ngts.vao rundll chyba při startu

[manro]

Pikládám v zip logy.
Cca po 3 hodinách bez restartu se obevil v registru opet upraveny klic.

[Caroprd111]

Vložte prosím logy normálně do příspěvku.

[manro]

logfile created on: 17.5.2010 20:18:49 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\install
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 62,00% Memory free
12,00 Gb Paging File | 11,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 10000 100000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 178,17 Gb Free Space | 76,51% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 51,16 Gb Free Space | 10,98% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 698,46 Gb Total Space | 365,31 Gb Free Space | 52,30% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive P: | 273,44 Gb Total Space | 249,59 Gb Free Space | 91,28% Space Free | Partition Type: NTFS
Drive Q: | 273,44 Gb Total Space | 249,59 Gb Free Space | 91,28% Space Free | Partition Type: NTFS
Drive R: | 273,44 Gb Total Space | 249,59 Gb Free Space | 91,28% Space Free | Partition Type: NTFS

Computer Name: PC01
Current User Name: karnik
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.05.17 20:14:50 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\install\OTL.exe
PRC - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.03.26 19:39:36 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010.03.26 19:39:36 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010.03.26 19:39:36 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010.03.26 19:39:36 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010.03.26 19:39:36 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009.08.17 22:54:54 | 012,957,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2009.08.07 15:32:48 | 000,863,232 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2009.08.07 15:12:46 | 000,315,478 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
PRC - [2009.08.07 15:10:46 | 000,102,503 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
PRC - [2009.08.07 15:09:26 | 000,143,467 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
PRC - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008.05.26 23:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008.04.28 06:14:00 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.04.10 20:07:20 | 000,413,696 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008.04.01 15:43:23 | 000,098,304 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
PRC - [2008.01.16 00:54:54 | 000,037,376 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2007.09.14 08:02:10 | 001,080,264 | ---- | M] (C. Ghisler & Co.) -- C:\Program Files\totalcmd\TOTALCMD.EXE
PRC - [2006.07.08 01:14:38 | 000,576,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2006.05.12 16:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2002.12.17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$SPZSQL2006\Binn\sqlservr.exe
PRC - [1999.03.24 17:57:10 | 000,043,520 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe


========== Modules (SafeList) ==========

MOD - [2010.05.17 20:14:50 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\install\OTL.exe
MOD - [2008.04.14 05:19:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006.05.12 16:04:10 | 000,043,488 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\wm_hooks.dll


========== Win32 Services (SafeList) ==========

SRV - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.03.26 19:39:36 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010.03.26 19:39:36 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010.03.26 19:39:36 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010.03.26 19:39:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010.03.26 19:39:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009.10.27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.08.18 19:21:43 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009.08.07 15:32:48 | 000,863,232 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2009.08.07 15:10:46 | 000,102,503 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2009.08.07 15:09:26 | 000,143,467 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)
SRV - [2009.05.27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR2) SQL Server (SONY_MEDIAMGR2)
SRV - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008.11.24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.04.10 20:08:44 | 000,212,992 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2006.05.12 16:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2003.10.22 18:19:22 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2002.12.17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL$SPZSQL2006\Binn\sqlservr.exe -- (MSSQL$SPZSQL2006)
SRV - [2002.12.17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$SPZSQL2006\Binn\sqlagent.EXE -- (SQLAgent$SPZSQL2006)


========== Driver Services (SafeList) ==========

DRV - [2010.05.16 12:34:28 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100517.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010.05.16 12:34:28 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100517.002\NAVENG.SYS -- (NAVENG)
DRV - [2010.04.04 00:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010.03.26 19:59:30 | 000,162,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2010.03.26 19:42:32 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010.03.26 19:39:37 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2010.03.26 19:39:36 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010.03.26 19:39:36 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010.03.26 19:39:36 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010.03.26 19:39:36 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2010.03.26 19:39:36 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2010.03.26 19:39:36 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2010.03.26 19:39:36 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010.03.26 19:39:36 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2010.03.26 19:39:36 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009.08.27 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009.08.27 10:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009.07.16 14:48:17 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2009.07.08 10:17:36 | 000,039,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2009.06.17 14:02:46 | 000,029,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2009.06.17 14:02:16 | 000,027,528 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2009.06.17 14:02:08 | 000,033,800 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2009.06.17 14:01:50 | 000,014,088 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)
DRV - [2009.06.17 14:01:42 | 000,025,480 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2009.06.17 14:01:36 | 000,020,744 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2009.06.17 14:01:10 | 000,032,392 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2009.06.17 14:01:04 | 000,014,856 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2009.06.05 11:42:28 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.04.13 20:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008.04.13 20:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008.04.13 20:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.04.10 20:10:10 | 001,271,032 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007.01.31 14:25:46 | 000,246,680 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007.01.31 14:23:53 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2007.01.29 07:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2005.11.21 07:48:20 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005.01.28 15:36:00 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004.03.10 17:27:18 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2002.03.19 10:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



IE - HKU\S-1-5-21-3320928065-3168867863-2979219259-1144\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
IE - HKU\S-1-5-21-3320928065-3168867863-2979219259-1144\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
IE - HKU\S-1-5-21-3320928065-3168867863-2979219259-1144\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3320928065-3168867863-2979219259-1144\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.723

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.01.19 11:09:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.20 08:52:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.17 10:15:35 | 000,000,000 | ---D | M]

