dobry den,prosim o kontrolu starsiho NTB, tez velmi zpomaleneho, uvitam nejakou radu, predem diky.Jakub
Logfile of random's system information tool 1.07 (written by random/random)
Run by JW at 2010-06-09 16:27:28
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 8 GB (14%) free of 52 GB
Total RAM: 446 MB (23% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:27, on 9.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Aladdin\Aladdin SQL Server\AladdinSQL.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Updater.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\JW\Local Settings\Data aplikací\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe
C:\PROGRA~1\MESSEN~1\Msmsgs.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\JW\Plocha\RSIT.exe
C:\Program Files\trend micro\JW.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\JW\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AbacastDistributedOnDemand:11] C:\Documents and Settings\JW\Local Settings\Data aplikací\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe -r:11 -x:1
O4 - HKCU\..\Run: [MSMSGS] "c:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Zástupce - K9.lnk = C:\Program Files\KeirNet\K9\K9.exe
O4 - Startup: Zástupce - utorrent.lnk = C:\Program Files\uTorrent\utorrent.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://office.microsoft.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F509E42-537E-482B-B66C-145BC170054C} (PhotoUploader Control) - http://sberna.fotostar.cz/snadno-vlozit ... loader.dll
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - http://adis.mfcr.cz/adis/jepo/epo/bin/capicom.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://asp.photoprintit.de/microsite/11 ... oader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Aladdin SQL Server - Unknown owner - C:\Program Files\Aladdin\Aladdin SQL Server\AladdinSQL.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
O23 - Service: Plánovač automatické aktualizace LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8197 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1998869925-89902533-2611522979-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1998869925-89902533-2611522979-1006UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-06-22 344064]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-08-01 77824]
"OdTray.exe"=C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe [2005-05-18 1015871]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2007-07-13 921600]
"iRiver Updater"=\Updater.exe [2004-07-01 212992]
"SNPSTD2"=C:\WINDOWS\vsnpstd2.exe [2004-06-10 286720]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-25 652624]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2009-07-06 1848648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-07-14 98304]
"PowerManager"=C:\Program Files\Power Manager\PM.exe [2005-12-14 159744]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"Google Update"=C:\Documents and Settings\JW\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-03-21 133104]
"AbacastDistributedOnDemand:11"=C:\Documents and Settings\JW\Local Settings\Data aplikací\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe [2009-04-15 54712]
"MSMSGS"=c:\PROGRA~1\MESSEN~1\Msmsgs.exe [2005-08-31 1658592]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
C:\Documents and Settings\JW\Nabídka Start\Programy\Po spuštění
Zástupce - K9.lnk - C:\Program Files\KeirNet\K9\K9.exe
Zástupce - utorrent.lnk - C:\Program Files\uTorrent\utorrent.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-01 46080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OdysseyClient]
C:\WINDOWS\system32\odyEvent.dll [2007-07-12 106496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\JW\Plocha\aceftp3free.exe"="C:\Documents and Settings\JW\Plocha\aceftp3free.exe:*:Enabled:AceFTP v3"
"C:\Program Files\Messenger\Msmsgs.exe"="C:\Program Files\Messenger\Msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Průvodce přenesením souborů a nastavení"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player"
"C:\Documents and Settings\JW\Plocha\FS\GAME\FS9.EXE"="C:\Documents and Settings\JW\Plocha\FS\GAME\FS9.EXE:*:Enabled:Microsoft Flight Simulator"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"="C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\Sprite Software\Sprite Backup\spriteservice.exe"="C:\Program Files\Sprite Software\Sprite Backup\spriteservice.exe:*:Enabled:Sprite PC Service"
"C:\Documents and Settings\JW\Local Settings\Data aplikací\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe"="C:\Documents and Settings\JW\Local Settings\Data aplikací\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe:*:Enabled:Abacast Distributed On-Demand"
"C:\Documents and Settings\JW\Local Settings\Data aplikací\Abacast\Abaclient2.exe"="C:\Documents and Settings\JW\Local Settings\Data aplikací\Abacast\Abaclient2.exe:*:Enabled:Abaclient"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\JW\Local Settings\Temp\pyl745.tmp\pyrun.exe"="C:\Documents and Settings\JW\Local Settings\Temp\pyl745.tmp\pyrun.exe:*:Enabled:pyrun"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-06-09 16:12:22 ----D---- C:\WINDOWS\pss
2010-06-09 15:08:37 ----D---- C:\Program Files\trend micro
2010-06-09 15:08:35 ----D---- C:\rsit
2010-06-09 14:28:55 ----D---- C:\Program Files\CCleaner
2010-05-26 18:48:06 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-05-12 12:17:24 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
======List of files/folders modified in the last 1 months======
2010-06-09 16:27:36 ----D---- C:\WINDOWS\Prefetch
2010-06-09 16:24:14 ----D---- C:\WINDOWS\temp
2010-06-09 16:22:40 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-09 16:21:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-09 16:20:52 ----RASH---- C:\boot.ini
2010-06-09 16:20:52 ----A---- C:\WINDOWS\win.ini
2010-06-09 16:20:52 ----A---- C:\WINDOWS\system.ini
2010-06-09 16:12:22 ----D---- C:\WINDOWS
2010-06-09 16:07:02 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-09 16:05:18 ----SHD---- C:\WINDOWS\Installer
2010-06-09 16:05:18 ----D---- C:\Config.Msi
2010-06-09 15:59:55 ----AD---- C:\WINDOWS\system32
2010-06-09 15:57:10 ----RSD---- C:\WINDOWS\assembly
2010-06-09 15:45:19 ----RD---- C:\Program Files
2010-06-09 15:27:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-09 15:26:49 ----D---- C:\WINDOWS\WinSxS
2010-06-09 14:56:03 ----HD---- C:\WINDOWS\inf
2010-06-09 14:51:44 ----D---- C:\Program Files\uTorrent
2010-06-09 14:51:44 ----D---- C:\Documents and Settings\JW\Data aplikací\uTorrent
2010-06-09 14:51:06 ----D---- C:\Program Files\VideoReDoPlus
2010-06-09 14:50:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Seznam DVD 2008
2010-06-09 14:49:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Installations
2010-06-09 14:49:24 ----D---- C:\Program Files\Common Files
2010-06-09 14:45:10 ----D---- C:\WINDOWS\system32\drivers
2010-06-09 14:45:04 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-06-09 14:44:28 ----D---- C:\WINDOWS\Help
2010-06-09 14:43:21 ----D---- C:\Documents and Settings\JW\Data aplikací\Happy Foto
2010-06-09 14:40:49 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-09 14:34:03 ----D---- C:\WINDOWS\Debug
2010-06-09 09:46:57 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Data Fax Modem.txt
2010-06-04 07:48:55 ----D---- C:\Program Files\Microsoft Silverlight
2010-05-26 09:57:58 ----D---- C:\Program Files\Mozilla Firefox
2010-05-12 12:17:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-12 12:17:27 ----D---- C:\Program Files\Outlook Express
2010-05-12 09:30:57 ----HD---- C:\WINDOWS\$hf_mig$
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 PVR101Disk;PVR101Disk; C:\WINDOWS\system32\drivers\PVR101Disk.sys [2006-10-04 7936]
R1 WINIO;WINIO; \??\C:\WINDOWS\system32\WinIo.sys []
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2008-05-06 16512]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-01 2319680]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-05-05 463168]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-01 1198592]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-01 45056]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EKBfltr;ENE Keyboard Controller; C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-08-01 5504]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 odysseyIM4;Odyssey Network Agent Miniport; C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 173056]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-08-01 162176]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 a6ibucxu;a6ibucxu; C:\WINDOWS\system32\drivers\a6ibucxu.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 BthEnum;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys []
S3 snpstd2;VideoCAM Look; C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-07-28 334080]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Aladdin SQL Server;Aladdin SQL Server; C:\Program Files\Aladdin\Aladdin SQL Server\AladdinSQL.exe [2010-03-20 136192]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-01 368640]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2007-07-13 507904]
R2 odClientService;Odyssey Client for Fujitsu Siemens Computers; C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe [2005-05-18 208896]
R2 Plánovač automatické aktualizace LiveUpdate;Plánovač automatické aktualizace LiveUpdate; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 100032]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-08-03 2119360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
virus Win32/Oficla.HD trojan??
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: virus Win32/Oficla.HD trojan??
Zdravím 
Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu
Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu
- Spusťte, poté do spodního políčka vložte následující skript.
Kód: Vybrat vše
netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT - Označte položku Pro všechny uživatele.
- Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
- Po dokončení, sem vložte logy OTL.Txt a Extras.txt
Re: virus Win32/Oficla.HD trojan??
OTL Extras logfile created on: 10.6.2010 8:37:28 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\JW\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
446,00 Mb Total Physical Memory | 51,00 Mb Available Physical Memory | 11,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50,59 Gb Total Space | 7,23 Gb Free Space | 14,30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 5,31 Gb Total Space | 5,28 Gb Free Space | 99,45% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: FUJITSU
Current User Name: JW
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-1998869925-89902533-2611522979-1006\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Documents and Settings\JW\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\JW\Plocha\aceftp3free.exe" = C:\Documents and Settings\JW\Plocha\aceftp3free.exe:*:Enabled:AceFTP v3 -- (Visicom Media Inc.)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Průvodce přenesením souborů a nastavení -- (Microsoft Corporation)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player -- ()
"C:\Documents and Settings\JW\Plocha\FS\GAME\FS9.EXE" = C:\Documents and Settings\JW\Plocha\FS\GAME\FS9.EXE:*:Enabled:Microsoft Flight Simulator -- File not found
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe" = C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator -- File not found
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Sprite Software\Sprite Backup\spriteservice.exe" = C:\Program Files\Sprite Software\Sprite Backup\spriteservice.exe:*:Enabled:Sprite PC Service -- ()
"C:\Documents and Settings\JW\Local Settings\Data aplikací\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe" = C:\Documents and Settings\JW\Local Settings\Data aplikací\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe:*:Enabled:Abacast Distributed On-Demand -- (Abacast, Inc.)
"C:\Documents and Settings\JW\Local Settings\Data aplikací\Abacast\Abaclient2.exe" = C:\Documents and Settings\JW\Local Settings\Data aplikací\Abacast\Abaclient2.exe:*:Enabled:Abaclient -- (Abacast, Inc.)
"C:\Documents and Settings\JW\Local Settings\Temp\pyl745.tmp\pyrun.exe" = C:\Documents and Settings\JW\Local Settings\Temp\pyl745.tmp\pyrun.exe:*:Enabled:pyrun -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{072D2077-9E22-4F7F-B817-A92CA6CCC843}" = iriver Music Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series" = Canon MP190 series MP Drivers
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{44F2F155-970F-4A88-AFC6-C92A39BDCB13}" = Application Suite
"{52D3199D-2858-4216-AA1D-B2A9BB9FA31B}" = Sprite Backup HTC
"{59F646AD-A378-4783-8638-EA1AD92E1153}_is1" = MPEG-VCR 3.14.6.6 (12/2008)
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{64D1C23F-411C-4FBA-9B37-0ABC845C239B}" = Sigmatek Disk Reader
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9D1C26BD-E792-4159-9D16-07EA222D8EF0}" = Windows Messenger 5.1
"{A0EACEC2-E2AE-4811-A01D-5321587E0643}_is1" = MPEG Video Wizard 4.0.4.111 (12/2008)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B48F9C44-C904-4FA3-984D-F65AE4C49745}" = Zoner Media Explorer 5
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}" = Microsoft Works
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX v2.1
"{EADAA6F7-991F-4CE9-B5CE-FCF3D81F7C7D}" = VideoCAM Look
"{EFE315FB-CCE1-4678-87E1-77BF62D49301}" = Odyssey Client for Fujitsu Siemens Computers
"{F3CBA4E6-436E-4B51-9651-93830EE38616}" = Windows Messenger 5.1 MUI Pack
"AbacastNode:11" = Abacast Distributed On-Demand
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Advanced PDF to IMAGE converter_is1" = Advanced PDF to IMAGE converter 1.9.9.9
"Aladdin" = Aladdin - ekonomický informační systém
"ATI Display Driver" = ATI Display Driver
"Avidemux 2.4" = Avidemux 2.4
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"DIVXCodec" = DivX Codec 3.1alpha release
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Elecard MPEG-2 Decoder&Streaming Pack 1.0.50824" = Elecard MPEG-2 Decoder&Streaming Pack
"HijackThis" = HijackThis 1.99.1
"IrfanView" = IrfanView (remove only)
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MLUpdater" = iRiver Updater
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MP Navigator EX 1.2" = Canon MP Navigator EX 1.2
"Mpeg Video Wizard" = MPEG Video Wizard 4.0.4.111 (12/2008)
"MPEG-VCR" = MPEG-VCR 3.14.6.6 (12/2008)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NeroVision!UninstallKey" = NeroVision Express 3 SE
"nLite_is1" = nLite 1.4.9.1
"NOD32" = NOD32 antivirus system
"NVEContent!UninstallKey" = NeroVision Express Content
"Power Manager_is1" = Power Manager 1.10.2
"QuickTime" = QuickTime
"RealAlt_is1" = Real Alternative 1.60
"Registrace uživatele zařízení Canon MP190 series" = Registrace uživatele zařízení Canon MP190 series
"StreamDown v6.4.3_is1" = StreamDown
"SUPER ©" = SUPER © Version 2007.bld.23 (July 4, 2007)
"VLC media player" = VLC media player 0.9.8a
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"WinAVI Video Converter_is1" = WinAVI Video Converter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile Resources
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"Xvid_is1" = Xvid 1.1.3 final uninstall
"YASA Video Converter v3.4 (build 0065)" = YASA Video Converter v3.4 (build 0065)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1998869925-89902533-2611522979-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Abacast Distributed Live" = Abacast Distributed Live
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Aladdin Events ]
Error - 20.3.2010 11:36:33 | Computer Name = FUJITSU | Source = Aladdin | ID = 107
Description = Can't find table for lock record operation!
Error - 24.3.2010 17:58:01 | Computer Name = FUJITSU | Source = Aladdin | ID = 107
Description = UPDATE: can't read update file 'http://update.aladdin.cz/check-auto.xml'.
