Autoscan: completed 2 minutes ago (events: 26, objects: 172287, time: 01:10:04)
19.7.2010 17:03:21 Task started
19.7.2010 17:22:58 Detected: Trojan-Spy.Win32.Agent.bhwi C:\Hry\PES 2010\kitserver\speeder.dll
19.7.2010 17:23:23 Deleted: Trojan-Spy.Win32.Agent.bhwi C:\Hry\PES 2010\kitserver\speeder.dll
19.7.2010 17:43:24 Detected: Trojan-Spy.Win32.Agent.bhwi C:\System Volume Information\_restore{C763B281-6B55-4C52-8C56-3F1E4D751C3E}\RP167\A0033649.dll
19.7.2010 17:43:38 Deleted: Trojan-Spy.Win32.Agent.bhwi C:\System Volume Information\_restore{C763B281-6B55-4C52-8C56-3F1E4D751C3E}\RP167\A0033649.dll
19.7.2010 17:43:50 Detected: Trojan-Spy.Win32.Agent.bhwi C:\System Volume Information\_restore{C763B281-6B55-4C52-8C56-3F1E4D751C3E}\RP169\A0036841.dll
19.7.2010 17:43:53 Deleted: Trojan-Spy.Win32.Agent.bhwi C:\System Volume Information\_restore{C763B281-6B55-4C52-8C56-3F1E4D751C3E}\RP169\A0036841.dll
19.7.2010 17:48:45 Detected: Trojan-Spy.Win32.Agent.bhwi C:\System Volume Information\_restore{C763B281-6B55-4C52-8C56-3F1E4D751C3E}\RP201\A0050536.dll
19.7.2010 17:48:56 Deleted: Trojan-Spy.Win32.Agent.bhwi C:\System Volume Information\_restore{C763B281-6B55-4C52-8C56-3F1E4D751C3E}\RP201\A0050536.dll
19.7.2010 18:09:01 Detected: Backdoor.Win32.Hupigon.lfeo D:\Software\Flash Video MX\flashvideomx_setup.exe/data0140
19.7.2010 18:09:16 Detected: Backdoor.Win32.Hupigon.lfep D:\Software\Flash Video MX\flashvideomx_setup.exe/data0141
19.7.2010 18:09:17 Detected: Backdoor.Win32.Hupigon.lfer D:\Software\Flash Video MX\flashvideomx_setup.exe/data0142
19.7.2010 18:09:17 Detected: Backdoor.Win32.Hupigon.lfes D:\Software\Flash Video MX\flashvideomx_setup.exe/data0143
19.7.2010 18:09:18 Detected: Backdoor.Win32.Hupigon.jzlx D:\Software\Flash Video MX\flashvideomx_setup.exe/data0144
19.7.2010 18:09:19 Deleted: Backdoor.Win32.Hupigon.jzlx D:\Software\Flash Video MX\flashvideomx_setup.exe
19.7.2010 18:09:32 Detected: Trojan.Win32.Vapsup.zzl D:\System Volume Information\_restore{15A04760-7389-43CF-A101-2F8356A9AB56}\RP11\A0000247.dll
19.7.2010 18:09:33 Deleted: Trojan.Win32.Vapsup.zzl D:\System Volume Information\_restore{15A04760-7389-43CF-A101-2F8356A9AB56}\RP11\A0000247.dll
19.7.2010 18:09:45 Detected: Trojan-Spy.Win32.Agent.bhpp D:\System Volume Information\_restore{15A04760-7389-43CF-A101-2F8356A9AB56}\RP17\A0001072.dll
19.7.2010 18:09:46 Deleted: Trojan-Spy.Win32.Agent.bhpp D:\System Volume Information\_restore{15A04760-7389-43CF-A101-2F8356A9AB56}\RP17\A0001072.dll
19.7.2010 18:10:00 Detected: Backdoor.Win32.Hupigon.lfeo D:\System Volume Information\_restore{C763B281-6B55-4C52-8C56-3F1E4D751C3E}\RP201\A0050537.exe/data0140
19.7.2010 18:10:04 Detected: Backdoor.Win32.Hupigon.lfep D:\System Volume Information\_restore{C763B281-6B55-4C52-8C56-3F1E4D751C3E}\RP201\A0050537.exe/data0141
19.7.2010 18:10:05 Detected: Backdoor.Win32.Hupigon.lfer D:\System Volume Information\_restore{C763B281-6B55-4C52-8C56-3F1E4D751C3E}\RP201\A0050537.exe/data0142
19.7.2010 18:10:06 Detected: Backdoor.Win32.Hupigon.lfes D:\System Volume Information\_restore{C763B281-6B55-4C52-8C56-3F1E4D751C3E}\RP201\A0050537.exe/data0143
19.7.2010 18:10:07 Detected: Backdoor.Win32.Hupigon.jzlx D:\System Volume Information\_restore{C763B281-6B55-4C52-8C56-3F1E4D751C3E}\RP201\A0050537.exe/data0144
19.7.2010 18:10:07 Deleted: Backdoor.Win32.Hupigon.jzlx D:\System Volume Information\_restore{C763B281-6B55-4C52-8C56-3F1E4D751C3E}\RP201\A0050537.exe
19.7.2010 18:13:25 Task completed
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Po spuštění zamrzlý PC - pro 1danab
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
1danab
- Nováček
- Příspěvky: 1412
- Registrován: 21 říj 2007 13:04
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: Po spuštění zamrzlý PC - pro 1danab
malware v System Volume Information odstraňte dle tohoto návodu
upozornění: touto operací přijdete o všechny vytvořené body obnovy...
upozornění: touto operací přijdete o všechny vytvořené body obnovy...
Re: Po spuštění zamrzlý PC - pro 1danab
nepomohlo....
-
1danab
- Nováček
- Příspěvky: 1412
- Registrován: 21 říj 2007 13:04
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: Po spuštění zamrzlý PC - pro 1danab
stáhněte si OTL z tohoto odkazu http://ottools.noahdfear.net/OTL.exe
stažený soubor spusťte jako správce
v otevřeném okně stiskněte tlačítko Prohledat, čímž spustíte sken; vyčkejte prosím dokončení skenu (cca 5 minut); poté se vám otevře okno Poznámkového bloku s logem, jehož obsah sem zkopírujte
mrknu se na to, ale až zítra...ráno vstávám brzo
stažený soubor spusťte jako správce
v otevřeném okně stiskněte tlačítko Prohledat, čímž spustíte sken; vyčkejte prosím dokončení skenu (cca 5 minut); poté se vám otevře okno Poznámkového bloku s logem, jehož obsah sem zkopírujte
mrknu se na to, ale až zítra...ráno vstávám brzo
Re: Po spuštění zamrzlý PC - pro 1danab
špatný odkaz ...
-
1danab
- Nováček
- Příspěvky: 1412
- Registrován: 21 říj 2007 13:04
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: Po spuštění zamrzlý PC - pro 1danab
tak zde je funkční http://oldtimer.geekstogo.com/OTL.exe
Re: Po spuštění zamrzlý PC - pro 1danab
Extras.Txt:
OTL Extras logfile created on: 19.7.2010 23:11:33 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Jerry\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 210,04 Gb Free Space | 90,19% Space Free | Partition Type: NTFS
Drive D: | 186,31 Gb Total Space | 141,54 Gb Free Space | 75,97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JERRY-PC
Current User Name: Jerry
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\QIP\qip.exe" = C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager -- (The Author of QIP)
"C:\Program Files\totalcmd\TOTALCMD.EXE" = C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit -- (Ghisler Software GmbH)
"C:\Hry\PES 2010\pes2010.exe" = C:\Hry\PES 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010 -- (Konami Digital Entertainment Co., Ltd.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Hry\PES 2010\2010 FIFA World Cup Patch\pes2010.exe" = C:\Hry\PES 2010\2010 FIFA World Cup Patch\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010 -- (Konami Digital Entertainment Co., Ltd.)
