Ahoj,
kamarádův PC zasáhlo tohle svin....
Přikládám log z RSIT a předem děkuji za pomoc s řešením.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Rostislav Drápal at 2010-04-15 19:39:05
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (33%) free of 10 GB
Total RAM: 511 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:39:13, on 15.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Rostislav Drápal\Plocha\RSIT.exe
C:\Program Files\trend micro\Rostislav Drápal.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (file missing)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: pdfforge Toolbar - {b922d405-6d13-4a2b-ae89-08a030da4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (file missing)
O2 - BHO: (no name) - {e312764e-7706-43f1-8dab-fcdd2b1e416d} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (file missing)
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (file missing)
O4 - HKLM\..\Run: [TV Card Remote Control Applet] C:\WINDOWS\878RMT.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [36879538] C:\DOCUME~1\ALLUSE~1\DATAAP~2\36879538\36879538.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Scheduler for OEM.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe
O8 - Extra context menu item: e&xportovat do aplikace microsoft excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4085624765
O17 - HKLM\System\CCS\Services\Tcpip\..\{C70C52F0-AB71-48E6-9B9C-96BC1E7683F2}: NameServer = 194.228.41.65,194.228.41.113
O18 - Protocol: groovelocalgws - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Application Updater (application updater) - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Služba inteligentního přenosu na pozadí BITSRpcSs (BITSRpcSs) - Unknown owner - .exe (file missing)
O23 - Service: Indexing Service cisvcNVSvc (cisvcNVSvc) - Unknown owner - .exe (file missing)
O23 - Service: Síťová schránka ClipSrvEventSystem (ClipSrvEventSystem) - Unknown owner - .exe (file missing)
O23 - Service: Kurýrní služba MessengerPCLEPCI (MessengerPCLEPCI) - Unknown owner - .exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Síťová připojení NetmanVSS (NetmanVSS) - Unknown owner - .exe (file missing)
O23 - Service: NOD32 Kernel Service (nod32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Směrování a vzdálený přístup RemoteAccess Licensing Service (RemoteAccess Licensing Service) - Unknown owner - .exe (file missing)
O23 - Service: Telefonní subsystém TapiSrvImapiService (TapiSrvImapiService) - Unknown owner - .exe (file missing)
O23 - Service: Motivy ThemesSpooler (ThemesSpooler) - Unknown owner - .exe (file missing)
O23 - Service: Hostitel zařízení UPnP upnphostxmlprov (upnphostxmlprov) - Unknown owner - .exe (file missing)
O23 - Service: Centrum zabezpečení wscsvcTermService (wscsvcTermService) - Unknown owner - .exe (file missing)
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\
--
End of file - 8088 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30c5-4d22-b7f9-0bbc1d38a37e}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b922d405-6d13-4a2b-ae89-08a030da4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e312764e-7706-43f1-8dab-fcdd2b1e416d}]
C:\Program Files\pdfforge Toolbar\SearchSettings.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TV Card Remote Control Applet"=C:\WINDOWS\878RMT.exe [2005-05-20 401408]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-08-02 7110656]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-08-02 86016]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"USBToolTip"=C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [2007-02-20 199752]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2007-02-13 35328]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"RTBatteryMeter"=C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe [2003-01-16 49152]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2009-10-30 949376]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"PAC207_Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2007-12-10 323584]
"Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2007-12-10 323584]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"36879538"=C:\DOCUME~1\ALLUSE~1\DATAAP~2\36879538\36879538.exe [2010-04-14 1171968]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-09-13 139264]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]
"LaunchList"=C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe [2007-03-21 145496]
C:\Documents and Settings\All Users\Application Data\Microsoft\Shortcuts
Akcelerátor spuštění AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
Scheduler for OEM.lnk - C:\Program Files\honestech\honestech TVR\scheduleTV.exe
C:\Documents and Settings\Rostislav Drápal\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lmiinit]
C:\WINDOWS\system32\LMIinit.dll [2008-10-02 87352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qva15.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vbf58.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjo05.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winms73.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Qva15.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Vbf58.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winjo05.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winms73.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe"="C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe:*:Enabled:Speed"
"C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe"="C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe:*:Enabled:WolfMP"
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"D:\Hry\medal of honor\MOHAA.exe"="D:\Hry\medal of honor\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"D:\Programy\netconwatcher\NetConWatcher.exe"="D:\Programy\netconwatcher\NetConWatcher.exe:*:Enabled:Network Connection Watcher"
"F:\Hry\blobby\volley.exe"="F:\Hry\blobby\volley.exe:*:Enabled:volley"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\Hry\need for speed 7\Speed.exe"="D:\Hry\need for speed 7\Speed.exe:*:Enabled:Speed"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======File associations======
.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2010-04-15 19:39:06 ----D---- C:\Program Files\trend micro
2010-04-15 19:39:05 ----D---- C:\rsit
2010-04-15 18:58:21 ----SHD---- C:\WINDOWS\CSC
2010-04-14 20:00:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\36879538
2010-04-11 13:35:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
======List of files/folders modified in the last 1 months======
2010-04-15 19:39:06 ----D---- C:\Program Files
2010-04-15 19:38:44 ----AC---- C:\WINDOWS\ntbtlog.txt
2010-04-15 19:37:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-15 19:18:34 ----D---- C:\WINDOWS\system32
2010-04-15 19:18:34 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-15 19:17:03 ----D---- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Skype
2010-04-15 19:14:35 ----D---- C:\WINDOWS\Temp
2010-04-15 19:09:40 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-15 18:58:21 ----D---- C:\WINDOWS
2010-04-15 18:56:18 ----D---- C:\WINDOWS\Prefetch
2010-04-15 17:03:01 ----A---- C:\WINDOWS\wincmd.ini
2010-04-15 16:52:04 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-14 20:40:40 ----D---- C:\Program Files\pdfforge Toolbar
2010-04-14 20:00:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-14 20:00:21 ----D---- C:\WINDOWS\system32\drivers
2010-04-04 16:18:25 ----D---- C:\Program Files\Mozilla Firefox
2010-04-03 09:24:02 ----A---- C:\WINDOWS\win.ini
2010-03-21 20:44:31 ----D---- C:\WINDOWS\system
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R3 afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-01-22 9856]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 8de2ebef;8de2ebef; C:\WINDOWS\System32\drivers\8de2ebef.sys []
S1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2009-10-30 15424]
S1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
S2 878TVCard;Bt878 TV Card - Video Capture; C:\WINDOWS\system32\drivers\Bt878.sys [2006-05-21 214692]
S2 878TVTuner;Bt878 TV Card - TV Tuner; C:\WINDOWS\system32\drivers\BtTuner.sys [2006-05-21 12160]
S2 878Xbar;Bt878 TV Card - Crossbar; C:\WINDOWS\system32\drivers\BtXbar.sys [2006-05-21 8704]
S2 amon;AMON; C:\WINDOWS\system32\drivers\amon.sys [2009-10-30 512096]
S2 lmiinfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S2 lmirfsdriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-04 48128]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-17 60800]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-04 38912]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-08-23 821760]
S3 dsaudiodevice_207;DsAudioDevice_207; C:\WINDOWS\system32\drivers\DsAudioDevice_207.sys [2009-01-08 16640]
S3 dyncal;Dynamic Calibration Service; C:\WINDOWS\system32\drivers\Dyncal.sys [2007-05-21 21168]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 gkmixern;gkmixern; \??\C:\DOCUME~1\ROSTIS~1\LOCALS~1\Temp\gkmixern.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-04 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-17 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-17 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-08-02 3198560]
S3 pac207;Trust 100K Series Webcam; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 lmirfsclientnp;LMIRfsClientNP; C:\WINDOWS\system32\drivers\lmirfsclientnp.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 application updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
S2 BITSRpcSs;Služba inteligentního přenosu na pozadí BITSRpcSs; srv []
S2 cisvcNVSvc;Indexing Service cisvcNVSvc; srv []
S2 ClipSrvEventSystem;Síťová schránka ClipSrvEventSystem; srv []
S2 MessengerPCLEPCI;Kurýrní služba MessengerPCLEPCI; srv []
S2 NetmanVSS;Síťová připojení NetmanVSS; srv []
S2 nod32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2009-10-30 552064]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-08-02 127043]
S2 PCLEPCI;PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [2005-02-09 14165]
S2 RemoteAccess Licensing Service;Směrování a vzdálený přístup RemoteAccess Licensing Service; srv []
S2 TapiSrvImapiService;Telefonní subsystém TapiSrvImapiService; srv []
S2 ThemesSpooler;Motivy ThemesSpooler; srv []
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 upnphostxmlprov;Hostitel zařízení UPnP upnphostxmlprov; srv []
S2 wscsvcTermService;Centrum zabezpečení wscsvcTermService; srv []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-09-11 77944]
S3 microsoft office groove audit service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-09-12 724992]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Malware - Security tool - log z RSIT
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Malware - Security tool - log z RSIT
Zdravím 
Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
- Spusťte, poté do spodního políčka vložte následující skript.
Kód: Vybrat vše
netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
CREATERESTOREPOINT- Označte položku Pro všechny uživatele.
- Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
- Po dokončení, sem vložte logy OTL.Txt a Extras.txt
Re: Malware - Security tool - log z RSIT
Zatím běží OTL,
jen jsem si všiml, že ačkoliv jsem označil vše, nezkopírovalo se do toho okna
CREATERESTOREPOINT
Je to problém ?
jen jsem si všiml, že ačkoliv jsem označil vše, nezkopírovalo se do toho okna
CREATERESTOREPOINT
Je to problém ?
Re: Malware - Security tool - log z RSIT
OTL.txt
OTL logfile created on: 17.4.2010 10:24:21 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = D:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
511,00 Mb Total Physical Memory | 308,00 Mb Available Physical Memory | 60,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 10,22 Gb Total Space | 3,33 Gb Free Space | 32,60% Space Free | Partition Type: NTFS
Drive D: | 101,57 Gb Total Space | 12,60 Gb Free Space | 12,41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ROSTA-DSX4BF
Current User Name: Rostislav Drápal
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.04.17 10:11:08 | 000,561,664 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2010.04.04 16:18:09 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2004.08.17 17:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010.04.17 10:11:08 | 000,561,664 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
MOD - [2004.08.17 17:48:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (wscsvcTermService)
SRV - File not found [Auto | Stopped] -- -- (upnphostxmlprov)
SRV - File not found [Auto | Stopped] -- -- (ThemesSpooler)
SRV - File not found [Auto | Stopped] -- -- (TapiSrvImapiService)
SRV - File not found [Auto | Stopped] -- -- (RemoteAccess Licensing Service)
SRV - File not found [Auto | Stopped] -- -- (NetmanVSS)
SRV - File not found [Auto | Stopped] -- -- (MessengerPCLEPCI)
SRV - File not found [Auto | Stopped] -- -- (ClipSrvEventSystem)
SRV - File not found [Auto | Stopped] -- -- (cisvcNVSvc)
SRV - File not found [Auto | Stopped] -- -- (BITSRpcSs)
SRV - [2010.01.08 01:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (application updater)
SRV - [2009.10.30 20:36:00 | 000,552,064 | ---- | M] (Eset ) [Auto | Stopped] -- C:\Program Files\Eset\nod32krn.exe -- (nod32krn)
SRV - [2008.09.11 20:05:42 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2005.02.09 13:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
========== Driver Services (SafeList) ==========
DRV - [2010.04.15 14:32:20 | 000,000,000 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\fdjeso.sys -- (fdjeso)
DRV - [2009.10.30 20:36:00 | 000,512,096 | ---- | M] (Eset ) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\amon.sys -- (amon)
DRV - [2009.10.30 20:36:00 | 000,015,424 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv)
DRV - [2009.01.08 19:00:54 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DsAudioDevice_207.sys -- (dsaudiodevice_207)
DRV - [2008.10.02 20:46:08 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (lmirfsclientnp)
DRV - [2008.07.24 19:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (lmirfsdriver)
DRV - [2008.02.13 14:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (pac207)
DRV - [2007.05.21 17:26:14 | 000,021,168 | ---- | M] (Padix Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DynCal.sys -- (dyncal)
DRV - [2007.01.04 11:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2006.05.21 05:00:00 | 000,214,692 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Bt878.sys -- (878TVCard)
DRV - [2006.05.21 05:00:00 | 000,012,160 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\BtTuner.sys -- (878TVTuner)
DRV - [2006.05.21 05:00:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\BtXbar.sys -- (878Xbar)
DRV - [2005.08.02 10:35:00 | 003,198,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005.02.23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (afc)
DRV - [2004.08.04 00:10:12 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2004.08.04 00:10:12 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2004.08.04 00:10:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2003.01.22 05:37:00 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002.09.16 18:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1085031214-630328440-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-1085031214-630328440-682003330-1003\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll File not found
IE - HKU\S-1-5-21-1085031214-630328440-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - HKLM\software\mozilla\mozilla firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.04 16:18:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\mozilla firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.04 16:18:17 | 000,000,000 | ---D | M]
[2008.08.28 14:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Mozilla\Extensions
[2010.04.14 22:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Mozilla\Firefox\Profiles\jlwp4qbs.default\extensions
[2009.03.28 20:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Mozilla\Firefox\Profiles\jlwp4qbs.default\extensions\firefox@tvunetworks.com
[2010.01.18 18:37:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.03.14 17:09:04 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.03.14 17:09:04 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.03.14 17:09:04 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.03.14 17:09:04 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.03.14 17:09:04 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2001.10.25 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {b922d405-6d13-4a2b-ae89-08a030da4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll File not found
O2 - BHO: (no name) - {e312764e-7706-43f1-8dab-fcdd2b1e416d} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll File not found
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll File not found
O4 - HKLM..\Run: [36879538] C:\Documents and Settings\All Users\Data aplikací\36879538\36879538.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\rfpicon.exe (Ruling Tec Pte Ltd)
O4 - HKLM..\Run: [TV Card Remote Control Applet] C:\WINDOWS\878RMT.exe ()
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-1085031214-630328440-682003330-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1085031214-630328440-682003330-1003..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe (Pinnacle Systems)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Scheduler for OEM.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe ()
O4 - Startup: C:\Documents and Settings\Rostislav Drápal\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-630328440-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: e&xportovat do aplikace microsoft excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\imon.dll (Eset )
O12 - Plugin for: .tiff - C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll (Apple Computer, Inc.)
O15 - HKU\S-1-5-21-1085031214-630328440-682003330-1003\..Trusted Domains: ([]msn in Tento počítač)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 4085624765 (WUWebControl Class)
O18 - Protocol\Handler\groovelocalgws {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\lmiinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rostislav Drápal\Data aplikací\IrfanView\IrfanView_Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.29 19:18:52 | 000,000,139 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007.01.25 22:46:27 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007.01.25 22:46:27 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.