[2010.03.26 18:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik.EKG\Data aplikací\Mozilla\Extensions
[2010.03.26 18:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik.EKG\Data aplikací\Mozilla\Firefox\Profiles\fzaj81g2.default\extensions
[2010.03.26 18:31:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\karnik.EKG\Data aplikací\Mozilla\Firefox\Profiles\fzaj81g2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.26 18:31:48 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\karnik.EKG\Data aplikací\Mozilla\Firefox\Profiles\fzaj81g2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.03.30 11:04:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008.05.12 09:10:21 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008.03.24 20:21:00 | 002,889,088 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2010.05.16 12:52:56 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Winamp Toolbar BHO) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3320928065-3168867863-2979219259-1144\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BtTray] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3320928065-3168867863-2979219259-1144\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3320928065-3168867863-2979219259-1144\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-3320928065-3168867863-2979219259-1144\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-21-3320928065-3168867863-2979219259-1144\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3320928065-3168867863-2979219259-1144\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3320928065-3168867863-2979219259-1144\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/ ... ontrol.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resour ... se6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 2241351078 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-l ... cfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.8.1 192.168.8.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ekg.local
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found
O20 - HKLM Winlogon: Shell - (ngts.vao) - File not found
O20 - HKLM Winlogon: Shell - (uvibls) - File not found
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008.02.05 21:47:38 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\pvmjpg21.dll (Pegasus Imaging Corporation)
Drivers32: VIDC.PIM1 - C:\WINDOWS\System32\pclepim1.dll (Pinnacle Systems)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (32383177238511616)

========== Files/Folders - Created Within 30 Days ==========

[2010.05.17 10:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010.05.17 10:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010.05.17 09:53:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\karnik.EKG\Recent
[2010.05.17 09:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.05.15 10:15:10 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010.05.13 20:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.05.11 21:22:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\McAfee.com
[2010.05.11 18:27:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\NVIDIA Corporation
[2010.05.11 18:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010.05.11 18:26:12 | 002,646,632 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2010.05.11 18:26:12 | 002,030,184 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2010.05.11 18:26:12 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010.05.11 18:26:10 | 011,647,592 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2010.05.11 18:26:04 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010.05.11 18:10:03 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010.05.11 18:07:02 | 000,000,000 | ---D | C] -- C:\AVGTemp
[2010.05.10 09:11:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.05.05 22:55:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karnik.EKG\Dokumenty\register
[2010.05.05 21:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.05.05 21:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010.05.05 21:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010.05.05 20:17:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.04.20 08:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.04.20 08:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2004.12.13 09:57:36 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL

========== Files - Modified Within 30 Days ==========

[2010.05.17 20:16:43 | 000,004,516 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.05.17 17:27:52 | 000,003,800 | ---- | M] () -- C:\CEZ-UZIV.OPT
[2010.05.17 11:18:12 | 000,000,620 | ---- | M] () -- C:\CEZ-WIN.OPT
[2010.05.17 11:16:01 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010.05.17 11:15:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.17 11:14:42 | 000,009,409 | ---- | M] () -- C:\WINDOWS\System32\LOCALSERVICE.INI
[2010.05.17 11:14:35 | 000,001,168 | ---- | M] () -- C:\WINDOWS\System32\bscs.ini
[2010.05.17 11:14:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.17 11:14:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.17 11:13:14 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\karnik.EKG\NTUSER.DAT
[2010.05.17 11:13:14 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\karnik.EKG\ntuser.ini
[2010.05.17 10:56:16 | 001,015,149 | ---- | M] () -- C:\Documents and Settings\karnik.EKG\Plocha\NÁVOD Nissin Pack.pdf
[2010.05.17 10:31:02 | 000,098,120 | ---- | M] () -- C:\Documents and Settings\karnik.EKG\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.05.17 10:27:06 | 000,002,563 | ---- | M] () -- C:\Documents and Settings\karnik.EKG\Plocha\Microsoft Office Word 2007.lnk
[2010.05.17 10:23:57 | 000,000,212 | ---- | M] () -- C:\Documents and Settings\karnik.EKG\Plocha\Internal Web site.lnk
[2010.05.17 10:23:53 | 000,000,840 | RHS- | M] () -- C:\Documents and Settings\karnik.EKG\ntuser.pol
[2010.05.17 10:22:24 | 000,391,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.05.17 10:16:13 | 000,000,633 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.05.17 10:16:13 | 000,000,435 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.05.17 10:16:13 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010.05.17 10:05:16 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\karnik.EKG\Plocha\Microsoft Office Excel 2007.lnk
[2010.05.17 10:03:11 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\karnik.EKG\Dokumenty\Test word aplikace.doc
[2010.05.17 09:55:08 | 000,976,660 | ---- | M] () -- C:\Documents and Settings\karnik.EKG\Dokumenty\cc_20100517_095502.reg
[2010.05.17 09:50:59 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\karnik.EKG\Plocha\CCleaner.lnk
[2010.05.16 14:42:49 | 000,823,098 | -H-- | M] () -- C:\Documents and Settings\karnik.EKG\Local Settings\Data aplikací\IconCache.db
[2010.05.16 12:52:56 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010.05.16 12:52:13 | 000,532,172 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.05.16 12:52:13 | 000,511,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.05.16 12:52:13 | 000,099,972 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.05.16 12:52:12 | 000,120,202 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.05.16 12:52:09 | 001,279,640 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.05.14 10:03:02 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\iTunes.lnk
[2010.05.13 18:37:21 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.05.13 16:11:13 | 019,348,480 | ---- | M] () -- C:\Documents and Settings\karnik.EKG\Plocha\Prezentace_NIKON_KALENDAR.ppt
[2010.05.13 15:57:45 | 000,001,564 | ---- | M] () -- C:\LAST-DIR.OPT
[2010.05.13 11:13:00 | 000,052,208 | ---- | M] () -- C:\Documents and Settings\karnik.EKG\Plocha\EKG_backorder.xls
[2010.05.11 18:41:18 | 000,010,234 | ---- | M] () -- C:\Documents and Settings\karnik.EKG\Dokumenty\test psao.docx
[2010.05.11 18:19:08 | 000,002,829 | ---- | M] () -- C:\Documents and Settings\karnik.EKG\Plocha\EKG s.r.o..pif
[2010.05.10 08:32:44 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2010.05.06 15:37:44 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\karnik.EKG\Plocha\Microsoft Office PowerPoint 2007.lnk
[2010.05.05 21:37:11 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\QuickTime Player.lnk
[2010.04.29 18:01:57 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\karnik.EKG\Plocha\SORTIMENTY_10_X_09_.xls
[2010.04.23 12:09:01 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\karnik.EKG\Dokumenty\HD.doc
[2010.04.20 08:59:57 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Safari.lnk