Code: 12007.
Error - 25.3.2010 13:44:53 | Computer Name = FUJITSU | Source = Aladdin | ID = 107
Description = UPDATE: can't read update file 'http://update.aladdin.cz/check-auto.xml'.
Code: 12007.
Error - 6.4.2010 4:27:22 | Computer Name = FUJITSU | Source = Aladdin | ID = 107
Description = UPDATE: can't read update file 'http://update.aladdin.cz/check-auto.xml'.
Code: 12029.
Error - 13.4.2010 14:52:21 | Computer Name = FUJITSU | Source = Aladdin | ID = 107
Description = UPDATE: can't read update file 'http://update.aladdin.cz/check-auto.xml'.
Code: 12007.
Error - 18.4.2010 5:08:31 | Computer Name = FUJITSU | Source = Aladdin | ID = 107
Description = UPDATE: can't read update file 'http://update.aladdin.cz/check-auto.xml'.
Code: 12007.
Error - 20.4.2010 3:46:47 | Computer Name = FUJITSU | Source = Aladdin | ID = 107
Description = UPDATE: can't read update file 'http://update.aladdin.cz/check-auto.xml'.
Code: 12007.
Error - 9.5.2010 11:50:55 | Computer Name = FUJITSU | Source = Aladdin | ID = 107
Description = UPDATE: can't read update file 'http://update.aladdin.cz/check-auto.xml'.
Code: 12007.
Error - 18.5.2010 11:32:11 | Computer Name = FUJITSU | Source = Aladdin | ID = 107
Description = UPDATE: can't read update file 'http://update.aladdin.cz/check-auto.xml'.
Code: 12007.
Error - 22.5.2010 9:55:02 | Computer Name = FUJITSU | Source = Aladdin | ID = 107
Description = UPDATE: can't read update file 'http://update.aladdin.cz/check-auto.xml'.
Code: 12007.
[ Application Events ]
Error - 26.5.2010 3:55:38 | Computer Name = FUJITSU | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 1.9.2.3743, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 28.5.2010 10:22:28 | Computer Name = FUJITSU | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 1.9.2.3743, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 3.6.2010 8:49:09 | Computer Name = FUJITSU | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 1.9.2.3743, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 3.6.2010 8:49:31 | Computer Name = FUJITSU | Source = Application Hang | ID = 1001
Description = Chybný blok 1788811432
Error - 4.6.2010 2:52:05 | Computer Name = FUJITSU | Source = Google Update | ID = 20
Description =
Error - 7.6.2010 2:50:46 | Computer Name = FUJITSU | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 1.9.2.3743, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 9.6.2010 4:22:28 | Computer Name = FUJITSU | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace OUTLOOK.EXE, verze 11.0.5510.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 9.6.2010 4:22:28 | Computer Name = FUJITSU | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace OUTLOOK.EXE, verze 11.0.5510.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 9.6.2010 4:22:29 | Computer Name = FUJITSU | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace OUTLOOK.EXE, verze 11.0.5510.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 9.6.2010 10:37:48 | Computer Name = FUJITSU | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace msimn.exe, verze 6.0.2900.5512, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
[ System Events ]
Error - 3.5.2010 5:10:04 | Computer Name = FUJITSU | Source = Windows Update Agent | ID = 16
Description = Připojení se nezdařilo: Připojení ke službě automatických aktualizací
nelze navázat. Stažení a instalaci aktualizací podle tohoto plánu nelze spustit.
Pokus o navázání spojení bude opakován.
Error - 6.5.2010 2:52:36 | Computer Name = FUJITSU | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.
Error - 6.5.2010 2:52:54 | Computer Name = FUJITSU | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.
Error - 6.5.2010 2:53:01 | Computer Name = FUJITSU | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.
Error - 6.5.2010 2:53:07 | Computer Name = FUJITSU | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.
Error - 6.5.2010 3:34:05 | Computer Name = FUJITSU | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.
Error - 6.5.2010 3:34:12 | Computer Name = FUJITSU | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.
Error - 9.6.2010 9:54:57 | Computer Name = FUJITSU | Source = Print | ID = 19
Description = Došlo k chybě sdílení tiskárny + 1722, tiskárna Microsoft Office Document
Image Writer název sdílení Tiskárna.
< End of report >
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\JW\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
446,00 Mb Total Physical Memory | 51,00 Mb Available Physical Memory | 11,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50,59 Gb Total Space | 7,23 Gb Free Space | 14,30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 5,31 Gb Total Space | 5,28 Gb Free Space | 99,45% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: FUJITSU
Current User Name: JW
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-1998869925-89902533-2611522979-1006\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Documents and Settings\JW\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\JW\Plocha\aceftp3free.exe" = C:\Documents and Settings\JW\Plocha\aceftp3free.exe:*:Enabled:AceFTP v3 -- (Visicom Media Inc.)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Průvodce přenesením souborů a nastavení -- (Microsoft Corporation)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player -- ()
"C:\Documents and Settings\JW\Plocha\FS\GAME\FS9.EXE" = C:\Documents and Settings\JW\Plocha\FS\GAME\FS9.EXE:*:Enabled:Microsoft Flight Simulator -- File not found
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe" = C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator -- File not found
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Sprite Software\Sprite Backup\spriteservice.exe" = C:\Program Files\Sprite Software\Sprite Backup\spriteservice.exe:*:Enabled:Sprite PC Service -- ()
"C:\Documents and Settings\JW\Local Settings\Data aplikací\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe" = C:\Documents and Settings\JW\Local Settings\Data aplikací\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe:*:Enabled:Abacast Distributed On-Demand -- (Abacast, Inc.)
"C:\Documents and Settings\JW\Local Settings\Data aplikací\Abacast\Abaclient2.exe" = C:\Documents and Settings\JW\Local Settings\Data aplikací\Abacast\Abaclient2.exe:*:Enabled:Abaclient -- (Abacast, Inc.)
"C:\Documents and Settings\JW\Local Settings\Temp\pyl745.tmp\pyrun.exe" = C:\Documents and Settings\JW\Local Settings\Temp\pyl745.tmp\pyrun.exe:*:Enabled:pyrun -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{072D2077-9E22-4F7F-B817-A92CA6CCC843}" = iriver Music Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series" = Canon MP190 series MP Drivers
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{44F2F155-970F-4A88-AFC6-C92A39BDCB13}" = Application Suite
"{52D3199D-2858-4216-AA1D-B2A9BB9FA31B}" = Sprite Backup HTC
"{59F646AD-A378-4783-8638-EA1AD92E1153}_is1" = MPEG-VCR 3.14.6.6 (12/2008)
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{64D1C23F-411C-4FBA-9B37-0ABC845C239B}" = Sigmatek Disk Reader
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9D1C26BD-E792-4159-9D16-07EA222D8EF0}" = Windows Messenger 5.1
"{A0EACEC2-E2AE-4811-A01D-5321587E0643}_is1" = MPEG Video Wizard 4.0.4.111 (12/2008)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B48F9C44-C904-4FA3-984D-F65AE4C49745}" = Zoner Media Explorer 5
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}" = Microsoft Works
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX v2.1
"{EADAA6F7-991F-4CE9-B5CE-FCF3D81F7C7D}" = VideoCAM Look
"{EFE315FB-CCE1-4678-87E1-77BF62D49301}" = Odyssey Client for Fujitsu Siemens Computers
"{F3CBA4E6-436E-4B51-9651-93830EE38616}" = Windows Messenger 5.1 MUI Pack
"AbacastNode:11" = Abacast Distributed On-Demand
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Advanced PDF to IMAGE converter_is1" = Advanced PDF to IMAGE converter 1.9.9.9
"Aladdin" = Aladdin - ekonomický informační systém
"ATI Display Driver" = ATI Display Driver
"Avidemux 2.4" = Avidemux 2.4
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"DIVXCodec" = DivX Codec 3.1alpha release
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Elecard MPEG-2 Decoder&Streaming Pack 1.0.50824" = Elecard MPEG-2 Decoder&Streaming Pack
"HijackThis" = HijackThis 1.99.1
"IrfanView" = IrfanView (remove only)
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MLUpdater" = iRiver Updater
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MP Navigator EX 1.2" = Canon MP Navigator EX 1.2
"Mpeg Video Wizard" = MPEG Video Wizard 4.0.4.111 (12/2008)
"MPEG-VCR" = MPEG-VCR 3.14.6.6 (12/2008)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NeroVision!UninstallKey" = NeroVision Express 3 SE
"nLite_is1" = nLite 1.4.9.1
"NOD32" = NOD32 antivirus system
"NVEContent!UninstallKey" = NeroVision Express Content
"Power Manager_is1" = Power Manager 1.10.2
"QuickTime" = QuickTime
"RealAlt_is1" = Real Alternative 1.60
"Registrace uživatele zařízení Canon MP190 series" = Registrace uživatele zařízení Canon MP190 series
"StreamDown v6.4.3_is1" = StreamDown
"SUPER ©" = SUPER © Version 2007.bld.23 (July 4, 2007)
"VLC media player" = VLC media player 0.9.8a
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"WinAVI Video Converter_is1" = WinAVI Video Converter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile Resources
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"Xvid_is1" = Xvid 1.1.3 final uninstall
"YASA Video Converter v3.4 (build 0065)" = YASA Video Converter v3.4 (build 0065)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1998869925-89902533-2611522979-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Abacast Distributed Live" = Abacast Distributed Live
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Aladdin Events ]
Error - 20.3.2010 11:36:33 | Computer Name = FUJITSU | Source = Aladdin | ID = 107
Description = Can't find table for lock record operation!
Error - 24.3.2010 17:58:01 | Computer Name = FUJITSU | Source = Aladdin | ID = 107
Description = UPDATE: can't read update file 'http://update.aladdin.cz/check-auto.xml'.
Code: 12007.
Error - 25.3.2010 13:44:53 | Computer Name = FUJITSU | Source = Aladdin | ID = 107
Description = UPDATE: can't read update file 'http://update.aladdin.cz/check-auto.xml'.
Code: 12007.
Error - 6.4.2010 4:27:22 | Computer Name = FUJITSU | Source = Aladdin | ID = 107
Description = UPDATE: can't read update file 'http://update.aladdin.cz/check-auto.xml'.
Code: 12029.
Error - 13.4.2010 14:52:21 | Computer Name = FUJITSU | Source = Aladdin | ID = 107
Description = UPDATE: can't read update file 'http://update.aladdin.cz/check-auto.xml'.
Code: 12007.
Error - 18.4.2010 5:08:31 | Computer Name = FUJITSU | Source = Aladdin | ID = 107
Description = UPDATE: can't read update file 'http://update.aladdin.cz/check-auto.xml'.
Code: 12007.
Error - 20.4.2010 3:46:47 | Computer Name = FUJITSU | Source = Aladdin | ID = 107
Description = UPDATE: can't read update file 'http://update.aladdin.cz/check-auto.xml'.
Code: 12007.
Error - 9.5.2010 11:50:55 | Computer Name = FUJITSU | Source = Aladdin | ID = 107
Description = UPDATE: can't read update file 'http://update.aladdin.cz/check-auto.xml'.
Code: 12007.
Error - 18.5.2010 11:32:11 | Computer Name = FUJITSU | Source = Aladdin | ID = 107
Description = UPDATE: can't read update file 'http://update.aladdin.cz/check-auto.xml'.
Code: 12007.
Error - 22.5.2010 9:55:02 | Computer Name = FUJITSU | Source = Aladdin | ID = 107
Description = UPDATE: can't read update file 'http://update.aladdin.cz/check-auto.xml'.
Code: 12007.
[ Application Events ]
Error - 26.5.2010 3:55:38 | Computer Name = FUJITSU | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 1.9.2.3743, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 28.5.2010 10:22:28 | Computer Name = FUJITSU | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 1.9.2.3743, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 3.6.2010 8:49:09 | Computer Name = FUJITSU | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 1.9.2.3743, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 3.6.2010 8:49:31 | Computer Name = FUJITSU | Source = Application Hang | ID = 1001
Description = Chybný blok 1788811432
Error - 4.6.2010 2:52:05 | Computer Name = FUJITSU | Source = Google Update | ID = 20
Description =
Error - 7.6.2010 2:50:46 | Computer Name = FUJITSU | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 1.9.2.3743, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 9.6.2010 4:22:28 | Computer Name = FUJITSU | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace OUTLOOK.EXE, verze 11.0.5510.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 9.6.2010 4:22:28 | Computer Name = FUJITSU | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace OUTLOOK.EXE, verze 11.0.5510.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 9.6.2010 4:22:29 | Computer Name = FUJITSU | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace OUTLOOK.EXE, verze 11.0.5510.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 9.6.2010 10:37:48 | Computer Name = FUJITSU | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace msimn.exe, verze 6.0.2900.5512, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
[ System Events ]
Error - 3.5.2010 5:10:04 | Computer Name = FUJITSU | Source = Windows Update Agent | ID = 16
Description = Připojení se nezdařilo: Připojení ke službě automatických aktualizací
nelze navázat. Stažení a instalaci aktualizací podle tohoto plánu nelze spustit.
Pokus o navázání spojení bude opakován.
Error - 6.5.2010 2:52:36 | Computer Name = FUJITSU | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.
Error - 6.5.2010 2:52:54 | Computer Name = FUJITSU | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.
Error - 6.5.2010 2:53:01 | Computer Name = FUJITSU | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.
Error - 6.5.2010 2:53:07 | Computer Name = FUJITSU | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.
Error - 6.5.2010 3:34:05 | Computer Name = FUJITSU | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.
Error - 6.5.2010 3:34:12 | Computer Name = FUJITSU | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.
Error - 9.6.2010 9:54:57 | Computer Name = FUJITSU | Source = Print | ID = 19
Description = Došlo k chybě sdílení tiskárny + 1722, tiskárna Microsoft Office Document
Image Writer název sdílení Tiskárna.
< End of report >
Re: virus Win32/Oficla.HD trojan??