"C:\Hry\Far Cry 2\bin\FarCry2.exe" = C:\Hry\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"C:\Hry\Far Cry 2\bin\FC2Launcher.exe" = C:\Hry\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater -- (Ubisoft)
"C:\Hry\Far Cry 2\bin\FC2Editor.exe" = C:\Hry\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor -- (Ubisoft Entertainment)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1A48AB8A-DA88-545F-9D3D-C481DC6C31A3}" = Catalyst Control Center Graphics Full Existing
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{257DEF70-A302-CF80-79FE-D8C72EB5E4D0}" = ccc-utility
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2CF6349E-8A3F-B726-F59A-8703FC8885E8}" = Catalyst Control Center Graphics Light
"{2FB2169F-04D8-FFC0-6A66-80EE652B93A5}" = Catalyst Control Center InstallProxy
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{302126A2-BB96-5931-6249-CAACA2C89AA1}" = ccc-core-static
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5B9EFDF8-AC4F-CA21-9A8C-7534D49E7EE9}" = Catalyst Control Center HydraVision Full
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{855AA20A-CA81-7EF1-1936-AE4AA3DC4BEA}" = ccc-core-preinstall
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9867BC9-0EAD-BAC6-C320-4FBC2E127643}" = Catalyst Control Center Core Implementation
"{AC76BA86-7AD7-1029-7B44-A93000000001}" = Adobe Reader 9.3.2 - Czech
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D0E6B5D9-6737-AF3E-7BE5-7327DD6B6002}" = Catalyst Control Center Graphics Previews Common
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{E2C00C8C-3D0C-40DF-BC67-44321C9E1029}" = Nero 8
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E4C82E4B-CD9E-27ED-BC6A-E099DE3EC3ED}" = CCC Help English
"{E7231089-60AD-CD67-8CC0-B0F415E2A32A}" = Catalyst Control Center Graphics Full New
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F6B23E59-1240-4C20-AE0B-70658A91976A}" = Intel(R) PRO Network Connections
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Ad-Aware SE Professional" = Ad-Aware SE Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ie8" = Windows Internet Explorer 8
"IETester" = IETester v0.4.4 (remove only)
"Internet Download Manager" = Internet Download Manager
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.0.4
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PSPad editor_is1" = PSPad editor
"PunkBusterSvc" = PunkBuster Services
"Totalcmd" = Total Commander (Remove or Repair)
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZonerPhotoStudio11_CZ_is1" = Zoner Photo Studio 11
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP 2005" = QIP 2005 8095
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 6.7.2010 7:51:25 | Computer Name = JERRY-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace pes2010.exe, verze 1.3.0.0, chybující modul pes2010.exe,
verze 1.3.0.0, adresa chyby 0x00c18f77.
Error - 6.7.2010 7:52:01 | Computer Name = JERRY-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace pes2010.exe, verze 1.3.0.0, chybující modul pes2010.exe,
verze 1.3.0.0, adresa chyby 0x00c18f77.
Error - 18.7.2010 10:03:38 | Computer Name = JERRY-PC | Source = MsiInstaller | ID = 1013
Description = Produkt: Microsoft .NET Framework 2.0 - Setup cannot continue because
this version of the .NET Framework is incompatible with a previously installed
one. For more information, see http://support.microsoft.com/support/kb ... 2/5/00.asp
Error - 18.7.2010 14:17:59 | Computer Name = JERRY-PC | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace SpybotSD.exe, verze 1.6.2.46, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 18.7.2010 15:57:09 | Computer Name = JERRY-PC | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
Error - 18.7.2010 15:57:09 | Computer Name = JERRY-PC | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
Error - 18.7.2010 16:00:38 | Computer Name = JERRY-PC | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
Error - 18.7.2010 16:00:38 | Computer Name = JERRY-PC | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
Error - 18.7.2010 16:00:38 | Computer Name = JERRY-PC | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
Error - 18.7.2010 16:00:38 | Computer Name = JERRY-PC | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
[ Application Events ]
Error - 6.7.2010 7:51:25 | Computer Name = JERRY-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace pes2010.exe, verze 1.3.0.0, chybující modul pes2010.exe,
verze 1.3.0.0, adresa chyby 0x00c18f77.
Error - 6.7.2010 7:52:01 | Computer Name = JERRY-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace pes2010.exe, verze 1.3.0.0, chybující modul pes2010.exe,
verze 1.3.0.0, adresa chyby 0x00c18f77.
Error - 18.7.2010 10:03:38 | Computer Name = JERRY-PC | Source = MsiInstaller | ID = 1013
Description = Produkt: Microsoft .NET Framework 2.0 - Setup cannot continue because
this version of the .NET Framework is incompatible with a previously installed
one. For more information, see http://support.microsoft.com/support/kb ... 2/5/00.asp
Error - 18.7.2010 14:17:59 | Computer Name = JERRY-PC | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace SpybotSD.exe, verze 1.6.2.46, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 18.7.2010 15:57:09 | Computer Name = JERRY-PC | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
Error - 18.7.2010 15:57:09 | Computer Name = JERRY-PC | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
Error - 18.7.2010 16:00:38 | Computer Name = JERRY-PC | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
Error - 18.7.2010 16:00:38 | Computer Name = JERRY-PC | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
Error - 18.7.2010 16:00:38 | Computer Name = JERRY-PC | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
Error - 18.7.2010 16:00:38 | Computer Name = JERRY-PC | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
[ System Events ]
Error - 19.7.2010 3:54:52 | Computer Name = JERRY-PC | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
SigmaTel Audio Service.
Error - 19.7.2010 3:54:52 | Computer Name = JERRY-PC | Source = Service Control Manager | ID = 7000
Description = Služba SigmaTel Audio Service neuspěla při spuštění v důsledku následující
chyby: %%1053
Error - 19.7.2010 9:46:08 | Computer Name = JERRY-PC | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
SigmaTel Audio Service.
Error - 19.7.2010 9:46:08 | Computer Name = JERRY-PC | Source = Service Control Manager | ID = 7000
Description = Služba SigmaTel Audio Service neuspěla při spuštění v důsledku následující
chyby: %%1053
Error - 19.7.2010 12:19:56 | Computer Name = JERRY-PC | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
SigmaTel Audio Service.
Error - 19.7.2010 12:19:56 | Computer Name = JERRY-PC | Source = Service Control Manager | ID = 7000
Description = Služba SigmaTel Audio Service neuspěla při spuštění v důsledku následující
chyby: %%1053
Error - 19.7.2010 16:24:08 | Computer Name = JERRY-PC | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
SigmaTel Audio Service.
Error - 19.7.2010 16:24:08 | Computer Name = JERRY-PC | Source = Service Control Manager | ID = 7000
Description = Služba SigmaTel Audio Service neuspěla při spuštění v důsledku následující
chyby: %%1053
Error - 19.7.2010 16:31:08 | Computer Name = JERRY-PC | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
SigmaTel Audio Service.
Error - 19.7.2010 16:31:08 | Computer Name = JERRY-PC | Source = Service Control Manager | ID = 7000
Description = Služba SigmaTel Audio Service neuspěla při spuštění v důsledku následující
chyby: %%1053
< End of report >
OTL.Txt:
OTL logfile created on: 19.7.2010 23:11:33 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Jerry\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 210,04 Gb Free Space | 90,19% Space Free | Partition Type: NTFS
Drive D: | 186,31 Gb Total Space | 141,54 Gb Free Space | 75,97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JERRY-PC
Current User Name: Jerry
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.07.19 23:11:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerry\Plocha\OTL.exe
PRC - [2010.06.28 22:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.06.27 16:46:52 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.03.21 17:42:53 | 003,179,952 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2009.10.15 11:51:51 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2009.09.23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.08.13 12:43:54 | 003,276,288 | ---- | M] (The Author of QIP) -- C:\Program Files\QIP\qip.exe
PRC - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2008.04.14 09:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.05.26 16:58:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\sttray.exe
PRC - [2005.05.25 13:12:36 | 000,517,632 | ---- | M] (Lavasoft Sweden) -- C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
========== Modules (SafeList) ==========
MOD - [2010.07.19 23:11:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerry\Plocha\OTL.exe
MOD - [2009.03.26 17:35:39 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dll
MOD - [2008.04.14 09:49:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009.09.23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.07.29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2006.12.19 17:53:46 | 000,024,072 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2006.05.26 16:58:54 | 000,086,016 | ---- | M] (SigmaTel, Inc.) [Auto | Stopped] -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010.06.28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.06.28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.06.28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.06.28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010.06.28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.06.28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010.03.25 18:07:42 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.02.03 06:52:08 | 004,605,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.02.17 19:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008.04.14 00:10:28 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2008.04.13 23:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.02.16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006.05.26 16:59:12 | 001,177,032 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005.12.03 02:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.seznam.cz"
FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.8.4
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.9.1
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.27
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.12 11:35:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.12 11:35:25 | 000,000,000 | ---D | M]
[2010.03.20 19:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry\Data aplikací\Mozilla\Extensions
[2010.07.19 16:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry\Data aplikací\Mozilla\Firefox\Profiles\wgqhv3y1.default\extensions
[2010.07.04 09:55:58 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Jerry\Data aplikací\Mozilla\Firefox\Profiles\wgqhv3y1.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010.04.27 20:02:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jerry\Data aplikací\Mozilla\Firefox\Profiles\wgqhv3y1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.21 17:09:07 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Documents and Settings\Jerry\Data aplikací\Mozilla\Firefox\Profiles\wgqhv3y1.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}
[2010.07.19 16:02:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.06.12 01:52:09 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.06.12 01:52:09 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.06.12 01:52:09 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.06.12 01:52:09 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.06.12 01:52:09 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2010.07.18 21:32:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AWMON] C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe (Lavasoft Sweden)
O4 - HKCU..\Run: [Internet Download Manager (IDM)] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.03.20 18:54:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.07.19 23:11:10 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jerry\Plocha\OTL.exe
[2010.07.19 10:52:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jerry\Recent