========== Files/Folders - Created Within 30 Days ==========
[2010.04.17 10:07:51 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2010.04.15 19:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.04.15 19:39:05 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.15 18:58:21 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010.04.14 20:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2010.04.14 20:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\36879538
[2010.04.11 13:35:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
[2008.02.07 21:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\Ahead
[2005.11.21 22:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\AVG7
[2005.11.21 22:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací\AVG7
[2005.11.11 15:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2005.11.11 15:26:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2005.11.11 15:26:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[17 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.11.11 09:07:36 | 000,002,504 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.04.17 10:18:59 | 000,894,824 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.17 10:18:59 | 000,383,698 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.17 10:18:59 | 000,383,150 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.04.17 10:18:59 | 000,063,440 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.04.17 10:18:59 | 000,053,860 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.17 10:14:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.17 10:13:52 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\Rostislav Drápal\ntuser.dat
[2010.04.17 10:13:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.17 10:13:47 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Rostislav Drápal\ntuser.ini
[2010.04.17 10:06:40 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\Security Tool.lnk
[2010.04.17 10:06:32 | 000,029,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.04.17 10:06:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.15 19:17:13 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\RSIT.exe
[2010.04.15 17:03:01 | 000,003,791 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.04.15 16:52:04 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.15 16:40:28 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\PCLECHAL.INI
[2010.04.15 14:32:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\fdjeso.sys
[2010.04.13 16:28:24 | 000,002,275 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\skype.lnk
[2010.04.11 14:24:50 | 000,058,880 | ---- | M] () -- C:\Documents and Settings\Rostislav Drápal\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.10 11:19:04 | 000,344,417 | ---- | M] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\mates duben 2010 - 1.jpg
[2010.04.10 11:17:46 | 000,318,324 | ---- | M] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\duben 2010.jpg
[2010.04.03 09:24:02 | 000,001,103 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.04.03 09:23:49 | 000,304,160 | ---- | M] () -- C:\PA207.DAT
[2010.04.01 21:43:56 | 000,000,316 | ---- | M] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\redir.html
[2010.03.22 20:58:01 | 000,000,091 | ---- | M] () -- C:\WINDOWS\System\TSCP_H0.THD
[2010.03.21 20:45:31 | 000,000,037 | ---- | M] () -- C:\WINDOWS\System\TSCP_H3.THD
[2010.03.21 20:44:37 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System\TSCP_H8.THD
[2010.03.21 20:44:31 | 000,000,037 | ---- | M] () -- C:\WINDOWS\System\TSCP_H2.THD
[2010.03.21 20:44:17 | 000,000,020 | ---- | M] () -- C:\WINDOWS\System\TSCP_H1.THD
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[17 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.04.15 19:17:15 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\RSIT.exe
[2010.04.15 14:33:30 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\Security Tool.lnk
[2010.04.14 20:00:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\fdjeso.sys
[2010.04.10 11:19:04 | 000,344,417 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\mates duben 2010 - 1.jpg
[2010.04.10 11:17:45 | 000,318,324 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\duben 2010.jpg
[2010.04.01 21:43:56 | 000,000,316 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\redir.html
[2010.03.21 20:44:31 | 000,000,037 | ---- | C] () -- C:\WINDOWS\System\TSCP_H2.THD
[2010.03.21 20:44:17 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System\TSCP_H1.THD
[2009.12.28 15:15:03 | 000,000,399 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2009.12.28 15:14:58 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2009.10.30 20:36:51 | 000,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2009.10.26 16:11:09 | 006,291,456 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\ntuser.dat
[2009.10.19 21:32:17 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.08.08 11:00:22 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\DVResampleru.dll
[2009.04.03 20:33:12 | 000,000,048 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\wiaserva.log
[2008.06.02 19:58:22 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\WLCtrl32.dll
[2008.05.29 19:18:52 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2008.05.29 19:18:52 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2008.05.29 19:18:52 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2008.05.29 19:18:52 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2008.05.29 19:18:52 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2008.03.19 16:32:53 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
[2008.02.07 19:23:30 | 000,000,087 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\default.pls
[2008.02.07 19:18:37 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.01.16 17:56:01 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2008.01.16 17:54:54 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\__FileUploader.log
[2007.09.28 10:22:40 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\Local Settings\Data aplikací\fusioncache.dat
[2007.09.28 09:33:56 | 000,001,641 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2007.09.15 07:12:10 | 000,004,796 | ---- | C] () -- C:\WINDOWS\WTRAN32.INI
[2007.09.14 18:00:54 | 000,000,034 | ---- | C] () -- C:\WINDOWS\render.ini
[2007.02.28 19:14:18 | 000,000,098 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\AVSDVDPlayer.m3u
[2007.02.28 19:13:36 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007.02.28 19:13:36 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007.01.24 18:27:45 | 000,000,016 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006.12.12 16:54:38 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006.12.12 16:53:28 | 000,000,138 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006.11.24 20:31:16 | 000,001,820 | ---- | C] () -- C:\WINDOWS\MapaCR.INI
[2006.09.15 18:48:02 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2006.01.08 10:56:04 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2006.01.06 15:52:46 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SILCOM_P.INI
[2006.01.05 16:04:17 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2006.01.05 16:01:07 | 000,003,791 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2005.12.29 19:50:38 | 000,000,086 | ---- | C] () -- C:\WINDOWS\WinFight.ini
[2005.12.28 14:09:59 | 000,000,288 | ---- | C] () -- C:\WINDOWS\LEXICON.INI
[2005.12.25 09:41:49 | 000,000,132 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.11.22 22:02:30 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005.11.12 15:45:42 | 000,058,880 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.11.11 23:54:35 | 000,000,513 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2005.11.11 23:50:18 | 000,005,120 | ---- | C] () -- C:\WINDOWS\TBManage.dll
[2005.11.11 23:23:12 | 000,000,026 | ---- | C] () -- C:\WINDOWS\tsctv.ini
[2005.11.11 22:16:53 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2005.11.11 15:33:09 | 000,114,688 | -H-- | C] () -- C:\Documents and Settings\Rostislav Drápal\ntuser.dat.LOG
[2005.11.11 15:33:09 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Rostislav Drápal\ntuser.ini
[2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 12:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 12:56:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005.08.02 10:35:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005.08.02 10:35:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005.08.02 10:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005.08.02 10:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005.07.20 15:07:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005.07.20 15:07:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004.11.06 03:31:18 | 000,002,574 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2004.11.06 03:31:17 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004.11.05 23:23:55 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2004.08.17 17:49:16 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004.08.17 17:49:10 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2003.02.13 12:20:24 | 000,006,942 | ---- | C] () -- C:\WINDOWS\cadx2.ini
[1997.02.22 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997.02.22 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997.02.22 01:00:00 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\VACS232.DLL
========== LOP Check ==========
[2010.04.14 20:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\36879538
[2010.01.24 11:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2006.02.02 22:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\muvee Technologies
[2009.10.02 19:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\NFS Underground
[2008.01.16 17:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
[2008.01.16 17:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio
[2007.10.09 19:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SmartSound Software Inc
[2005.11.21 22:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\AVG7
[2005.11.21 22:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací\AVG7
[2007.09.28 10:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Autodesk
[2007.01.25 22:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\AVG7
[2006.02.02 23:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\IrfanView
[2010.01.18 18:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\pdfforge
[2010.01.18 18:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Search Settings
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2004.08.17 17:49:24 | 000,015,360 | ---- | M] (Microsoft Corporation)
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2004.08.17 16:58:18 | 001,667,584 | ---- | M] (Microsoft Corporation)
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" -- [2006.09.13 12:12:52 | 000,139,264 | ---- | M] (Nero AG)
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2008.11.07 15:31:38 | 021,633,320 | R--- | M] (Skype Technologies S.A.)
"LaunchList" = C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe -- [2007.03.21 15:41:38 | 000,145,496 | ---- | M] (Pinnacle Systems)
< c:\windows\*.* /U >
[17 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
[2009.10.30 23:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2007.10.29 20:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Adobe
[2008.02.07 19:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Ahead
[2009.12.28 15:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\ArcSoft
[2007.09.28 10:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Autodesk
[2007.01.25 22:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\AVG7
[2005.12.24 23:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\CyberLink
[2007.02.28 19:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\ESTSoft
[2005.11.22 21:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Help
[2005.11.11 15:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Identities
[2008.05.29 19:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\InstallShield
[2006.02.02 23:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\IrfanView
[2006.04.06 15:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Macromedia
[2009.11.02 21:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Malwarebytes
[2010.02.11 20:29:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Microsoft
[2008.08.28 14:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Mozilla
[2009.02.10 19:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\MSN6
[2009.07.03 06:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Nero
[2010.01.18 18:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\pdfforge
[2010.01.18 18:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Search Settings
[2010.04.17 10:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Skype
[2008.12.01 15:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\skypePM
[2010.02.07 20:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Sun
[2009.11.02 23:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\SUPERAntiSpyware.com
[2008.12.27 20:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Winamp
[2008.08.17 21:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\WinRAR
< %APPDATA%\*.exe /s >
< MD5 for: AGP440.SYS >
[2004.08.17 17:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004.08.17 17:57:28 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004.08.17 17:57:28 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004.08.17 17:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: CRYPTSVC.DLL >
[2004.08.17 17:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2004.08.17 17:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2004.08.17 17:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.17 17:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004.08.04 00:59:10 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.17 17:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
< MD5 for: LSASS.EXE >
[2004.08.17 17:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2004.08.04 01:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.04 01:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2004.08.17 17:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004.08.17 17:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 17:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2004.08.17 17:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2004.08.04 01:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2004.08.04 01:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\drivers\tcpip.sys
< MD5 for: USERINIT.EXE >
[2004.08.17 17:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe
< MD5 for: VIAMRAID.SYS >
[2004.07.06 16:45:42 | 000,060,672 | R--- | M] (VIA Technologies inc,.ltd) MD5=44056E9FEE477F512EE58BCFEE949621 -- C:\WINDOWS\system32\drivers\viamraid.sys
< MD5 for: WINLOGON.EXE >
[2004.08.17 17:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.17 17:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2007.01.25 23:19:59 | 000,270,336 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007.01.25 22:12:08 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2007.01.25 23:19:59 | 016,515,072 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007.01.25 23:20:00 | 003,670,016 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2004.08.17 17:49:24 | 000,015,360 | ---- | M] (Microsoft Corporation)
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2004.08.17 16:58:18 | 001,667,584 | ---- | M] (Microsoft Corporation)
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" -- [2006.09.13 12:12:52 | 000,139,264 | ---- | M] (Nero AG)
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2008.11.07 15:31:38 | 021,633,320 | R--- | M] (Skype Technologies S.A.)
"LaunchList" = C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe -- [2007.03.21 15:41:38 | 000,145,496 | ---- | M] (Pinnacle Systems)
< c:\windows\*.* /U >
[17 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
[2009.10.30 23:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2007.10.29 20:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Adobe
[2008.02.07 19:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Ahead
[2009.12.28 15:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\ArcSoft
[2007.09.28 10:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Autodesk
[2007.01.25 22:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\AVG7
[2005.12.24 23:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\CyberLink
[2007.02.28 19:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\ESTSoft
[2005.11.22 21:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Help
[2005.11.11 15:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Identities
[2008.05.29 19:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\InstallShield
[2006.02.02 23:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\IrfanView
[2006.04.06 15:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Macromedia
[2009.11.02 21:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Malwarebytes
[2010.02.11 20:29:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Microsoft
[2008.08.28 14:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Mozilla
[2009.02.10 19:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\MSN6
[2009.07.03 06:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Nero
[2010.01.18 18:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\pdfforge
[2010.01.18 18:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Search Settings
[2010.04.17 10:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Skype
[2008.12.01 15:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\skypePM
[2010.02.07 20:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Sun
[2009.11.02 23:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\SUPERAntiSpyware.com
[2008.12.27 20:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Winamp
[2008.08.17 21:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\WinRAR
< %APPDATA%\*.exe /s >
< MD5 for: AGP440.SYS >
[2004.08.17 17:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004.08.17 17:57:28 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004.08.17 17:57:28 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004.08.17 17:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: CRYPTSVC.DLL >
[2004.08.17 17:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2004.08.17 17:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2004.08.17 17:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.17 17:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004.08.04 00:59:10 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.17 17:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
< MD5 for: LSASS.EXE >
[2004.08.17 17:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2004.08.04 01:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.04 01:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2004.08.17 17:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004.08.17 17:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 17:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2004.08.17 17:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2004.08.04 01:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2004.08.04 01:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\drivers\tcpip.sys
< MD5 for: USERINIT.EXE >
[2004.08.17 17:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe
< MD5 for: VIAMRAID.SYS >
[2004.07.06 16:45:42 | 000,060,672 | R--- | M] (VIA Technologies inc,.ltd) MD5=44056E9FEE477F512EE58BCFEE949621 -- C:\WINDOWS\system32\drivers\viamraid.sys
< MD5 for: WINLOGON.EXE >
[2004.08.17 17:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.17 17:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2007.01.25 23:19:59 | 000,270,336 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007.01.25 22:12:08 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2007.01.25 23:19:59 | 016,515,072 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007.01.25 23:20:00 | 003,670,016 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< End of report >
OTL logfile created on: 17.4.2010 10:24:21 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = D:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
511,00 Mb Total Physical Memory | 308,00 Mb Available Physical Memory | 60,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 10,22 Gb Total Space | 3,33 Gb Free Space | 32,60% Space Free | Partition Type: NTFS
Drive D: | 101,57 Gb Total Space | 12,60 Gb Free Space | 12,41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ROSTA-DSX4BF
Current User Name: Rostislav Drápal
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.04.17 10:11:08 | 000,561,664 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2010.04.04 16:18:09 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2004.08.17 17:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010.04.17 10:11:08 | 000,561,664 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
MOD - [2004.08.17 17:48:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (wscsvcTermService)
SRV - File not found [Auto | Stopped] -- -- (upnphostxmlprov)
SRV - File not found [Auto | Stopped] -- -- (ThemesSpooler)
SRV - File not found [Auto | Stopped] -- -- (TapiSrvImapiService)
SRV - File not found [Auto | Stopped] -- -- (RemoteAccess Licensing Service)
SRV - File not found [Auto | Stopped] -- -- (NetmanVSS)
SRV - File not found [Auto | Stopped] -- -- (MessengerPCLEPCI)
SRV - File not found [Auto | Stopped] -- -- (ClipSrvEventSystem)
SRV - File not found [Auto | Stopped] -- -- (cisvcNVSvc)
SRV - File not found [Auto | Stopped] -- -- (BITSRpcSs)
SRV - [2010.01.08 01:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (application updater)
SRV - [2009.10.30 20:36:00 | 000,552,064 | ---- | M] (Eset ) [Auto | Stopped] -- C:\Program Files\Eset\nod32krn.exe -- (nod32krn)
SRV - [2008.09.11 20:05:42 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2005.02.09 13:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
========== Driver Services (SafeList) ==========
DRV - [2010.04.15 14:32:20 | 000,000,000 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\fdjeso.sys -- (fdjeso)
DRV - [2009.10.30 20:36:00 | 000,512,096 | ---- | M] (Eset ) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\amon.sys -- (amon)
DRV - [2009.10.30 20:36:00 | 000,015,424 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv)
DRV - [2009.01.08 19:00:54 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DsAudioDevice_207.sys -- (dsaudiodevice_207)
DRV - [2008.10.02 20:46:08 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (lmirfsclientnp)
DRV - [2008.07.24 19:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (lmirfsdriver)
DRV - [2008.02.13 14:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (pac207)
DRV - [2007.05.21 17:26:14 | 000,021,168 | ---- | M] (Padix Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DynCal.sys -- (dyncal)
DRV - [2007.01.04 11:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2006.05.21 05:00:00 | 000,214,692 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Bt878.sys -- (878TVCard)
DRV - [2006.05.21 05:00:00 | 000,012,160 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\BtTuner.sys -- (878TVTuner)
DRV - [2006.05.21 05:00:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\BtXbar.sys -- (878Xbar)
DRV - [2005.08.02 10:35:00 | 003,198,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005.02.23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (afc)
DRV - [2004.08.04 00:10:12 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2004.08.04 00:10:12 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2004.08.04 00:10:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2003.01.22 05:37:00 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002.09.16 18:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1085031214-630328440-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-1085031214-630328440-682003330-1003\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll File not found
IE - HKU\S-1-5-21-1085031214-630328440-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - HKLM\software\mozilla\mozilla firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.04 16:18:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\mozilla firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.04 16:18:17 | 000,000,000 | ---D | M]
[2008.08.28 14:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Mozilla\Extensions
[2010.04.14 22:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Mozilla\Firefox\Profiles\jlwp4qbs.default\extensions
[2009.03.28 20:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Mozilla\Firefox\Profiles\jlwp4qbs.default\extensions\firefox@tvunetworks.com
[2010.01.18 18:37:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.03.14 17:09:04 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.03.14 17:09:04 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.03.14 17:09:04 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.03.14 17:09:04 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.03.14 17:09:04 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2001.10.25 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {b922d405-6d13-4a2b-ae89-08a030da4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll File not found
O2 - BHO: (no name) - {e312764e-7706-43f1-8dab-fcdd2b1e416d} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll File not found
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll File not found
O4 - HKLM..\Run: [36879538] C:\Documents and Settings\All Users\Data aplikací\36879538\36879538.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\rfpicon.exe (Ruling Tec Pte Ltd)
O4 - HKLM..\Run: [TV Card Remote Control Applet] C:\WINDOWS\878RMT.exe ()
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-1085031214-630328440-682003330-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1085031214-630328440-682003330-1003..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe (Pinnacle Systems)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Scheduler for OEM.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe ()
O4 - Startup: C:\Documents and Settings\Rostislav Drápal\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-630328440-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: e&xportovat do aplikace microsoft excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\imon.dll (Eset )
O12 - Plugin for: .tiff - C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll (Apple Computer, Inc.)
