010-03-15 18:07 . 2008-04-13 23:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-03-08 19:21 . 2010-03-08 19:21 -------- d-----w- d:\program files\Common Files\Java
2010-02-27 10:01 . 2010-03-19 15:24 -------- d-----w- d:\xp\Program Files\Steam
2010-02-26 14:05 . 2010-03-15 16:22 -------- d-----w- C:\WinSetupFromUSB
2010-02-26 13:54 . 2010-02-26 13:54 -------- d-----w- C:\Downloads
2010-02-21 13:46 . 2010-03-09 12:27 -------- d-----w- c:\documents and settings\internet\.rainlendar2
2010-02-21 13:46 . 2010-03-09 12:27 -------- d-----w- d:\xp\Program Files\Rainlendar2
2010-02-20 09:50 . 2010-02-20 09:50 -------- d-----w- d:\xp\Program Files\MediaInfo

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-19 15:57 . 2009-03-28 12:46 16608 ----a-w- c:\windows\gdrv.sys
2010-03-19 15:18 . 2001-10-25 11:00 79936 ----a-w- c:\windows\system32\perfc005.dat
2010-03-19 15:18 . 2001-10-25 11:00 433948 ----a-w- c:\windows\system32\perfh005.dat
2010-03-19 14:58 . 2009-09-29 16:52 -------- d-----w- d:\xp\Program Files\Mozilla Thunderbird
2010-03-19 12:41 . 2009-07-21 12:34 138328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-19 12:40 . 2009-07-21 12:34 214816 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-19 11:12 . 2009-03-28 17:38 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2010-03-18 21:07 . 2009-12-24 13:06 -------- d-----w- d:\xp\Program Files\trend micro
2010-03-17 19:00 . 2010-03-17 19:00 -------- d-----w- d:\xp\Program Files\Sony Ericsson
2010-03-17 19:00 . 2009-03-29 18:12 -------- d--h--w- d:\xp\Program Files\InstallShield Installation Information
2010-03-15 12:47 . 2009-06-26 07:29 -------- d-----w- d:\program files\Common Files\Adobe
2010-02-19 15:24 . 2009-08-22 12:52 -------- d-----w- d:\xp\Program Files\totalcmd
2010-02-19 12:36 . 2009-11-28 16:56 -------- d-----w- d:\xp\Program Files\Digsby
2010-02-07 21:56 . 2010-02-07 21:56 -------- d-----w- d:\xp\Program Files\365dníNET
2010-02-07 16:41 . 2009-12-24 10:34 -------- d-----w- d:\xp\Program Files\OO Software
2010-01-28 18:09 . 2010-01-28 18:08 -------- d-----w- d:\xp\Program Files\VideoReDoPlus
2010-01-26 19:42 . 2010-01-20 22:30 -------- d-----w- d:\xp\Program Files\PowerDataRecovery
2010-01-26 19:42 . 2010-01-22 12:13 -------- d-----w- d:\xp\Program Files\Game Cam
2010-01-26 19:42 . 2009-11-27 15:06 -------- d-----w- d:\xp\Program Files\DriverGenius
2010-01-22 10:36 . 2009-08-07 20:38 -------- d-----w- d:\xp\Program Files\Pegasys Inc
2010-01-20 18:35 . 2010-01-14 11:25 -------- d-----w- d:\xp\Program Files\Funshare CCcam Control 2.0
2010-01-20 18:34 . 2010-01-20 18:34 -------- d-----w- d:\xp\Program Files\DiskInternals
2009-12-31 16:50 . 2008-04-13 22:45 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-11-14 19:18 . 2009-11-14 15:12 5847072 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