OTL logfile created on: 10.6.2010 8:37:28 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\JW\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
446,00 Mb Total Physical Memory | 51,00 Mb Available Physical Memory | 11,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50,59 Gb Total Space | 7,23 Gb Free Space | 14,30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 5,31 Gb Total Space | 5,28 Gb Free Space | 99,45% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: FUJITSU
Current User Name: JW
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.06.10 08:35:51 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JW\Plocha\OTL.exe
PRC - [2010.04.04 18:08:50 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.04.01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010.03.20 16:29:35 | 000,136,192 | ---- | M] () -- C:\Program Files\Aladdin\Aladdin SQL Server\AladdinSQL.exe
PRC - [2009.07.06 17:07:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009.04.15 18:35:18 | 000,054,712 | ---- | M] (Abacast, Inc.) -- C:\Documents and Settings\JW\Local Settings\Data aplikací\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe
PRC - [2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.07.13 13:35:45 | 000,921,600 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32kui.exe
PRC - [2007.07.13 13:35:45 | 000,507,904 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe
PRC - [2006.11.13 12:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006.11.13 12:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006.08.03 16:43:10 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2005.08.01 07:28:10 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005.05.18 14:14:42 | 000,208,896 | ---- | M] (Funk Software, Inc.) -- C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
PRC - [2005.05.18 14:14:06 | 001,015,871 | ---- | M] (Funk Software, Inc.) -- C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe
PRC - [2004.07.01 22:20:20 | 000,212,992 | ---- | M] (Moodlogic) -- C:\Updater.exe
PRC - [2004.06.10 11:54:40 | 000,286,720 | ---- | M] () -- C:\WINDOWS\vsnpstd2.exe
========== Modules (SafeList) ==========
MOD - [2010.06.10 08:35:51 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JW\Plocha\OTL.exe
MOD - [2008.04.14 04:19:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010.03.20 16:29:35 | 000,136,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Aladdin\Aladdin SQL Server\AladdinSQL.exe -- (Aladdin SQL Server)
SRV - [2009.10.27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.07.29 18:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2007.07.13 13:35:45 | 000,507,904 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn)
SRV - [2006.08.03 16:43:10 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006.08.03 16:43:10 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Plánovač automatické aktualizace LiveUpdate)
SRV - [2005.05.18 14:14:42 | 000,208,896 | ---- | M] (Funk Software, Inc.) [Auto | Running] -- C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe -- (odClientService)
========== Driver Services (SafeList) ==========
DRV - [2010.05.09 12:53:34 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.05.06 07:01:28 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2008.04.13 19:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008.04.13 19:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008.04.13 19:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008.04.13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Ovladač zvukové karty USB (WDM)
DRV - [2007.07.13 13:35:46 | 000,502,368 | ---- | M] (Eset ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)
DRV - [2007.06.20 05:18:40 | 000,389,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2006.10.04 22:02:12 | 000,007,936 | ---- | M] (Bo Brantén) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pvr101disk.sys -- (PVR101Disk)
DRV - [2005.10.12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2005.09.09 18:56:12 | 000,006,144 | ---- | M] (http://www.internals.com) [Kernel | System | Running] -- C:\WINDOWS\system32\WinIo.sys -- (WINIO)
DRV - [2005.08.18 16:52:08 | 000,077,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2005.08.18 16:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2005.08.01 07:29:29 | 000,005,504 | ---- | M] (EnE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EKBfltr.sys -- (EKBfltr)
DRV - [2005.08.01 07:29:08 | 001,198,592 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.08.01 07:28:34 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005.08.01 07:28:32 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005.08.01 07:28:04 | 002,319,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005.05.18 12:52:56 | 000,173,056 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\odysseyIM4.sys -- (odysseyIM4)
DRV - [2005.05.05 01:08:38 | 000,463,168 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2005.01.11 16:58:48 | 000,030,976 | ---- | M] (Silicon Integrated Systems Corp) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiSRaid2.sys -- (SiSRaid2)
DRV - [2004.07.28 11:49:00 | 000,334,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd2.sys -- (snpstd2)
DRV - [2004.03.29 17:28:24 | 000,014,531 | ---- | M] (iRiver, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ifpusb.sys -- (IFPUSB)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1998869925-89902533-2611522979-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.cz/
IE - HKU\S-1-5-21-1998869925-89902533-2611522979-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.idnes.cz/"
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.8
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.09 14:41:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.09 16:04:49 | 000,000,000 | ---D | M]
[2008.08.26 21:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Mozilla\Extensions
[2010.06.09 16:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Mozilla\Firefox\Profiles\yu6zca7o.default\extensions
[2009.09.25 16:13:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\JW\Data aplikací\Mozilla\Firefox\Profiles\yu6zca7o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.25 07:58:37 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Documents and Settings\JW\Data aplikací\Mozilla\Firefox\Profiles\yu6zca7o.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.05.09 12:53:44 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\JW\Data aplikací\Mozilla\Firefox\Profiles\yu6zca7o.default\searchplugins\daemon-search.xml
[2010.06.09 15:00:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007.03.05 13:59:06 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2006.08.09 11:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npWebLaunch.dll
[2010.03.14 18:57:09 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.03.14 18:57:09 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.03.14 18:57:09 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.03.14 18:57:09 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.03.14 18:57:09 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2008.08.25 13:27:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-1998869925-89902533-2611522979-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-1998869925-89902533-2611522979-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [iRiver Updater] \Updater.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
O4 - HKLM..\Run: [OdTray.exe] C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe (Funk Software, Inc.)
O4 - HKLM..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe ()
O4 - HKLM..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-1998869925-89902533-2611522979-1006..\Run: [AbacastDistributedOnDemand:11] C:\Documents and Settings\JW\Local Settings\Data aplikací\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe (Abacast, Inc.)
O4 - HKU\S-1-5-21-1998869925-89902533-2611522979-1006..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1998869925-89902533-2611522979-1006..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\JW\Nabídka Start\Programy\Po spuštění\Zástupce - K9.lnk = C:\Program Files\KeirNet\K9\K9.exe File not found
O4 - Startup: C:\Documents and Settings\JW\Nabídka Start\Programy\Po spuštění\Zástupce - utorrent.lnk = C:\Program Files\uTorrent\utorrent.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1998869925-89902533-2611522979-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1998869925-89902533-2611522979-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1998869925-89902533-2611522979-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1998869925-89902533-2611522979-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-1998869925-89902533-2611522979-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-1998869925-89902533-2611522979-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-1998869925-89902533-2611522979-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\S-1-5-21-1998869925-89902533-2611522979-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\imon.dll (Eset )
O15 - HKU\S-1-5-21-1998869925-89902533-2611522979-1006\..Trusted Domains: microsoft.com ([office] http in Důvěryhodné servery)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5F509E42-537E-482B-B66C-145BC170054C} http://sberna.fotostar.cz/snadno-vlozit ... loader.dll (PhotoUploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} http://adis.mfcr.cz/adis/jepo/epo/bin/capicom.cab (Settings Class)
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} http://asp.photoprintit.de/microsite/11 ... oader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\OdysseyClient: DllName - odyEvent.dll - C:\WINDOWS\System32\odyEvent.dll (Funk Software, Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\JW\Data aplikací\IrfanView\IrfanView_Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\JW\Data aplikací\IrfanView\IrfanView_Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.26 08:13:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006.01.26 08:13:06 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Hacked With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIV3 - C:\WINDOWS\System32\DivXc32.dll (Hacked with Joy !)
Drivers32: vidc.DIV4 - C:\WINDOWS\System32\DivXc32f.dll (Hacked with Joy !)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\JW\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
446,00 Mb Total Physical Memory | 51,00 Mb Available Physical Memory | 11,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50,59 Gb Total Space | 7,23 Gb Free Space | 14,30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 5,31 Gb Total Space | 5,28 Gb Free Space | 99,45% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: FUJITSU
Current User Name: JW
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.06.10 08:35:51 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JW\Plocha\OTL.exe
PRC - [2010.04.04 18:08:50 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.04.01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010.03.20 16:29:35 | 000,136,192 | ---- | M] () -- C:\Program Files\Aladdin\Aladdin SQL Server\AladdinSQL.exe
PRC - [2009.07.06 17:07:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009.04.15 18:35:18 | 000,054,712 | ---- | M] (Abacast, Inc.) -- C:\Documents and Settings\JW\Local Settings\Data aplikací\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe
PRC - [2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.07.13 13:35:45 | 000,921,600 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32kui.exe
PRC - [2007.07.13 13:35:45 | 000,507,904 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe
PRC - [2006.11.13 12:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006.11.13 12:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006.08.03 16:43:10 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2005.08.01 07:28:10 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005.05.18 14:14:42 | 000,208,896 | ---- | M] (Funk Software, Inc.) -- C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
PRC - [2005.05.18 14:14:06 | 001,015,871 | ---- | M] (Funk Software, Inc.) -- C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe
PRC - [2004.07.01 22:20:20 | 000,212,992 | ---- | M] (Moodlogic) -- C:\Updater.exe
PRC - [2004.06.10 11:54:40 | 000,286,720 | ---- | M] () -- C:\WINDOWS\vsnpstd2.exe
========== Modules (SafeList) ==========
MOD - [2010.06.10 08:35:51 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JW\Plocha\OTL.exe
MOD - [2008.04.14 04:19:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010.03.20 16:29:35 | 000,136,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Aladdin\Aladdin SQL Server\AladdinSQL.exe -- (Aladdin SQL Server)
SRV - [2009.10.27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.07.29 18:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2007.07.13 13:35:45 | 000,507,904 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn)
SRV - [2006.08.03 16:43:10 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006.08.03 16:43:10 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Plánovač automatické aktualizace LiveUpdate)
SRV - [2005.05.18 14:14:42 | 000,208,896 | ---- | M] (Funk Software, Inc.) [Auto | Running] -- C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe -- (odClientService)
========== Driver Services (SafeList) ==========
DRV - [2010.05.09 12:53:34 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.05.06 07:01:28 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2008.04.13 19:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008.04.13 19:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008.04.13 19:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008.04.13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Ovladač zvukové karty USB (WDM)
DRV - [2007.07.13 13:35:46 | 000,502,368 | ---- | M] (Eset ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)
DRV - [2007.06.20 05:18:40 | 000,389,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2006.10.04 22:02:12 | 000,007,936 | ---- | M] (Bo Brantén) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pvr101disk.sys -- (PVR101Disk)
DRV - [2005.10.12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2005.09.09 18:56:12 | 000,006,144 | ---- | M] (http://www.internals.com) [Kernel | System | Running] -- C:\WINDOWS\system32\WinIo.sys -- (WINIO)
DRV - [2005.08.18 16:52:08 | 000,077,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2005.08.18 16:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2005.08.01 07:29:29 | 000,005,504 | ---- | M] (EnE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EKBfltr.sys -- (EKBfltr)
DRV - [2005.08.01 07:29:08 | 001,198,592 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.08.01 07:28:34 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005.08.01 07:28:32 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005.08.01 07:28:04 | 002,319,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005.05.18 12:52:56 | 000,173,056 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\odysseyIM4.sys -- (odysseyIM4)
DRV - [2005.05.05 01:08:38 | 000,463,168 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2005.01.11 16:58:48 | 000,030,976 | ---- | M] (Silicon Integrated Systems Corp) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiSRaid2.sys -- (SiSRaid2)
DRV - [2004.07.28 11:49:00 | 000,334,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd2.sys -- (snpstd2)
DRV - [2004.03.29 17:28:24 | 000,014,531 | ---- | M] (iRiver, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ifpusb.sys -- (IFPUSB)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1998869925-89902533-2611522979-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.cz/
IE - HKU\S-1-5-21-1998869925-89902533-2611522979-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.idnes.cz/"
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.8
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.09 14:41:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.09 16:04:49 | 000,000,000 | ---D | M]
[2008.08.26 21:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Mozilla\Extensions
[2010.06.09 16:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Mozilla\Firefox\Profiles\yu6zca7o.default\extensions
[2009.09.25 16:13:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\JW\Data aplikací\Mozilla\Firefox\Profiles\yu6zca7o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.25 07:58:37 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Documents and Settings\JW\Data aplikací\Mozilla\Firefox\Profiles\yu6zca7o.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.05.09 12:53:44 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\JW\Data aplikací\Mozilla\Firefox\Profiles\yu6zca7o.default\searchplugins\daemon-search.xml
[2010.06.09 15:00:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007.03.05 13:59:06 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2006.08.09 11:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npWebLaunch.dll
[2010.03.14 18:57:09 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.03.14 18:57:09 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.03.14 18:57:09 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.03.14 18:57:09 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.03.14 18:57:09 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2008.08.25 13:27:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-1998869925-89902533-2611522979-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-1998869925-89902533-2611522979-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [iRiver Updater] \Updater.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
O4 - HKLM..\Run: [OdTray.exe] C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe (Funk Software, Inc.)
O4 - HKLM..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe ()
O4 - HKLM..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-1998869925-89902533-2611522979-1006..\Run: [AbacastDistributedOnDemand:11] C:\Documents and Settings\JW\Local Settings\Data aplikací\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe (Abacast, Inc.)
O4 - HKU\S-1-5-21-1998869925-89902533-2611522979-1006..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1998869925-89902533-2611522979-1006..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\JW\Nabídka Start\Programy\Po spuštění\Zástupce - K9.lnk = C:\Program Files\KeirNet\K9\K9.exe File not found
O4 - Startup: C:\Documents and Settings\JW\Nabídka Start\Programy\Po spuštění\Zástupce - utorrent.lnk = C:\Program Files\uTorrent\utorrent.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1998869925-89902533-2611522979-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1998869925-89902533-2611522979-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1998869925-89902533-2611522979-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1998869925-89902533-2611522979-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-1998869925-89902533-2611522979-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-1998869925-89902533-2611522979-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-1998869925-89902533-2611522979-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\S-1-5-21-1998869925-89902533-2611522979-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\imon.dll (Eset )
O15 - HKU\S-1-5-21-1998869925-89902533-2611522979-1006\..Trusted Domains: microsoft.com ([office] http in Důvěryhodné servery)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5F509E42-537E-482B-B66C-145BC170054C} http://sberna.fotostar.cz/snadno-vlozit ... loader.dll (PhotoUploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} http://adis.mfcr.cz/adis/jepo/epo/bin/capicom.cab (Settings Class)
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} http://asp.photoprintit.de/microsite/11 ... oader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\OdysseyClient: DllName - odyEvent.dll - C:\WINDOWS\System32\odyEvent.dll (Funk Software, Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\JW\Data aplikací\IrfanView\IrfanView_Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\JW\Data aplikací\IrfanView\IrfanView_Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.26 08:13:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006.01.26 08:13:06 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Hacked With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIV3 - C:\WINDOWS\System32\DivXc32.dll (Hacked with Joy !)