O15 - HKU\S-1-5-21-1085031214-630328440-682003330-1003\..Trusted Domains: ([]msn in Tento počítač)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 4085624765 (WUWebControl Class)
O18 - Protocol\Handler\groovelocalgws {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\lmiinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rostislav Drápal\Data aplikací\IrfanView\IrfanView_Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.29 19:18:52 | 000,000,139 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007.01.25 22:46:27 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007.01.25 22:46:27 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.
========== Files/Folders - Created Within 30 Days ==========
[2010.04.17 10:07:51 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2010.04.15 19:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.04.15 19:39:05 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.15 18:58:21 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010.04.14 20:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2010.04.14 20:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\36879538
[2010.04.11 13:35:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
[2008.02.07 21:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\Ahead
[2005.11.21 22:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\AVG7
[2005.11.21 22:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací\AVG7
[2005.11.11 15:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2005.11.11 15:26:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2005.11.11 15:26:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[17 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.11.11 09:07:36 | 000,002,504 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.04.17 10:18:59 | 000,894,824 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.17 10:18:59 | 000,383,698 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.17 10:18:59 | 000,383,150 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.04.17 10:18:59 | 000,063,440 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.04.17 10:18:59 | 000,053,860 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.17 10:14:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.17 10:13:52 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\Rostislav Drápal\ntuser.dat
[2010.04.17 10:13:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.17 10:13:47 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Rostislav Drápal\ntuser.ini
[2010.04.17 10:06:40 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\Security Tool.lnk
[2010.04.17 10:06:32 | 000,029,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.04.17 10:06:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.15 19:17:13 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\RSIT.exe
[2010.04.15 17:03:01 | 000,003,791 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.04.15 16:52:04 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.15 16:40:28 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\PCLECHAL.INI
[2010.04.15 14:32:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\fdjeso.sys
[2010.04.13 16:28:24 | 000,002,275 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\skype.lnk
[2010.04.11 14:24:50 | 000,058,880 | ---- | M] () -- C:\Documents and Settings\Rostislav Drápal\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.10 11:19:04 | 000,344,417 | ---- | M] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\mates duben 2010 - 1.jpg
[2010.04.10 11:17:46 | 000,318,324 | ---- | M] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\duben 2010.jpg
[2010.04.03 09:24:02 | 000,001,103 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.04.03 09:23:49 | 000,304,160 | ---- | M] () -- C:\PA207.DAT
[2010.04.01 21:43:56 | 000,000,316 | ---- | M] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\redir.html
[2010.03.22 20:58:01 | 000,000,091 | ---- | M] () -- C:\WINDOWS\System\TSCP_H0.THD
[2010.03.21 20:45:31 | 000,000,037 | ---- | M] () -- C:\WINDOWS\System\TSCP_H3.THD
[2010.03.21 20:44:37 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System\TSCP_H8.THD
[2010.03.21 20:44:31 | 000,000,037 | ---- | M] () -- C:\WINDOWS\System\TSCP_H2.THD
[2010.03.21 20:44:17 | 000,000,020 | ---- | M] () -- C:\WINDOWS\System\TSCP_H1.THD
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[17 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.04.15 19:17:15 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\RSIT.exe
[2010.04.15 14:33:30 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\Security Tool.lnk
[2010.04.14 20:00:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\fdjeso.sys
[2010.04.10 11:19:04 | 000,344,417 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\mates duben 2010 - 1.jpg
[2010.04.10 11:17:45 | 000,318,324 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\duben 2010.jpg
[2010.04.01 21:43:56 | 000,000,316 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\redir.html
[2010.03.21 20:44:31 | 000,000,037 | ---- | C] () -- C:\WINDOWS\System\TSCP_H2.THD
[2010.03.21 20:44:17 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System\TSCP_H1.THD
[2009.12.28 15:15:03 | 000,000,399 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2009.12.28 15:14:58 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2009.10.30 20:36:51 | 000,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2009.10.26 16:11:09 | 006,291,456 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\ntuser.dat
[2009.10.19 21:32:17 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.08.08 11:00:22 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\DVResampleru.dll
[2009.04.03 20:33:12 | 000,000,048 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\wiaserva.log
[2008.06.02 19:58:22 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\WLCtrl32.dll
[2008.05.29 19:18:52 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2008.05.29 19:18:52 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2008.05.29 19:18:52 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2008.05.29 19:18:52 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2008.05.29 19:18:52 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2008.03.19 16:32:53 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
[2008.02.07 19:23:30 | 000,000,087 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\default.pls
[2008.02.07 19:18:37 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.01.16 17:56:01 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2008.01.16 17:54:54 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\__FileUploader.log
[2007.09.28 10:22:40 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\Local Settings\Data aplikací\fusioncache.dat
[2007.09.28 09:33:56 | 000,001,641 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2007.09.15 07:12:10 | 000,004,796 | ---- | C] () -- C:\WINDOWS\WTRAN32.INI
[2007.09.14 18:00:54 | 000,000,034 | ---- | C] () -- C:\WINDOWS\render.ini
[2007.02.28 19:14:18 | 000,000,098 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\AVSDVDPlayer.m3u
[2007.02.28 19:13:36 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007.02.28 19:13:36 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007.01.24 18:27:45 | 000,000,016 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006.12.12 16:54:38 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006.12.12 16:53:28 | 000,000,138 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006.11.24 20:31:16 | 000,001,820 | ---- | C] () -- C:\WINDOWS\MapaCR.INI
[2006.09.15 18:48:02 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2006.01.08 10:56:04 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2006.01.06 15:52:46 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SILCOM_P.INI
[2006.01.05 16:04:17 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2006.01.05 16:01:07 | 000,003,791 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2005.12.29 19:50:38 | 000,000,086 | ---- | C] () -- C:\WINDOWS\WinFight.ini
[2005.12.28 14:09:59 | 000,000,288 | ---- | C] () -- C:\WINDOWS\LEXICON.INI
[2005.12.25 09:41:49 | 000,000,132 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.11.22 22:02:30 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005.11.12 15:45:42 | 000,058,880 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.11.11 23:54:35 | 000,000,513 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2005.11.11 23:50:18 | 000,005,120 | ---- | C] () -- C:\WINDOWS\TBManage.dll
[2005.11.11 23:23:12 | 000,000,026 | ---- | C] () -- C:\WINDOWS\tsctv.ini
[2005.11.11 22:16:53 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2005.11.11 15:33:09 | 000,114,688 | -H-- | C] () -- C:\Documents and Settings\Rostislav Drápal\ntuser.dat.LOG
[2005.11.11 15:33:09 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Rostislav Drápal\ntuser.ini
[2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 12:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 12:56:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005.08.02 10:35:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005.08.02 10:35:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005.08.02 10:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005.08.02 10:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005.07.20 15:07:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005.07.20 15:07:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004.11.06 03:31:18 | 000,002,574 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2004.11.06 03:31:17 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004.11.05 23:23:55 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2004.08.17 17:49:16 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004.08.17 17:49:10 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2003.02.13 12:20:24 | 000,006,942 | ---- | C] () -- C:\WINDOWS\cadx2.ini
[1997.02.22 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997.02.22 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997.02.22 01:00:00 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\VACS232.DLL
========== LOP Check ==========
[2010.04.14 20:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\36879538
[2010.01.24 11:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2006.02.02 22:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\muvee Technologies
[2009.10.02 19:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\NFS Underground
[2008.01.16 17:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
[2008.01.16 17:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio
[2007.10.09 19:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SmartSound Software Inc
[2005.11.21 22:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\AVG7
[2005.11.21 22:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací\AVG7
[2007.09.28 10:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Autodesk
[2007.01.25 22:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\AVG7
[2006.02.02 23:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\IrfanView
[2010.01.18 18:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\pdfforge
[2010.01.18 18:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Search Settings
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2004.08.17 17:49:24 | 000,015,360 | ---- | M] (Microsoft Corporation)
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2004.08.17 16:58:18 | 001,667,584 | ---- | M] (Microsoft Corporation)
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" -- [2006.09.13 12:12:52 | 000,139,264 | ---- | M] (Nero AG)
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2008.11.07 15:31:38 | 021,633,320 | R--- | M] (Skype Technologies S.A.)
"LaunchList" = C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe -- [2007.03.21 15:41:38 | 000,145,496 | ---- | M] (Pinnacle Systems)
< c:\windows\*.* /U >
[17 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
[2009.10.30 23:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2007.10.29 20:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Adobe
[2008.02.07 19:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Ahead
[2009.12.28 15:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\ArcSoft
[2007.09.28 10:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Autodesk
[2007.01.25 22:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\AVG7
[2005.12.24 23:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\CyberLink
[2007.02.28 19:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\ESTSoft
[2005.11.22 21:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Help
[2005.11.11 15:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Identities
[2008.05.29 19:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\InstallShield
[2006.02.02 23:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\IrfanView
[2006.04.06 15:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Macromedia
[2009.11.02 21:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Malwarebytes
[2010.02.11 20:29:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Microsoft
[2008.08.28 14:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Mozilla
[2009.02.10 19:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\MSN6
[2009.07.03 06:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Nero
[2010.01.18 18:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\pdfforge
[2010.01.18 18:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Search Settings
[2010.04.17 10:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Skype
[2008.12.01 15:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\skypePM
[2010.02.07 20:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Sun
[2009.11.02 23:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\SUPERAntiSpyware.com
[2008.12.27 20:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Winamp
[2008.08.17 21:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\WinRAR
< %APPDATA%\*.exe /s >
< MD5 for: AGP440.SYS >
[2004.08.17 17:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004.08.17 17:57:28 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004.08.17 17:57:28 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004.08.17 17:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: CRYPTSVC.DLL >
[2004.08.17 17:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2004.08.17 17:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2004.08.17 17:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.17 17:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004.08.04 00:59:10 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.17 17:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
< MD5 for: LSASS.EXE >
[2004.08.17 17:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2004.08.04 01:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.04 01:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2004.08.17 17:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004.08.17 17:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 17:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2004.08.17 17:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2004.08.04 01:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2004.08.04 01:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\drivers\tcpip.sys
< MD5 for: USERINIT.EXE >
[2004.08.17 17:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe
< MD5 for: VIAMRAID.SYS >
[2004.07.06 16:45:42 | 000,060,672 | R--- | M] (VIA Technologies inc,.ltd) MD5=44056E9FEE477F512EE58BCFEE949621 -- C:\WINDOWS\system32\drivers\viamraid.sys
< MD5 for: WINLOGON.EXE >
[2004.08.17 17:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.17 17:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2007.01.25 23:19:59 | 000,270,336 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007.01.25 22:12:08 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2007.01.25 23:19:59 | 016,515,072 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007.01.25 23:20:00 | 003,670,016 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2004.08.17 17:49:24 | 000,015,360 | ---- | M] (Microsoft Corporation)
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2004.08.17 16:58:18 | 001,667,584 | ---- | M] (Microsoft Corporation)
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" -- [2006.09.13 12:12:52 | 000,139,264 | ---- | M] (Nero AG)
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2008.11.07 15:31:38 | 021,633,320 | R--- | M] (Skype Technologies S.A.)