[2010.07.18 21:42:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.07.18 19:45:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.07.18 19:42:55 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.07.18 19:42:55 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.07.18 19:42:55 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.07.18 19:42:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.07.18 19:42:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.07.18 16:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry\Local Settings\Data aplikací\My Games
[2010.07.18 16:11:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry\Dokumenty\My Games
[2010.07.18 16:03:50 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010.07.15 15:30:16 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010.07.14 12:39:40 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010.07.12 11:35:23 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010.07.12 11:35:23 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010.07.12 11:35:23 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010.07.12 11:35:23 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010.07.12 11:35:17 | 000,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\mp3fhg.acm
[2010.07.12 11:35:17 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010.07.12 11:35:17 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2010.07.12 11:35:16 | 000,720,384 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll
[2010.07.12 11:35:16 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010.07.12 11:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry\Data aplikací\Media Player Classic
[2010.07.11 18:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry\Dokumenty\Sony Ericsson
[2010.07.10 11:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry\Dokumenty\Stažené soubory
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.07.19 23:11:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerry\Plocha\OTL.exe
[2010.07.19 22:31:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.19 22:30:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.19 22:30:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.19 22:29:32 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\Jerry\NTUSER.DAT
[2010.07.19 22:29:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Jerry\ntuser.ini
[2010.07.19 18:09:03 | 000,000,620 | -HS- | M] () -- C:\WINDOWS\setup_9.0.0.722_19.07.2010_17-28drv.spi
[2010.07.18 21:32:30 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.07.18 21:32:20 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.07.18 19:46:01 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.07.18 19:18:15 | 000,000,172 | ---- | M] () -- C:\Sigmatel
[2010.07.18 18:45:10 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash
[2010.07.18 16:03:56 | 000,001,534 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Far Cry® 2.lnk
[2010.07.18 16:03:50 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010.07.18 16:00:14 | 000,022,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.07.18 16:00:14 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\Jerry\Data aplikací\PnkBstrK.sys
[2010.07.18 15:59:52 | 002,250,024 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2010.07.18 14:03:05 | 000,185,020 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2010.07.17 22:41:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.07.16 17:15:55 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010.07.15 16:02:35 | 000,000,543 | ---- | M] () -- C:\Documents and Settings\Jerry\Plocha\PES 2010.lnk
[2010.07.15 15:30:17 | 000,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.07.12 23:28:15 | 006,943,364 | -H-- | M] () -- C:\Documents and Settings\Jerry\Local Settings\Data aplikací\IconCache.db
[2010.07.02 21:55:38 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\Jerry\Plocha\Rozd_len__do_skupin_a_losovac____sla_2010-2011.doc
[2010.07.02 21:55:30 | 000,091,648 | ---- | M] () -- C:\Documents and Settings\Jerry\Plocha\Term_nov__listina_-_podzim_2010.doc
[2010.06.28 22:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010.06.28 22:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.06.28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.06.28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.06.28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.06.28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.06.28 22:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.06.28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.06.28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.06.23 22:32:43 | 001,013,862 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.23 22:32:43 | 000,444,164 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.23 22:32:43 | 000,441,086 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.06.23 22:32:43 | 000,083,742 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.06.23 22:32:43 | 000,072,040 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.07.19 17:22:58 | 000,000,620 | -HS- | C] () -- C:\WINDOWS\setup_9.0.0.722_19.07.2010_17-28drv.spi
[2010.07.18 19:42:55 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.07.18 19:42:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.07.18 19:42:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.07.18 19:42:55 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.07.18 19:42:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.07.18 16:03:56 | 000,001,534 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Far Cry® 2.lnk
[2010.07.18 16:00:15 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.07.18 16:00:14 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Jerry\Data aplikací\PnkBstrK.sys
[2010.07.18 15:59:57 | 000,107,832 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010.07.18 15:59:52 | 002,250,024 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010.07.18 15:59:52 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010.07.15 16:02:35 | 000,000,543 | ---- | C] () -- C:\Documents and Settings\Jerry\Plocha\PES 2010.lnk
[2010.07.12 11:35:22 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.07.12 11:35:16 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.07.12 11:35:16 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.07.12 11:35:16 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010.07.12 11:35:15 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.07.02 21:55:37 | 000,212,992 | ---- | C] () -- C:\Documents and Settings\Jerry\Plocha\Rozd_len__do_skupin_a_losovac____sla_2010-2011.doc
[2010.07.02 21:55:29 | 000,091,648 | ---- | C] () -- C:\Documents and Settings\Jerry\Plocha\Term_nov__listina_-_podzim_2010.doc
[2010.04.10 17:23:41 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010.03.25 18:07:42 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.03.24 20:40:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.03.23 17:16:49 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
< End of report >
OTL Extras logfile created on: 19.7.2010 23:11:33 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Jerry\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 210,04 Gb Free Space | 90,19% Space Free | Partition Type: NTFS
Drive D: | 186,31 Gb Total Space | 141,54 Gb Free Space | 75,97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JERRY-PC
Current User Name: Jerry
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\QIP\qip.exe" = C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager -- (The Author of QIP)
"C:\Program Files\totalcmd\TOTALCMD.EXE" = C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit -- (Ghisler Software GmbH)
"C:\Hry\PES 2010\pes2010.exe" = C:\Hry\PES 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010 -- (Konami Digital Entertainment Co., Ltd.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Hry\PES 2010\2010 FIFA World Cup Patch\pes2010.exe" = C:\Hry\PES 2010\2010 FIFA World Cup Patch\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010 -- (Konami Digital Entertainment Co., Ltd.)
"C:\Hry\Far Cry 2\bin\FarCry2.exe" = C:\Hry\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"C:\Hry\Far Cry 2\bin\FC2Launcher.exe" = C:\Hry\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater -- (Ubisoft)
"C:\Hry\Far Cry 2\bin\FC2Editor.exe" = C:\Hry\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor -- (Ubisoft Entertainment)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1A48AB8A-DA88-545F-9D3D-C481DC6C31A3}" = Catalyst Control Center Graphics Full Existing
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{257DEF70-A302-CF80-79FE-D8C72EB5E4D0}" = ccc-utility
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2CF6349E-8A3F-B726-F59A-8703FC8885E8}" = Catalyst Control Center Graphics Light
"{2FB2169F-04D8-FFC0-6A66-80EE652B93A5}" = Catalyst Control Center InstallProxy
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{302126A2-BB96-5931-6249-CAACA2C89AA1}" = ccc-core-static
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5B9EFDF8-AC4F-CA21-9A8C-7534D49E7EE9}" = Catalyst Control Center HydraVision Full
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{855AA20A-CA81-7EF1-1936-AE4AA3DC4BEA}" = ccc-core-preinstall
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9867BC9-0EAD-BAC6-C320-4FBC2E127643}" = Catalyst Control Center Core Implementation
"{AC76BA86-7AD7-1029-7B44-A93000000001}" = Adobe Reader 9.3.2 - Czech
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D0E6B5D9-6737-AF3E-7BE5-7327DD6B6002}" = Catalyst Control Center Graphics Previews Common
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{E2C00C8C-3D0C-40DF-BC67-44321C9E1029}" = Nero 8
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E4C82E4B-CD9E-27ED-BC6A-E099DE3EC3ED}" = CCC Help English
"{E7231089-60AD-CD67-8CC0-B0F415E2A32A}" = Catalyst Control Center Graphics Full New
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F6B23E59-1240-4C20-AE0B-70658A91976A}" = Intel(R) PRO Network Connections
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Ad-Aware SE Professional" = Ad-Aware SE Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ie8" = Windows Internet Explorer 8
"IETester" = IETester v0.4.4 (remove only)
"Internet Download Manager" = Internet Download Manager
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.0.4
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PSPad editor_is1" = PSPad editor
"PunkBusterSvc" = PunkBuster Services
"Totalcmd" = Total Commander (Remove or Repair)
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZonerPhotoStudio11_CZ_is1" = Zoner Photo Studio 11
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP 2005" = QIP 2005 8095
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 6.7.2010 7:51:25 | Computer Name = JERRY-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace pes2010.exe, verze 1.3.0.0, chybující modul pes2010.exe,
verze 1.3.0.0, adresa chyby 0x00c18f77.
Error - 6.7.2010 7:52:01 | Computer Name = JERRY-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace pes2010.exe, verze 1.3.0.0, chybující modul pes2010.exe,
verze 1.3.0.0, adresa chyby 0x00c18f77.
Error - 18.7.2010 10:03:38 | Computer Name = JERRY-PC | Source = MsiInstaller | ID = 1013
Description = Produkt: Microsoft .NET Framework 2.0 - Setup cannot continue because
this version of the .NET Framework is incompatible with a previously installed
one. For more information, see http://support.microsoft.com/support/kb ... 2/5/00.asp
Error - 18.7.2010 14:17:59 | Computer Name = JERRY-PC | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace SpybotSD.exe, verze 1.6.2.46, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 18.7.2010 15:57:09 | Computer Name = JERRY-PC | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
Error - 18.7.2010 15:57:09 | Computer Name = JERRY-PC | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
Error - 18.7.2010 16:00:38 | Computer Name = JERRY-PC | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
Error - 18.7.2010 16:00:38 | Computer Name = JERRY-PC | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
Error - 18.7.2010 16:00:38 | Computer Name = JERRY-PC | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
Error - 18.7.2010 16:00:38 | Computer Name = JERRY-PC | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
[ Application Events ]
Error - 6.7.2010 7:51:25 | Computer Name = JERRY-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace pes2010.exe, verze 1.3.0.0, chybující modul pes2010.exe,
verze 1.3.0.0, adresa chyby 0x00c18f77.