Drivers32: vidc.DIV4 - C:\WINDOWS\System32\DivXc32f.dll (Hacked with Joy !)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Re: virus Win32/Oficla.HD trojan??
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)
========== Files/Folders - Created Within 30 Days ==========
[2010.06.10 08:34:59 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JW\Plocha\OTL.exe
[2010.06.10 08:33:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010.06.09 16:12:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.06.09 15:48:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\JW\Recent
[2010.06.09 15:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.06.09 15:08:35 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.09 14:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008.03.15 12:37:00 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd2.dll
[2008.03.15 12:37:00 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd2.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\JW\Plocha\*.tmp files -> C:\Documents and Settings\JW\Plocha\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.06.10 08:35:51 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JW\Plocha\OTL.exe
[2010.06.10 08:28:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.10 08:28:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.10 08:28:15 | 467,914,752 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.09 17:35:29 | 008,024,064 | ---- | M] () -- C:\Documents and Settings\JW\ntuser.dat
[2010.06.09 17:35:29 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\JW\ntuser.ini
[2010.06.09 17:35:01 | 000,271,360 | ---- | M] () -- C:\Documents and Settings\JW\Plocha\archive.pst
[2010.06.09 16:52:00 | 000,001,070 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1998869925-89902533-2611522979-1006UA.job
[2010.06.09 16:20:52 | 000,000,980 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.06.09 16:20:52 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.06.09 16:20:52 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010.06.09 16:04:50 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2010.06.09 15:27:36 | 000,525,894 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.09 15:27:36 | 000,520,146 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.06.09 15:27:36 | 000,115,202 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.06.09 15:27:36 | 000,098,842 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.09 15:27:34 | 001,236,550 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.09 15:17:30 | 000,003,328 | ---- | M] () -- C:\Documents and Settings\JW\Plocha\cc_20100609_151726.reg
[2010.06.09 15:16:45 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\JW\Plocha\CCleaner.lnk
[2010.06.09 15:07:59 | 000,824,681 | ---- | M] () -- C:\Documents and Settings\JW\Plocha\RSIT.exe
[2010.06.09 14:54:15 | 000,231,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.09 14:52:29 | 000,060,562 | ---- | M] () -- C:\Documents and Settings\JW\Plocha\cc_20100609_145221.reg
[2010.06.09 14:38:25 | 000,428,764 | ---- | M] () -- C:\Documents and Settings\JW\Plocha\cc_20100609_143705.reg
[2010.06.09 11:52:02 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1998869925-89902533-2611522979-1006Core.job
[2010.06.09 10:02:43 | 000,021,839 | ---- | M] () -- C:\Documents and Settings\JW\intlname.ols
[2010.06.09 08:55:50 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\JW\Plocha\Google Chrome.lnk
[2010.06.08 07:24:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\JW\Plocha\*.tmp files -> C:\Documents and Settings\JW\Plocha\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.06.09 16:20:51 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\JW\Nabídka Start\Programy\Po spuštění\Zástupce - utorrent.lnk
[2010.06.09 16:20:51 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\JW\Nabídka Start\Programy\Po spuštění\Zástupce - K9.lnk
[2010.06.09 15:17:28 | 000,003,328 | ---- | C] () -- C:\Documents and Settings\JW\Plocha\cc_20100609_151726.reg
[2010.06.09 15:16:45 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\JW\Plocha\CCleaner.lnk
[2010.06.09 15:07:55 | 000,824,681 | ---- | C] () -- C:\Documents and Settings\JW\Plocha\RSIT.exe
[2010.06.09 14:52:26 | 000,060,562 | ---- | C] () -- C:\Documents and Settings\JW\Plocha\cc_20100609_145221.reg
[2010.06.09 14:37:14 | 000,428,764 | ---- | C] () -- C:\Documents and Settings\JW\Plocha\cc_20100609_143705.reg
[2010.05.09 12:53:33 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.12.20 12:14:02 | 000,000,918 | ---- | C] () -- C:\WINDOWS\cPVAS.INI
[2008.12.17 23:40:49 | 000,000,042 | ---- | C] () -- C:\WINDOWS\Cryvideoslpitter.ini
[2008.09.14 22:03:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SMMVSplitter.INI
[2008.08.25 12:47:12 | 000,071,168 | ---- | C] () -- C:\WINDOWS\System32\msvbcr40.dll
[2008.07.19 13:20:47 | 000,000,066 | ---- | C] () -- C:\WINDOWS\#1 DVD Audio Ripper.INI
[2008.05.18 21:07:25 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\OctaneARM.dll
[2008.03.17 23:59:47 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.03.17 18:26:12 | 000,001,143 | ---- | C] () -- C:\WINDOWS\PVAStrumento.ini
[2008.03.15 12:37:07 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd2.dll
[2008.03.15 12:37:07 | 000,015,541 | ---- | C] () -- C:\WINDOWS\snpstd2.ini
[2008.03.15 12:37:02 | 000,334,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd2.sys
[2008.03.15 12:37:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\rsnpstd2.dll
[2008.03.15 12:30:06 | 000,000,045 | ---- | C] () -- C:\WINDOWS\lifeview.ini
[2008.03.15 12:29:46 | 000,014,385 | ---- | C] () -- C:\WINDOWS\TW561a.ini
[2008.01.18 13:19:10 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008.01.04 10:28:45 | 000,000,264 | ---- | C] () -- C:\WINDOWS\headache.ini
[2007.09.16 22:37:39 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007.09.16 22:37:34 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007.07.12 14:58:47 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.07.12 14:13:06 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.07.12 12:37:25 | 000,002,913 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007.07.12 10:05:05 | 000,000,112 | ---- | C] () -- C:\WINDOWS\init.ini
[2006.01.26 09:10:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.01.26 09:03:09 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006.01.26 09:03:09 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006.01.26 09:03:09 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006.01.26 09:03:09 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006.01.26 09:03:09 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006.01.26 09:03:09 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006.01.26 08:17:27 | 000,000,828 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.01.26 08:10:30 | 000,003,568 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006.01.26 04:03:14 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2006.01.26 04:03:14 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2006.01.26 04:03:14 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2006.01.26 04:03:14 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2006.01.26 04:03:14 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2006.01.26 04:03:14 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2006.01.26 04:03:14 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2006.01.26 04:03:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2006.01.26 04:03:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2006.01.26 04:03:07 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006.01.26 04:02:31 | 000,000,180 | ---- | C] () -- C:\WINDOWS\Option.ini
[2006.01.26 04:00:58 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\property.dll
[2005.10.14 10:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 10:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 10:56:50 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 10:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 10:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 10:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 10:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 10:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003.04.09 14:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2009.12.31 13:51:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
[2010.05.09 10:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2008.09.23 21:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\GoldWaveCDDB
[2010.06.09 14:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2007.07.22 11:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2008.01.18 15:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\River Past G5
[2008.08.24 12:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\services
[2010.06.09 14:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Seznam DVD 2008
[2008.03.18 19:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.01.01 14:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\avidemux
[2009.12.31 14:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Canon
[2010.05.09 12:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\DAEMON Tools Lite
[2009.01.01 18:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\gtk-2.0
[2010.06.09 14:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Happy Foto
[2007.07.13 09:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\InterVideo
[2007.07.13 17:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\IrfanView
[2007.07.13 09:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\K9
[2008.08.15 11:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\LANGMaster
[2010.03.13 11:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Nokia
[2008.07.10 09:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Nokia Multimedia Player
[2008.07.10 09:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\PC Suite
[2008.01.18 10:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\River Past G5
[2008.02.16 09:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Sachy
[2009.02.15 17:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Sprite Software
[2010.06.09 14:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\uTorrent
[2009.01.01 01:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\VideoReDoPlus
[2007.07.13 12:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Visicom Media
[2008.02.23 11:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Zoner
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"H/PC Connection Agent" = "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" -- [2006.11.13 12:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation)
"Google Update" = "C:\Documents and Settings\JW\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c -- [2009.03.21 18:05:33 | 000,133,104 | ---- | M] (Google Inc.)
"AbacastDistributedOnDemand:11" = C:\Documents and Settings\JW\Local Settings\Data aplikací\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe -r:11 -x:1 -- [2009.04.15 18:35:18 | 000,054,712 | ---- | M] (Abacast, Inc.)
"MSMSGS" = "c:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background -- [2005.08.31 20:27:02 | 001,658,592 | ---- | M] (Microsoft Corporation)
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun -- [2010.04.01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd)
< c:\windows\*.* /U >
[1 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
[2004.03.10 22:16:33 | 000,077,824 | ---- | M] (Moodlogic) -- C:\catgen.exe
[2007.07.13 13:40:13 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\dvt.exe
[2004.07.01 22:20:20 | 000,212,992 | ---- | M] (Moodlogic) -- C:\Updater.exe
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010.03.20 16:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Adobe
[2007.07.17 21:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\AdobeUM
[2007.12.27 13:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Ahead
[2009.01.01 14:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\avidemux
[2007.11.01 10:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\CameraWindowDC
[2009.12.31 14:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Canon
[2007.11.01 09:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\CANON INC
[2010.05.09 12:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\DAEMON Tools Lite
[2009.01.27 19:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\dvdcss
[2009.01.01 18:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\gtk-2.0
[2010.06.09 14:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Happy Foto
[2007.07.13 09:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Help
[2006.01.26 08:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Identities
[2007.07.13 09:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\InterVideo
[2007.07.13 17:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\IrfanView
[2007.07.13 09:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\K9
[2008.08.15 11:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\LANGMaster
[2007.07.12 10:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Macromedia
[2008.12.13 10:19:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\JW\Data aplikací\Microsoft
[2009.06.28 10:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Mozilla
[2010.03.13 11:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Nokia
[2008.07.10 09:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Nokia Multimedia Player
[2008.07.10 09:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\PC Suite
[2008.05.29 21:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Real
[2008.01.18 10:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\River Past G5
[2008.02.16 09:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Sachy
[2010.04.07 20:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Skype
[2010.04.07 17:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\skypePM
[2009.02.15 17:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Sprite Software
[2007.07.20 09:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Sun
[2007.10.07 10:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Symantec
[2007.08.09 17:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\U3
[2010.06.09 14:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\uTorrent
[2009.01.01 01:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\VideoReDoPlus
[2007.07.13 12:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Visicom Media
[2009.01.27 21:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\vlc
[2009.06.28 10:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Winamp
[2008.02.23 11:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Zoner
[2007.11.01 10:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\ZoomBrowser EX
< %APPDATA%\*.exe /s >
[2008.07.14 11:41:23 | 001,495,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\JW\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2006.01.26 09:02:43 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\JW\Data aplikací\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
[2006.12.14 09:00:02 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\JW\Data aplikací\U3\temp\cleanup.exe
[2007.02.12 16:46:54 | 003,096,576 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\JW\Data aplikací\U3\temp\Launchpad Removal.exe
< MD5 for: AGP440.SYS >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\Documents and Settings\JW\Plocha\BILY\slozka\I386\sp2.cab:AGP440.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\Documents and Settings\JW\Plocha\BILY\slozka\I386\sp3.cab:AGP440.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\recover\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\recover\WINDOWS\I386\sp2.cab:AGP440.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.09.03 16:01:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008.09.03 16:01:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: AHCIX86S.SYS >
[2008.05.27 13:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Documents and Settings\JW\Plocha\BILY\FSC_AMDRAIDAHCIdriver_31154064_1025270\x86\ahcix86s.sys
< MD5 for: ATAPI.SYS >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\Documents and Settings\JW\Plocha\BILY\slozka\I386\sp2.cab:atapi.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\Documents and Settings\JW\Plocha\BILY\slozka\I386\sp3.cab:atapi.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\recover\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\recover\WINDOWS\I386\sp2.cab:atapi.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.09.03 16:01:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008.09.03 16:01:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.18 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\recover\WINDOWS\system32\drivers\atapi.sys
[2004.08.18 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: CDROM.SYS >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\Documents and Settings\JW\Plocha\BILY\slozka\I386\sp2.cab:cdrom.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\Documents and Settings\JW\Plocha\BILY\slozka\I386\sp3.cab:cdrom.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\recover\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\recover\WINDOWS\I386\sp2.cab:cdrom.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.09.03 16:01:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:cdrom.sys
[2008.09.03 16:01:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.18 13:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\recover\WINDOWS\system32\drivers\cdrom.sys
[2004.08.18 13:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2004.08.18 13:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\recover\WINDOWS\system32\cryptsvc.dll
[2004.08.18 13:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\recover\WINDOWS\system32\dllcache\cryptsvc.dll
[2004.08.18 13:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 04:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 04:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 04:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.18 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\recover\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.18 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\recover\WINDOWS\system32\eventlog.dll
[2004.08.18 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.18 13:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\recover\WINDOWS\$NtUninstallKB884883$\explorer.exe
[2004.08.18 13:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtUninstallKB884883$\explorer.exe
[2005.04.07 19:48:41 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=88260E46E778EC78345959A08F047634 -- C:\recover\WINDOWS\explorer.exe
[2005.04.07 19:48:41 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=88260E46E778EC78345959A08F047634 -- C:\recover\WINDOWS\system32\dllcache\explorer.exe
[2005.04.07 19:48:41 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=88260E46E778EC78345959A08F047634 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 14:11:59 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\Documents and Settings\JW\Plocha\BILY\slozka\I386\sp2.cab:hal.dll
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\Documents and Settings\JW\Plocha\BILY\slozka\I386\sp3.cab:hal.dll
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\recover\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\recover\WINDOWS\I386\sp2.cab:hal.dll
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.09.03 16:01:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:hal.dll
[2008.09.03 16:01:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 19:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 19:31:28 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2004.11.16 02:37:04 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=BE7A7927F3BE8068C81577771D33762F -- C:\recover\WINDOWS\Driver Cache\i386\hal.dll
[2004.08.18 13:00:00 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\recover\WINDOWS\$NtUninstallKB889673$\hal.dll
[2004.08.18 13:00:00 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtUninstallKB889673$\hal.dll
[2004.11.16 02:37:04 | 000,131,712 | ---- | M] (Microsoft Corporation) MD5=F9A83D160C80EE6F45AA577CB101B83F -- C:\recover\WINDOWS\system32\HAL.DLL