"LaunchList" = C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe -- [2007.03.21 15:41:38 | 000,145,496 | ---- | M] (Pinnacle Systems)
< c:\windows\*.* /U >
[17 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
[2009.10.30 23:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2007.10.29 20:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Adobe
[2008.02.07 19:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Ahead
[2009.12.28 15:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\ArcSoft
[2007.09.28 10:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Autodesk
[2007.01.25 22:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\AVG7
[2005.12.24 23:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\CyberLink
[2007.02.28 19:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\ESTSoft
[2005.11.22 21:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Help
[2005.11.11 15:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Identities
[2008.05.29 19:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\InstallShield
[2006.02.02 23:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\IrfanView
[2006.04.06 15:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Macromedia
[2009.11.02 21:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Malwarebytes
[2010.02.11 20:29:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Microsoft
[2008.08.28 14:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Mozilla
[2009.02.10 19:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\MSN6
[2009.07.03 06:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Nero
[2010.01.18 18:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\pdfforge
[2010.01.18 18:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Search Settings
[2010.04.17 10:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Skype
[2008.12.01 15:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\skypePM
[2010.02.07 20:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Sun
[2009.11.02 23:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\SUPERAntiSpyware.com
[2008.12.27 20:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Winamp
[2008.08.17 21:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\WinRAR
< %APPDATA%\*.exe /s >
< MD5 for: AGP440.SYS >
[2004.08.17 17:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004.08.17 17:57:28 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004.08.17 17:57:28 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004.08.17 17:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: CRYPTSVC.DLL >
[2004.08.17 17:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2004.08.17 17:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2004.08.17 17:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.17 17:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004.08.04 00:59:10 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.17 17:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
< MD5 for: LSASS.EXE >
[2004.08.17 17:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2004.08.04 01:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.04 01:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2004.08.17 17:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004.08.17 17:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 17:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2004.08.17 17:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2004.08.04 01:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2004.08.04 01:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\drivers\tcpip.sys
< MD5 for: USERINIT.EXE >
[2004.08.17 17:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe
< MD5 for: VIAMRAID.SYS >
[2004.07.06 16:45:42 | 000,060,672 | R--- | M] (VIA Technologies inc,.ltd) MD5=44056E9FEE477F512EE58BCFEE949621 -- C:\WINDOWS\system32\drivers\viamraid.sys
< MD5 for: WINLOGON.EXE >
[2004.08.17 17:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.17 17:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2007.01.25 23:19:59 | 000,270,336 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007.01.25 22:12:08 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2007.01.25 23:19:59 | 016,515,072 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007.01.25 23:20:00 | 003,670,016 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< End of report >
Re: Malware - Security tool - log z RSIT
Extras.txt
OTL Extras logfile created on: 17.4.2010 10:24:21 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = D:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
511,00 Mb Total Physical Memory | 308,00 Mb Available Physical Memory | 60,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 10,22 Gb Total Space | 3,33 Gb Free Space | 32,60% Space Free | Partition Type: NTFS
Drive D: | 101,57 Gb Total Space | 12,60 Gb Free Space | 12,41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ROSTA-DSX4BF
Current User Name: Rostislav Drápal
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-1085031214-630328440-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [onenote.open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe" = C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe:*:Enabled:Speed -- File not found
"C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe" = C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe:*:Enabled:WolfMP -- File not found
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe" = C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe" = C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile -- ( )
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe" = C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found
"D:\Hry\medal of honor\MOHAA.exe" = D:\Hry\medal of honor\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault -- (Electronic Arts Inc.)
"D:\Programy\netconwatcher\NetConWatcher.exe" = D:\Programy\netconwatcher\NetConWatcher.exe:*:Enabled:Network Connection Watcher -- File not found
"F:\Hry\blobby\volley.exe" = F:\Hry\blobby\volley.exe:*:Enabled:volley -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"D:\Hry\need for speed 7\Speed.exe" = D:\Hry\need for speed 7\Speed.exe:*:Enabled:Speed -- ()
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001b4fd-9ea3-4d90-a79e-fd14ba3ab01d}" = PDFCreator
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}" = Studio 11
"{2F952048-3220-4AC7-A206-D01EFC774BB2}" = Studio 11
"{350C97C4-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40261D0A-A385-4C1A-A7DE-5F270D9B1029}" = Nero 7 Ultra Edition
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{5783F2D7-4005-0405-0002-0060B0CE6BBA}" = AutoCAD Mechanical 2006
"{5791b7d3-8b34-4218-9750-6a8e45d0ad32}" = pdfforge Toolbar v1.1.2
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{79a933c8-e333-4d8d-9d5c-86945715e532}" = Auta
"{89f4137d-6c26-4a84-bdb8-2e5a4bb71e00}" = Microsoft Silverlight
"{90120000-0010-0405-0000-0000000ff1ce}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000ff1ce}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000ff1ce}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000ff1ce}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000ff1ce}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001a-0405-0000-0000000ff1ce}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001b-0405-0000-0000000ff1ce}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001f-0405-0000-0000000ff1ce}" = Microsoft Office Proof (Czech) 2007
"{90120000-001f-0407-0000-0000000ff1ce}" = Microsoft Office Proof (German) 2007
"{90120000-001f-0409-0000-0000000ff1ce}" = Microsoft Office Proof (English) 2007
"{90120000-001f-041b-0000-0000000ff1ce}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002c-0405-0000-0000000ff1ce}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000ff1ce}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000ff1ce}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006e-0405-0000-0000000ff1ce}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00a1-0405-0000-0000000ff1ce}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00ba-0405-0000-0000000ff1ce}" = Microsoft Office Groove MUI (Czech) 2007
"{a99968be-c155-474c-0089-33239dee1ce2}" = Need For Speed Underground
"{AC76BA86-7AD7-1029-7B44-A81200000003}" = Adobe Reader 8 - Czech
"{BE27845A-6438-4DCF-AE3D-44EC96CB31CA}" = honestech TVR
"{c679f9b9-c65d-4c65-bd6c-bf90b859e281}" = Trust 100K Series Webcam
"{C8734F86-3A91-4C0E-81F2-EAB5C1595057}" = Staň se světošlápkem
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{dbb7f606-0c13-4182-ad7f-427a4773580e}" = VibrateGameDeviceDriver
"{dbc3fdec-d5f4-439c-9a18-ef454a74e3de}_is1" = NOD32 FiX
"{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}" = Yahoo! Desktop Login
"101 Dino Pets" = 101 Dino Pets 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"BSPlayer1" = BSPlayer
"CDex" = CDex extraction audio
"Clipart" = Microsoft Clipart Extra
"C-Media Audio Driver" = C-Media WDM Audio Driver
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.2.8
"DVD Shrink_is1" = DVD Shrink 3.2
"enterprise" = Microsoft Office Enterprise 2007
"free mp3 wma wav converter_is1" = Free MP3 WMA WAV Converter v2.0
"HijackThis" = HijackThis 2.0.2
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0 Demo
"installshield_{79a933c8-e333-4d8d-9d5c-86945715e532}" = Auta
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"mozilla firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"nod32" = Antivirový systém NOD32
"NVIDIA Drivers" = NVIDIA Drivers
"Szkola" = Ideme do školy
"Totalcmd" = Total Commander (Remove or Repair)
"ts Český jazyk i (plná instalace)" = TS Český jazyk I (plná instalace)
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 29.4.2008 11:18:14 | Computer Name = ROSTA-DSX4BF | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2900.2180, chybující modul
mshtml.dll, verze 6.0.2900.2180, adresa chyby 0x00052bd0.
Error - 4.5.2008 3:09:45 | Computer Name = ROSTA-DSX4BF | Source = Application Error | ID = 1000
Description = Chybující aplikace safari kids.exe, verze 1.0.0.1, chybující modul
mmswitch.ax, verze 0.9.9.0, adresa chyby 0x00001b30.
Error - 14.5.2008 14:02:47 | Computer Name = ROSTA-DSX4BF | Source = Application Error | ID = 1000
Description = Chybující aplikace safari kids.exe, verze 1.0.0.1, chybující modul
mmswitch.ax, verze 0.9.9.0, adresa chyby 0x00001b30.
Error - 21.5.2008 8:44:57 | Computer Name = ROSTA-DSX4BF | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2900.2180, chybující modul
ntdll.dll, verze 5.1.2600.2180, adresa chyby 0x00018fea.
Error - 4.6.2008 12:18:33 | Computer Name = ROSTA-DSX4BF | Source = Application Error | ID = 1000
Description = Chybující aplikace safari kids.exe, verze 1.0.0.1, chybující modul
mmswitch.ax, verze 0.9.9.0, adresa chyby 0x00001b30.
Error - 4.6.2008 12:48:51 | Computer Name = ROSTA-DSX4BF | Source = Application Error | ID = 1000
Description = Chybující aplikace safari kids.exe, verze 1.0.0.1, chybující modul
mmswitch.ax, verze 0.9.9.0, adresa chyby 0x00001b30.
Error - 4.6.2008 13:13:15 | Computer Name = ROSTA-DSX4BF | Source = Application Error | ID = 1000
Description = Chybující aplikace safari kids.exe, verze 1.0.0.1, chybující modul
mmswitch.ax, verze 0.9.9.0, adresa chyby 0x00001b30.
Error - 12.6.2008 15:08:13 | Computer Name = ROSTA-DSX4BF | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2900.2180, chybující modul
ntdll.dll, verze 5.1.2600.2180, adresa chyby 0x00018fea.
Error - 8.7.2008 13:31:25 | Computer Name = ROSTA-DSX4BF | Source = Application Error | ID = 1000
Description = Chybující aplikace szkola.exe, verze 1.0.0.1, chybující modul piklib42.dll,
verze 0.0.0.0, adresa chyby 0x0001ede4.
Error - 10.9.2008 11:25:42 | Computer Name = ROSTA-DSX4BF | Source = Application Error | ID = 1000
Description = Chybující aplikace wmplayer.exe, verze 9.0.0.3250, chybující modul
neamr.dll, verze 4.5.9.0, adresa chyby 0x00001264.
[ System Events ]
Error - 22.9.2007 6:13:49 | Computer Name = ROSTA-DSX4BF | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.
Error - 22.9.2007 6:13:54 | Computer Name = ROSTA-DSX4BF | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.
Error - 22.9.2007 6:14:00 | Computer Name = ROSTA-DSX4BF | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.
Error - 22.9.2007 6:14:07 | Computer Name = ROSTA-DSX4BF | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.
Error - 22.9.2007 6:14:14 | Computer Name = ROSTA-DSX4BF | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.
Error - 22.9.2007 6:14:20 | Computer Name = ROSTA-DSX4BF | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.
Error - 22.9.2007 6:14:27 | Computer Name = ROSTA-DSX4BF | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.
Error - 23.9.2007 15:27:33 | Computer Name = ROSTA-DSX4BF | Source = Service Control Manager | ID = 7000
Description = Služba Ovladač paralelního portu neuspěla při spuštění v důsledku
následující chyby: %%1058
Error - 23.9.2007 15:28:25 | Computer Name = ROSTA-DSX4BF | Source = Windows Update Agent | ID = 16
Description = Připojení se nezdařilo: Připojení ke službě automatických aktualizací
nelze navázat. Stažení a instalaci aktualizací podle tohoto plánu nelze spustit.
Pokus o navázání spojení bude opakován.
Error - 24.9.2007 3:03:03 | Computer Name = ROSTA-DSX4BF | Source = Service Control Manager | ID = 7000
Description = Služba Ovladač paralelního portu neuspěla při spuštění v důsledku
následující chyby: %%1058
< End of report >
OTL Extras logfile created on: 17.4.2010 10:24:21 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = D:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
511,00 Mb Total Physical Memory | 308,00 Mb Available Physical Memory | 60,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 10,22 Gb Total Space | 3,33 Gb Free Space | 32,60% Space Free | Partition Type: NTFS
Drive D: | 101,57 Gb Total Space | 12,60 Gb Free Space | 12,41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ROSTA-DSX4BF
Current User Name: Rostislav Drápal
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-1085031214-630328440-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [onenote.open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe" = C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe:*:Enabled:Speed -- File not found
"C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe" = C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe:*:Enabled:WolfMP -- File not found
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe" = C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe" = C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile -- ( )
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe" = C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found
"D:\Hry\medal of honor\MOHAA.exe" = D:\Hry\medal of honor\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault -- (Electronic Arts Inc.)
"D:\Programy\netconwatcher\NetConWatcher.exe" = D:\Programy\netconwatcher\NetConWatcher.exe:*:Enabled:Network Connection Watcher -- File not found
"F:\Hry\blobby\volley.exe" = F:\Hry\blobby\volley.exe:*:Enabled:volley -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"D:\Hry\need for speed 7\Speed.exe" = D:\Hry\need for speed 7\Speed.exe:*:Enabled:Speed -- ()
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001b4fd-9ea3-4d90-a79e-fd14ba3ab01d}" = PDFCreator
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}" = Studio 11
"{2F952048-3220-4AC7-A206-D01EFC774BB2}" = Studio 11
"{350C97C4-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40261D0A-A385-4C1A-A7DE-5F270D9B1029}" = Nero 7 Ultra Edition
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{5783F2D7-4005-0405-0002-0060B0CE6BBA}" = AutoCAD Mechanical 2006
"{5791b7d3-8b34-4218-9750-6a8e45d0ad32}" = pdfforge Toolbar v1.1.2
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{79a933c8-e333-4d8d-9d5c-86945715e532}" = Auta
"{89f4137d-6c26-4a84-bdb8-2e5a4bb71e00}" = Microsoft Silverlight
"{90120000-0010-0405-0000-0000000ff1ce}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000ff1ce}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000ff1ce}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000ff1ce}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000ff1ce}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001a-0405-0000-0000000ff1ce}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001b-0405-0000-0000000ff1ce}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001f-0405-0000-0000000ff1ce}" = Microsoft Office Proof (Czech) 2007
"{90120000-001f-0407-0000-0000000ff1ce}" = Microsoft Office Proof (German) 2007
"{90120000-001f-0409-0000-0000000ff1ce}" = Microsoft Office Proof (English) 2007
"{90120000-001f-041b-0000-0000000ff1ce}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002c-0405-0000-0000000ff1ce}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000ff1ce}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000ff1ce}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006e-0405-0000-0000000ff1ce}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00a1-0405-0000-0000000ff1ce}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00ba-0405-0000-0000000ff1ce}" = Microsoft Office Groove MUI (Czech) 2007
"{a99968be-c155-474c-0089-33239dee1ce2}" = Need For Speed Underground
"{AC76BA86-7AD7-1029-7B44-A81200000003}" = Adobe Reader 8 - Czech
"{BE27845A-6438-4DCF-AE3D-44EC96CB31CA}" = honestech TVR
"{c679f9b9-c65d-4c65-bd6c-bf90b859e281}" = Trust 100K Series Webcam
"{C8734F86-3A91-4C0E-81F2-EAB5C1595057}" = Staň se světošlápkem
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{dbb7f606-0c13-4182-ad7f-427a4773580e}" = VibrateGameDeviceDriver
"{dbc3fdec-d5f4-439c-9a18-ef454a74e3de}_is1" = NOD32 FiX
"{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}" = Yahoo! Desktop Login
"101 Dino Pets" = 101 Dino Pets 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"BSPlayer1" = BSPlayer
"CDex" = CDex extraction audio
"Clipart" = Microsoft Clipart Extra
"C-Media Audio Driver" = C-Media WDM Audio Driver
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.2.8
"DVD Shrink_is1" = DVD Shrink 3.2
"enterprise" = Microsoft Office Enterprise 2007
"free mp3 wma wav converter_is1" = Free MP3 WMA WAV Converter v2.0
"HijackThis" = HijackThis 2.0.2
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0 Demo
"installshield_{79a933c8-e333-4d8d-9d5c-86945715e532}" = Auta
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"mozilla firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"nod32" = Antivirový systém NOD32
"NVIDIA Drivers" = NVIDIA Drivers
"Szkola" = Ideme do školy
"Totalcmd" = Total Commander (Remove or Repair)
"ts Český jazyk i (plná instalace)" = TS Český jazyk I (plná instalace)
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 29.4.2008 11:18:14 | Computer Name = ROSTA-DSX4BF | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2900.2180, chybující modul
mshtml.dll, verze 6.0.2900.2180, adresa chyby 0x00052bd0.