========== Files Created - No Company Name ==========

[2010.05.17 10:33:00 | 001,015,149 | ---- | C] () -- C:\Documents and Settings\karnik.EKG\Plocha\NÁVOD Nissin Pack.pdf
[2010.05.17 10:03:11 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\karnik.EKG\Dokumenty\Test word aplikace.doc
[2010.05.17 09:55:04 | 000,976,660 | ---- | C] () -- C:\Documents and Settings\karnik.EKG\Dokumenty\cc_20100517_095502.reg
[2010.05.17 09:50:59 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\karnik.EKG\Plocha\CCleaner.lnk
[2010.05.13 16:11:13 | 019,348,480 | ---- | C] () -- C:\Documents and Settings\karnik.EKG\Plocha\Prezentace_NIKON_KALENDAR.ppt
[2010.05.13 11:13:00 | 000,052,208 | ---- | C] () -- C:\Documents and Settings\karnik.EKG\Plocha\EKG_backorder.xls
[2010.05.11 18:41:17 | 000,010,234 | ---- | C] () -- C:\Documents and Settings\karnik.EKG\Dokumenty\test psao.docx
[2010.05.11 18:26:12 | 000,009,046 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010.05.11 18:26:10 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010.05.05 21:34:53 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\iTunes.lnk
[2010.04.27 09:54:36 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\karnik.EKG\Plocha\SORTIMENTY_10_X_09_.xls
[2010.04.23 12:09:00 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\karnik.EKG\Dokumenty\HD.doc
[2010.04.20 08:52:01 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\QuickTime Player.lnk
[2010.04.20 08:45:00 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Safari.lnk
[2009.09.17 12:45:59 | 000,002,488 | ---- | C] () -- C:\WINDOWS\System32\SHORTCUT.INI
[2009.09.17 12:45:26 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\REMOTEDEVICE.INI
[2009.09.17 12:43:26 | 000,009,409 | ---- | C] () -- C:\WINDOWS\System32\LOCALSERVICE.INI
[2009.09.17 12:43:00 | 000,000,096 | ---- | C] () -- C:\WINDOWS\System32\LOCALDEVICE.INI
[2009.09.17 12:40:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\BSPRINT.INI
[2009.08.07 15:32:52 | 000,001,168 | ---- | C] () -- C:\WINDOWS\System32\bscs.ini
[2009.08.07 15:09:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\BsMobileCSps.dll
[2009.06.17 14:02:46 | 000,029,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys
[2009.06.11 13:08:27 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2009.01.19 12:45:46 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2008.10.14 19:18:57 | 002,392,064 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll
[2008.10.14 19:18:57 | 000,215,040 | ---- | C] () -- C:\WINDOWS\System32\videoformat.dll
[2008.10.14 19:18:57 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\imgscaler.dll
[2008.10.14 19:18:57 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\img_utils.dll
[2008.10.14 19:18:57 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\videocore.dll
[2008.10.14 19:18:54 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.10.14 19:18:54 | 000,128,512 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2008.05.26 23:22:14 | 000,015,552 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 23:22:10 | 000,021,464 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 23:22:04 | 000,014,910 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.04.01 15:42:38 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll
[2008.04.01 15:42:38 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll
[2008.04.01 15:40:35 | 000,008,104 | ---- | C] () -- C:\WINDOWS\hplj3380.ini
[2008.04.01 15:40:10 | 000,000,375 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2008.04.01 15:39:07 | 000,001,376 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2008.04.01 15:38:57 | 000,221,184 | R--- | C] () -- C:\WINDOWS\System32\HP3AIOZ6.dll
[2008.03.05 17:41:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008.03.01 19:30:56 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.02.20 12:25:58 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2008.02.20 12:25:55 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\PdfPorts.dll
[2008.02.17 14:14:24 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2008.02.07 10:05:18 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
[2008.02.07 07:47:57 | 000,000,301 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2008.02.07 07:46:52 | 000,004,516 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007.12.05 02:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007.03.05 14:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007.03.01 11:17:48 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2007.03.01 11:17:48 | 000,880,640 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2007.03.01 11:17:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2007.03.01 11:16:58 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\tvqenc.dll
[2004.08.17 16:49:10 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004.08.17 16:49:10 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004.08.17 16:49:10 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004.08.17 16:49:10 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004.08.17 16:49:10 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004.03.18 09:44:29 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2003.09.26 14:42:46 | 000,002,421 | ---- | C] () -- C:\WINDOWS\System32\scrubber.ini
[2002.05.03 23:40:32 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001.10.24 12:48:28 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppcap.ini

========== LOP Check ==========

[2010.03.26 17:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.PC01\Data aplikací\Windows Desktop Search
[2009.12.30 10:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Bluetooth
[2010.01.19 11:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2008.02.22 11:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2008.02.07 18:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
[2008.06.05 17:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SmartSound Software Inc
[2008.07.14 15:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Sony
[2010.04.21 09:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.04.20 08:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.09.29 09:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.06.09 08:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008.03.01 17:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik\Data aplikací\Canon
[2008.02.29 19:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik\Data aplikací\Leadertech
[2008.02.28 15:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik\Data aplikací\Nokia
[2008.02.22 11:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik\Data aplikací\PC Suite
[2009.01.26 19:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik\Data aplikací\Publish Providers
[2008.10.10 15:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik\Data aplikací\Sony
[2008.12.26 12:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik\Data aplikací\Windows Desktop Search
[2009.01.19 17:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik\Data aplikací\Windows Search
[2010.04.08 18:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik.EKG\Data aplikací\Canon
[2010.03.26 20:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik.EKG\Data aplikací\EPSON
[2010.03.26 18:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik.EKG\Data aplikací\PC Suite
[2010.04.01 12:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik.EKG\Data aplikací\Publish Providers
[2010.04.01 12:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik.EKG\Data aplikací\Sony
[2010.03.26 17:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik.EKG\Data aplikací\Windows Desktop Search
[2010.04.07 11:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik.EKG\Data aplikací\Windows Search
[2010.03.26 17:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik.EKG\Data aplikací\Windows Small Business Server

pokraování v dalsim....