Error - 6.7.2010 7:52:01 | Computer Name = JERRY-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace pes2010.exe, verze 1.3.0.0, chybující modul pes2010.exe,
verze 1.3.0.0, adresa chyby 0x00c18f77.
Error - 18.7.2010 10:03:38 | Computer Name = JERRY-PC | Source = MsiInstaller | ID = 1013
Description = Produkt: Microsoft .NET Framework 2.0 - Setup cannot continue because
this version of the .NET Framework is incompatible with a previously installed
one. For more information, see http://support.microsoft.com/support/kb ... 2/5/00.asp
Error - 18.7.2010 14:17:59 | Computer Name = JERRY-PC | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace SpybotSD.exe, verze 1.6.2.46, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 18.7.2010 15:57:09 | Computer Name = JERRY-PC | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
Error - 18.7.2010 15:57:09 | Computer Name = JERRY-PC | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
Error - 18.7.2010 16:00:38 | Computer Name = JERRY-PC | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
Error - 18.7.2010 16:00:38 | Computer Name = JERRY-PC | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
Error - 18.7.2010 16:00:38 | Computer Name = JERRY-PC | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
Error - 18.7.2010 16:00:38 | Computer Name = JERRY-PC | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
[ System Events ]
Error - 19.7.2010 3:54:52 | Computer Name = JERRY-PC | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
SigmaTel Audio Service.
Error - 19.7.2010 3:54:52 | Computer Name = JERRY-PC | Source = Service Control Manager | ID = 7000
Description = Služba SigmaTel Audio Service neuspěla při spuštění v důsledku následující
chyby: %%1053
Error - 19.7.2010 9:46:08 | Computer Name = JERRY-PC | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
SigmaTel Audio Service.
Error - 19.7.2010 9:46:08 | Computer Name = JERRY-PC | Source = Service Control Manager | ID = 7000
Description = Služba SigmaTel Audio Service neuspěla při spuštění v důsledku následující
chyby: %%1053
Error - 19.7.2010 12:19:56 | Computer Name = JERRY-PC | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
SigmaTel Audio Service.
Error - 19.7.2010 12:19:56 | Computer Name = JERRY-PC | Source = Service Control Manager | ID = 7000
Description = Služba SigmaTel Audio Service neuspěla při spuštění v důsledku následující
chyby: %%1053
Error - 19.7.2010 16:24:08 | Computer Name = JERRY-PC | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
SigmaTel Audio Service.
Error - 19.7.2010 16:24:08 | Computer Name = JERRY-PC | Source = Service Control Manager | ID = 7000
Description = Služba SigmaTel Audio Service neuspěla při spuštění v důsledku následující
chyby: %%1053
Error - 19.7.2010 16:31:08 | Computer Name = JERRY-PC | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
SigmaTel Audio Service.
Error - 19.7.2010 16:31:08 | Computer Name = JERRY-PC | Source = Service Control Manager | ID = 7000
Description = Služba SigmaTel Audio Service neuspěla při spuštění v důsledku následující
chyby: %%1053
< End of report >
OTL.Txt:
OTL logfile created on: 19.7.2010 23:11:33 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Jerry\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 210,04 Gb Free Space | 90,19% Space Free | Partition Type: NTFS
Drive D: | 186,31 Gb Total Space | 141,54 Gb Free Space | 75,97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JERRY-PC
Current User Name: Jerry
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.07.19 23:11:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerry\Plocha\OTL.exe
PRC - [2010.06.28 22:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.06.27 16:46:52 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.03.21 17:42:53 | 003,179,952 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2009.10.15 11:51:51 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2009.09.23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.08.13 12:43:54 | 003,276,288 | ---- | M] (The Author of QIP) -- C:\Program Files\QIP\qip.exe
PRC - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2008.04.14 09:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.05.26 16:58:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\sttray.exe
PRC - [2005.05.25 13:12:36 | 000,517,632 | ---- | M] (Lavasoft Sweden) -- C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
========== Modules (SafeList) ==========
MOD - [2010.07.19 23:11:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerry\Plocha\OTL.exe
MOD - [2009.03.26 17:35:39 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dll
MOD - [2008.04.14 09:49:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009.09.23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.07.29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2006.12.19 17:53:46 | 000,024,072 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2006.05.26 16:58:54 | 000,086,016 | ---- | M] (SigmaTel, Inc.) [Auto | Stopped] -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010.06.28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.06.28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.06.28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.06.28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010.06.28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.06.28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010.03.25 18:07:42 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.02.03 06:52:08 | 004,605,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.02.17 19:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008.04.14 00:10:28 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2008.04.13 23:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.02.16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006.05.26 16:59:12 | 001,177,032 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005.12.03 02:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.seznam.cz"
FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.8.4
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.9.1
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.27
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.12 11:35:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.12 11:35:25 | 000,000,000 | ---D | M]
[2010.03.20 19:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry\Data aplikací\Mozilla\Extensions
[2010.07.19 16:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry\Data aplikací\Mozilla\Firefox\Profiles\wgqhv3y1.default\extensions
[2010.07.04 09:55:58 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Jerry\Data aplikací\Mozilla\Firefox\Profiles\wgqhv3y1.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010.04.27 20:02:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jerry\Data aplikací\Mozilla\Firefox\Profiles\wgqhv3y1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.21 17:09:07 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Documents and Settings\Jerry\Data aplikací\Mozilla\Firefox\Profiles\wgqhv3y1.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}
[2010.07.19 16:02:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.06.12 01:52:09 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.06.12 01:52:09 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.06.12 01:52:09 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.06.12 01:52:09 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.06.12 01:52:09 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2010.07.18 21:32:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AWMON] C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe (Lavasoft Sweden)
O4 - HKCU..\Run: [Internet Download Manager (IDM)] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.03.20 18:54:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.07.19 23:11:10 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jerry\Plocha\OTL.exe
[2010.07.19 10:52:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jerry\Recent
[2010.07.18 21:42:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.07.18 19:45:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.07.18 19:42:55 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.07.18 19:42:55 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.07.18 19:42:55 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.07.18 19:42:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.07.18 19:42:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.07.18 16:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry\Local Settings\Data aplikací\My Games
[2010.07.18 16:11:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry\Dokumenty\My Games
[2010.07.18 16:03:50 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010.07.15 15:30:16 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010.07.14 12:39:40 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010.07.12 11:35:23 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010.07.12 11:35:23 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010.07.12 11:35:23 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010.07.12 11:35:23 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010.07.12 11:35:17 | 000,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\mp3fhg.acm
[2010.07.12 11:35:17 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010.07.12 11:35:17 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2010.07.12 11:35:16 | 000,720,384 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll
[2010.07.12 11:35:16 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010.07.12 11:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry\Data aplikací\Media Player Classic
[2010.07.11 18:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry\Dokumenty\Sony Ericsson
[2010.07.10 11:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry\Dokumenty\Stažené soubory
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.07.19 23:11:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerry\Plocha\OTL.exe
[2010.07.19 22:31:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.19 22:30:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.19 22:30:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.19 22:29:32 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\Jerry\NTUSER.DAT
[2010.07.19 22:29:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Jerry\ntuser.ini
[2010.07.19 18:09:03 | 000,000,620 | -HS- | M] () -- C:\WINDOWS\setup_9.0.0.722_19.07.2010_17-28drv.spi
[2010.07.18 21:32:30 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.07.18 21:32:20 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.07.18 19:46:01 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.07.18 19:18:15 | 000,000,172 | ---- | M] () -- C:\Sigmatel
[2010.07.18 18:45:10 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash
[2010.07.18 16:03:56 | 000,001,534 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Far Cry® 2.lnk
[2010.07.18 16:03:50 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010.07.18 16:00:14 | 000,022,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.07.18 16:00:14 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\Jerry\Data aplikací\PnkBstrK.sys
[2010.07.18 15:59:52 | 002,250,024 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2010.07.18 14:03:05 | 000,185,020 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2010.07.17 22:41:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.07.16 17:15:55 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010.07.15 16:02:35 | 000,000,543 | ---- | M] () -- C:\Documents and Settings\Jerry\Plocha\PES 2010.lnk
[2010.07.15 15:30:17 | 000,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.07.12 23:28:15 | 006,943,364 | -H-- | M] () -- C:\Documents and Settings\Jerry\Local Settings\Data aplikací\IconCache.db
[2010.07.02 21:55:38 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\Jerry\Plocha\Rozd_len__do_skupin_a_losovac____sla_2010-2011.doc
[2010.07.02 21:55:30 | 000,091,648 | ---- | M] () -- C:\Documents and Settings\Jerry\Plocha\Term_nov__listina_-_podzim_2010.doc
[2010.06.28 22:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010.06.28 22:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.06.28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.06.28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.06.28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.06.28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.06.28 22:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.06.28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.06.28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.06.23 22:32:43 | 001,013,862 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.23 22:32:43 | 000,444,164 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.23 22:32:43 | 000,441,086 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.06.23 22:32:43 | 000,083,742 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.06.23 22:32:43 | 000,072,040 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.07.19 17:22:58 | 000,000,620 | -HS- | C] () -- C:\WINDOWS\setup_9.0.0.722_19.07.2010_17-28drv.spi
[2010.07.18 19:42:55 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.07.18 19:42:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.07.18 19:42:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.07.18 19:42:55 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.07.18 19:42:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.07.18 16:03:56 | 000,001,534 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Far Cry® 2.lnk
[2010.07.18 16:00:15 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.07.18 16:00:14 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Jerry\Data aplikací\PnkBstrK.sys
[2010.07.18 15:59:57 | 000,107,832 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010.07.18 15:59:52 | 002,250,024 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010.07.18 15:59:52 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010.07.15 16:02:35 | 000,000,543 | ---- | C] () -- C:\Documents and Settings\Jerry\Plocha\PES 2010.lnk
[2010.07.12 11:35:22 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.07.12 11:35:16 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.07.12 11:35:16 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.07.12 11:35:16 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010.07.12 11:35:15 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.07.02 21:55:37 | 000,212,992 | ---- | C] () -- C:\Documents and Settings\Jerry\Plocha\Rozd_len__do_skupin_a_losovac____sla_2010-2011.doc
[2010.07.02 21:55:29 | 000,091,648 | ---- | C] () -- C:\Documents and Settings\Jerry\Plocha\Term_nov__listina_-_podzim_2010.doc
[2010.04.10 17:23:41 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010.03.25 18:07:42 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.03.24 20:40:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.03.23 17:16:49 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
< End of report >
-
1danab
- Nováček
- Příspěvky: 1412
- Registrován: 21 říj 2007 13:04
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: Po spuštění zamrzlý PC - pro 1danab
stáhněte a aplikujte D.D.S.