Error - 4.5.2008 3:09:45 | Computer Name = ROSTA-DSX4BF | Source = Application Error | ID = 1000
Description = Chybující aplikace safari kids.exe, verze 1.0.0.1, chybující modul
mmswitch.ax, verze 0.9.9.0, adresa chyby 0x00001b30.
Error - 14.5.2008 14:02:47 | Computer Name = ROSTA-DSX4BF | Source = Application Error | ID = 1000
Description = Chybující aplikace safari kids.exe, verze 1.0.0.1, chybující modul
mmswitch.ax, verze 0.9.9.0, adresa chyby 0x00001b30.
Error - 21.5.2008 8:44:57 | Computer Name = ROSTA-DSX4BF | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2900.2180, chybující modul
ntdll.dll, verze 5.1.2600.2180, adresa chyby 0x00018fea.
Error - 4.6.2008 12:18:33 | Computer Name = ROSTA-DSX4BF | Source = Application Error | ID = 1000
Description = Chybující aplikace safari kids.exe, verze 1.0.0.1, chybující modul
mmswitch.ax, verze 0.9.9.0, adresa chyby 0x00001b30.
Error - 4.6.2008 12:48:51 | Computer Name = ROSTA-DSX4BF | Source = Application Error | ID = 1000
Description = Chybující aplikace safari kids.exe, verze 1.0.0.1, chybující modul
mmswitch.ax, verze 0.9.9.0, adresa chyby 0x00001b30.
Error - 4.6.2008 13:13:15 | Computer Name = ROSTA-DSX4BF | Source = Application Error | ID = 1000
Description = Chybující aplikace safari kids.exe, verze 1.0.0.1, chybující modul
mmswitch.ax, verze 0.9.9.0, adresa chyby 0x00001b30.
Error - 12.6.2008 15:08:13 | Computer Name = ROSTA-DSX4BF | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2900.2180, chybující modul
ntdll.dll, verze 5.1.2600.2180, adresa chyby 0x00018fea.
Error - 8.7.2008 13:31:25 | Computer Name = ROSTA-DSX4BF | Source = Application Error | ID = 1000
Description = Chybující aplikace szkola.exe, verze 1.0.0.1, chybující modul piklib42.dll,
verze 0.0.0.0, adresa chyby 0x0001ede4.
Error - 10.9.2008 11:25:42 | Computer Name = ROSTA-DSX4BF | Source = Application Error | ID = 1000
Description = Chybující aplikace wmplayer.exe, verze 9.0.0.3250, chybující modul
neamr.dll, verze 4.5.9.0, adresa chyby 0x00001264.
[ System Events ]
Error - 22.9.2007 6:13:49 | Computer Name = ROSTA-DSX4BF | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.
Error - 22.9.2007 6:13:54 | Computer Name = ROSTA-DSX4BF | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.
Error - 22.9.2007 6:14:00 | Computer Name = ROSTA-DSX4BF | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.
Error - 22.9.2007 6:14:07 | Computer Name = ROSTA-DSX4BF | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.
Error - 22.9.2007 6:14:14 | Computer Name = ROSTA-DSX4BF | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.
Error - 22.9.2007 6:14:20 | Computer Name = ROSTA-DSX4BF | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.
Error - 22.9.2007 6:14:27 | Computer Name = ROSTA-DSX4BF | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.
Error - 23.9.2007 15:27:33 | Computer Name = ROSTA-DSX4BF | Source = Service Control Manager | ID = 7000
Description = Služba Ovladač paralelního portu neuspěla při spuštění v důsledku
následující chyby: %%1058
Error - 23.9.2007 15:28:25 | Computer Name = ROSTA-DSX4BF | Source = Windows Update Agent | ID = 16
Description = Připojení se nezdařilo: Připojení ke službě automatických aktualizací
nelze navázat. Stažení a instalaci aktualizací podle tohoto plánu nelze spustit.
Pokus o navázání spojení bude opakován.
Error - 24.9.2007 3:03:03 | Computer Name = ROSTA-DSX4BF | Source = Service Control Manager | ID = 7000
Description = Služba Ovladač paralelního portu neuspěla při spuštění v důsledku
následující chyby: %%1058
< End of report >
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Malware - Security tool - log z RSIT
Podle pravidel fóra se zde nelegálním softwarem nezabýváme (nelegální programy představují bezpečnostní hrozbu).
Obstarejte si legální zabezpečení PC (antivir, firewall), poté sem vložte nový log z RSIT a log z CKScanner.
Vyberte si třeba free Aviru nebo Avast + nějaký firewall (doporučuji ZoneAlarm) http://www.viry.cz/forum/viewtopic.php?f=29&t=6152 + http://www.viry.cz/forum/viewtopic.php?f=41&t=6523
Stáhněte na plochu CKScanner http://downloads.malwareremoval.com/CKScanner.exe
Obstarejte si legální zabezpečení PC (antivir, firewall), poté sem vložte nový log z RSIT a log z CKScanner.
Vyberte si třeba free Aviru nebo Avast + nějaký firewall (doporučuji ZoneAlarm) http://www.viry.cz/forum/viewtopic.php?f=29&t=6152 + http://www.viry.cz/forum/viewtopic.php?f=41&t=6523
Stáhněte na plochu CKScanner http://downloads.malwareremoval.com/CKScanner.exe- Spusťte a klikněte na "Search For Files", po dokončení skenu klikněte na "Save List to File" -> "OK"
- Log s názvem ckfiles.txt bude uložený na ploše, obsah tohoto souboru sem vložte.
Re: Malware - Security tool - log z RSIT
Na moje doporučení a na základě této skutečnosti už je v řešení,
bude zabezpečeno orig. NOD32 + Agnitum Outpost firewall.
Ovšem nejdřív musíme odstranit toto, nerad bych dělal reinstal.
Bude to možné ???
bude zabezpečeno orig. NOD32 + Agnitum Outpost firewall.
Ovšem nejdřív musíme odstranit toto, nerad bych dělal reinstal.
Bude to možné ???
Re: Malware - Security tool - log z RSIT
KScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----
scanner sequence 3.MN.11
----- EOF -----
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Malware - Security tool - log z RSIT
Ok, odstraňte z PC ten nelegální NOD32 a dejte nový log z RSIT.
Re: Malware - Security tool - log z RSIT
Logfile of random's system information tool 1.06 (written by random/random)
Run by Rostislav Drápal at 2010-04-17 11:21:40
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (33%) free of 10 GB
Total RAM: 511 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:45, on 17.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Rostislav Drápal\Plocha\RSIT.exe
C:\Program Files\trend micro\Rostislav Drápal.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (file missing)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: pdfforge Toolbar - {b922d405-6d13-4a2b-ae89-08a030da4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (file missing)
O2 - BHO: (no name) - {e312764e-7706-43f1-8dab-fcdd2b1e416d} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (file missing)
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (file missing)
O4 - HKLM\..\Run: [TV Card Remote Control Applet] C:\WINDOWS\878RMT.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [36879538] C:\DOCUME~1\ALLUSE~1\DATAAP~2\36879538\36879538.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Scheduler for OEM.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe
O8 - Extra context menu item: e&xportovat do aplikace microsoft excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4085624765
O17 - HKLM\System\CCS\Services\Tcpip\..\{C70C52F0-AB71-48E6-9B9C-96BC1E7683F2}: NameServer = 194.228.41.65,194.228.41.113
O18 - Protocol: groovelocalgws - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Application Updater (application updater) - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Služba inteligentního přenosu na pozadí BITSRpcSs (BITSRpcSs) - Unknown owner - .exe (file missing)
O23 - Service: Indexing Service cisvcNVSvc (cisvcNVSvc) - Unknown owner - .exe (file missing)
O23 - Service: Síťová schránka ClipSrvEventSystem (ClipSrvEventSystem) - Unknown owner - .exe (file missing)
O23 - Service: Kurýrní služba MessengerPCLEPCI (MessengerPCLEPCI) - Unknown owner - .exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Síťová připojení NetmanVSS (NetmanVSS) - Unknown owner - .exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Směrování a vzdálený přístup RemoteAccess Licensing Service (RemoteAccess Licensing Service) - Unknown owner - .exe (file missing)
O23 - Service: Telefonní subsystém TapiSrvImapiService (TapiSrvImapiService) - Unknown owner - .exe (file missing)
O23 - Service: Motivy ThemesSpooler (ThemesSpooler) - Unknown owner - .exe (file missing)
O23 - Service: Hostitel zařízení UPnP upnphostxmlprov (upnphostxmlprov) - Unknown owner - .exe (file missing)
O23 - Service: Centrum zabezpečení wscsvcTermService (wscsvcTermService) - Unknown owner - .exe (file missing)
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\
--
End of file - 7881 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30c5-4d22-b7f9-0bbc1d38a37e}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b922d405-6d13-4a2b-ae89-08a030da4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e312764e-7706-43f1-8dab-fcdd2b1e416d}]
C:\Program Files\pdfforge Toolbar\SearchSettings.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TV Card Remote Control Applet"=C:\WINDOWS\878RMT.exe [2005-05-20 401408]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-08-02 7110656]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-08-02 86016]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"USBToolTip"=C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [2007-02-20 199752]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2007-02-13 35328]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"RTBatteryMeter"=C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe [2003-01-16 49152]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"PAC207_Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2007-12-10 323584]
"Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2007-12-10 323584]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"36879538"=C:\DOCUME~1\ALLUSE~1\DATAAP~2\36879538\36879538.exe [2010-04-14 1171968]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-09-13 139264]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]
"LaunchList"=C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe [2007-03-21 145496]
C:\Documents and Settings\All Users\Application Data\Microsoft\Shortcuts
Akcelerátor spuštění AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
Scheduler for OEM.lnk - C:\Program Files\honestech\honestech TVR\scheduleTV.exe
C:\Documents and Settings\Rostislav Drápal\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lmiinit]
C:\WINDOWS\system32\LMIinit.dll [2008-10-02 87352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qva15.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vbf58.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjo05.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winms73.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Qva15.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Vbf58.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winjo05.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winms73.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe"="C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe:*:Enabled:Speed"
"C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe"="C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe:*:Enabled:WolfMP"
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"D:\Hry\medal of honor\MOHAA.exe"="D:\Hry\medal of honor\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"D:\Programy\netconwatcher\NetConWatcher.exe"="D:\Programy\netconwatcher\NetConWatcher.exe:*:Enabled:Network Connection Watcher"
"F:\Hry\blobby\volley.exe"="F:\Hry\blobby\volley.exe:*:Enabled:volley"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\Hry\need for speed 7\Speed.exe"="D:\Hry\need for speed 7\Speed.exe:*:Enabled:Speed"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======File associations======
.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2010-04-17 10:07:51 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-04-15 19:39:06 ----D---- C:\Program Files\trend micro
2010-04-15 19:39:05 ----D---- C:\rsit
2010-04-15 18:58:21 ----SHD---- C:\WINDOWS\CSC
2010-04-14 20:00:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\36879538
2010-04-11 13:35:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
======List of files/folders modified in the last 1 months======
2010-04-17 11:21:22 ----AC---- C:\WINDOWS\ntbtlog.txt
2010-04-17 11:20:58 ----D---- C:\WINDOWS\system32
2010-04-17 11:20:58 ----D---- C:\Program Files\Eset
2010-04-17 10:18:59 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-17 10:13:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-17 10:09:37 ----D---- C:\WINDOWS\Temp
2010-04-17 10:07:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-17 10:07:55 ----D---- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Skype
2010-04-17 10:07:54 ----D---- C:\WINDOWS
2010-04-17 10:07:24 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-15 19:39:06 ----D---- C:\Program Files
2010-04-15 18:56:18 ----D---- C:\WINDOWS\Prefetch
2010-04-15 17:03:01 ----A---- C:\WINDOWS\wincmd.ini
2010-04-15 16:52:04 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-14 20:40:40 ----D---- C:\Program Files\pdfforge Toolbar
2010-04-14 20:00:21 ----D---- C:\WINDOWS\system32\drivers
2010-04-04 16:18:25 ----D---- C:\Program Files\Mozilla Firefox
2010-04-03 09:24:02 ----A---- C:\WINDOWS\win.ini
2010-03-21 20:44:31 ----D---- C:\WINDOWS\system
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R3 afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 dyncal;Dynamic Calibration Service; C:\WINDOWS\system32\drivers\Dyncal.sys [2007-05-21 21168]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-01-22 9856]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 8de2ebef;8de2ebef; C:\WINDOWS\System32\drivers\8de2ebef.sys []