[manro]

zbytek otl logu:
========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime -- [2010.03.17 21:53:36 | 000,421,888 | ---- | M] (Apple Inc.)
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 05:22:17 | 000,015,360 | ---- | M] (Microsoft Corporation)

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.05.06 16:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik.EKG\Data aplikací\Adobe
[2010.04.20 08:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik.EKG\Data aplikací\Apple Computer
[2010.04.08 18:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik.EKG\Data aplikací\Canon
[2010.04.08 16:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik.EKG\Data aplikací\CyberLink
[2010.04.21 08:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik.EKG\Data aplikací\dvdcss
[2010.03.26 20:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik.EKG\Data aplikací\EPSON
[2010.03.26 18:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik.EKG\Data aplikací\Google
[2010.03.26 17:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik.EKG\Data aplikací\Identities
[2010.04.12 12:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik.EKG\Data aplikací\Macromedia
[2010.05.11 18:09:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\karnik.EKG\Data aplikací\Microsoft
[2010.03.26 18:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik.EKG\Data aplikací\Mozilla
[2010.03.26 18:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik.EKG\Data aplikací\PC Suite
[2010.04.01 12:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik.EKG\Data aplikací\Publish Providers
[2010.04.01 12:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik.EKG\Data aplikací\Sony
[2010.03.30 11:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik.EKG\Data aplikací\Sun
[2010.04.09 21:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik.EKG\Data aplikací\Winamp
[2010.03.26 17:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik.EKG\Data aplikací\Windows Desktop Search
[2010.04.07 11:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik.EKG\Data aplikací\Windows Search
[2010.03.26 17:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik.EKG\Data aplikací\Windows Small Business Server
[2010.04.07 14:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karnik.EKG\Data aplikací\WinRAR

< %APPDATA%\*.exe /s >


< MD5 for: AGP440.SYS >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.09.15 08:23:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009.09.15 08:23:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.09.15 08:23:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009.09.15 08:23:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys

< MD5 for: CDROM.SYS >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2009.09.15 08:23:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2009.09.15 08:23:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.03 23:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.17 16:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.17 16:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.17 16:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 15:11:59 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2009.09.15 08:23:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2009.09.15 08:23:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2004.08.03 23:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2009.09.15 08:23:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2009.09.15 08:23:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: ISAPNP.SYS >
[2009.09.15 08:23:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2009.09.15 08:23:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2001.10.24 12:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2001.10.25 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.17 16:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.04 00:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2004.08.17 16:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.17 16:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 16:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.17 16:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2007.10.30 18:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007.10.30 19:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.04 00:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.17 16:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.17 16:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.17 16:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010.03.26 19:39:37 | 000,087,368 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FwsVpn.dll
[2010.03.26 19:39:37 | 000,107,848 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\SymVPN.dll
[2010.03.26 19:39:37 | 000,357,704 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sysfer.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.03.26 19:39:36 | 000,092,488 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\SysPlant.sys
[2010.03.26 19:39:36 | 000,050,064 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\Teefer2.sys
[2010.03.26 19:39:37 | 000,042,312 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys
[2010.03.26 19:59:30 | 000,162,048 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wpshelper.sys

< %systemroot%\System32\config\*.sav >
[2008.02.05 21:50:27 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.02.05 21:50:27 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.02.05 21:50:27 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2010.03.26 19:39:37 | 000,087,368 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FwsVpn.dll
[2010.03.26 19:39:37 | 000,107,848 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\SymVPN.dll
[2010.03.26 19:39:37 | 000,357,704 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sysfer.dll

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.05.17 11:14:35 | 000,001,168 | ---- | M] () -- C:\WINDOWS\system32\bscs.ini
[2010.05.17 10:22:24 | 000,391,528 | ---- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[2010.05.17 11:14:42 | 000,009,409 | ---- | M] () -- C:\WINDOWS\system32\LOCALSERVICE.INI
[2010.05.17 11:16:01 | 000,276,202 | ---- | M] () -- C:\WINDOWS\system32\NvApps.xml
[2010.05.16 12:52:12 | 000,120,202 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2010.05.16 12:52:13 | 000,099,972 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2010.05.16 12:52:13 | 000,532,172 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2010.05.16 12:52:13 | 000,511,172 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2010.05.16 12:52:09 | 001,279,640 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2010.05.17 11:15:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\karnik.EKG\Plocha\EKG s.r.o..pif:SummaryInformation
< End of report >

Extras log:
OTL Extras logfile created on: 17.5.2010 20:18:49 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\install
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 62,00% Memory free
12,00 Gb Paging File | 11,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 10000 100000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 178,17 Gb Free Space | 76,51% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 51,16 Gb Free Space | 10,98% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 698,46 Gb Total Space | 365,31 Gb Free Space | 52,30% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive P: | 273,44 Gb Total Space | 249,59 Gb Free Space | 91,28% Space Free | Partition Type: NTFS
Drive Q: | 273,44 Gb Total Space | 249,59 Gb Free Space | 91,28% Space Free | Partition Type: NTFS
Drive R: | 273,44 Gb Total Space | 249,59 Gb Free Space | 91,28% Space Free | Partition Type: NTFS

Computer Name: PC01
Current User Name: karnik
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5900:TCP" = 5900:TCP:*:Enabled:VNC