staženou aplikaci spusťte a vyčkejte ukončení skenu
po ukončení vám aplikace vytvoří dva logy - DDS.txt; jehož obsah zkopírujete sem, Attach.txt, který zatím necháte uložený
staženou aplikaci spusťte a vyčkejte ukončení skenu
po ukončení vám aplikace vytvoří dva logy - DDS.txt; jehož obsah zkopírujete sem, Attach.txt, který zatím necháte uložený
Re: Po spuštění zamrzlý PC - pro 1danab
asi zase špatnej link....
Re: Po spuštění zamrzlý PC - pro 1danab
DDS (Ver_10-03-17.01) - NTFSx86
Run by Jerry at 11:21:19,56 on Łt 20.07.2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2045.1487 [GMT 2:00]
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\sttray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jerry\Plocha\dds.com
============== Pseudo HJT Report ===============
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [AWMON] "c:\program files\lavasoft\ad-aware se professional\Ad-Watch.exe"
uRun: [Internet Download Manager (IDM)] c:\program files\internet download manager\IDMan.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SigmatelSysTrayApp] sttray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\program files\internet download manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\internet download manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\internet download manager\IEGetAll.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\jerry\dataap~1\mozilla\firefox\profiles\wgqhv3y1.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - component: c:\documents and settings\jerry\data aplikací\idm\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.jit.chrome", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-29 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-29 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-29 40384]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-5-26 90112]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-29 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-29 40384]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-8-3 69120]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-5-26 27632]
=============== Created Last 30 ================
2010-07-19 15:22:58 620 --sha-w- c:\windows\setup_9.0.0.722_19.07.2010_17-28drv.spi
2010-07-18 17:45:57 0 d-sha-r- C:\cmdcons
2010-07-18 17:42:55 98816 ----a-w- c:\windows\sed.exe
2010-07-18 17:42:55 77312 ----a-w- c:\windows\MBR.exe
2010-07-18 17:42:55 256512 ----a-w- c:\windows\PEV.exe
2010-07-18 17:42:55 161792 ----a-w- c:\windows\SWREG.exe
2010-07-18 14:03:50 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-18 14:00:15 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-18 14:00:14 22328 ----a-w- c:\docume~1\jerry\dataap~1\PnkBstrK.sys
2010-07-18 13:59:57 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-18 13:59:52 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-07-18 13:59:52 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2010-07-15 13:30:16 38848 ----a-w- c:\windows\avastSS.scr
2010-07-14 10:39:40 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
==================== Find3M ====================
2010-06-23 20:32:43 83742 ----a-w- c:\windows\system32\perfc005.dat
2010-06-23 20:32:43 441086 ----a-w- c:\windows\system32\perfh005.dat
2010-06-02 08:00:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-05-13 14:44:13 12 ----a-w- c:\docume~1\jerry\dataap~1\qvjsge.dat
2010-05-06 10:35:35 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09:42 1851264 ----a-w- c:\windows\system32\win32k.sys
============= FINISH: 11:21:49,50 ===============
Run by Jerry at 11:21:19,56 on Łt 20.07.2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2045.1487 [GMT 2:00]
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\sttray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jerry\Plocha\dds.com
============== Pseudo HJT Report ===============
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [AWMON] "c:\program files\lavasoft\ad-aware se professional\Ad-Watch.exe"
uRun: [Internet Download Manager (IDM)] c:\program files\internet download manager\IDMan.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SigmatelSysTrayApp] sttray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\program files\internet download manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\internet download manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\internet download manager\IEGetAll.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\jerry\dataap~1\mozilla\firefox\profiles\wgqhv3y1.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - component: c:\documents and settings\jerry\data aplikací\idm\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.jit.chrome", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-29 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-29 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-29 40384]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-5-26 90112]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-29 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-29 40384]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-8-3 69120]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-5-26 27632]
=============== Created Last 30 ================
2010-07-19 15:22:58 620 --sha-w- c:\windows\setup_9.0.0.722_19.07.2010_17-28drv.spi
2010-07-18 17:45:57 0 d-sha-r- C:\cmdcons
2010-07-18 17:42:55 98816 ----a-w- c:\windows\sed.exe
2010-07-18 17:42:55 77312 ----a-w- c:\windows\MBR.exe
2010-07-18 17:42:55 256512 ----a-w- c:\windows\PEV.exe
2010-07-18 17:42:55 161792 ----a-w- c:\windows\SWREG.exe
2010-07-18 14:03:50 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-18 14:00:15 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-18 14:00:14 22328 ----a-w- c:\docume~1\jerry\dataap~1\PnkBstrK.sys
2010-07-18 13:59:57 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-18 13:59:52 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-07-18 13:59:52 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2010-07-15 13:30:16 38848 ----a-w- c:\windows\avastSS.scr
2010-07-14 10:39:40 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
==================== Find3M ====================
2010-06-23 20:32:43 83742 ----a-w- c:\windows\system32\perfc005.dat
2010-06-23 20:32:43 441086 ----a-w- c:\windows\system32\perfh005.dat
2010-06-02 08:00:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-05-13 14:44:13 12 ----a-w- c:\docume~1\jerry\dataap~1\qvjsge.dat
2010-05-06 10:35:35 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09:42 1851264 ----a-w- c:\windows\system32\win32k.sys
============= FINISH: 11:21:49,50 ===============
-
1danab
- Nováček
- Příspěvky: 1412
- Registrován: 21 říj 2007 13:04
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: Po spuštění zamrzlý PC - pro 1danab
Combofix už jsme dělali...zopakujte ho, ale v nouzovém režimu
Re: Po spuštění zamrzlý PC - pro 1danab
ComboFix 10-07-19.02 - Jerry 20.07.2010 12:12:21.3.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2045.1683 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jerry\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-20 do 2010-07-20 )))))))))))))))))))))))))))))))
.