S1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
S2 878TVCard;Bt878 TV Card - Video Capture; C:\WINDOWS\system32\drivers\Bt878.sys [2006-05-21 214692]
S2 878TVTuner;Bt878 TV Card - TV Tuner; C:\WINDOWS\system32\drivers\BtTuner.sys [2006-05-21 12160]
S2 878Xbar;Bt878 TV Card - Crossbar; C:\WINDOWS\system32\drivers\BtXbar.sys [2006-05-21 8704]
S2 lmiinfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S2 lmirfsdriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-04 48128]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-17 60800]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-04 38912]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-08-23 821760]
S3 dsaudiodevice_207;DsAudioDevice_207; C:\WINDOWS\system32\drivers\DsAudioDevice_207.sys [2009-01-08 16640]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 gkmixern;gkmixern; \??\C:\DOCUME~1\ROSTIS~1\LOCALS~1\Temp\gkmixern.sys []
S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-04 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-17 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-17 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-08-02 3198560]
S3 pac207;Trust 100K Series Webcam; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 lmirfsclientnp;LMIRfsClientNP; C:\WINDOWS\system32\drivers\lmirfsclientnp.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 application updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
S2 BITSRpcSs;Služba inteligentního přenosu na pozadí BITSRpcSs; srv []
S2 cisvcNVSvc;Indexing Service cisvcNVSvc; srv []
S2 ClipSrvEventSystem;Síťová schránka ClipSrvEventSystem; srv []
S2 MessengerPCLEPCI;Kurýrní služba MessengerPCLEPCI; srv []
S2 NetmanVSS;Síťová připojení NetmanVSS; srv []
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-08-02 127043]
S2 PCLEPCI;PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [2005-02-09 14165]
S2 RemoteAccess Licensing Service;Směrování a vzdálený přístup RemoteAccess Licensing Service; srv []
S2 TapiSrvImapiService;Telefonní subsystém TapiSrvImapiService; srv []
S2 ThemesSpooler;Motivy ThemesSpooler; srv []
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 upnphostxmlprov;Hostitel zařízení UPnP upnphostxmlprov; srv []
S2 wscsvcTermService;Centrum zabezpečení wscsvcTermService; srv []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-09-11 77944]
S3 microsoft office groove audit service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-09-12 724992]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------
Run by Rostislav Drápal at 2010-04-17 11:21:40
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (33%) free of 10 GB
Total RAM: 511 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:45, on 17.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Rostislav Drápal\Plocha\RSIT.exe
C:\Program Files\trend micro\Rostislav Drápal.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (file missing)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: pdfforge Toolbar - {b922d405-6d13-4a2b-ae89-08a030da4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (file missing)
O2 - BHO: (no name) - {e312764e-7706-43f1-8dab-fcdd2b1e416d} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (file missing)
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (file missing)
O4 - HKLM\..\Run: [TV Card Remote Control Applet] C:\WINDOWS\878RMT.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [36879538] C:\DOCUME~1\ALLUSE~1\DATAAP~2\36879538\36879538.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Scheduler for OEM.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe
O8 - Extra context menu item: e&xportovat do aplikace microsoft excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4085624765
O17 - HKLM\System\CCS\Services\Tcpip\..\{C70C52F0-AB71-48E6-9B9C-96BC1E7683F2}: NameServer = 194.228.41.65,194.228.41.113
O18 - Protocol: groovelocalgws - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Application Updater (application updater) - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Služba inteligentního přenosu na pozadí BITSRpcSs (BITSRpcSs) - Unknown owner - .exe (file missing)
O23 - Service: Indexing Service cisvcNVSvc (cisvcNVSvc) - Unknown owner - .exe (file missing)
O23 - Service: Síťová schránka ClipSrvEventSystem (ClipSrvEventSystem) - Unknown owner - .exe (file missing)
O23 - Service: Kurýrní služba MessengerPCLEPCI (MessengerPCLEPCI) - Unknown owner - .exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Síťová připojení NetmanVSS (NetmanVSS) - Unknown owner - .exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Směrování a vzdálený přístup RemoteAccess Licensing Service (RemoteAccess Licensing Service) - Unknown owner - .exe (file missing)
O23 - Service: Telefonní subsystém TapiSrvImapiService (TapiSrvImapiService) - Unknown owner - .exe (file missing)
O23 - Service: Motivy ThemesSpooler (ThemesSpooler) - Unknown owner - .exe (file missing)
O23 - Service: Hostitel zařízení UPnP upnphostxmlprov (upnphostxmlprov) - Unknown owner - .exe (file missing)
O23 - Service: Centrum zabezpečení wscsvcTermService (wscsvcTermService) - Unknown owner - .exe (file missing)
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\
--
End of file - 7881 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30c5-4d22-b7f9-0bbc1d38a37e}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b922d405-6d13-4a2b-ae89-08a030da4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e312764e-7706-43f1-8dab-fcdd2b1e416d}]
C:\Program Files\pdfforge Toolbar\SearchSettings.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TV Card Remote Control Applet"=C:\WINDOWS\878RMT.exe [2005-05-20 401408]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-08-02 7110656]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-08-02 86016]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"USBToolTip"=C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [2007-02-20 199752]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2007-02-13 35328]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"RTBatteryMeter"=C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe [2003-01-16 49152]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"PAC207_Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2007-12-10 323584]
"Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2007-12-10 323584]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"36879538"=C:\DOCUME~1\ALLUSE~1\DATAAP~2\36879538\36879538.exe [2010-04-14 1171968]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-09-13 139264]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]
"LaunchList"=C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe [2007-03-21 145496]
C:\Documents and Settings\All Users\Application Data\Microsoft\Shortcuts
Akcelerátor spuštění AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
Scheduler for OEM.lnk - C:\Program Files\honestech\honestech TVR\scheduleTV.exe
C:\Documents and Settings\Rostislav Drápal\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lmiinit]
C:\WINDOWS\system32\LMIinit.dll [2008-10-02 87352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qva15.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vbf58.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjo05.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winms73.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Qva15.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Vbf58.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winjo05.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winms73.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe"="C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe:*:Enabled:Speed"
"C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe"="C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe:*:Enabled:WolfMP"
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"D:\Hry\medal of honor\MOHAA.exe"="D:\Hry\medal of honor\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"D:\Programy\netconwatcher\NetConWatcher.exe"="D:\Programy\netconwatcher\NetConWatcher.exe:*:Enabled:Network Connection Watcher"
"F:\Hry\blobby\volley.exe"="F:\Hry\blobby\volley.exe:*:Enabled:volley"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\Hry\need for speed 7\Speed.exe"="D:\Hry\need for speed 7\Speed.exe:*:Enabled:Speed"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======File associations======
.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2010-04-17 10:07:51 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-04-15 19:39:06 ----D---- C:\Program Files\trend micro
2010-04-15 19:39:05 ----D---- C:\rsit
2010-04-15 18:58:21 ----SHD---- C:\WINDOWS\CSC
2010-04-14 20:00:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\36879538
2010-04-11 13:35:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
======List of files/folders modified in the last 1 months======
2010-04-17 11:21:22 ----AC---- C:\WINDOWS\ntbtlog.txt
2010-04-17 11:20:58 ----D---- C:\WINDOWS\system32
2010-04-17 11:20:58 ----D---- C:\Program Files\Eset
2010-04-17 10:18:59 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-17 10:13:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-17 10:09:37 ----D---- C:\WINDOWS\Temp
2010-04-17 10:07:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-17 10:07:55 ----D---- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Skype
2010-04-17 10:07:54 ----D---- C:\WINDOWS
2010-04-17 10:07:24 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-15 19:39:06 ----D---- C:\Program Files
2010-04-15 18:56:18 ----D---- C:\WINDOWS\Prefetch
2010-04-15 17:03:01 ----A---- C:\WINDOWS\wincmd.ini
2010-04-15 16:52:04 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-14 20:40:40 ----D---- C:\Program Files\pdfforge Toolbar
2010-04-14 20:00:21 ----D---- C:\WINDOWS\system32\drivers
2010-04-04 16:18:25 ----D---- C:\Program Files\Mozilla Firefox
2010-04-03 09:24:02 ----A---- C:\WINDOWS\win.ini
2010-03-21 20:44:31 ----D---- C:\WINDOWS\system
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R3 afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 dyncal;Dynamic Calibration Service; C:\WINDOWS\system32\drivers\Dyncal.sys [2007-05-21 21168]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-01-22 9856]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 8de2ebef;8de2ebef; C:\WINDOWS\System32\drivers\8de2ebef.sys []
S1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
S2 878TVCard;Bt878 TV Card - Video Capture; C:\WINDOWS\system32\drivers\Bt878.sys [2006-05-21 214692]
S2 878TVTuner;Bt878 TV Card - TV Tuner; C:\WINDOWS\system32\drivers\BtTuner.sys [2006-05-21 12160]
S2 878Xbar;Bt878 TV Card - Crossbar; C:\WINDOWS\system32\drivers\BtXbar.sys [2006-05-21 8704]
S2 lmiinfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S2 lmirfsdriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-04 48128]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-17 60800]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-04 38912]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-08-23 821760]
S3 dsaudiodevice_207;DsAudioDevice_207; C:\WINDOWS\system32\drivers\DsAudioDevice_207.sys [2009-01-08 16640]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 gkmixern;gkmixern; \??\C:\DOCUME~1\ROSTIS~1\LOCALS~1\Temp\gkmixern.sys []
S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-04 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-17 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-17 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-08-02 3198560]
S3 pac207;Trust 100K Series Webcam; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 lmirfsclientnp;LMIRfsClientNP; C:\WINDOWS\system32\drivers\lmirfsclientnp.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 application updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
S2 BITSRpcSs;Služba inteligentního přenosu na pozadí BITSRpcSs; srv []
S2 cisvcNVSvc;Indexing Service cisvcNVSvc; srv []
S2 ClipSrvEventSystem;Síťová schránka ClipSrvEventSystem; srv []
S2 MessengerPCLEPCI;Kurýrní služba MessengerPCLEPCI; srv []
S2 NetmanVSS;Síťová připojení NetmanVSS; srv []
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-08-02 127043]
S2 PCLEPCI;PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [2005-02-09 14165]
S2 RemoteAccess Licensing Service;Směrování a vzdálený přístup RemoteAccess Licensing Service; srv []
S2 TapiSrvImapiService;Telefonní subsystém TapiSrvImapiService; srv []
S2 ThemesSpooler;Motivy ThemesSpooler; srv []
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 upnphostxmlprov;Hostitel zařízení UPnP upnphostxmlprov; srv []
S2 wscsvcTermService;Centrum zabezpečení wscsvcTermService; srv []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-09-11 77944]
S3 microsoft office groove audit service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-09-12 724992]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Malware - Security tool - log z RSIT
Spusťte OTL a do spodního okna vložte následující skript.