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft)
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\Program Files\totalcmd\TOTALCMD.EXE" = C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.)
"C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe" = C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" = C:\Program Files\CyberLink\PCM4Everio\EverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDirector Express\PDX.exe" = C:\Program Files\CyberLink\PowerDirector Express\PDX.exe:*:Enabled:CyberLink PowerDirector Express -- (CyberLink Corp.)
"C:\Program Files\Sony\Vegas Pro 8.0\VegSrv80.exe" = C:\Program Files\Sony\Vegas Pro 8.0\VegSrv80.exe:*:Enabled:Sony Vegas Network Render Service Control -- (Sony Pictures Digital Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE -- (Software 2000 Limited)
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation)
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS -- (IVT Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Disabled:javaw -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01252153-8DC2-4E65-9BCC-64F9FAFA9B91}" = Bluesoleil 6.4.275.0
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{16E217EA-C3E0-402D-8D4F-6189DB74497A}" = Studio 9.4 Patch
"{17BF3045-AB1D-4048-8356-6C584B83565E}" = Canon Utilities Digital Photo Professional 2.0
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2222B364-0854-4265-B32E-A142DB9DC7BB}" = Intel(R) PRO Network Connections 11.2.0.69
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2767DEDE-EA9D-4FCE-A06A-40F4DD293330}" = hppusgP1000
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2)
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36C65B50-37BA-4467-AAD5-0523EFDF6F62}" = Camera Window MC
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{492F8345-095D-467F-926C-278870D93ECF}" = Windows Small Business Server 2008 ClientAgent
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = EOS Capture 1.5
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver
"{6C117F31-28A8-4477-BE91-64AC0A2204AD}" = Microsoft IntelliPoint 6.01
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{6EF72FC6-842E-4FE6-BF88-BFBF03C9DA74}" = Windows Workflow Foundation CS Language Pack
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
"{7F947BFE-C2DF-4779-9909-5BEE746BD0C4}" = Microsoft .NET Framework 2.0 Language Pack - CSY
"{838257FC-952A-467B-86BF-21DB6B137A3F}" = Windows Small Business Server 2008 WMI Provider
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8FA5B6B7-D8BD-49F7-98D7-701C26B01E97}" = Sony Media Manager 2.3
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_PROHYBRIDR_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_PROHYBRIDR_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_PROHYBRIDR_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{AAB6D0F8-02B3-4E89-B24C-0BB153C21445}" = Windows Presentation Foundation Language Pack (CSY)
"{AC76BA86-7AD7-1029-7B44-A93000000001}" = Adobe Reader 9.3.2 - Czech
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B67624DE-75CE-4FAD-9F29-5C115773CE61}" = Studio 9 Content CD/DVD
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B86FD1A1-43E9-4BB6-A05C-0525A3656868}" = SPZ 2006 SQL
"{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel
"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (E)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D75915D3-6CFF-445F-A346-18ED6EF2F618}" = Microsoft IntelliType Pro 6.01
"{D8979435-753B-40AE-9318-5E712C160A71}" = Windows Communication Foundation Language Pack - CSY
"{DC1E0881-66E8-4884-9B5B-580F957F5B9A}" = Sony DVD Architect Studio 4.5
"{DD23CAA4-8872-4B95-B263-EA46FD82CF19}" = LaserAIO
"{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}" = HP Software Update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{FB09515C-8E3E-4E0F-A1F2-032F38DEC185}" = Microsoft .NET Framework 3.0 Czech Language Pack
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Balíček ovladače systému Windows - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Balíček ovladače systému Windows - Nokia Modem (10/12/2007 3.6)
"819D45A9F73817F5B6D7C71A33ADAB88C5DA1765" = Balíček ovladače systému Windows - Nokia Modem (08/03/2007 6.84.0.2)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Balíček ovladače systému Windows - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0 CE" = Adobe Photoshop 7.0 CE
"Adobe Shockwave Player" = Adobe Shockwave Player
"All Video Converter_is1" = All Video Converter 4.2.8
"Audacity_is1" = Audacity 1.2.3
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Balíček ovladače systému Windows - Nokia Modem (03/05/2008 3.7)
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVD Shrink_is1" = DVD Shrink 3.2
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Balíček ovladače systému Windows - Nokia Modem (03/13/2008 6.86.0.1)
"Easy CD Ripper" = Easy CD Ripper 2.3.10
"EPSON Scanner" = EPSON Scan
"Hollywood FX 4.6" = Pinnacle Hollywood FX 4.6
"Hollywood FX 5.5 Additional Effects" = Hollywood FX 5.5 Additional Effects
"Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"hp LaserJet-all-in-one" = hp LaserJet-all-in-one
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{17BF3045-AB1D-4048-8356-6C584B83565E}" = Canon Utilities Digital Photo Professional 2.0
"InstallShield_{36C65B50-37BA-4467-AAD5-0523EFDF6F62}" = Canon Camera Window MC 5 for ZoomBrowser EX
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = Canon Utilities EOS Capture 1.5
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
"IrfanView" = IrfanView (remove only)
"JLIP VideoCapture" = JLIP VideoCapture3.0
"JLIP VideoProducer2.0" = JLIP VideoProducer2.0
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - CSY" = Microsoft .NET Framework 2.0 Language Pack - CSY
"Microsoft .NET Framework 3.0 Czech Language Pack" = Microsoft .NET Framework 3.0 Czech Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Network Print Monitor" = Network Print Monitor for Windows 2000/XP/2003/Vista
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OrderReminder hp LaserJet 3015/3020/3030/3380" = OrderReminder hp LaserJet 3015/3020/3030/3380
"proDAD-Heroglyph-1.0" = proDAD Heroglyph 1.0
"PROHYBRIDR" = 2007 Microsoft Office system
"RealVNC_is1" = VNC Free Edition 4.1.2
"SystemRequirementsLab" = System Requirements Lab
"Totalcmd" = Total Commander (Remove or Repair)
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar for Internet Explorer
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"Xilisoft DVD Ripper Platinum" = Xilisoft DVD Ripper Platinum
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13.5.2010 12:51:27 | Computer Name = PC01 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace OUTLOOK.EXE, verze 12.0.6514.5000, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 14.5.2010 5:10:06 | Computer Name = PC01 | Source = Bonjour Service | ID = 100
Description = 248: ERROR: read_msg errno 10054 (Stávající připojení bylo vynuceně
ukončeno vzdáleným hostitelem.)