[2004.11.16 02:37:04 | 000,131,712 | ---- | M] (Microsoft Corporation) MD5=F9A83D160C80EE6F45AA577CB101B83F -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\Documents and Settings\JW\Plocha\BILY\slozka\I386\sp2.cab:Changer.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\Documents and Settings\JW\Plocha\BILY\slozka\I386\sp3.cab:Changer.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\recover\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\recover\WINDOWS\I386\sp2.cab:Changer.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.09.03 16:01:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:Changer.sys
[2008.09.03 16:01:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
< MD5 for: IASTOR.SYS >
[2005.10.12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\recover\WINDOWS\I386\$oem$\textmode\iaStor.sys
[2005.10.12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\recover\WINDOWS\OemDir\iaStor.sys
[2005.10.12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\recover\WINDOWS\system32\drivers\iaStor.sys
[2005.10.12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\I386\$oem$\textmode\iaStor.sys
[2005.10.12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\OemDir\iaStor.sys
[2005.10.12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys
< MD5 for: ISAPNP.SYS >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\Documents and Settings\JW\Plocha\BILY\slozka\I386\sp3.cab:isapnp.sys
[2008.09.03 16:01:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.09.03 16:01:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2004.08.18 13:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\recover\WINDOWS\system32\drivers\isapnp.sys
[2004.08.18 13:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2008.04.14 03:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 03:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2004.08.18 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\recover\WINDOWS\system32\dllcache\lsass.exe
[2004.08.18 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\recover\WINDOWS\system32\lsass.exe
[2004.08.18 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 04:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 04:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.18 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\recover\WINDOWS\system32\dllcache\ndis.sys
[2004.08.18 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\recover\WINDOWS\system32\drivers\ndis.sys
[2004.08.18 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
< MD5 for: NETLOGON.DLL >
[2004.08.18 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\recover\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.18 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\recover\WINDOWS\system32\netlogon.dll
[2004.08.18 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 04:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: NVATABUS.SYS >
[2005.08.18 16:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\recover\WINDOWS\I386\$oem$\textmode\nvatabus.sys
[2005.08.18 16:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\recover\WINDOWS\OemDir\nvatabus.sys
[2005.08.18 16:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\recover\WINDOWS\system32\drivers\nvatabus.sys
[2005.08.18 16:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\I386\$oem$\textmode\nvatabus.sys
[2005.08.18 16:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\OemDir\nvatabus.sys
[2005.08.18 16:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\system32\drivers\nvatabus.sys
< MD5 for: NVRAID.SYS >
[2005.08.18 16:52:08 | 000,077,056 | ---- | M] (NVIDIA Corporation) MD5=A4F2A29B9D40F9FFBBB54E56CE483797 -- C:\recover\WINDOWS\I386\$oem$\textmode\nvraid.sys
[2005.08.18 16:52:08 | 000,077,056 | ---- | M] (NVIDIA Corporation) MD5=A4F2A29B9D40F9FFBBB54E56CE483797 -- C:\recover\WINDOWS\OemDir\nvraid.sys
[2005.08.18 16:52:08 | 000,077,056 | ---- | M] (NVIDIA Corporation) MD5=A4F2A29B9D40F9FFBBB54E56CE483797 -- C:\recover\WINDOWS\system32\drivers\nvraid.sys
[2005.08.18 16:52:08 | 000,077,056 | ---- | M] (NVIDIA Corporation) MD5=A4F2A29B9D40F9FFBBB54E56CE483797 -- C:\WINDOWS\I386\$oem$\textmode\nvraid.sys
[2005.08.18 16:52:08 | 000,077,056 | ---- | M] (NVIDIA Corporation) MD5=A4F2A29B9D40F9FFBBB54E56CE483797 -- C:\WINDOWS\OemDir\nvraid.sys
[2005.08.18 16:52:08 | 000,077,056 | ---- | M] (NVIDIA Corporation) MD5=A4F2A29B9D40F9FFBBB54E56CE483797 -- C:\WINDOWS\system32\drivers\nvraid.sys
< MD5 for: SCECLI.DLL >
[2004.08.18 13:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\recover\WINDOWS\system32\dllcache\scecli.dll
[2004.08.18 13:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\recover\WINDOWS\system32\scecli.dll
[2004.08.18 13:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.18 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\recover\WINDOWS\system32\dllcache\smss.exe
[2004.08.18 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\recover\WINDOWS\system32\smss.exe
[2004.08.18 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 04:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 04:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
[2004.08.18 13:00:00 | 000,481,792 | ---- | M] (Microsoft Corporation) MD5=CB56F803D2CAF6B3F32E82D2F73F4B3A -- C:\recover\WINDOWS\I386\SYSTEM32\SMSS.EXE
[2004.08.18 13:00:00 | 000,481,792 | ---- | M] (Microsoft Corporation) MD5=CB56F803D2CAF6B3F32E82D2F73F4B3A -- C:\WINDOWS\I386\SYSTEM32\SMSS.EXE
[2008.04.14 07:52:52 | 000,481,792 | ---- | M] (Microsoft Corporation) MD5=F209B5C79A87A9521DC0BD88B039EEE3 -- C:\Documents and Settings\JW\Plocha\BILY\slozka\I386\SYSTEM32\SMSS.EXE
< MD5 for: SVCHOST.EXE >
[2008.04.14 04:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 04:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.18 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\recover\WINDOWS\system32\dllcache\svchost.exe
[2004.08.18 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\recover\WINDOWS\system32\svchost.exe
[2004.08.18 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: TCPIP.SYS >
[2005.05.25 20:07:12 | 000,359,936 | ---- | M] (Microsoft Corporation) MD5=63FDFEA54EB53DE2D863EE454937CE1E -- C:\recover\WINDOWS\system32\dllcache\tcpip.sys
[2005.05.25 20:07:12 | 000,359,936 | ---- | M] (Microsoft Corporation) MD5=63FDFEA54EB53DE2D863EE454937CE1E -- C:\recover\WINDOWS\system32\drivers\tcpip.sys
[2005.05.25 20:07:12 | 000,359,936 | ---- | M] (Microsoft Corporation) MD5=63FDFEA54EB53DE2D863EE454937CE1E -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2007.10.30 17:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.06.20 11:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.04.13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.18 13:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\recover\WINDOWS\$NtUninstallKB889527$\tcpip.sys
[2004.08.18 13:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB889527$\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 13:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 04:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.18 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\recover\WINDOWS\system32\dllcache\userinit.exe
[2004.08.18 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\recover\WINDOWS\system32\userinit.exe
[2004.08.18 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: VIAMRAID.SYS >
[2005.11.23 10:12:12 | 000,092,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=FBF18F9F5FB852C2976723587B44F346 -- C:\recover\WINDOWS\I386\$oem$\textmode\viamraid.sys
[2005.11.23 10:12:12 | 000,092,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=FBF18F9F5FB852C2976723587B44F346 -- C:\recover\WINDOWS\OemDir\viamraid.sys
[2005.11.23 10:12:12 | 000,092,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=FBF18F9F5FB852C2976723587B44F346 -- C:\recover\WINDOWS\system32\drivers\viamraid.sys
[2005.11.23 10:12:12 | 000,092,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=FBF18F9F5FB852C2976723587B44F346 -- C:\WINDOWS\I386\$oem$\textmode\viamraid.sys
[2005.11.23 10:12:12 | 000,092,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=FBF18F9F5FB852C2976723587B44F346 -- C:\WINDOWS\OemDir\viamraid.sys
[2005.11.23 10:12:12 | 000,092,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=FBF18F9F5FB852C2976723587B44F346 -- C:\WINDOWS\system32\drivers\viamraid.sys
< MD5 for: WINLOGON.EXE >
[2004.08.18 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\recover\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.18 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\recover\WINDOWS\system32\winlogon.exe
[2004.08.18 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.18 13:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\recover\WINDOWS\system32\dllcache\ws2_32.dll
[2004.08.18 13:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\recover\WINDOWS\system32\ws2_32.dll
[2004.08.18 13:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 04:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 04:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.05.09 12:53:34 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
< %systemroot%\System32\config\*.sav >
[2006.01.26 09:06:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006.01.26 09:06:00 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006.01.26 09:05:59 | 000,458,752 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2010.06.09 14:54:15 | 000,231,184 | ---- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[2010.06.09 15:27:36 | 000,115,202 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2010.06.09 15:27:36 | 000,098,842 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2010.06.09 15:27:36 | 000,520,146 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2010.06.09 15:27:36 | 000,525,894 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2010.06.09 15:27:34 | 001,236,550 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2010.06.08 07:24:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
========== Alternate Data Streams ==========
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:0888F409
< End of report >
Restore point Set: OTL Restore Point (56027131116781568)
========== Files/Folders - Created Within 30 Days ==========
[2010.06.10 08:34:59 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JW\Plocha\OTL.exe
[2010.06.10 08:33:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010.06.09 16:12:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.06.09 15:48:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\JW\Recent
[2010.06.09 15:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.06.09 15:08:35 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.09 14:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008.03.15 12:37:00 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd2.dll
[2008.03.15 12:37:00 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd2.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\JW\Plocha\*.tmp files -> C:\Documents and Settings\JW\Plocha\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.06.10 08:35:51 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JW\Plocha\OTL.exe
[2010.06.10 08:28:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.10 08:28:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.10 08:28:15 | 467,914,752 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.09 17:35:29 | 008,024,064 | ---- | M] () -- C:\Documents and Settings\JW\ntuser.dat
[2010.06.09 17:35:29 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\JW\ntuser.ini
[2010.06.09 17:35:01 | 000,271,360 | ---- | M] () -- C:\Documents and Settings\JW\Plocha\archive.pst
[2010.06.09 16:52:00 | 000,001,070 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1998869925-89902533-2611522979-1006UA.job
[2010.06.09 16:20:52 | 000,000,980 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.06.09 16:20:52 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.06.09 16:20:52 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010.06.09 16:04:50 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2010.06.09 15:27:36 | 000,525,894 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.09 15:27:36 | 000,520,146 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.06.09 15:27:36 | 000,115,202 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.06.09 15:27:36 | 000,098,842 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.09 15:27:34 | 001,236,550 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.09 15:17:30 | 000,003,328 | ---- | M] () -- C:\Documents and Settings\JW\Plocha\cc_20100609_151726.reg
[2010.06.09 15:16:45 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\JW\Plocha\CCleaner.lnk
[2010.06.09 15:07:59 | 000,824,681 | ---- | M] () -- C:\Documents and Settings\JW\Plocha\RSIT.exe
[2010.06.09 14:54:15 | 000,231,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.09 14:52:29 | 000,060,562 | ---- | M] () -- C:\Documents and Settings\JW\Plocha\cc_20100609_145221.reg
[2010.06.09 14:38:25 | 000,428,764 | ---- | M] () -- C:\Documents and Settings\JW\Plocha\cc_20100609_143705.reg
[2010.06.09 11:52:02 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1998869925-89902533-2611522979-1006Core.job
[2010.06.09 10:02:43 | 000,021,839 | ---- | M] () -- C:\Documents and Settings\JW\intlname.ols
[2010.06.09 08:55:50 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\JW\Plocha\Google Chrome.lnk
[2010.06.08 07:24:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\JW\Plocha\*.tmp files -> C:\Documents and Settings\JW\Plocha\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.06.09 16:20:51 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\JW\Nabídka Start\Programy\Po spuštění\Zástupce - utorrent.lnk
[2010.06.09 16:20:51 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\JW\Nabídka Start\Programy\Po spuštění\Zástupce - K9.lnk
[2010.06.09 15:17:28 | 000,003,328 | ---- | C] () -- C:\Documents and Settings\JW\Plocha\cc_20100609_151726.reg
[2010.06.09 15:16:45 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\JW\Plocha\CCleaner.lnk
[2010.06.09 15:07:55 | 000,824,681 | ---- | C] () -- C:\Documents and Settings\JW\Plocha\RSIT.exe
[2010.06.09 14:52:26 | 000,060,562 | ---- | C] () -- C:\Documents and Settings\JW\Plocha\cc_20100609_145221.reg
[2010.06.09 14:37:14 | 000,428,764 | ---- | C] () -- C:\Documents and Settings\JW\Plocha\cc_20100609_143705.reg
[2010.05.09 12:53:33 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.12.20 12:14:02 | 000,000,918 | ---- | C] () -- C:\WINDOWS\cPVAS.INI
[2008.12.17 23:40:49 | 000,000,042 | ---- | C] () -- C:\WINDOWS\Cryvideoslpitter.ini
[2008.09.14 22:03:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SMMVSplitter.INI
[2008.08.25 12:47:12 | 000,071,168 | ---- | C] () -- C:\WINDOWS\System32\msvbcr40.dll
[2008.07.19 13:20:47 | 000,000,066 | ---- | C] () -- C:\WINDOWS\#1 DVD Audio Ripper.INI
[2008.05.18 21:07:25 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\OctaneARM.dll
[2008.03.17 23:59:47 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.03.17 18:26:12 | 000,001,143 | ---- | C] () -- C:\WINDOWS\PVAStrumento.ini
[2008.03.15 12:37:07 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd2.dll
[2008.03.15 12:37:07 | 000,015,541 | ---- | C] () -- C:\WINDOWS\snpstd2.ini
[2008.03.15 12:37:02 | 000,334,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd2.sys
[2008.03.15 12:37:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\rsnpstd2.dll
[2008.03.15 12:30:06 | 000,000,045 | ---- | C] () -- C:\WINDOWS\lifeview.ini
[2008.03.15 12:29:46 | 000,014,385 | ---- | C] () -- C:\WINDOWS\TW561a.ini
[2008.01.18 13:19:10 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008.01.04 10:28:45 | 000,000,264 | ---- | C] () -- C:\WINDOWS\headache.ini
[2007.09.16 22:37:39 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007.09.16 22:37:34 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007.07.12 14:58:47 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.07.12 14:13:06 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.07.12 12:37:25 | 000,002,913 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007.07.12 10:05:05 | 000,000,112 | ---- | C] () -- C:\WINDOWS\init.ini
[2006.01.26 09:10:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.01.26 09:03:09 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006.01.26 09:03:09 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006.01.26 09:03:09 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006.01.26 09:03:09 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006.01.26 09:03:09 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006.01.26 09:03:09 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006.01.26 08:17:27 | 000,000,828 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.01.26 08:10:30 | 000,003,568 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006.01.26 04:03:14 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2006.01.26 04:03:14 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2006.01.26 04:03:14 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2006.01.26 04:03:14 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2006.01.26 04:03:14 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2006.01.26 04:03:14 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2006.01.26 04:03:14 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2006.01.26 04:03:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2006.01.26 04:03:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2006.01.26 04:03:07 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006.01.26 04:02:31 | 000,000,180 | ---- | C] () -- C:\WINDOWS\Option.ini
[2006.01.26 04:00:58 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\property.dll
[2005.10.14 10:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 10:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 10:56:50 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 10:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 10:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 10:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 10:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 10:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003.04.09 14:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2009.12.31 13:51:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
[2010.05.09 10:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2008.09.23 21:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\GoldWaveCDDB
[2010.06.09 14:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2007.07.22 11:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2008.01.18 15:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\River Past G5
[2008.08.24 12:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\services
[2010.06.09 14:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Seznam DVD 2008
[2008.03.18 19:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.01.01 14:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\avidemux
[2009.12.31 14:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Canon
[2010.05.09 12:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\DAEMON Tools Lite
[2009.01.01 18:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\gtk-2.0
[2010.06.09 14:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Happy Foto
[2007.07.13 09:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\InterVideo
[2007.07.13 17:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\IrfanView
[2007.07.13 09:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\K9
[2008.08.15 11:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\LANGMaster
[2010.03.13 11:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Nokia
[2008.07.10 09:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Nokia Multimedia Player
[2008.07.10 09:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\PC Suite
[2008.01.18 10:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\River Past G5
[2008.02.16 09:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Sachy
[2009.02.15 17:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Sprite Software
[2010.06.09 14:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\uTorrent
[2009.01.01 01:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\VideoReDoPlus
[2007.07.13 12:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Visicom Media
[2008.02.23 11:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Zoner
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"H/PC Connection Agent" = "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" -- [2006.11.13 12:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation)
"Google Update" = "C:\Documents and Settings\JW\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c -- [2009.03.21 18:05:33 | 000,133,104 | ---- | M] (Google Inc.)