------- Sigcheck -------

[-] 2009-11-07 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2009-03-19 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Safely Remove"="d:\xp\Program Files\USB Safely Remove\USBSafelyRemove.exe" [2010-01-03 3911680]
"Steam"="d:\xp\program files\steam\steam.exe" [2010-02-27 1217872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTuneVI"="c:\program files\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]
"ioCentre"="d:\genius\ioCentre\gTaskBar.exe" [2009-06-17 61440]
"egui"="d:\xp\Program Files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"RTHDCPL"="RTHDCPL.EXE" [2009-10-06 18750976]
"OODefragTray"="d:\xp\Program Files\OO Software\Defrag\oodtray.exe" [2009-09-11 2524416]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-14 100352]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^internet^Nabídka Start^Programy^Po spuštění^LimeWire On Startup.lnk]
path=c:\documents and settings\internet\Nabídka Start\Programy\Po spuštění\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update]
2009-01-14 13:49 113680 ----a-w- d:\xp\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 15:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 15:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-03-17 16:59 2289664 ----a-w- d:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 10:59 149280 ----a-w- d:\xp\Program Files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 09:07 199752 ----a-w- d:\xp\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Hry\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\XP\\Program Files\\uTorrent\\utorrent.exe"=
"d:\\XP\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"d:\\XP\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"d:\\XP\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [8.1.2010 18:37 18208]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 14:47 107256]
R2 ekrn;ESET Service;d:\xp\Program Files\ESET\ESET Smart Security\ekrn.exe [14.5.2009 14:47 731840]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [28.3.2009 13:48 80392]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;d:\xp\Program Files\USB Safely Remove\USBSRService.exe [11.11.2009 17:55 261456]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [31.7.2009 14:15 20480]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [31.7.2009 14:15 11520]
S2 AKEProtect;AKEProtect;\??\d:\xp\Program Files\Anti Keylogger Elite\AKEProtect.sys --> d:\xp\Program Files\Anti Keylogger Elite\AKEProtect.sys [?]
S2 OMSI download service;Sony Ericsson OMSI download service;d:\xp\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [17.3.2010 20:00 90112]
S3 2802W;SMC2802W 2.4GHz 54 Mbps Wireless PCI Driver;c:\windows\system32\drivers\2802W.sys [29.3.2009 19:12 385920]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28.11.2009 22:24 1684736]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [31.7.2009 14:15 17408]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [28.3.2009 18:38 24944]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [17.3.2010 20:00 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [17.3.2010 20:00 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [17.3.2010 20:00 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [17.3.2010 20:00 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [17.3.2010 20:00 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [17.3.2010 20:00 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [17.3.2010 20:00 115752]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 16:56 451872 ----a-w- d:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
IE: E&xportovat do aplikace Microsoft Office Excel - d:\xp\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: {5BB9ECAC-95EF-4B0A-97AE-17BFB705EB9A} = 192.168.0.1
TCP: {70DF0930-8FEA-49DE-8340-B4DB3ED3B381} = 192.168.0.1
FF - ProfilePath - c:\documents and settings\internet\Data aplikací\Mozilla\Firefox\Profiles\jw8u0i1r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/firefox?client=firefox-a& ... s:official
FF - plugin: c:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\Windows Media Player\npdrmv2.dll
FF - plugin: c:\program files\Windows Media Player\npdsplay.dll
FF - plugin: c:\program files\Windows Media Player\npwmsdrm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.type - 0
d:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
d:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
d:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-AdobeCS4ServiceManager - d:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-19 16:57
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Data aplikací\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=" "
"InstallDir"="d:\\XP\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000405
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000001
"ProductCode"="{8075BC83-7F8F-4FE0-9792-685723B06713}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.0.437.0"
"UniqueId"="01AF003E4A847089"
"ScannerBuild"=dword:00001329
"ScannerVersionId"=dword:00000feb
"ScannerVersion"="Open window for status."
"FixId"=dword:00000005