Error - 14.5.2010 5:10:06 | Computer Name = PC01 | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (Stávající připojení bylo vynuceně
ukončeno vzdáleným hostitelem.)

Error - 14.5.2010 5:10:06 | Computer Name = PC01 | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (Stávající připojení bylo vynuceně
ukončeno vzdáleným hostitelem.)

Error - 14.5.2010 5:10:06 | Computer Name = PC01 | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (Stávající připojení bylo vynuceně
ukončeno vzdáleným hostitelem.)

Error - 14.5.2010 5:10:06 | Computer Name = PC01 | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (Stávající připojení bylo vynuceně
ukončeno vzdáleným hostitelem.)

Error - 16.5.2010 5:29:57 | Computer Name = PC01 | Source = WinVNC4 | ID = 1
Description = SConnection: AuthFailureException: Authentication failure

Error - 16.5.2010 5:33:08 | Computer Name = PC01 | Source = WinVNC4 | ID = 1
Description = SConnection: AuthFailureException: Authentication failure

Error - 16.5.2010 8:47:30 | Computer Name = PC01 | Source = WinVNC4 | ID = 1
Description = SConnection: AuthFailureException: Authentication failure

Error - 17.5.2010 3:37:35 | Computer Name = PC01 | Source = Symantec AntiVirus | ID = 16711725
Description = VÝSTRAHA OCHRANY PŘED ZMĚNAMI SYMANTEC\r\r \r\r Cíl: C:\Program Files\Symantec\Symantec
Endpoint Protection\Smc.exe\r\r Informace o události: Ukončit Proces\r\r Provedená
akce: Zaprotokolováno\r\r Postup aktéra: C:\install\TFC.exe (PID 1364)\r\r Čas: 17.
května 2010 9:37:35

[ OSession Events ]
Error - 29.3.2010 6:31:48 | Computer Name = PC01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4154
seconds with 2580 seconds of active time. This session ended with a crash.

Error - 31.3.2010 2:24:57 | Computer Name = PC01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 185
seconds with 180 seconds of active time. This session ended with a crash.

Error - 9.4.2010 2:26:17 | Computer Name = PC01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 255
seconds with 180 seconds of active time. This session ended with a crash.

Error - 13.4.2010 3:04:53 | Computer Name = PC01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3144
seconds with 2820 seconds of active time. This session ended with a crash.

Error - 13.4.2010 4:53:24 | Computer Name = PC01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6465
seconds with 3300 seconds of active time. This session ended with a crash.

Error - 13.4.2010 9:24:09 | Computer Name = PC01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14042
seconds with 1680 seconds of active time. This session ended with a crash.

Error - 13.4.2010 9:27:40 | Computer Name = PC01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 203
seconds with 180 seconds of active time. This session ended with a crash.

Error - 22.4.2010 2:50:59 | Computer Name = PC01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2145
seconds with 1320 seconds of active time. This session ended with a crash.

Error - 26.4.2010 2:34:53 | Computer Name = PC01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1308
seconds with 660 seconds of active time. This session ended with a crash.

Error - 12.5.2010 5:42:27 | Computer Name = PC01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5379
seconds with 1920 seconds of active time. This session ended with a crash.


< End of report >

[Caroprd111]

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found
O20 - HKLM Winlogon: Shell - (ngts.vao) - File not found
O20 - HKLM Winlogon: Shell - (uvibls) - File not found
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\karnik.EKG\Plocha\EKG s.r.o..pif:SummaryInformation

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]

Poté klikněte na Opravit, PC se restartuje, log vložte sem.

[manro]

prikladam otl log:
All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:rundll32.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:ngts.vao deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:uvibls deleted successfully.
ADS C:\Documents and Settings\karnik.EKG\Plocha\EKG s.r.o..pif:SummaryInformation deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.PC01
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: karnik
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: karnik.EKG
->Temp folder emptied: 2028041 bytes
->Temporary Internet Files folder emptied: 52689305 bytes
->Java cache emptied: 12118675 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 866 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: omega

User: Václav
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 118117 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 16946355 bytes

Total Files Cleaned = 80,00 mb


[EMPTYFLASH]

User: administrator

User: Administrator.PC01
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: karnik
->Flash cache emptied: 0 bytes

User: karnik.EKG
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: omega

User: Václav

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.2.4.1 log created on 05182010_183346

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\karnik.EKG\Local Settings\Temp\~DF7815.tmp not found!
File\Folder C:\Documents and Settings\karnik.EKG\Local Settings\Temp\~DF7825.tmp not found!
File\Folder C:\Documents and Settings\karnik.EKG\Local Settings\Temp\~DF788B.tmp not found!
File\Folder C:\Documents and Settings\karnik.EKG\Local Settings\Temp\~DF789B.tmp not found!
C:\Documents and Settings\karnik.EKG\Local Settings\Temporary Internet Files\Content.IE5\DS4OXIE3\afr[1].htm moved successfully.
C:\Documents and Settings\karnik.EKG\Local Settings\Temporary Internet Files\Content.IE5\CDLOKEOG\honeypot_export[1].htm moved successfully.
C:\Documents and Settings\karnik.EKG\Local Settings\Temporary Internet Files\Content.IE5\9X7QC15J\afr[1].htm moved successfully.
C:\Documents and Settings\karnik.EKG\Local Settings\Temporary Internet Files\Content.IE5\9X7QC15J\viewtopic[1].htm moved successfully.
C:\Documents and Settings\karnik.EKG\Local Settings\Temporary Internet Files\Content.IE5\86HRJRZE\afr[1].htm moved successfully.

Registry entries deleted on Reboot...

[Caroprd111]

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
• Vložte do PC všechny flash disky, které používáte.
• Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
• Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
• Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
• Během skenování může být počítač restartován.