2010-07-18 14:03 . 2010-07-18 14:03 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-18 14:00 . 2010-07-18 14:00 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-18 13:59 . 2010-07-18 14:00 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-18 13:59 . 2010-07-18 13:59 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-07-18 13:59 . 2010-07-18 13:59 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2010-07-15 13:30 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-14 10:39 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 09:35 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-07-12 09:35 . 2010-03-31 01:49 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-07-12 09:35 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\divx.dll
2010-07-12 09:35 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-07-12 09:35 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-07-12 09:35 . 2010-06-02 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-18 13:55 . 2010-03-20 17:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-12 09:35 . 2010-03-23 15:16 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-07-02 07:10 . 2010-03-20 18:28 -------- d-----w- c:\program files\CCleaner
2010-06-28 20:57 . 2010-05-29 10:39 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-05-29 10:40 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-05-29 10:40 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-05-29 10:40 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-05-29 10:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-05-29 10:40 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-05-29 10:40 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-05-29 10:40 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-26 18:36 . 2010-03-21 15:39 -------- d-----w- c:\program files\IETester
2010-06-23 20:32 . 2001-10-25 14:00 83742 ----a-w- c:\windows\system32\perfc005.dat
2010-06-23 20:32 . 2001-10-25 14:00 441086 ----a-w- c:\windows\system32\perfh005.dat
2010-06-14 14:31 . 2010-03-20 16:52 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-26 19:03 . 2010-04-24 13:40 -------- d-----w- c:\program files\Sony Ericsson
2010-05-26 19:02 . 2010-04-24 13:41 -------- d-----w- c:\program files\Avanquest update
2010-05-06 10:35 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2004-08-17 13:44 1851264 ----a-w- c:\windows\system32\win32k.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AWMON"="c:\program files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 517632]
"Internet Download Manager (IDM)"="c:\program files\Internet Download Manager\IDMan.exe" [2010-03-21 3179952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]
"SigmatelSysTrayApp"="sttray.exe" [2006-05-26 282624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Hry\\PES 2010\\pes2010.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Hry\\PES 2010\\2010 FIFA World Cup Patch\\pes2010.exe"=
"c:\\Hry\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Hry\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Hry\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [26.5.2010 21:04 27632]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29.5.2010 12:40 165456]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.5.2010 12:40 17744]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [26.5.2010 21:03 90112]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.3.2010 18:07 691696]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-07-16 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 13:13]
2010-07-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
FF - ProfilePath - c:\documents and settings\Jerry\Data aplikací\Mozilla\Firefox\Profiles\wgqhv3y1.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - component: c:\documents and settings\Jerry\Data aplikací\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-20 12:17
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{24875b25-8985-4545-a567-8bd538f3bdbf}]
@Denied: (Full) (Everyone)
"Model"=dword:0000008f
"Therad"=dword:00000009
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ec,06,d0,c4,06,69,4b,61,6e,7f,f4,34,dd,33,ac,18,85,80,8e,bd,1b,
1b,c7,e9,6a,a1,67,7e,f7,31,87,d7,7c,3c,36,23,4f,c1,78,13,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="F353ED40BE916B81C1746495ED8DACA3230934C79578F0DABE1B591DB17768B6F35679B346F7F784FE99AAA85E8E23FAF09E88D3F7DCD077EF28A005A10FDC4F50C52BE482E573AD73A61156204F480082FC44697C9311F76E6C6B69058D5A15C5915A6E4B78A4C8D793520594C5D7A12FC2A865348A028A4C4F21B6397BE717420B31EBEAF1666798B882A3148D21917EF24B24A2D787224F9EFB5B8F841E2AEAE5B1FD1E3825DED5D483A369E487C52EF616093F31197673898A4C4C7AAAFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CBA7FD869164D67949DB7CE019D40AA5C1776D8F6B72B597B03F5B36B26692D44FDA403C32C6A31EA23CD7E966152B43F4AA18194E1C266044274C2EC9A83CEFD20D718099B015B549EFDC416FC96F5C38D6D5D585C2EB41FCC04BC57D9AA8D1B5F5004D9B6A3A97485312C277976B4DC6D4E2DA1A09B533CF3D6A9B3ED5993C26D9CB782BB3D7D4709F530FA62692CF83EEE9228AD3176DF49D3F45AE703AB2DBC8189226B2B5D5A9D0B2F184ADAB99D132D16F4870475232495EFFA5A0C47A786F5322C884073D0FDE4EA554629E0DF481AA366B2A34D32206A4E195E4CFC14C6A4CF69DCC18C60A5AC8AE16F274AEBFB7A892E3C0D9DCC9C55A98A8E1284E7BD6DE2F435E89C5357BF98BBE51D3F008FC9FA51B036A9C63C0C7DF98A1F39ABEFE4D0BEE2E4B607962D02B849C4ADF1A93211AA23065909E679296676A51F7CA451E38AB8D797EE2EBA9A813FCDAAA6B49945E62BD8B91146BCF2237951D88C68AE4A6F91571B11AA5F9714F15BEB1ADD12788863FEF8EB4BA60357BFBD2FA00B2D925AC8EC4408DC4915BF8E044C5C17E6EBE4E8BCEC41A740657CF77D1191A1AF358BBD18B701D958102A48D24A8F9794C9A560C80C4853C10A62D6140E4C834D0915D74941BFFA20EB4BD2460A6C5A4E1C4AEECFF1CB0A1B45AA937ADA54CCD2CD5E7E674D19DDEA6D716853523C1BF75322407360AD496E504DE91E50BCDE3FA2261ECB6E78E235C0BB475F0E605E2BC0548146B9E1D59247941A616CAF5CC48EF827C559DBAF2DF31FB146CAC9E7351D5A674F86F035102A1FE617CF6AAD4DFABD0F16E955AD39F7656B563C0144998381A78C72F53428DE60988ABD3E007234A9CDF31D8A09F1A5AABED2B922C08B74EC7CEC4D23E04DAB1EF9F5A090C1046BC9608894B634A3B5DFF9723EDB6EF55111A5550BBA0F23BD735B8C0559A907B7FB47F1972863CEC6C9EE61677024F56238E31CC316D507A64F10739CA7AD30917707C10EC010275B0172BDF8387D5D5480008E33A11087D9F470C2BA1C0AEED641A97F0677F6955AF15E9ADA9ED5B0B55BC2EDB9DCDB64AEFAD6865AEBBF"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(232)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2010-07-20 12:19:34
ComboFix-quarantined-files.txt 2010-07-20 10:19
Před spuštěním: Volných bajtů: 225 400 270 848
Po spuštění: Volných bajtů: 225 386 541 056
- - End Of File - - 77328C9BA4839D06C454A7928E3F543D
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2045.1683 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jerry\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-20 do 2010-07-20 )))))))))))))))))))))))))))))))
.
2010-07-18 14:03 . 2010-07-18 14:03 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-18 14:00 . 2010-07-18 14:00 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-18 13:59 . 2010-07-18 14:00 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-18 13:59 . 2010-07-18 13:59 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-07-18 13:59 . 2010-07-18 13:59 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2010-07-15 13:30 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-14 10:39 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 09:35 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-07-12 09:35 . 2010-03-31 01:49 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-07-12 09:35 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\divx.dll
2010-07-12 09:35 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-07-12 09:35 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-07-12 09:35 . 2010-06-02 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-18 13:55 . 2010-03-20 17:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-12 09:35 . 2010-03-23 15:16 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-07-02 07:10 . 2010-03-20 18:28 -------- d-----w- c:\program files\CCleaner
2010-06-28 20:57 . 2010-05-29 10:39 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-05-29 10:40 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-05-29 10:40 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-05-29 10:40 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-05-29 10:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-05-29 10:40 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-05-29 10:40 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-05-29 10:40 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-26 18:36 . 2010-03-21 15:39 -------- d-----w- c:\program files\IETester
2010-06-23 20:32 . 2001-10-25 14:00 83742 ----a-w- c:\windows\system32\perfc005.dat
2010-06-23 20:32 . 2001-10-25 14:00 441086 ----a-w- c:\windows\system32\perfh005.dat
2010-06-14 14:31 . 2010-03-20 16:52 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-26 19:03 . 2010-04-24 13:40 -------- d-----w- c:\program files\Sony Ericsson
2010-05-26 19:02 . 2010-04-24 13:41 -------- d-----w- c:\program files\Avanquest update