"AbacastDistributedOnDemand:11" = C:\Documents and Settings\JW\Local Settings\Data aplikací\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe -r:11 -x:1 -- [2009.04.15 18:35:18 | 000,054,712 | ---- | M] (Abacast, Inc.)
"MSMSGS" = "c:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background -- [2005.08.31 20:27:02 | 001,658,592 | ---- | M] (Microsoft Corporation)
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun -- [2010.04.01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd)
< c:\windows\*.* /U >
[1 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
[2004.03.10 22:16:33 | 000,077,824 | ---- | M] (Moodlogic) -- C:\catgen.exe
[2007.07.13 13:40:13 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\dvt.exe
[2004.07.01 22:20:20 | 000,212,992 | ---- | M] (Moodlogic) -- C:\Updater.exe
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010.03.20 16:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Adobe
[2007.07.17 21:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\AdobeUM
[2007.12.27 13:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Ahead
[2009.01.01 14:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\avidemux
[2007.11.01 10:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\CameraWindowDC
[2009.12.31 14:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Canon
[2007.11.01 09:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\CANON INC
[2010.05.09 12:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\DAEMON Tools Lite
[2009.01.27 19:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\dvdcss
[2009.01.01 18:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\gtk-2.0
[2010.06.09 14:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Happy Foto
[2007.07.13 09:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Help
[2006.01.26 08:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Identities
[2007.07.13 09:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\InterVideo
[2007.07.13 17:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\IrfanView
[2007.07.13 09:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\K9
[2008.08.15 11:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\LANGMaster
[2007.07.12 10:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Macromedia
[2008.12.13 10:19:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\JW\Data aplikací\Microsoft
[2009.06.28 10:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Mozilla
[2010.03.13 11:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Nokia
[2008.07.10 09:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Nokia Multimedia Player
[2008.07.10 09:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\PC Suite
[2008.05.29 21:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Real
[2008.01.18 10:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\River Past G5
[2008.02.16 09:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Sachy
[2010.04.07 20:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Skype
[2010.04.07 17:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\skypePM
[2009.02.15 17:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Sprite Software
[2007.07.20 09:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Sun
[2007.10.07 10:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Symantec
[2007.08.09 17:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\U3
[2010.06.09 14:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\uTorrent
[2009.01.01 01:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\VideoReDoPlus
[2007.07.13 12:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Visicom Media
[2009.01.27 21:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\vlc
[2009.06.28 10:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Winamp
[2008.02.23 11:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\Zoner
[2007.11.01 10:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JW\Data aplikací\ZoomBrowser EX
< %APPDATA%\*.exe /s >
[2008.07.14 11:41:23 | 001,495,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\JW\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2006.01.26 09:02:43 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\JW\Data aplikací\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
[2006.12.14 09:00:02 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\JW\Data aplikací\U3\temp\cleanup.exe
[2007.02.12 16:46:54 | 003,096,576 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\JW\Data aplikací\U3\temp\Launchpad Removal.exe
< MD5 for: AGP440.SYS >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\Documents and Settings\JW\Plocha\BILY\slozka\I386\sp2.cab:AGP440.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\Documents and Settings\JW\Plocha\BILY\slozka\I386\sp3.cab:AGP440.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\recover\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\recover\WINDOWS\I386\sp2.cab:AGP440.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.09.03 16:01:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008.09.03 16:01:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: AHCIX86S.SYS >
[2008.05.27 13:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Documents and Settings\JW\Plocha\BILY\FSC_AMDRAIDAHCIdriver_31154064_1025270\x86\ahcix86s.sys
< MD5 for: ATAPI.SYS >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\Documents and Settings\JW\Plocha\BILY\slozka\I386\sp2.cab:atapi.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\Documents and Settings\JW\Plocha\BILY\slozka\I386\sp3.cab:atapi.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\recover\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\recover\WINDOWS\I386\sp2.cab:atapi.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.09.03 16:01:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008.09.03 16:01:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.18 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\recover\WINDOWS\system32\drivers\atapi.sys
[2004.08.18 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: CDROM.SYS >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\Documents and Settings\JW\Plocha\BILY\slozka\I386\sp2.cab:cdrom.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\Documents and Settings\JW\Plocha\BILY\slozka\I386\sp3.cab:cdrom.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\recover\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\recover\WINDOWS\I386\sp2.cab:cdrom.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.09.03 16:01:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:cdrom.sys
[2008.09.03 16:01:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.18 13:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\recover\WINDOWS\system32\drivers\cdrom.sys
[2004.08.18 13:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2004.08.18 13:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\recover\WINDOWS\system32\cryptsvc.dll
[2004.08.18 13:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\recover\WINDOWS\system32\dllcache\cryptsvc.dll
[2004.08.18 13:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 04:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 04:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 04:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.18 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\recover\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.18 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\recover\WINDOWS\system32\eventlog.dll
[2004.08.18 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.18 13:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\recover\WINDOWS\$NtUninstallKB884883$\explorer.exe
[2004.08.18 13:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtUninstallKB884883$\explorer.exe
[2005.04.07 19:48:41 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=88260E46E778EC78345959A08F047634 -- C:\recover\WINDOWS\explorer.exe
[2005.04.07 19:48:41 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=88260E46E778EC78345959A08F047634 -- C:\recover\WINDOWS\system32\dllcache\explorer.exe
[2005.04.07 19:48:41 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=88260E46E778EC78345959A08F047634 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 14:11:59 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\Documents and Settings\JW\Plocha\BILY\slozka\I386\sp2.cab:hal.dll
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\Documents and Settings\JW\Plocha\BILY\slozka\I386\sp3.cab:hal.dll
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\recover\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\recover\WINDOWS\I386\sp2.cab:hal.dll
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.09.03 16:01:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:hal.dll
[2008.09.03 16:01:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 19:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 19:31:28 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2004.11.16 02:37:04 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=BE7A7927F3BE8068C81577771D33762F -- C:\recover\WINDOWS\Driver Cache\i386\hal.dll
[2004.08.18 13:00:00 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\recover\WINDOWS\$NtUninstallKB889673$\hal.dll
[2004.08.18 13:00:00 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtUninstallKB889673$\hal.dll
[2004.11.16 02:37:04 | 000,131,712 | ---- | M] (Microsoft Corporation) MD5=F9A83D160C80EE6F45AA577CB101B83F -- C:\recover\WINDOWS\system32\HAL.DLL
[2004.11.16 02:37:04 | 000,131,712 | ---- | M] (Microsoft Corporation) MD5=F9A83D160C80EE6F45AA577CB101B83F -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\Documents and Settings\JW\Plocha\BILY\slozka\I386\sp2.cab:Changer.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\Documents and Settings\JW\Plocha\BILY\slozka\I386\sp3.cab:Changer.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\recover\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\recover\WINDOWS\I386\sp2.cab:Changer.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.09.03 16:01:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:Changer.sys
[2008.09.03 16:01:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
< MD5 for: IASTOR.SYS >
[2005.10.12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\recover\WINDOWS\I386\$oem$\textmode\iaStor.sys
[2005.10.12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\recover\WINDOWS\OemDir\iaStor.sys
[2005.10.12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\recover\WINDOWS\system32\drivers\iaStor.sys
[2005.10.12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\I386\$oem$\textmode\iaStor.sys
[2005.10.12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\OemDir\iaStor.sys
[2005.10.12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys
< MD5 for: ISAPNP.SYS >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\Documents and Settings\JW\Plocha\BILY\slozka\I386\sp3.cab:isapnp.sys
[2008.09.03 16:01:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.09.03 16:01:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2004.08.18 13:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\recover\WINDOWS\system32\drivers\isapnp.sys
[2004.08.18 13:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2008.04.14 03:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 03:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2004.08.18 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\recover\WINDOWS\system32\dllcache\lsass.exe
[2004.08.18 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\recover\WINDOWS\system32\lsass.exe
[2004.08.18 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 04:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 04:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.18 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\recover\WINDOWS\system32\dllcache\ndis.sys
[2004.08.18 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\recover\WINDOWS\system32\drivers\ndis.sys
[2004.08.18 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
< MD5 for: NETLOGON.DLL >
[2004.08.18 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\recover\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.18 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\recover\WINDOWS\system32\netlogon.dll
[2004.08.18 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 04:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: NVATABUS.SYS >
[2005.08.18 16:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\recover\WINDOWS\I386\$oem$\textmode\nvatabus.sys
[2005.08.18 16:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\recover\WINDOWS\OemDir\nvatabus.sys
[2005.08.18 16:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\recover\WINDOWS\system32\drivers\nvatabus.sys
[2005.08.18 16:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\I386\$oem$\textmode\nvatabus.sys
[2005.08.18 16:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\OemDir\nvatabus.sys
[2005.08.18 16:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\system32\drivers\nvatabus.sys
< MD5 for: NVRAID.SYS >
[2005.08.18 16:52:08 | 000,077,056 | ---- | M] (NVIDIA Corporation) MD5=A4F2A29B9D40F9FFBBB54E56CE483797 -- C:\recover\WINDOWS\I386\$oem$\textmode\nvraid.sys
[2005.08.18 16:52:08 | 000,077,056 | ---- | M] (NVIDIA Corporation) MD5=A4F2A29B9D40F9FFBBB54E56CE483797 -- C:\recover\WINDOWS\OemDir\nvraid.sys
[2005.08.18 16:52:08 | 000,077,056 | ---- | M] (NVIDIA Corporation) MD5=A4F2A29B9D40F9FFBBB54E56CE483797 -- C:\recover\WINDOWS\system32\drivers\nvraid.sys
[2005.08.18 16:52:08 | 000,077,056 | ---- | M] (NVIDIA Corporation) MD5=A4F2A29B9D40F9FFBBB54E56CE483797 -- C:\WINDOWS\I386\$oem$\textmode\nvraid.sys
[2005.08.18 16:52:08 | 000,077,056 | ---- | M] (NVIDIA Corporation) MD5=A4F2A29B9D40F9FFBBB54E56CE483797 -- C:\WINDOWS\OemDir\nvraid.sys
[2005.08.18 16:52:08 | 000,077,056 | ---- | M] (NVIDIA Corporation) MD5=A4F2A29B9D40F9FFBBB54E56CE483797 -- C:\WINDOWS\system32\drivers\nvraid.sys
< MD5 for: SCECLI.DLL >
[2004.08.18 13:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\recover\WINDOWS\system32\dllcache\scecli.dll
[2004.08.18 13:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\recover\WINDOWS\system32\scecli.dll
[2004.08.18 13:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.18 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\recover\WINDOWS\system32\dllcache\smss.exe
[2004.08.18 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\recover\WINDOWS\system32\smss.exe
[2004.08.18 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 04:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 04:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
[2004.08.18 13:00:00 | 000,481,792 | ---- | M] (Microsoft Corporation) MD5=CB56F803D2CAF6B3F32E82D2F73F4B3A -- C:\recover\WINDOWS\I386\SYSTEM32\SMSS.EXE
[2004.08.18 13:00:00 | 000,481,792 | ---- | M] (Microsoft Corporation) MD5=CB56F803D2CAF6B3F32E82D2F73F4B3A -- C:\WINDOWS\I386\SYSTEM32\SMSS.EXE
[2008.04.14 07:52:52 | 000,481,792 | ---- | M] (Microsoft Corporation) MD5=F209B5C79A87A9521DC0BD88B039EEE3 -- C:\Documents and Settings\JW\Plocha\BILY\slozka\I386\SYSTEM32\SMSS.EXE
< MD5 for: SVCHOST.EXE >
[2008.04.14 04:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 04:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.18 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\recover\WINDOWS\system32\dllcache\svchost.exe
[2004.08.18 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\recover\WINDOWS\system32\svchost.exe
[2004.08.18 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: TCPIP.SYS >
[2005.05.25 20:07:12 | 000,359,936 | ---- | M] (Microsoft Corporation) MD5=63FDFEA54EB53DE2D863EE454937CE1E -- C:\recover\WINDOWS\system32\dllcache\tcpip.sys
[2005.05.25 20:07:12 | 000,359,936 | ---- | M] (Microsoft Corporation) MD5=63FDFEA54EB53DE2D863EE454937CE1E -- C:\recover\WINDOWS\system32\drivers\tcpip.sys
[2005.05.25 20:07:12 | 000,359,936 | ---- | M] (Microsoft Corporation) MD5=63FDFEA54EB53DE2D863EE454937CE1E -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2007.10.30 17:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.06.20 11:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.04.13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.18 13:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\recover\WINDOWS\$NtUninstallKB889527$\tcpip.sys
[2004.08.18 13:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB889527$\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 13:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 04:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.18 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\recover\WINDOWS\system32\dllcache\userinit.exe
[2004.08.18 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\recover\WINDOWS\system32\userinit.exe
[2004.08.18 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: VIAMRAID.SYS >
[2005.11.23 10:12:12 | 000,092,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=FBF18F9F5FB852C2976723587B44F346 -- C:\recover\WINDOWS\I386\$oem$\textmode\viamraid.sys
[2005.11.23 10:12:12 | 000,092,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=FBF18F9F5FB852C2976723587B44F346 -- C:\recover\WINDOWS\OemDir\viamraid.sys
[2005.11.23 10:12:12 | 000,092,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=FBF18F9F5FB852C2976723587B44F346 -- C:\recover\WINDOWS\system32\drivers\viamraid.sys
[2005.11.23 10:12:12 | 000,092,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=FBF18F9F5FB852C2976723587B44F346 -- C:\WINDOWS\I386\$oem$\textmode\viamraid.sys
[2005.11.23 10:12:12 | 000,092,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=FBF18F9F5FB852C2976723587B44F346 -- C:\WINDOWS\OemDir\viamraid.sys
[2005.11.23 10:12:12 | 000,092,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=FBF18F9F5FB852C2976723587B44F346 -- C:\WINDOWS\system32\drivers\viamraid.sys
< MD5 for: WINLOGON.EXE >
[2004.08.18 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\recover\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.18 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\recover\WINDOWS\system32\winlogon.exe
[2004.08.18 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.18 13:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\recover\WINDOWS\system32\dllcache\ws2_32.dll
[2004.08.18 13:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\recover\WINDOWS\system32\ws2_32.dll
[2004.08.18 13:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 04:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 04:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.05.09 12:53:34 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
< %systemroot%\System32\config\*.sav >
[2006.01.26 09:06:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006.01.26 09:06:00 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006.01.26 09:05:59 | 000,458,752 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2010.06.09 14:54:15 | 000,231,184 | ---- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[2010.06.09 15:27:36 | 000,115,202 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2010.06.09 15:27:36 | 000,098,842 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2010.06.09 15:27:36 | 000,520,146 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2010.06.09 15:27:36 | 000,525,894 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2010.06.09 15:27:34 | 001,236,550 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2010.06.08 07:24:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
========== Alternate Data Streams ==========
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:0888F409
< End of report >
Re: virus Win32/Oficla.HD trojan??