[manro]

vkladam combofix log:
ComboFix 10-05-16.06 - karnik 18.05.2010 22:10:28.2.2 - x86
Systm Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1424 [GMT 2:00]
Sputn z: c:\install\ComboFix.exe
AV: Aplikace Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Aplikace Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
* Vytvoen nov Bod Obnoven

VAROVN - NA TOMTO POTAI NEN NAINSTALOVNA KONZOLA PRO ZOTAVEN !!
.

((((((((((((((((((((((((((((((((((((((( Ostatn vmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikac\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikac\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\karnik.EKG\Dokumenty\cc_20100517_095502.reg

----- BITS: Mon infikovan strnky -----

hxxp://server:8530
.
((((((((((((((((((((((((( Soubory vytvoen od 2010-04-18 do 2010-05-18 )))))))))))))))))))))))))))))))
.

2010-05-18 16:58 . 2010-01-22 07:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-05-18 16:58 . 2010-01-22 07:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-05-18 16:58 . 2010-01-22 07:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-05-18 16:58 . 2010-01-22 07:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-05-18 16:58 . 2009-10-27 23:36 1152444 ----a-w- c:\windows\UDB.zip
2010-05-18 16:58 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip
2010-05-18 16:56 . 2010-02-05 07:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-05-18 16:56 . 2010-03-29 08:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-05-18 16:56 . 2009-11-23 11:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-05-18 16:56 . 2010-04-08 12:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-05-18 16:56 . 2010-05-18 19:55 -------- d-----w- c:\program files\Spyware Doctor
2010-05-18 16:56 . 2010-05-18 16:58 -------- d-----w- c:\program files\Common Files\PC Tools
2010-05-18 16:33 . 2010-05-18 16:33 -------- d-----w- C:\_OTL
2010-05-17 07:50 . 2010-05-17 07:50 -------- d-----w- c:\program files\CCleaner
2010-05-15 08:15 . 2010-05-15 08:17 -------- d-----w- c:\program files\Windows Live Safety Center
2010-05-13 18:56 . 2010-05-17 07:57 -------- d-----w- c:\program files\trend micro
2010-05-11 19:22 . 2010-05-11 19:22 -------- d-----w- c:\windows\McAfee.com
2010-05-11 16:26 . 2010-05-11 16:27 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-11 16:26 . 2010-04-03 22:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-05-11 16:26 . 2010-04-03 22:55 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-05-11 16:26 . 2010-04-03 22:55 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-05-11 16:26 . 2010-04-03 22:55 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-05-11 16:26 . 2010-04-03 22:55 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-05-11 16:26 . 2010-05-11 16:26 -------- d-----w- C:\NVIDIA
2010-05-11 16:10 . 2010-05-11 16:10 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-11 16:07 . 2010-05-11 16:07 -------- d-----w- C:\AVGTemp
2010-05-05 19:34 . 2010-05-05 19:34 -------- d-----w- c:\program files\iPod
2010-05-05 19:32 . 2010-05-05 19:32 -------- d-----w- c:\program files\Apple Software Update
2010-05-05 19:30 . 2010-05-05 19:30 -------- d-----w- c:\program files\Bonjour
2010-04-20 06:44 . 2010-04-20 06:45 -------- d-----w- c:\program files\Safari

.
(((((((((((((((((((((((((((((((((((((((( Find3M vpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-17 08:14 . 2008-02-07 15:10 -------- d-----w- c:\program files\Microsoft Works
2010-05-16 11:09 . 2008-08-18 08:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-16 10:52 . 2001-10-25 12:00 532172 ----a-w- c:\windows\system32\perfh005.dat
2010-05-16 10:52 . 2001-10-25 12:00 120202 ----a-w- c:\windows\system32\perfc005.dat
2010-05-16 10:41 . 2008-02-22 07:56 -------- d-----w- c:\program files\Google
2010-05-11 18:58 . 2008-02-08 09:17 -------- d-----w- c:\program files\Winamp
2010-05-05 19:44 . 2009-09-29 07:38 -------- d-----w- c:\program files\iTunes
2010-05-05 19:34 . 2009-06-09 06:35 -------- d-----w- c:\program files\Common Files\Apple
2010-04-20 06:52 . 2008-02-17 12:03 -------- d-----w- c:\program files\QuickTime
2010-04-08 11:20 . 2010-04-08 11:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 11:20 . 2010-04-08 11:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-08 10:42 . 2010-04-08 10:42 -------- d-----w- c:\program files\Xilisoft
2010-04-08 10:38 . 2010-04-08 10:38 -------- d-----w- c:\program files\Xilisoft_DVD_Ripper_Platinum_4[1].0.86.0815
2010-04-03 22:55 . 2008-02-07 05:50 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-04-03 22:55 . 2007-12-05 00:41 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-04-03 22:55 . 2007-12-05 00:41 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-03 22:55 . 2007-12-05 00:41 227944 ----a-w- c:\windows\system32\nvcodins.dll
2010-04-03 22:55 . 2007-12-05 00:41 227944 ----a-w- c:\windows\system32\nvcod.dll
2010-04-03 22:55 . 2007-12-05 00:41 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-04-03 22:55 . 2007-12-05 00:41 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-04-03 22:55 . 2007-12-05 00:41 10232128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-04-03 17:23 . 2010-04-03 17:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-03 17:23 . 2010-04-03 17:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-03 17:23 . 2010-04-03 17:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-03 17:23 . 2010-04-03 17:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 17:23 . 2010-04-03 17:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-03 17:23 . 2010-04-03 17:23 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2010-04-03 17:23 . 2010-04-03 17:23 126976 ----a-w- c:\windows\system32\nvrszht.dll
2010-04-02 14:54 . 2008-02-07 05:50 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-31 10:15 . 2010-03-26 16:13 -------- d-----w- c:\program files\Network Print Monitor
2010-03-31 10:14 . 2008-02-07 09:43 63 ----a-w- C:\printer.cmd
2010-03-31 09:10 . 2008-02-07 05:49 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-31 08:55 . 2010-01-21 11:02 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-30 09:04 . 2010-03-30 09:04 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-30 09:04 . 2008-02-08 11:25 -------- d-----w- c:\program files\Java
2010-03-26 18:29 . 2010-03-26 18:29 -------- d-----w- c:\program files\epson
2010-03-26 17:59 . 2010-03-26 17:43 162048 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2010-03-26 17:43 . 2008-02-07 09:54 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-26 17:42 . 2008-02-07 09:54 -------- d-----w- c:\program files\Symantec
2010-03-26 17:42 . 2010-03-26 17:42 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-03-26 17:42 . 2010-03-26 17:42 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-03-26 17:42 . 2010-03-26 17:42 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-03-26 17:42 . 2010-03-26 17:42 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-26 17:02 . 2010-03-26 17:02 89600 ----a-w- c:\windows\system32\atl71.dll
2010-03-26 15:44 . 2010-03-26 15:43 -------- d-----w- c:\program files\Windows Small Business Server
2010-03-10 06:17 . 2004-08-17 14:49 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:18 . 2004-08-17 14:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-03 22:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