2010-05-06 10:35 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2004-08-17 13:44 1851264 ----a-w- c:\windows\system32\win32k.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AWMON"="c:\program files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 517632]
"Internet Download Manager (IDM)"="c:\program files\Internet Download Manager\IDMan.exe" [2010-03-21 3179952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]
"SigmatelSysTrayApp"="sttray.exe" [2006-05-26 282624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Hry\\PES 2010\\pes2010.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Hry\\PES 2010\\2010 FIFA World Cup Patch\\pes2010.exe"=
"c:\\Hry\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Hry\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Hry\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [26.5.2010 21:04 27632]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29.5.2010 12:40 165456]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.5.2010 12:40 17744]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [26.5.2010 21:03 90112]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.3.2010 18:07 691696]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-07-16 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 13:13]
2010-07-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
FF - ProfilePath - c:\documents and settings\Jerry\Data aplikací\Mozilla\Firefox\Profiles\wgqhv3y1.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - component: c:\documents and settings\Jerry\Data aplikací\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-20 12:17
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{24875b25-8985-4545-a567-8bd538f3bdbf}]
@Denied: (Full) (Everyone)
"Model"=dword:0000008f
"Therad"=dword:00000009
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ec,06,d0,c4,06,69,4b,61,6e,7f,f4,34,dd,33,ac,18,85,80,8e,bd,1b,
1b,c7,e9,6a,a1,67,7e,f7,31,87,d7,7c,3c,36,23,4f,c1,78,13,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="F353ED40BE916B81C1746495ED8DACA3230934C79578F0DABE1B591DB17768B6F35679B346F7F784FE99AAA85E8E23FAF09E88D3F7DCD077EF28A005A10FDC4F50C52BE482E573AD73A61156204F480082FC44697C9311F76E6C6B69058D5A15C5915A6E4B78A4C8D793520594C5D7A12FC2A865348A028A4C4F21B6397BE717420B31EBEAF1666798B882A3148D21917EF24B24A2D787224F9EFB5B8F841E2AEAE5B1FD1E3825DED5D483A369E487C52EF616093F31197673898A4C4C7AAAFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CBA7FD869164D67949DB7CE019D40AA5C1776D8F6B72B597B03F5B36B26692D44FDA403C32C6A31EA23CD7E966152B43F4AA18194E1C266044274C2EC9A83CEFD20D718099B015B549EFDC416FC96F5C38D6D5D585C2EB41FCC04BC57D9AA8D1B5F5004D9B6A3A97485312C277976B4DC6D4E2DA1A09B533CF3D6A9B3ED5993C26D9CB782BB3D7D4709F530FA62692CF83EEE9228AD3176DF49D3F45AE703AB2DBC8189226B2B5D5A9D0B2F184ADAB99D132D16F4870475232495EFFA5A0C47A786F5322C884073D0FDE4EA554629E0DF481AA366B2A34D32206A4E195E4CFC14C6A4CF69DCC18C60A5AC8AE16F274AEBFB7A892E3C0D9DCC9C55A98A8E1284E7BD6DE2F435E89C5357BF98BBE51D3F008FC9FA51B036A9C63C0C7DF98A1F39ABEFE4D0BEE2E4B607962D02B849C4ADF1A93211AA23065909E679296676A51F7CA451E38AB8D797EE2EBA9A813FCDAAA6B49945E62BD8B91146BCF2237951D88C68AE4A6F91571B11AA5F9714F15BEB1ADD12788863FEF8EB4BA60357BFBD2FA00B2D925AC8EC4408DC4915BF8E044C5C17E6EBE4E8BCEC41A740657CF77D1191A1AF358BBD18B701D958102A48D24A8F9794C9A560C80C4853C10A62D6140E4C834D0915D74941BFFA20EB4BD2460A6C5A4E1C4AEECFF1CB0A1B45AA937ADA54CCD2CD5E7E674D19DDEA6D716853523C1BF75322407360AD496E504DE91E50BCDE3FA2261ECB6E78E235C0BB475F0E605E2BC0548146B9E1D59247941A616CAF5CC48EF827C559DBAF2DF31FB146CAC9E7351D5A674F86F035102A1FE617CF6AAD4DFABD0F16E955AD39F7656B563C0144998381A78C72F53428DE60988ABD3E007234A9CDF31D8A09F1A5AABED2B922C08B74EC7CEC4D23E04DAB1EF9F5A090C1046BC9608894B634A3B5DFF9723EDB6EF55111A5550BBA0F23BD735B8C0559A907B7FB47F1972863CEC6C9EE61677024F56238E31CC316D507A64F10739CA7AD30917707C10EC010275B0172BDF8387D5D5480008E33A11087D9F470C2BA1C0AEED641A97F0677F6955AF15E9ADA9ED5B0B55BC2EDB9DCDB64AEFAD6865AEBBF"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(232)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2010-07-20 12:19:34
ComboFix-quarantined-files.txt 2010-07-20 10:19
Před spuštěním: Volných bajtů: 225 400 270 848
Po spuštění: Volných bajtů: 225 386 541 056
- - End Of File - - 77328C9BA4839D06C454A7928E3F543D
-
1danab
- Nováček
- Příspěvky: 1412
- Registrován: 21 říj 2007 13:04
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: Po spuštění zamrzlý PC - pro 1danab
c:\docume~1\jerry\dataap~1\qvjsge.dat toto je třeba smazat, můžete ručně
potom stáhněte RootRepeal z adresy http://rootrepeal.googlepages.com/RootRepeal.zip
rozbalte, spusťte, překlikněte na záložku Files, klikněte na Scan, počkejte, pak kliknutím na Save Report uložte log a jeho obsah zkopírujte sem; to samé pak pod záložkami SSDT, Stealth Objectes a Hidden services
potom stáhněte RootRepeal z adresy http://rootrepeal.googlepages.com/RootRepeal.zip
rozbalte, spusťte, překlikněte na záložku Files, klikněte na Scan, počkejte, pak kliknutím na Save Report uložte log a jeho obsah zkopírujte sem; to samé pak pod záložkami SSDT, Stealth Objectes a Hidden services
Re: Po spuštění zamrzlý PC - pro 1danab
FIles:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/07/20 20:59
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Hidden/Locked Files
-------------------
SSDT:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/07/20 21:00
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
SSDT
-------------------
#: 000 Function Name: NtAcceptConnectPort
Status: Not hooked
#: 001 Function Name: NtAccessCheck
Status: Not hooked
#: 002 Function Name: NtAccessCheckAndAuditAlarm
Status: Not hooked
#: 003 Function Name: NtAccessCheckByType
Status: Not hooked
#: 004 Function Name: NtAccessCheckByTypeAndAuditAlarm
Status: Not hooked
#: 005 Function Name: NtAccessCheckByTypeResultList
Status: Not hooked
#: 006 Function Name: NtAccessCheckByTypeResultListAndAuditAlarm
Status: Not hooked
#: 007 Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle
Status: Not hooked
#: 008 Function Name: NtAddAtom
Status: Not hooked
#: 009 Function Name: NtAddBootEntry
Status: Not hooked
#: 010 Function Name: NtAdjustGroupsToken
Status: Not hooked
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Not hooked
#: 012 Function Name: NtAlertResumeThread
Status: Not hooked
#: 013 Function Name: NtAlertThread
Status: Not hooked
#: 014 Function Name: NtAllocateLocallyUniqueId
Status: Not hooked
#: 015 Function Name: NtAllocateUserPhysicalPages
Status: Not hooked
#: 016 Function Name: NtAllocateUuids
Status: Not hooked
#: 017 Function Name: NtAllocateVirtualMemory
Status: Not hooked
#: 018 Function Name: NtAreMappedFilesTheSame
Status: Not hooked
#: 019 Function Name: NtAssignProcessToJobObject
Status: Not hooked
#: 020 Function Name: NtCallbackReturn
Status: Not hooked
#: 021 Function Name: NtCancelDeviceWakeupRequest
Status: Not hooked
#: 022 Function Name: NtCancelIoFile
Status: Not hooked
#: 023 Function Name: NtCancelTimer
Status: Not hooked
#: 024 Function Name: NtClearEvent
Status: Not hooked
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xacd70cd2
#: 026 Function Name: NtCloseObjectAuditAlarm
Status: Not hooked
#: 027 Function Name: NtCompactKeys
Status: Not hooked
#: 028 Function Name: NtCompareTokens
Status: Not hooked
#: 029 Function Name: NtCompleteConnectPort
Status: Not hooked
#: 030 Function Name: NtCompressKey
Status: Not hooked
#: 031 Function Name: NtConnectPort
Status: Not hooked
#: 032 Function Name: NtContinue
Status: Not hooked
#: 033 Function Name: NtCreateDebugObject
Status: Not hooked
#: 034 Function Name: NtCreateDirectoryObject
Status: Not hooked
#: 035 Function Name: NtCreateEvent
Status: Not hooked
#: 036 Function Name: NtCreateEventPair
Status: Not hooked
#: 037 Function Name: NtCreateFile
Status: Not hooked
#: 038 Function Name: NtCreateIoCompletion
Status: Not hooked
#: 039 Function Name: NtCreateJobObject
Status: Not hooked
#: 040 Function Name: NtCreateJobSet
Status: Not hooked
#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xacd70b8e
#: 042 Function Name: NtCreateMailslotFile
Status: Not hooked
#: 043 Function Name: NtCreateMutant
Status: Not hooked
#: 044 Function Name: NtCreateNamedPipeFile
Status: Not hooked
#: 045 Function Name: NtCreatePagingFile
Status: Not hooked
#: 046 Function Name: NtCreatePort
Status: Not hooked
#: 047 Function Name: NtCreateProcess
Status: Not hooked
#: 048 Function Name: NtCreateProcessEx
Status: Not hooked
#: 049 Function Name: NtCreateProfile
Status: Not hooked
#: 050 Function Name: NtCreateSection
Status: Not hooked
#: 051 Function Name: NtCreateSemaphore
Status: Not hooked
#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Not hooked
#: 053 Function Name: NtCreateThread
Status: Not hooked
#: 054 Function Name: NtCreateTimer
Status: Not hooked
#: 055 Function Name: NtCreateToken
Status: Not hooked
#: 056 Function Name: NtCreateWaitablePort
Status: Not hooked
#: 057 Function Name: NtDebugActiveProcess
Status: Not hooked
#: 058 Function Name: NtDebugContinue
Status: Not hooked
#: 059 Function Name: NtDelayExecution
Status: Not hooked
#: 060 Function Name: NtDeleteAtom