Kód: Vybrat vše
:OTL
SRV - File not found [Auto | Stopped] -- -- (wscsvcTermService)
SRV - File not found [Auto | Stopped] -- -- (upnphostxmlprov)
SRV - File not found [Auto | Stopped] -- -- (ThemesSpooler)
SRV - File not found [Auto | Stopped] -- -- (TapiSrvImapiService)
SRV - File not found [Auto | Stopped] -- -- (RemoteAccess Licensing Service)
SRV - File not found [Auto | Stopped] -- -- (NetmanVSS)
SRV - File not found [Auto | Stopped] -- -- (MessengerPCLEPCI)
SRV - File not found [Auto | Stopped] -- -- (ClipSrvEventSystem)
SRV - File not found [Auto | Stopped] -- -- (cisvcNVSvc)
SRV - File not found [Auto | Stopped] -- -- (BITSRpcSs)
- [2010.04.15 14:32:20 | 000,000,000 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\fdjeso.sys -- (fdjeso)
O2 - BHO: (pdfforge Toolbar) - {b922d405-6d13-4a2b-ae89-08a030da4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll File not found
O2 - BHO: (no name) - {e312764e-7706-43f1-8dab-fcdd2b1e416d} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll File not found
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll File not found
O4 - HKLM..\Run: [36879538] C:\Documents and Settings\All Users\Data aplikací\36879538\36879538.exe ()
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O15 - HKU\S-1-5-21-1085031214-630328440-682003330-1003\..Trusted Domains: ([]msn in Tento počítač)
[2010.04.14 20:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\36879538
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[17 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2010.04.17 10:06:40 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\Security Tool.lnk
[2010.04.15 14:32:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\fdjeso.sys
[2008.01.16 17:56:01 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2010.01.18 18:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Search Settings
[2004.11.05 23:23:55 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qva15.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vbf58.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjo05.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winms73.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Qva15.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Vbf58.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winjo05.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winms73.sys]
:Commands
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]
Re: Malware - Security tool - log z RSIT
Logfile of random's system information tool 1.06 (written by random/random)
Run by Rostislav Drápal at 2010-04-17 11:21:40
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (33%) free of 10 GB
Total RAM: 511 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:45, on 17.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Rostislav Drápal\Plocha\RSIT.exe
C:\Program Files\trend micro\Rostislav Drápal.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (file missing)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: pdfforge Toolbar - {b922d405-6d13-4a2b-ae89-08a030da4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (file missing)
O2 - BHO: (no name) - {e312764e-7706-43f1-8dab-fcdd2b1e416d} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (file missing)
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (file missing)
O4 - HKLM\..\Run: [TV Card Remote Control Applet] C:\WINDOWS\878RMT.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [36879538] C:\DOCUME~1\ALLUSE~1\DATAAP~2\36879538\36879538.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Scheduler for OEM.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe
O8 - Extra context menu item: e&xportovat do aplikace microsoft excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4085624765
O17 - HKLM\System\CCS\Services\Tcpip\..\{C70C52F0-AB71-48E6-9B9C-96BC1E7683F2}: NameServer = 194.228.41.65,194.228.41.113
O18 - Protocol: groovelocalgws - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Application Updater (application updater) - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Služba inteligentního přenosu na pozadí BITSRpcSs (BITSRpcSs) - Unknown owner - .exe (file missing)
O23 - Service: Indexing Service cisvcNVSvc (cisvcNVSvc) - Unknown owner - .exe (file missing)
O23 - Service: Síťová schránka ClipSrvEventSystem (ClipSrvEventSystem) - Unknown owner - .exe (file missing)
O23 - Service: Kurýrní služba MessengerPCLEPCI (MessengerPCLEPCI) - Unknown owner - .exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Síťová připojení NetmanVSS (NetmanVSS) - Unknown owner - .exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Směrování a vzdálený přístup RemoteAccess Licensing Service (RemoteAccess Licensing Service) - Unknown owner - .exe (file missing)
O23 - Service: Telefonní subsystém TapiSrvImapiService (TapiSrvImapiService) - Unknown owner - .exe (file missing)
O23 - Service: Motivy ThemesSpooler (ThemesSpooler) - Unknown owner - .exe (file missing)
O23 - Service: Hostitel zařízení UPnP upnphostxmlprov (upnphostxmlprov) - Unknown owner - .exe (file missing)
O23 - Service: Centrum zabezpečení wscsvcTermService (wscsvcTermService) - Unknown owner - .exe (file missing)
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\
--
End of file - 7881 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30c5-4d22-b7f9-0bbc1d38a37e}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b922d405-6d13-4a2b-ae89-08a030da4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e312764e-7706-43f1-8dab-fcdd2b1e416d}]
C:\Program Files\pdfforge Toolbar\SearchSettings.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TV Card Remote Control Applet"=C:\WINDOWS\878RMT.exe [2005-05-20 401408]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-08-02 7110656]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-08-02 86016]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"USBToolTip"=C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [2007-02-20 199752]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2007-02-13 35328]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"RTBatteryMeter"=C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe [2003-01-16 49152]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"PAC207_Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2007-12-10 323584]
"Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2007-12-10 323584]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"36879538"=C:\DOCUME~1\ALLUSE~1\DATAAP~2\36879538\36879538.exe [2010-04-14 1171968]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-09-13 139264]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]
"LaunchList"=C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe [2007-03-21 145496]
C:\Documents and Settings\All Users\Application Data\Microsoft\Shortcuts
Akcelerátor spuštění AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
Scheduler for OEM.lnk - C:\Program Files\honestech\honestech TVR\scheduleTV.exe
C:\Documents and Settings\Rostislav Drápal\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lmiinit]
C:\WINDOWS\system32\LMIinit.dll [2008-10-02 87352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qva15.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vbf58.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjo05.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winms73.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Qva15.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Vbf58.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winjo05.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winms73.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe"="C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe:*:Enabled:Speed"
"C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe"="C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe:*:Enabled:WolfMP"
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"D:\Hry\medal of honor\MOHAA.exe"="D:\Hry\medal of honor\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"D:\Programy\netconwatcher\NetConWatcher.exe"="D:\Programy\netconwatcher\NetConWatcher.exe:*:Enabled:Network Connection Watcher"
"F:\Hry\blobby\volley.exe"="F:\Hry\blobby\volley.exe:*:Enabled:volley"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\Hry\need for speed 7\Speed.exe"="D:\Hry\need for speed 7\Speed.exe:*:Enabled:Speed"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======File associations======
.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2010-04-17 10:07:51 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-04-15 19:39:06 ----D---- C:\Program Files\trend micro
2010-04-15 19:39:05 ----D---- C:\rsit
2010-04-15 18:58:21 ----SHD---- C:\WINDOWS\CSC
2010-04-14 20:00:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\36879538
2010-04-11 13:35:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
======List of files/folders modified in the last 1 months======
2010-04-17 11:21:22 ----AC---- C:\WINDOWS\ntbtlog.txt
2010-04-17 11:20:58 ----D---- C:\WINDOWS\system32
2010-04-17 11:20:58 ----D---- C:\Program Files\Eset
2010-04-17 10:18:59 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-17 10:13:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-17 10:09:37 ----D---- C:\WINDOWS\Temp
2010-04-17 10:07:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-17 10:07:55 ----D---- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Skype
2010-04-17 10:07:54 ----D---- C:\WINDOWS
2010-04-17 10:07:24 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-15 19:39:06 ----D---- C:\Program Files
2010-04-15 18:56:18 ----D---- C:\WINDOWS\Prefetch
2010-04-15 17:03:01 ----A---- C:\WINDOWS\wincmd.ini
2010-04-15 16:52:04 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-14 20:40:40 ----D---- C:\Program Files\pdfforge Toolbar
2010-04-14 20:00:21 ----D---- C:\WINDOWS\system32\drivers
2010-04-04 16:18:25 ----D---- C:\Program Files\Mozilla Firefox
2010-04-03 09:24:02 ----A---- C:\WINDOWS\win.ini
2010-03-21 20:44:31 ----D---- C:\WINDOWS\system
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R3 afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 dyncal;Dynamic Calibration Service; C:\WINDOWS\system32\drivers\Dyncal.sys [2007-05-21 21168]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-01-22 9856]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 8de2ebef;8de2ebef; C:\WINDOWS\System32\drivers\8de2ebef.sys []
S1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
S2 878TVCard;Bt878 TV Card - Video Capture; C:\WINDOWS\system32\drivers\Bt878.sys [2006-05-21 214692]
S2 878TVTuner;Bt878 TV Card - TV Tuner; C:\WINDOWS\system32\drivers\BtTuner.sys [2006-05-21 12160]
S2 878Xbar;Bt878 TV Card - Crossbar; C:\WINDOWS\system32\drivers\BtXbar.sys [2006-05-21 8704]
S2 lmiinfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S2 lmirfsdriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-04 48128]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-17 60800]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-04 38912]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-08-23 821760]
S3 dsaudiodevice_207;DsAudioDevice_207; C:\WINDOWS\system32\drivers\DsAudioDevice_207.sys [2009-01-08 16640]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 gkmixern;gkmixern; \??\C:\DOCUME~1\ROSTIS~1\LOCALS~1\Temp\gkmixern.sys []
S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-04 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-17 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-17 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-08-02 3198560]
S3 pac207;Trust 100K Series Webcam; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 lmirfsclientnp;LMIRfsClientNP; C:\WINDOWS\system32\drivers\lmirfsclientnp.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 application updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
S2 BITSRpcSs;Služba inteligentního přenosu na pozadí BITSRpcSs; srv []
S2 cisvcNVSvc;Indexing Service cisvcNVSvc; srv []
S2 ClipSrvEventSystem;Síťová schránka ClipSrvEventSystem; srv []
S2 MessengerPCLEPCI;Kurýrní služba MessengerPCLEPCI; srv []
S2 NetmanVSS;Síťová připojení NetmanVSS; srv []
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-08-02 127043]
S2 PCLEPCI;PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [2005-02-09 14165]
S2 RemoteAccess Licensing Service;Směrování a vzdálený přístup RemoteAccess Licensing Service; srv []
S2 TapiSrvImapiService;Telefonní subsystém TapiSrvImapiService; srv []
S2 ThemesSpooler;Motivy ThemesSpooler; srv []
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 upnphostxmlprov;Hostitel zařízení UPnP upnphostxmlprov; srv []
S2 wscsvcTermService;Centrum zabezpečení wscsvcTermService; srv []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-09-11 77944]
S3 microsoft office groove audit service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-09-12 724992]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------
restart neproběhl
Run by Rostislav Drápal at 2010-04-17 11:21:40
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (33%) free of 10 GB
Total RAM: 511 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:45, on 17.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Rostislav Drápal\Plocha\RSIT.exe
C:\Program Files\trend micro\Rostislav Drápal.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (file missing)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: pdfforge Toolbar - {b922d405-6d13-4a2b-ae89-08a030da4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (file missing)
O2 - BHO: (no name) - {e312764e-7706-43f1-8dab-fcdd2b1e416d} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (file missing)
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (file missing)
O4 - HKLM\..\Run: [TV Card Remote Control Applet] C:\WINDOWS\878RMT.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [36879538] C:\DOCUME~1\ALLUSE~1\DATAAP~2\36879538\36879538.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Scheduler for OEM.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe
O8 - Extra context menu item: e&xportovat do aplikace microsoft excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4085624765
O17 - HKLM\System\CCS\Services\Tcpip\..\{C70C52F0-AB71-48E6-9B9C-96BC1E7683F2}: NameServer = 194.228.41.65,194.228.41.113
O18 - Protocol: groovelocalgws - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Application Updater (application updater) - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Služba inteligentního přenosu na pozadí BITSRpcSs (BITSRpcSs) - Unknown owner - .exe (file missing)
O23 - Service: Indexing Service cisvcNVSvc (cisvcNVSvc) - Unknown owner - .exe (file missing)
O23 - Service: Síťová schránka ClipSrvEventSystem (ClipSrvEventSystem) - Unknown owner - .exe (file missing)
O23 - Service: Kurýrní služba MessengerPCLEPCI (MessengerPCLEPCI) - Unknown owner - .exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Síťová připojení NetmanVSS (NetmanVSS) - Unknown owner - .exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Směrování a vzdálený přístup RemoteAccess Licensing Service (RemoteAccess Licensing Service) - Unknown owner - .exe (file missing)
O23 - Service: Telefonní subsystém TapiSrvImapiService (TapiSrvImapiService) - Unknown owner - .exe (file missing)
O23 - Service: Motivy ThemesSpooler (ThemesSpooler) - Unknown owner - .exe (file missing)
O23 - Service: Hostitel zařízení UPnP upnphostxmlprov (upnphostxmlprov) - Unknown owner - .exe (file missing)
O23 - Service: Centrum zabezpečení wscsvcTermService (wscsvcTermService) - Unknown owner - .exe (file missing)
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\
--
End of file - 7881 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30c5-4d22-b7f9-0bbc1d38a37e}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b922d405-6d13-4a2b-ae89-08a030da4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e312764e-7706-43f1-8dab-fcdd2b1e416d}]
C:\Program Files\pdfforge Toolbar\SearchSettings.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TV Card Remote Control Applet"=C:\WINDOWS\878RMT.exe [2005-05-20 401408]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-08-02 7110656]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-08-02 86016]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"USBToolTip"=C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [2007-02-20 199752]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2007-02-13 35328]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"RTBatteryMeter"=C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe [2003-01-16 49152]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"PAC207_Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2007-12-10 323584]
"Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2007-12-10 323584]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"36879538"=C:\DOCUME~1\ALLUSE~1\DATAAP~2\36879538\36879538.exe [2010-04-14 1171968]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-09-13 139264]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]
"LaunchList"=C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe [2007-03-21 145496]
C:\Documents and Settings\All Users\Application Data\Microsoft\Shortcuts
Akcelerátor spuštění AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
Scheduler for OEM.lnk - C:\Program Files\honestech\honestech TVR\scheduleTV.exe
C:\Documents and Settings\Rostislav Drápal\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lmiinit]
C:\WINDOWS\system32\LMIinit.dll [2008-10-02 87352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qva15.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vbf58.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjo05.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winms73.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Qva15.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Vbf58.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winjo05.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winms73.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe"="C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe:*:Enabled:Speed"
"C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe"="C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe:*:Enabled:WolfMP"
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"D:\Hry\medal of honor\MOHAA.exe"="D:\Hry\medal of honor\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"D:\Programy\netconwatcher\NetConWatcher.exe"="D:\Programy\netconwatcher\NetConWatcher.exe:*:Enabled:Network Connection Watcher"
"F:\Hry\blobby\volley.exe"="F:\Hry\blobby\volley.exe:*:Enabled:volley"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\Hry\need for speed 7\Speed.exe"="D:\Hry\need for speed 7\Speed.exe:*:Enabled:Speed"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======File associations======
.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2010-04-17 10:07:51 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-04-15 19:39:06 ----D---- C:\Program Files\trend micro
2010-04-15 19:39:05 ----D---- C:\rsit
2010-04-15 18:58:21 ----SHD---- C:\WINDOWS\CSC
2010-04-14 20:00:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\36879538
2010-04-11 13:35:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
======List of files/folders modified in the last 1 months======
2010-04-17 11:21:22 ----AC---- C:\WINDOWS\ntbtlog.txt
2010-04-17 11:20:58 ----D---- C:\WINDOWS\system32
2010-04-17 11:20:58 ----D---- C:\Program Files\Eset
2010-04-17 10:18:59 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-17 10:13:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-17 10:09:37 ----D---- C:\WINDOWS\Temp
2010-04-17 10:07:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-17 10:07:55 ----D---- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Skype
2010-04-17 10:07:54 ----D---- C:\WINDOWS
2010-04-17 10:07:24 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-15 19:39:06 ----D---- C:\Program Files
2010-04-15 18:56:18 ----D---- C:\WINDOWS\Prefetch
2010-04-15 17:03:01 ----A---- C:\WINDOWS\wincmd.ini
2010-04-15 16:52:04 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-14 20:40:40 ----D---- C:\Program Files\pdfforge Toolbar
2010-04-14 20:00:21 ----D---- C:\WINDOWS\system32\drivers
2010-04-04 16:18:25 ----D---- C:\Program Files\Mozilla Firefox
2010-04-03 09:24:02 ----A---- C:\WINDOWS\win.ini
2010-03-21 20:44:31 ----D---- C:\WINDOWS\system
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R3 afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 dyncal;Dynamic Calibration Service; C:\WINDOWS\system32\drivers\Dyncal.sys [2007-05-21 21168]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-01-22 9856]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 8de2ebef;8de2ebef; C:\WINDOWS\System32\drivers\8de2ebef.sys []
S1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
S2 878TVCard;Bt878 TV Card - Video Capture; C:\WINDOWS\system32\drivers\Bt878.sys [2006-05-21 214692]
S2 878TVTuner;Bt878 TV Card - TV Tuner; C:\WINDOWS\system32\drivers\BtTuner.sys [2006-05-21 12160]
S2 878Xbar;Bt878 TV Card - Crossbar; C:\WINDOWS\system32\drivers\BtXbar.sys [2006-05-21 8704]
S2 lmiinfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S2 lmirfsdriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-04 48128]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-17 60800]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-04 38912]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-08-23 821760]
S3 dsaudiodevice_207;DsAudioDevice_207; C:\WINDOWS\system32\drivers\DsAudioDevice_207.sys [2009-01-08 16640]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 gkmixern;gkmixern; \??\C:\DOCUME~1\ROSTIS~1\LOCALS~1\Temp\gkmixern.sys []
S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-04 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-17 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-17 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-08-02 3198560]
S3 pac207;Trust 100K Series Webcam; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 lmirfsclientnp;LMIRfsClientNP; C:\WINDOWS\system32\drivers\lmirfsclientnp.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 application updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
S2 BITSRpcSs;Služba inteligentního přenosu na pozadí BITSRpcSs; srv []
S2 cisvcNVSvc;Indexing Service cisvcNVSvc; srv []
S2 ClipSrvEventSystem;Síťová schránka ClipSrvEventSystem; srv []
S2 MessengerPCLEPCI;Kurýrní služba MessengerPCLEPCI; srv []
S2 NetmanVSS;Síťová připojení NetmanVSS; srv []
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-08-02 127043]
S2 PCLEPCI;PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [2005-02-09 14165]
S2 RemoteAccess Licensing Service;Směrování a vzdálený přístup RemoteAccess Licensing Service; srv []
S2 TapiSrvImapiService;Telefonní subsystém TapiSrvImapiService; srv []
S2 ThemesSpooler;Motivy ThemesSpooler; srv []
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 upnphostxmlprov;Hostitel zařízení UPnP upnphostxmlprov; srv []
S2 wscsvcTermService;Centrum zabezpečení wscsvcTermService; srv []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-09-11 77944]
S3 microsoft office groove audit service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-09-12 724992]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------
restart neproběhl
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Malware - Security tool - log z RSIT
Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe- Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
- Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
- Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
- Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
- Během skenování může být počítač restartován.