(((((((((((((((((((((((((((((((((( Spoutc body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznmka* przdn zznamy a legitimn vchoz daje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-30 149280]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-08-07 315478]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-03-26 115560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabdka Start\Programy\Po sputn\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe [2008-2-20 43520]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-2-7 113664]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-12-05 13:41 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
2008-04-01 13:43 98304 ----a-w- c:\program files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient 2.6]
2003-10-03 17:52 61440 ----a-w- c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2008-04-10 18:07 413696 ----a-w- c:\program files\IDT\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]
2004-04-09 15:31 184320 ----a-w- c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [17.6.2009 14:01 20744]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [18.5.2010 18:56 218592]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [18.5.2010 18:58 112592]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [7.8.2009 15:09 143467]
R2 MSSQL$SPZSQL2006;MSSQL$SPZSQL2006;c:\program files\Microsoft SQL Server\MSSQL$SPZSQL2006\Binn\sqlservr.exe -sSPZSQL2006 --> c:\program files\Microsoft SQL Server\MSSQL$SPZSQL2006\Binn\sqlservr.exe -sSPZSQL2006 [?]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [17.6.2009 14:02 29192]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [31.8.2009 6:51 102448]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [17.6.2009 14:01 25480]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [26.3.2010 19:39 23888]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [27.5.2009 3:27 29262680]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [9.6.2009 8:36 17408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [18.5.2010 18:56 366840]
S3 SQLAgent$SPZSQL2006;SQLAgent$SPZSQL2006;c:\program files\Microsoft SQL Server\MSSQL$SPZSQL2006\Binn\sqlagent.EXE -i SPZSQL2006 --> c:\program files\Microsoft SQL Server\MSSQL$SPZSQL2006\Binn\sqlagent.EXE -i SPZSQL2006 [?]
.
.
------- Doplkov sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\karnik.EKG\Data aplikac\Mozilla\Firefox\Profiles\fzaj81g2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\karnik.EKG\Data aplikac\Mozilla\Firefox\Profiles\fzaj81g2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - NEPLATN POLOKY ODSTRANN Z REGISTRU - - - -

HKLM-Run-nwiz - nwiz.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-18 22:16
Windows 5.1.2600 Service Pack 3 NTFS

skenovn skrytch proces ...

skenovn skrytch poloek 'Po sputn' ...

skenovn skrytch soubor ...


c:\docume~1\karnik.EKG\LOCALS~1\Temp\catchme.dll 53248 bytes executable

sken byl spen dokonen
skryt soubory: 1

**************************************************************************
.
--------------------- Knihovny navzan na bc procesy ---------------------

- - - - - - - > 'winlogon.exe'(1240)
c:\program files\RealVNC\VNC4\wm_hooks.dll
.
Celkov as: 2010-05-18 22:17:45
ComboFix-quarantined-files.txt 2010-05-18 20:17

Ped sputnm: Volnch bajt: 191590162432
Po sputn: Volnch bajt: 191592550400

- - End Of File - - A11FC6E18865945F67D8403A8B6F2BC6

[Caroprd111]

Následující soubor/y otestujte na http://www.virustotal.com/cs/
c:\docume~1\karnik.EKG\LOCALS~1\Temp\catchme.dll

(Soubor/y nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)

[manro]

bohuel soubor v tempu ji není.
Mohou mit tyto problémy s viry, vlil na zobrazeni dosové aplikace?
Konkrétne pouziva Cezar program.
Nekdy se mu v okne Cezaru spatne zobrazi ceske znaky s diakritikou. Pomuze jedine restart stanice. Pak je vse v porádku dokud program neukoncí a nepusti znovu. V samotnem programu lze menit kodovani, ale pokud toto nastane nema zmena kodovani zadny vliv.
Misto znaku s diakritikou ma treba ctverecky, prazdne misto,....
Na druhé stanici se tyto problemy nedeji.
Cezar mají nainstalovany na serveru a spousti se ze stanice pomoci zastupce.
Dik za pomoc manro.

[Caroprd111]

Odinstalujte všechny emulátory virtuálních mechanik.

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

• Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
• zvolte možnost Uninstall a restartujte PC.

Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe

• Klikněte na "Disable" a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Start > Spustit (Win + R)

• Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

• Klikněte na OK

• Vytvoří se log s názvem mbr.log, vložte ho sem.

Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

[manro]

žádné virtualní mechaniky nejsou.
sptd nelze spustit. Hlásí aplikace není aplikací 32b systému
Defogger proveden
mbr log:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

gmer zakladní spusteni proběhlo. Log zde.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-05-23 14:51:32
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\karnik.EKG\LOCALS~1\Temp\pxtdapoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

Po spuštění scan, se stanice odpojila od sítě. Dále již se nedalo kní připojit.
Vyřešil až restart stanice, který musel provést uživatel na místě.

[Caroprd111]

OK, ještě druhý log z Gmer.