kvuli cstecne nefunkfcnosti, ktera nasledovala po cisteni registru jsem musel pristoupit k obnoveni bodu zalohy pred temito scany, mam je poslat znovu aktualni? a ktere? diky
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: virus Win32/Oficla.HD trojan??
Podle pravidel fóra se zde nelegálním softwarem nezabýváme (nelegální programy představují bezpečnostní hrozbu).
Obstarejte si legální zabezpečení PC (antivir, firewall), poté sem vložte nový log z RSIT a log z CKScanner.
Vyberte si třeba free Aviru nebo Avast + nějaký firewall (doporučuji ZoneAlarm) http://www.viry.cz/forum/viewtopic.php?f=29&t=6152 + http://www.viry.cz/forum/viewtopic.php?f=41&t=6523
Stáhněte na plochu CKScanner http://downloads.malwareremoval.com/CKScanner.exe
Obstarejte si legální zabezpečení PC (antivir, firewall), poté sem vložte nový log z RSIT a log z CKScanner.
Vyberte si třeba free Aviru nebo Avast + nějaký firewall (doporučuji ZoneAlarm) http://www.viry.cz/forum/viewtopic.php?f=29&t=6152 + http://www.viry.cz/forum/viewtopic.php?f=41&t=6523
Stáhněte na plochu CKScanner http://downloads.malwareremoval.com/CKScanner.exe- Spusťte a klikněte na "Search For Files", po dokončení skenu klikněte na "Save List to File" -> "OK"
- Log s názvem ckfiles.txt bude uložený na ploše, obsah tohoto souboru sem vložte.
Re: virus Win32/Oficla.HD trojan??
jako ze tam je nelegalni antivir nebo firewall? ntb uz davno neni jen muj, tak abych vedel, co do nej sypou, diky za odpoved
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: virus Win32/Oficla.HD trojan??
Kód: Vybrat vše
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX v2.1Re: virus Win32/Oficla.HD trojan??
CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\JW\plocha\titulky\shield\3 4\the shield 3x08 - cracking ice.srt
scanner sequence 3.NA.11
----- EOF -----
c:\documents and settings\JW\plocha\titulky\shield\3 4\the shield 3x08 - cracking ice.srt
scanner sequence 3.NA.11
----- EOF -----
Re: virus Win32/Oficla.HD trojan??
Logfile of random's system information tool 1.07 (written by random/random)
Run by Jw at 2010-06-10 15:37:30
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 9 GB (18%) free of 52 GB
Total RAM: 446 MB (13% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:38, on 10.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Aladdin\Aladdin SQL Server\AladdinSQL.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Updater.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\PROGRA~1\MESSEN~1\Msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\Jw\Local Settings\Data aplikací\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Documents and Settings\Jw\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jw\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jw\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Alwil Software\Avast5\setup\avast.setup
C:\Documents and Settings\Jw\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Jw.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [MSMSGS] "c:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jw\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AbacastDistributedOnDemand:11] C:\Documents and Settings\Jw\Local Settings\Data aplikací\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe -r:11 -x:1
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Zástupce - K9.lnk = C:\Program Files\KeirNet\K9\K9.exe
O4 - Startup: Zástupce - utorrent.lnk = C:\Program Files\uTorrent\utorrent.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://office.microsoft.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F509E42-537E-482B-B66C-145BC170054C} (PhotoUploader Control) - http://sberna.fotostar.cz/snadno-vlozit ... loader.dll
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - http://adis.mfcr.cz/adis/jepo/epo/bin/capicom.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://asp.photoprintit.de/microsite/11 ... oader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Aladdin SQL Server - Unknown owner - C:\Program Files\Aladdin\Aladdin SQL Server\AladdinSQL.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
O23 - Service: Plánovač automatické aktualizace LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8854 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1998869925-89902533-2611522979-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1998869925-89902533-2611522979-1006UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-06-22 344064]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-08-01 77824]
"SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2005-07-06 544768]
"PowerManager"=C:\Program Files\Power Manager\PM.exe [2005-12-14 159744]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"OdTray.exe"=C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe [2005-05-18 1015871]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-07-14 98304]
"iRiver Updater"=\Updater.exe [2004-07-01 212992]
"SNPSTD2"=C:\WINDOWS\vsnpstd2.exe [2004-06-10 286720]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-25 652624]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2009-07-06 1848648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-05-06 2815192]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=c:\PROGRA~1\MESSEN~1\Msmsgs.exe [2005-08-31 1658592]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"Google Update"=C:\Documents and Settings\Jw\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-03-21 133104]
"AbacastDistributedOnDemand:11"=C:\Documents and Settings\Jw\Local Settings\Data aplikací\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe [2009-04-15 54712]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
C:\Documents and Settings\Jw\Nabídka Start\Programy\Po spuštění
Zástupce - K9.lnk - C:\Program Files\KeirNet\K9\K9.exe
Zástupce - utorrent.lnk - C:\Program Files\uTorrent\utorrent.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-01 46080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OdysseyClient]
C:\WINDOWS\system32\odyEvent.dll [2007-07-12 106496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Jw\Plocha\aceftp3free.exe"="C:\Documents and Settings\Jw\Plocha\aceftp3free.exe:*:Enabled:AceFTP v3"
"C:\Program Files\Messenger\Msmsgs.exe"="C:\Program Files\Messenger\Msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Průvodce přenesením souborů a nastavení"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player"
"C:\Documents and Settings\Jw\Plocha\FS\GAME\FS9.EXE"="C:\Documents and Settings\Jw\Plocha\FS\GAME\FS9.EXE:*:Enabled:Microsoft Flight Simulator"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"="C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\Sprite Software\Sprite Backup\spriteservice.exe"="C:\Program Files\Sprite Software\Sprite Backup\spriteservice.exe:*:Enabled:Sprite PC Service"
"C:\Documents and Settings\Jw\Local Settings\Data aplikací\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe"="C:\Documents and Settings\Jw\Local Settings\Data aplikací\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe:*:Enabled:Abacast Distributed On-Demand"
"C:\Documents and Settings\Jw\Local Settings\Data aplikací\Abacast\Abaclient2.exe"="C:\Documents and Settings\Jw\Local Settings\Data aplikací\Abacast\Abaclient2.exe:*:Enabled:Abaclient"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Jw\Local Settings\Temp\pyl745.tmp\pyrun.exe"="C:\Documents and Settings\Jw\Local Settings\Temp\pyl745.tmp\pyrun.exe:*:Enabled:pyrun"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-06-10 15:17:34 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-06-10 15:16:51 ----D---- C:\Program Files\Alwil Software
2010-06-10 15:16:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-06-10 11:56:53 ----A---- C:\WINDOWS\imsins.BAK
2010-06-10 10:16:01 ----D---- C:\Program Files\CCleaner
2010-06-10 09:57:51 ----D---- C:\WINDOWS\Motorola
2010-06-10 09:57:20 ----D---- C:\Program Files\SoftMaker Viewer
2010-06-10 09:22:26 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-10 09:16:44 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-10 09:07:05 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-10 08:30:31 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-10 08:29:53 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-10 08:28:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-10 08:16:02 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
2010-06-09 16:12:22 ----D---- C:\WINDOWS\pss
2010-06-09 15:08:37 ----D---- C:\Program Files\trend micro
2010-06-09 15:08:35 ----D---- C:\rsit
2010-05-26 18:48:06 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-05-12 12:17:24 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
======List of files/folders modified in the last 1 months======
2010-06-10 15:37:26 ----D---- C:\WINDOWS\Prefetch
2010-06-10 15:35:04 ----D---- C:\WINDOWS\temp
2010-06-10 15:33:13 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Data Fax Modem.txt
2010-06-10 15:31:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-10 15:29:03 ----D---- C:\Program Files\ESET
2010-06-10 15:29:03 ----AD---- C:\WINDOWS\system32
2010-06-10 15:25:37 ----D---- C:\WINDOWS\system32\drivers
2010-06-10 15:20:04 ----SHD---- C:\WINDOWS\Installer
2010-06-10 15:20:04 ----D---- C:\Config.Msi
2010-06-10 15:20:02 ----D---- C:\WINDOWS\WinSxS
2010-06-10 15:16:51 ----RD---- C:\Program Files
2010-06-10 14:41:15 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-10 14:39:18 ----RSD---- C:\WINDOWS\assembly
2010-06-10 14:07:47 ----A---- C:\WINDOWS\NeroDigital.ini
2010-06-10 12:52:04 ----D---- C:\WINDOWS
2010-06-10 12:48:12 ----HD---- C:\WINDOWS\inf
2010-06-10 12:48:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-10 12:36:08 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-10 12:15:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-10 10:34:59 ----D---- C:\WINDOWS\Debug
2010-06-10 10:15:13 ----D---- C:\Program Files\Common Files
2010-06-10 10:13:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Installations
2010-06-10 10:11:27 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-06-10 10:09:43 ----D---- C:\Documents and Settings\Jw\Data aplikací\Happy Foto
2010-06-10 10:08:33 ----D---- C:\WINDOWS\system32\CatRoot
2010-06-10 10:04:41 ----D---- C:\Program Files\uTorrent
2010-06-10 10:00:05 ----D---- C:\WINDOWS\system32\config
2010-06-10 09:59:41 ----D---- C:\WINDOWS\system32\wbem
2010-06-10 09:59:41 ----D---- C:\WINDOWS\Registration
2010-06-10 09:57:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Seznam DVD 2008
2010-06-10 09:57:20 ----D---- C:\Program Files\Microsoft ActiveSync
2010-06-10 09:57:19 ----D---- C:\Program Files\VideoReDoPlus
2010-06-10 09:14:46 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-09 16:20:52 ----A---- C:\WINDOWS\win.ini
2010-06-09 16:20:52 ----A---- C:\WINDOWS\system.ini
2010-06-09 14:44:28 ----D---- C:\WINDOWS\Help
2010-06-09 14:40:49 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-04 07:48:55 ----D---- C:\Program Files\Microsoft Silverlight
2010-05-28 20:37:34 ----A---- C:\WINDOWS\system32\MRT.exe
2010-05-26 09:57:58 ----D---- C:\Program Files\Mozilla Firefox
2010-05-12 12:17:27 ----D---- C:\Program Files\Outlook Express
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-05-06 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-05-06 164048]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-05-06 46672]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 PVR101Disk;PVR101Disk; C:\WINDOWS\system32\drivers\PVR101Disk.sys [2006-10-04 7936]
R1 WINIO;WINIO; \??\C:\WINDOWS\system32\WinIo.sys []
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2008-05-06 16512]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-05-06 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-05-06 100432]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-01 2319680]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-05-05 463168]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-05-06 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-01 1198592]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-01 45056]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EKBfltr;ENE Keyboard Controller; C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-08-01 5504]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 odysseyIM4;Odyssey Network Agent Miniport; C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 173056]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-07-06 925572]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-08-01 162176]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 axrlfkus;axrlfkus; C:\WINDOWS\system32\drivers\axrlfkus.sys []
S3 BthEnum;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 snpstd2;VideoCAM Look; C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-07-28 334080]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Aladdin SQL Server;Aladdin SQL Server; C:\Program Files\Aladdin\Aladdin SQL Server\AladdinSQL.exe [2010-03-20 136192]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-01 368640]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 odClientService;Odyssey Client for Fujitsu Siemens Computers; C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe [2005-05-18 208896]
R2 Plánovač automatické aktualizace LiveUpdate;Plánovač automatické aktualizace LiveUpdate; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 100032]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-08-03 2119360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Run by Jw at 2010-06-10 15:37:30
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 9 GB (18%) free of 52 GB
Total RAM: 446 MB (13% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:38, on 10.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Aladdin\Aladdin SQL Server\AladdinSQL.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Updater.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\PROGRA~1\MESSEN~1\Msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\Jw\Local Settings\Data aplikací\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Documents and Settings\Jw\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jw\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jw\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Alwil Software\Avast5\setup\avast.setup
C:\Documents and Settings\Jw\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Jw.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [MSMSGS] "c:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jw\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AbacastDistributedOnDemand:11] C:\Documents and Settings\Jw\Local Settings\Data aplikací\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe -r:11 -x:1
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Zástupce - K9.lnk = C:\Program Files\KeirNet\K9\K9.exe
O4 - Startup: Zástupce - utorrent.lnk = C:\Program Files\uTorrent\utorrent.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://office.microsoft.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F509E42-537E-482B-B66C-145BC170054C} (PhotoUploader Control) - http://sberna.fotostar.cz/snadno-vlozit ... loader.dll