Re: Malware - Security tool - log z RSIT
ComboFix 10-04-15.05 - Rostislav Drápal 17.04.2010 11:59:42.1.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.359 [GMT 2:00]
Spuštěný z: c:\documents and settings\Rostislav Drápal\Plocha\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikací\36879538
c:\documents and settings\All Users\Data aplikací\36879538\36879538.exe
c:\windows\eSellerateEngine.dll
c:\windows\system32\481912836.dat
c:\windows\system32\driVERs\fdjeso.sys
c:\windows\system32\WLCtrl32.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TCPSR
-------\Legacy_fdjeso
-------\Service_fdjeso
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-17 do 2010-04-17 )))))))))))))))))))))))))))))))
.
2010-04-17 08:07 . 2004-08-17 13:49 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-04-17 08:07 . 2004-08-17 13:49 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-04-15 17:39 . 2010-04-17 09:21 -------- d-----w- c:\program files\trend micro
2010-04-15 17:39 . 2010-04-15 17:39 -------- d-----w- C:\rsit
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 10:05 . 2001-10-25 12:00 383424 ----a-w- c:\windows\system32\perfh005.dat
2010-04-17 10:05 . 2001-10-25 12:00 63620 ----a-w- c:\windows\system32\perfc005.dat
2010-04-17 09:20 . 2007-10-23 15:33 -------- d-----w- c:\program files\Eset
2010-04-14 18:40 . 2009-10-19 19:33 -------- d-----w- c:\program files\pdfforge Toolbar
2010-04-03 07:23 . 2009-12-28 13:32 304160 ----a-w- C:\PA207.DAT
2002-07-26 16:02 . 2008-01-16 15:56 153088 -c--a-w- c:\program files\UNWISE.EXE
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TV Card Remote Control Applet"="c:\windows\878RMT.exe" [2005-05-20 401408]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"nwiz"="nwiz.exe" [2005-08-02 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-02-13 35328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RTBatteryMeter"="c:\program files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 49152]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Rostislav Dr pal\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
Scheduler for OEM.lnk - c:\program files\honestech\honestech TVR\scheduleTV.exe [2007-2-1 307200]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lmiinit]
2008-10-02 18:45 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qva15.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vbf58.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjo05.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winms73.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"d:\\Hry\\medal of honor\\MOHAA.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Hry\\need for speed 7\\Speed.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 878TVCard;Bt878 TV Card - Video Capture;c:\windows\system32\drivers\Bt878.sys [12.11.2005 15:30 214692]
R2 878TVTuner;Bt878 TV Card - TV Tuner;c:\windows\system32\drivers\BtTuner.sys [12.11.2005 15:30 12160]
R2 878Xbar;Bt878 TV Card - Crossbar;c:\windows\system32\drivers\BtXbar.sys [12.11.2005 15:30 8704]
R2 application updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 1:51 380928]
R3 dyncal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [21.5.2007 17:26 21168]
S0 Qva15;Qva15;c:\windows\system32\Drivers\Qva15.sys --> c:\windows\system32\Drivers\Qva15.sys [?]
S0 Vbf58;Vbf58;c:\windows\system32\Drivers\Vbf58.sys --> c:\windows\system32\Drivers\Vbf58.sys [?]
S0 Winjo05;Winjo05;c:\windows\system32\Drivers\Winjo05.sys --> c:\windows\system32\Drivers\Winjo05.sys [?]
S0 Winms73;Winms73;c:\windows\system32\Drivers\Winms73.sys --> c:\windows\system32\Drivers\Winms73.sys [?]
S1 8de2ebef;8de2ebef;c:\windows\system32\drivers\8de2ebef.sys --> c:\windows\system32\drivers\8de2ebef.sys [?]
S2 BITSRpcSs;Služba inteligentního přenosu na pozadí BITSRpcSs; srv --> srv [?]
S2 cisvcNVSvc;Indexing Service cisvcNVSvc; srv --> srv [?]
S2 ClipSrvEventSystem;Síťová schránka ClipSrvEventSystem; srv --> srv [?]
S2 lmiinfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S2 MessengerPCLEPCI;Kurýrní služba MessengerPCLEPCI; srv --> srv [?]
S2 NetmanVSS;Síťová připojení NetmanVSS; srv --> srv [?]
S2 RemoteAccess Licensing Service;Směrování a vzdálený přístup RemoteAccess Licensing Service; srv --> srv [?]
S2 TapiSrvImapiService;Telefonní subsystém TapiSrvImapiService; srv --> srv [?]
S2 ThemesSpooler;Motivy ThemesSpooler; srv --> srv [?]
S2 upnphostxmlprov;Hostitel zařízení UPnP upnphostxmlprov; srv --> srv [?]
S2 wscsvcTermService;Centrum zabezpečení wscsvcTermService; srv --> srv [?]
S3 dsaudiodevice_207;DsAudioDevice_207;c:\windows\system32\drivers\DsAudioDevice_207.sys [12.12.2009 19:49 16640]
S3 gkmixern;gkmixern;\??\c:\docume~1\ROSTIS~1\LOCALS~1\Temp\gkmixern.sys --> c:\docume~1\ROSTIS~1\LOCALS~1\Temp\gkmixern.sys [?]
S3 pac207;Trust 100K Series Webcam;c:\windows\system32\drivers\PFC027.SYS [28.12.2009 15:15 618112]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: e&xportovat do aplikace microsoft excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {C70C52F0-AB71-48E6-9B9C-96BC1E7683F2} = 194.228.41.65,194.228.41.113
FF - ProfilePath - c:\documents and settings\Rostislav Drápal\Data aplikací\Mozilla\Firefox\Profiles\jlwp4qbs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
Toolbar-{B922D405-6D13-4A2B-AE89-08A030DA4402} - c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
HKLM-Run-Cmaudio - cmicnfg.cpl
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-17 12:04
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TV Card Remote Control Applet = c:\windows\878RMT.exe?d Remote Control Applet\1.0\Default????q??H?A??eB?????H?????A?????P?????A?L?A???@???????A???????????????@????????????????????????????P????lr??????????K?@????????????????P?????????????????????????????7???7??????T????'@???p?H???|?A?????7(@
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITSRpcSs]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cisvcNVSvc]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrvEventSystem]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MessengerPCLEPCI]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetmanVSS]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess Licensing Service]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrvImapiService]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ThemesSpooler]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphostxmlprov]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvcTermService]
"ImagePath"=" srv"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\TelnetServer\1.0\ReadConfig]
@DACL=(02 0000)
"Defaults"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\savedump.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\RunDll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-04-17 12:07:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-17 10:07
Před spuštěním: 3 514 327 040
Po spuštění: 3 416 555 520
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - FDD84B596DE7D375DA4755C8A3260801
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.359 [GMT 2:00]
Spuštěný z: c:\documents and settings\Rostislav Drápal\Plocha\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikací\36879538
c:\documents and settings\All Users\Data aplikací\36879538\36879538.exe
c:\windows\eSellerateEngine.dll
c:\windows\system32\481912836.dat
c:\windows\system32\driVERs\fdjeso.sys
c:\windows\system32\WLCtrl32.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TCPSR
-------\Legacy_fdjeso
-------\Service_fdjeso
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-17 do 2010-04-17 )))))))))))))))))))))))))))))))
.
2010-04-17 08:07 . 2004-08-17 13:49 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-04-17 08:07 . 2004-08-17 13:49 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-04-15 17:39 . 2010-04-17 09:21 -------- d-----w- c:\program files\trend micro
2010-04-15 17:39 . 2010-04-15 17:39 -------- d-----w- C:\rsit
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 10:05 . 2001-10-25 12:00 383424 ----a-w- c:\windows\system32\perfh005.dat
2010-04-17 10:05 . 2001-10-25 12:00 63620 ----a-w- c:\windows\system32\perfc005.dat
2010-04-17 09:20 . 2007-10-23 15:33 -------- d-----w- c:\program files\Eset
2010-04-14 18:40 . 2009-10-19 19:33 -------- d-----w- c:\program files\pdfforge Toolbar
2010-04-03 07:23 . 2009-12-28 13:32 304160 ----a-w- C:\PA207.DAT
2002-07-26 16:02 . 2008-01-16 15:56 153088 -c--a-w- c:\program files\UNWISE.EXE
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TV Card Remote Control Applet"="c:\windows\878RMT.exe" [2005-05-20 401408]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"nwiz"="nwiz.exe" [2005-08-02 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-02-13 35328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RTBatteryMeter"="c:\program files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 49152]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Rostislav Dr pal\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
Scheduler for OEM.lnk - c:\program files\honestech\honestech TVR\scheduleTV.exe [2007-2-1 307200]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lmiinit]
2008-10-02 18:45 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qva15.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vbf58.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjo05.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winms73.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"d:\\Hry\\medal of honor\\MOHAA.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Hry\\need for speed 7\\Speed.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 878TVCard;Bt878 TV Card - Video Capture;c:\windows\system32\drivers\Bt878.sys [12.11.2005 15:30 214692]
R2 878TVTuner;Bt878 TV Card - TV Tuner;c:\windows\system32\drivers\BtTuner.sys [12.11.2005 15:30 12160]
R2 878Xbar;Bt878 TV Card - Crossbar;c:\windows\system32\drivers\BtXbar.sys [12.11.2005 15:30 8704]
R2 application updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 1:51 380928]
R3 dyncal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [21.5.2007 17:26 21168]
S0 Qva15;Qva15;c:\windows\system32\Drivers\Qva15.sys --> c:\windows\system32\Drivers\Qva15.sys [?]
S0 Vbf58;Vbf58;c:\windows\system32\Drivers\Vbf58.sys --> c:\windows\system32\Drivers\Vbf58.sys [?]
S0 Winjo05;Winjo05;c:\windows\system32\Drivers\Winjo05.sys --> c:\windows\system32\Drivers\Winjo05.sys [?]
S0 Winms73;Winms73;c:\windows\system32\Drivers\Winms73.sys --> c:\windows\system32\Drivers\Winms73.sys [?]
S1 8de2ebef;8de2ebef;c:\windows\system32\drivers\8de2ebef.sys --> c:\windows\system32\drivers\8de2ebef.sys [?]
S2 BITSRpcSs;Služba inteligentního přenosu na pozadí BITSRpcSs; srv --> srv [?]
S2 cisvcNVSvc;Indexing Service cisvcNVSvc; srv --> srv [?]
S2 ClipSrvEventSystem;Síťová schránka ClipSrvEventSystem; srv --> srv [?]
S2 lmiinfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S2 MessengerPCLEPCI;Kurýrní služba MessengerPCLEPCI; srv --> srv [?]
S2 NetmanVSS;Síťová připojení NetmanVSS; srv --> srv [?]
S2 RemoteAccess Licensing Service;Směrování a vzdálený přístup RemoteAccess Licensing Service; srv --> srv [?]
S2 TapiSrvImapiService;Telefonní subsystém TapiSrvImapiService; srv --> srv [?]
S2 ThemesSpooler;Motivy ThemesSpooler; srv --> srv [?]
S2 upnphostxmlprov;Hostitel zařízení UPnP upnphostxmlprov; srv --> srv [?]
S2 wscsvcTermService;Centrum zabezpečení wscsvcTermService; srv --> srv [?]
S3 dsaudiodevice_207;DsAudioDevice_207;c:\windows\system32\drivers\DsAudioDevice_207.sys [12.12.2009 19:49 16640]
S3 gkmixern;gkmixern;\??\c:\docume~1\ROSTIS~1\LOCALS~1\Temp\gkmixern.sys --> c:\docume~1\ROSTIS~1\LOCALS~1\Temp\gkmixern.sys [?]
S3 pac207;Trust 100K Series Webcam;c:\windows\system32\drivers\PFC027.SYS [28.12.2009 15:15 618112]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: e&xportovat do aplikace microsoft excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {C70C52F0-AB71-48E6-9B9C-96BC1E7683F2} = 194.228.41.65,194.228.41.113
FF - ProfilePath - c:\documents and settings\Rostislav Drápal\Data aplikací\Mozilla\Firefox\Profiles\jlwp4qbs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
Toolbar-{B922D405-6D13-4A2B-AE89-08A030DA4402} - c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
HKLM-Run-Cmaudio - cmicnfg.cpl
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-17 12:04
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TV Card Remote Control Applet = c:\windows\878RMT.exe?d Remote Control Applet\1.0\Default????q??H?A??eB?????H?????A?????P?????A?L?A???@???????A???????????????@????????????????????????????P????lr??????????K?@????????????????P?????????????????????????????7???7??????T????'@???p?H???|?A?????7(@
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITSRpcSs]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cisvcNVSvc]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrvEventSystem]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MessengerPCLEPCI]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetmanVSS]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess Licensing Service]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrvImapiService]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ThemesSpooler]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphostxmlprov]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvcTermService]
"ImagePath"=" srv"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\TelnetServer\1.0\ReadConfig]
@DACL=(02 0000)
"Defaults"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\savedump.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\RunDll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-04-17 12:07:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-17 10:07
Před spuštěním: 3 514 327 040
Po spuštění: 3 416 555 520
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - FDD84B596DE7D375DA4755C8A3260801
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Malware - Security tool - log z RSIT
Pokud nemáte, přesuňte Combofix na plochu
- Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.
Kód: Vybrat vše
Driver::
application updater
dyncal
Qva15
Vbf58
Winjo05
Winms73
8de2ebef
BITSRpcSs
cisvcNVSvc
ClipSrvEventSystem
MessengerPCLEPCI
NetmanVSS
RemoteAccess Licensing Service
TapiSrvImapiService
ThemesSpooler
upnphostxmlprov
wscsvcTermService
gkmixern
File::
c:\windows\system32\drivers\DynCal.sys
c:\windows\system32\Drivers\Qva15.sys
c:\windows\system32\Drivers\Vbf58.sys
c:\windows\system32\Drivers\Winjo05.sys
c:\windows\system32\Drivers\Winms73.sys
c:\windows\system32\drivers\8de2ebef.sys
c:\docume~1\ROSTIS~1\LOCALS~1\Temp\gkmixern.sys
c:\program files\UNWISE.EXE
Folder::
c:\program files\Application Updater
Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qva15.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vbf58.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjo05.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winms73.sys]- Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
- Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
- Po aplikaci na Vás vypadne další log,vložte ho sem
Přispějete na provoz fóra?