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="9102FD7519F78A585C4D048EC79B3F6148F04B3E29133FFEAA7253FD77B6EF38B83F233AE9793729C1825BA235DE8FBAFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DBA7FD869164D67945D575E7D6A3B9808BD76DC2C619F396071CD66C472764032C960513D63852CEF17B88CBEDE4E6816B5D0F62CB6F4C5F8456A7175E1389406722E7DBC92BA494A5216E6CB561BB0D34F38095647DD3DDA9F4E1991532558405219031488B548576794DE107ED72808FE73E753C17670368E6F0F9D5B1C0B7DAF7019C362BD7A4275F4CA291DCE108B5D58AA7BB3AB32AF445CCD4F745232D0F3163680236AB7293E8F43E7DF1D30A8A4D2AB5E94C1596192378F157BCD5640AD801A333027589F2A4FA75253B5D2A13566893F39CD42577534568BB16B83C58FB8C47756B6B9AD423419A26DDCC62793A4A813613DCC92881D6508BC5BCA4F6D5F7A1EC0ACBECC37CFFE45052EDE64683730852CCC5D898B4E4411A6A0C03F43A4C52B83F14C6C5B4B025C539571F47D598AF49D8FD9A3E5BA40E2DB927E6BACCF73D89444CB70A5E0123DFAD558E6C45C67731DEC2FBE9EE568ECAD5E9F1DED3A1412CF33AA2F2F60E0717D8473BF51A23A47799F4CAA63E91252D282C5936AD3FD777124DA733AAC6336C20BA578D927396B6235A5AE847354EAE2D39500AE1DC8DE1ECF53FB273CD3FC95A8D57A3CF3DE0FEA92320277450C42DC79B68867AED24FD9C38B7DFD9CB26CA6ECEB28F7AA6C930D6CEDD2D4335918A06E57C76630BC06905F821DE8EABEDC083FD9D330FE641125CED84159279FDE7584A64B2261EBF311D73977B8DB815DB2599047AB398DD0F118F562661E07BF045D5A1532930ABC8B36369A5DB5C2AC0047063D5936F251197A4D3F802AFD155972A99AD7AE8239195703896FD411C230EDB6E5476564C4A37EE9D5D0EF316E668E5347742B8776B2EB2C3B29273F49E7002165AACA7313FB7C5C962528978F815216F78B18103337F8C39BEA30639BAC09C6D3590079D573A537656CA06870E3AFB700C898D16768D5DF88B589D64D6B662FBD50B08F5B40FA139D3DBA9EBB2A70812379E1CCB7EC319AD5325A39A3F14AE4A22F9D1727F8D30C0A4F6CFBD2D6B03E1D8FBDC083CF8B904AA9E5EA16F5B8F4F53B19B0EE19DB40EC803E84C64E5E401DA28CB2D97F3864218C7D13D40D0E74A05A8DC51D0390D37BD1CC7F60DA3D5AC1693E6C7F4D613B09EC089B403276F8FE1A767FCF7A45EFDDE5C9F99AA9E66724455AFAED6F04BEA58081336E46739D5FA864CEDBA7A03D31887CC2264C4542CDB4FAAF50816F9B0CA479CB288C5B7F08DB7B6545171EEE87A5BAEF6537994CBA60CD1F08824905CAD6921BEAABD84330"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1616)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-03-19 16:58:27
ComboFix-quarantined-files.txt 2010-03-19 15:58

Před spuštěním: 3 441 602 560
Po spuštění: 3 406 168 064

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT

- - End Of File - - B4798C8EE5751E9EC667370292C9508F
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: Preventivka, ... i když sem tam padá Firefox i Explorer

#14 Příspěvek od Caroprd111 »

Jak se chová PC :???:
Obrázek
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: Preventivka, ... i když sem tam padá Firefox i Explorer

#15 Příspěvek od Caroprd111 »

Obrázek Tohle otestujte na http://www.virustotal.com/cs/
c:\windows\system32\drivers\tcpip.sys

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte).
Obrázek
Nahoru
Odpovědět

Zpět na „Preventivní kontroly logů“