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - http://adis.mfcr.cz/adis/jepo/epo/bin/capicom.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://asp.photoprintit.de/microsite/11 ... oader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Aladdin SQL Server - Unknown owner - C:\Program Files\Aladdin\Aladdin SQL Server\AladdinSQL.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
O23 - Service: Plánovač automatické aktualizace LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8854 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1998869925-89902533-2611522979-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1998869925-89902533-2611522979-1006UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-06-22 344064]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-08-01 77824]
"SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2005-07-06 544768]
"PowerManager"=C:\Program Files\Power Manager\PM.exe [2005-12-14 159744]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"OdTray.exe"=C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe [2005-05-18 1015871]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-07-14 98304]
"iRiver Updater"=\Updater.exe [2004-07-01 212992]
"SNPSTD2"=C:\WINDOWS\vsnpstd2.exe [2004-06-10 286720]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-25 652624]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2009-07-06 1848648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-05-06 2815192]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=c:\PROGRA~1\MESSEN~1\Msmsgs.exe [2005-08-31 1658592]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"Google Update"=C:\Documents and Settings\Jw\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-03-21 133104]
"AbacastDistributedOnDemand:11"=C:\Documents and Settings\Jw\Local Settings\Data aplikací\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe [2009-04-15 54712]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
C:\Documents and Settings\Jw\Nabídka Start\Programy\Po spuštění
Zástupce - K9.lnk - C:\Program Files\KeirNet\K9\K9.exe
Zástupce - utorrent.lnk - C:\Program Files\uTorrent\utorrent.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-01 46080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OdysseyClient]
C:\WINDOWS\system32\odyEvent.dll [2007-07-12 106496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Jw\Plocha\aceftp3free.exe"="C:\Documents and Settings\Jw\Plocha\aceftp3free.exe:*:Enabled:AceFTP v3"
"C:\Program Files\Messenger\Msmsgs.exe"="C:\Program Files\Messenger\Msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Průvodce přenesením souborů a nastavení"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player"
"C:\Documents and Settings\Jw\Plocha\FS\GAME\FS9.EXE"="C:\Documents and Settings\Jw\Plocha\FS\GAME\FS9.EXE:*:Enabled:Microsoft Flight Simulator"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"="C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\Sprite Software\Sprite Backup\spriteservice.exe"="C:\Program Files\Sprite Software\Sprite Backup\spriteservice.exe:*:Enabled:Sprite PC Service"
"C:\Documents and Settings\Jw\Local Settings\Data aplikací\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe"="C:\Documents and Settings\Jw\Local Settings\Data aplikací\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe:*:Enabled:Abacast Distributed On-Demand"
"C:\Documents and Settings\Jw\Local Settings\Data aplikací\Abacast\Abaclient2.exe"="C:\Documents and Settings\Jw\Local Settings\Data aplikací\Abacast\Abaclient2.exe:*:Enabled:Abaclient"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Jw\Local Settings\Temp\pyl745.tmp\pyrun.exe"="C:\Documents and Settings\Jw\Local Settings\Temp\pyl745.tmp\pyrun.exe:*:Enabled:pyrun"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-06-10 15:17:34 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-06-10 15:16:51 ----D---- C:\Program Files\Alwil Software
2010-06-10 15:16:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-06-10 11:56:53 ----A---- C:\WINDOWS\imsins.BAK
2010-06-10 10:16:01 ----D---- C:\Program Files\CCleaner
2010-06-10 09:57:51 ----D---- C:\WINDOWS\Motorola
2010-06-10 09:57:20 ----D---- C:\Program Files\SoftMaker Viewer
2010-06-10 09:22:26 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-10 09:16:44 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-10 09:07:05 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-10 08:30:31 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-10 08:29:53 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-10 08:28:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-10 08:16:02 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
2010-06-09 16:12:22 ----D---- C:\WINDOWS\pss
2010-06-09 15:08:37 ----D---- C:\Program Files\trend micro
2010-06-09 15:08:35 ----D---- C:\rsit
2010-05-26 18:48:06 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-05-12 12:17:24 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
======List of files/folders modified in the last 1 months======
2010-06-10 15:37:26 ----D---- C:\WINDOWS\Prefetch
2010-06-10 15:35:04 ----D---- C:\WINDOWS\temp
2010-06-10 15:33:13 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Data Fax Modem.txt
2010-06-10 15:31:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-10 15:29:03 ----D---- C:\Program Files\ESET
2010-06-10 15:29:03 ----AD---- C:\WINDOWS\system32
2010-06-10 15:25:37 ----D---- C:\WINDOWS\system32\drivers
2010-06-10 15:20:04 ----SHD---- C:\WINDOWS\Installer
2010-06-10 15:20:04 ----D---- C:\Config.Msi
2010-06-10 15:20:02 ----D---- C:\WINDOWS\WinSxS
2010-06-10 15:16:51 ----RD---- C:\Program Files
2010-06-10 14:41:15 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-10 14:39:18 ----RSD---- C:\WINDOWS\assembly
2010-06-10 14:07:47 ----A---- C:\WINDOWS\NeroDigital.ini
2010-06-10 12:52:04 ----D---- C:\WINDOWS
2010-06-10 12:48:12 ----HD---- C:\WINDOWS\inf
2010-06-10 12:48:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-10 12:36:08 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-10 12:15:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-10 10:34:59 ----D---- C:\WINDOWS\Debug
2010-06-10 10:15:13 ----D---- C:\Program Files\Common Files
2010-06-10 10:13:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Installations
2010-06-10 10:11:27 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-06-10 10:09:43 ----D---- C:\Documents and Settings\Jw\Data aplikací\Happy Foto
2010-06-10 10:08:33 ----D---- C:\WINDOWS\system32\CatRoot
2010-06-10 10:04:41 ----D---- C:\Program Files\uTorrent
2010-06-10 10:00:05 ----D---- C:\WINDOWS\system32\config
2010-06-10 09:59:41 ----D---- C:\WINDOWS\system32\wbem
2010-06-10 09:59:41 ----D---- C:\WINDOWS\Registration
2010-06-10 09:57:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Seznam DVD 2008
2010-06-10 09:57:20 ----D---- C:\Program Files\Microsoft ActiveSync
2010-06-10 09:57:19 ----D---- C:\Program Files\VideoReDoPlus
2010-06-10 09:14:46 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-09 16:20:52 ----A---- C:\WINDOWS\win.ini
2010-06-09 16:20:52 ----A---- C:\WINDOWS\system.ini
2010-06-09 14:44:28 ----D---- C:\WINDOWS\Help
2010-06-09 14:40:49 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-04 07:48:55 ----D---- C:\Program Files\Microsoft Silverlight
2010-05-28 20:37:34 ----A---- C:\WINDOWS\system32\MRT.exe
2010-05-26 09:57:58 ----D---- C:\Program Files\Mozilla Firefox
2010-05-12 12:17:27 ----D---- C:\Program Files\Outlook Express
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-05-06 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-05-06 164048]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-05-06 46672]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 PVR101Disk;PVR101Disk; C:\WINDOWS\system32\drivers\PVR101Disk.sys [2006-10-04 7936]
R1 WINIO;WINIO; \??\C:\WINDOWS\system32\WinIo.sys []
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2008-05-06 16512]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-05-06 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-05-06 100432]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-01 2319680]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-05-05 463168]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-05-06 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-01 1198592]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-01 45056]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EKBfltr;ENE Keyboard Controller; C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-08-01 5504]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 odysseyIM4;Odyssey Network Agent Miniport; C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 173056]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-07-06 925572]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-08-01 162176]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 axrlfkus;axrlfkus; C:\WINDOWS\system32\drivers\axrlfkus.sys []
S3 BthEnum;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 snpstd2;VideoCAM Look; C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-07-28 334080]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Aladdin SQL Server;Aladdin SQL Server; C:\Program Files\Aladdin\Aladdin SQL Server\AladdinSQL.exe [2010-03-20 136192]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-01 368640]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 odClientService;Odyssey Client for Fujitsu Siemens Computers; C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe [2005-05-18 208896]
R2 Plánovač automatické aktualizace LiveUpdate;Plánovač automatické aktualizace LiveUpdate; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 100032]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-08-03 2119360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: virus Win32/Oficla.HD trojan??
Spusťte OTL a do spodního okna vložte následující skript.
Kód: Vybrat vše
:OTL
O3 - HKU\S-1-5-21-1998869925-89902533-2611522979-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-1998869925-89902533-2611522979-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - Startup: C:\Documents and Settings\JW\Nabídka Start\Programy\Po spuštění\Zástupce - K9.lnk = C:\Program Files\KeirNet\K9\K9.exe File not found
O4 - Startup: C:\Documents and Settings\JW\Nabídka Start\Programy\Po spuštění\Zástupce - utorrent.lnk = C:\Program Files\uTorrent\utorrent.exe File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\JW\Plocha\*.tmp files -> C:\Documents and Settings\JW\Plocha\*.tmp -> ]
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:0888F409
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\JW\Local Settings\Temp\pyl745.tmp\pyrun.exe"=-
:Commands
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]Re: virus Win32/Oficla.HD trojan??
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1998869925-89902533-2611522979-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-1998869925-89902533-2611522979-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
C:\Documents and Settings\JW\Nabídka Start\Programy\Po spuštění\Zástupce - K9.lnk moved successfully.
C:\Documents and Settings\JW\Nabídka Start\Programy\Po spuštění\Zástupce - utorrent.lnk moved successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D9F03FA-7A94-11D3-BE81-0050048385D1}\ not found.
File {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap11\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32505114-5902-49B2-880A-1F7738E5A384}\ not found.
File {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\_r_a_p_.tmp deleted successfully.
C:\WINDOWS\002838_.tmp deleted successfully.
C:\Documents and Settings\JW\Plocha\~WRD0920.tmp deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:0888F409 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\JW\Local Settings\Temp\pyl745.tmp\pyrun.exe deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Jw
->Temp folder emptied: 1758642356 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 150454097 bytes
->Google Chrome cache emptied: 12860935 bytes
->Flash cache emptied: 1498233 bytes
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 40188881 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 47979318 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34306 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1 919,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: Jw
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
Restore points cleared and new OTL Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
OTL by OldTimer - Version 3.2.6.0 log created on 06102010_162127
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1998869925-89902533-2611522979-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-1998869925-89902533-2611522979-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
C:\Documents and Settings\JW\Nabídka Start\Programy\Po spuštění\Zástupce - K9.lnk moved successfully.
C:\Documents and Settings\JW\Nabídka Start\Programy\Po spuštění\Zástupce - utorrent.lnk moved successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D9F03FA-7A94-11D3-BE81-0050048385D1}\ not found.
File {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap11\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32505114-5902-49B2-880A-1F7738E5A384}\ not found.
File {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\_r_a_p_.tmp deleted successfully.
C:\WINDOWS\002838_.tmp deleted successfully.
C:\Documents and Settings\JW\Plocha\~WRD0920.tmp deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:0888F409 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\JW\Local Settings\Temp\pyl745.tmp\pyrun.exe deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Jw
->Temp folder emptied: 1758642356 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 150454097 bytes
->Google Chrome cache emptied: 12860935 bytes
->Flash cache emptied: 1498233 bytes
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 40188881 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 47979318 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34306 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1 919,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: Jw
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
Restore points cleared and new OTL Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
OTL by OldTimer - Version 3.2.6.0 log created on 06102010_162127
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: virus Win32/Oficla.HD trojan??
co se tyce toho trojana, tal na ten jsem prisel, ze v outlooku v infect.items byl nekolikrat se stejnym casem a datem tenhle smejd: [virus Win32/Oficla.HD trojan] DHL Delivery Problem NR.44456
zatim, se jeste neobjevil, tak dam vedet, a mel bych mit nejaky poznatek i o zrychleni starecka? zkusim ho zavarit (vic otevrenych oken a prepinani mezi nimi - to pak nestihal ukrutne) a pak dam vedet, zatim diky moc
J.
zatim, se jeste neobjevil, tak dam vedet, a mel bych mit nejaky poznatek i o zrychleni starecka? zkusim ho zavarit (vic otevrenych oken a prepinani mezi nimi - to pak nestihal ukrutne) a pak dam vedet, zatim diky moc
J.
Přispějete na provoz fóra?