Status: Not hooked
#: 061 Function Name: NtDeleteBootEntry
Status: Not hooked
#: 062 Function Name: NtDeleteFile
Status: Not hooked
#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xacd71142
#: 064 Function Name: NtDeleteObjectAuditAlarm
Status: Not hooked
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xacd7106c
#: 066 Function Name: NtDeviceIoControlFile
Status: Not hooked
#: 067 Function Name: NtDisplayString
Status: Not hooked
#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xacd70764
#: 069 Function Name: NtDuplicateToken
Status: Not hooked
#: 070 Function Name: NtEnumerateBootEntries
Status: Not hooked
#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sprk.sys" at address 0xb9ecdda4
#: 072 Function Name: NtEnumerateSystemEnvironmentValuesEx
Status: Not hooked
#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sprk.sys" at address 0xb9ece132
#: 074 Function Name: NtExtendSection
Status: Not hooked
#: 075 Function Name: NtFilterToken
Status: Not hooked
#: 076 Function Name: NtFindAtom
Status: Not hooked
#: 077 Function Name: NtFlushBuffersFile
Status: Not hooked
#: 078 Function Name: NtFlushInstructionCache
Status: Not hooked
#: 079 Function Name: NtFlushKey
Status: Not hooked
#: 080 Function Name: NtFlushVirtualMemory
Status: Not hooked
#: 081 Function Name: NtFlushWriteBuffer
Status: Not hooked
#: 082 Function Name: NtFreeUserPhysicalPages
Status: Not hooked
#: 083 Function Name: NtFreeVirtualMemory
Status: Not hooked
#: 084 Function Name: NtFsControlFile
Status: Not hooked
#: 085 Function Name: NtGetContextThread
Status: Not hooked
#: 086 Function Name: NtGetDevicePowerState
Status: Not hooked
#: 087 Function Name: NtGetPlugPlayEvent
Status: Not hooked
#: 088 Function Name: NtGetWriteWatch
Status: Not hooked
#: 089 Function Name: NtImpersonateAnonymousToken
Status: Not hooked
#: 090 Function Name: NtImpersonateClientOfPort
Status: Not hooked
#: 091 Function Name: NtImpersonateThread
Status: Not hooked
#: 092 Function Name: NtInitializeRegistry
Status: Not hooked
#: 093 Function Name: NtInitiatePowerAction
Status: Not hooked
#: 094 Function Name: NtIsProcessInJob
Status: Not hooked
#: 095 Function Name: NtIsSystemResumeAutomatic
Status: Not hooked
#: 096 Function Name: NtListenPort
Status: Not hooked
#: 097 Function Name: NtLoadDriver
Status: Not hooked
#: 098 Function Name: NtLoadKey
Status: Not hooked
#: 099 Function Name: NtLoadKey2
Status: Not hooked
#: 100 Function Name: NtLockFile
Status: Not hooked
#: 101 Function Name: NtLockProductActivationKeys
Status: Not hooked
#: 102 Function Name: NtLockRegistryKey
Status: Not hooked
#: 103 Function Name: NtLockVirtualMemory
Status: Not hooked
#: 104 Function Name: NtMakePermanentObject
Status: Not hooked
#: 105 Function Name: NtMakeTemporaryObject
Status: Not hooked
#: 106 Function Name: NtMapUserPhysicalPages
Status: Not hooked
#: 107 Function Name: NtMapUserPhysicalPagesScatter
Status: Not hooked
#: 108 Function Name: NtMapViewOfSection
Status: Not hooked
#: 109 Function Name: NtModifyBootEntry
Status: Not hooked
#: 110 Function Name: NtNotifyChangeDirectoryFile
Status: Not hooked
#: 111 Function Name: NtNotifyChangeKey
Status: Not hooked
#: 112 Function Name: NtNotifyChangeMultipleKeys
Status: Not hooked
#: 113 Function Name: NtOpenDirectoryObject
Status: Not hooked
#: 114 Function Name: NtOpenEvent
Status: Not hooked
#: 115 Function Name: NtOpenEventPair
Status: Not hooked
#: 116 Function Name: NtOpenFile
Status: Not hooked
#: 117 Function Name: NtOpenIoCompletion
Status: Not hooked
#: 118 Function Name: NtOpenJobObject
Status: Not hooked
#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xacd70c68
#: 120 Function Name: NtOpenMutant
Status: Not hooked
#: 121 Function Name: NtOpenObjectAuditAlarm
Status: Not hooked
#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xacd706a4
#: 123 Function Name: NtOpenProcessToken
Status: Not hooked
#: 124 Function Name: NtOpenProcessTokenEx
Status: Not hooked
#: 125 Function Name: NtOpenSection
Status: Not hooked
#: 126 Function Name: NtOpenSemaphore
Status: Not hooked
#: 127 Function Name: NtOpenSymbolicLinkObject
Status: Not hooked
#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xacd70708
#: 129 Function Name: NtOpenThreadToken
Status: Not hooked
#: 130 Function Name: NtOpenThreadTokenEx
Status: Not hooked
#: 131 Function Name: NtOpenTimer
Status: Not hooked
#: 132 Function Name: NtPlugPlayControl
Status: Not hooked
#: 133 Function Name: NtPowerInformation
Status: Not hooked
#: 134 Function Name: NtPrivilegeCheck
Status: Not hooked
#: 135 Function Name: NtPrivilegeObjectAuditAlarm
Status: Not hooked
#: 136 Function Name: NtPrivilegedServiceAuditAlarm
Status: Not hooked
#: 137 Function Name: NtProtectVirtualMemory
Status: Not hooked
#: 138 Function Name: NtPulseEvent
Status: Not hooked
#: 139 Function Name: NtQueryAttributesFile
Status: Not hooked
#: 140 Function Name: NtQueryBootEntryOrder
Status: Not hooked
#: 141 Function Name: NtQueryBootOptions
Status: Not hooked
#: 142 Function Name: NtQueryDebugFilterState
Status: Not hooked
#: 143 Function Name: NtQueryDefaultLocale
Status: Not hooked
#: 144 Function Name: NtQueryDefaultUILanguage
Status: Not hooked
#: 145 Function Name: NtQueryDirectoryFile
Status: Not hooked
#: 146 Function Name: NtQueryDirectoryObject
Status: Not hooked
#: 147 Function Name: NtQueryEaFile
Status: Not hooked
#: 148 Function Name: NtQueryEvent
Status: Not hooked
#: 149 Function Name: NtQueryFullAttributesFile
Status: Not hooked
#: 150 Function Name: NtQueryInformationAtom
Status: Not hooked
#: 151 Function Name: NtQueryInformationFile
Status: Not hooked
#: 152 Function Name: NtQueryInformationJobObject
Status: Not hooked
#: 153 Function Name: NtQueryInformationPort
Status: Not hooked
#: 154 Function Name: NtQueryInformationProcess
Status: Not hooked
#: 155 Function Name: NtQueryInformationThread
Status: Not hooked
#: 156 Function Name: NtQueryInformationToken
Status: Not hooked
#: 157 Function Name: NtQueryInstallUILanguage
Status: Not hooked
#: 158 Function Name: NtQueryIntervalProfile
Status: Not hooked
#: 159 Function Name: NtQueryIoCompletion
Status: Not hooked
#: 160 Function Name: NtQueryKey
Status: Hooked by "sprk.sys" at address 0xb9ece20a
#: 161 Function Name: NtQueryMultipleValueKey
Status: Not hooked
#: 162 Function Name: NtQueryMutant
Status: Not hooked
#: 163 Function Name: NtQueryObject
Status: Not hooked
#: 164 Function Name: NtQueryOpenSubKeys
Status: Not hooked
#: 165 Function Name: NtQueryPerformanceCounter
Status: Not hooked
#: 166 Function Name: NtQueryQuotaInformationFile
Status: Not hooked
#: 167 Function Name: NtQuerySection
Status: Not hooked
#: 168 Function Name: NtQuerySecurityObject
Status: Not hooked
#: 169 Function Name: NtQuerySemaphore
Status: Not hooked
#: 170 Function Name: NtQuerySymbolicLinkObject
Status: Not hooked
#: 171 Function Name: NtQuerySystemEnvironmentValue
Status: Not hooked
#: 172 Function Name: NtQuerySystemEnvironmentValueEx
Status: Not hooked
#: 173 Function Name: NtQuerySystemInformation
Status: Not hooked
#: 174 Function Name: NtQuerySystemTime
Status: Not hooked
#: 175 Function Name: NtQueryTimer
Status: Not hooked
#: 176 Function Name: NtQueryTimerResolution
Status: Not hooked
#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xacd70d88
#: 178 Function Name: NtQueryVirtualMemory
Status: Not hooked
#: 179 Function Name: NtQueryVolumeInformationFile
Status: Not hooked
#: 180 Function Name: NtQueueApcThread
Status: Not hooked
#: 181 Function Name: NtRaiseException
Status: Not hooked
#: 182 Function Name: NtRaiseHardError
Status: Not hooked
#: 183 Function Name: NtReadFile
Status: Not hooked
#: 184 Function Name: NtReadFileScatter
Status: Not hooked
#: 185 Function Name: NtReadRequestData
Status: Not hooked
#: 186 Function Name: NtReadVirtualMemory
Status: Not hooked
#: 187 Function Name: NtRegisterThreadTerminatePort
Status: Not hooked
#: 188 Function Name: NtReleaseMutant
Status: Not hooked
#: 189 Function Name: NtReleaseSemaphore
Status: Not hooked
#: 190 Function Name: NtRemoveIoCompletion
Status: Not hooked
#: 191 Function Name: NtRemoveProcessDebug
Status: Not hooked
#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xacd71210
#: 193 Function Name: NtReplaceKey
Status: Not hooked
#: 194 Function Name: NtReplyPort
Status: Not hooked
#: 195 Function Name: NtReplyWaitReceivePort
Status: Not hooked
#: 196 Function Name: NtReplyWaitReceivePortEx
Status: Not hooked
#: 197 Function Name: NtReplyWaitReplyPort
Status: Not hooked
#: 198 Function Name: NtRequestDeviceWakeup
Status: Not hooked
#: 199 Function Name: NtRequestPort
Status: Not hooked
#: 200 Function Name: NtRequestWaitReplyPort
Status: Not hooked
#: 201 Function Name: NtRequestWakeupLatency
Status: Not hooked
#: 202 Function Name: NtResetEvent
Status: Not hooked
#: 203 Function Name: NtResetWriteWatch
Status: Not hooked
#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xacd70d48
#: 205 Function Name: NtResumeProcess
Status: Not hooked
#: 206 Function Name: NtResumeThread
Status: Not hooked
#: 207 Function Name: NtSaveKey
Status: Not hooked
#: 208 Function Name: NtSaveKeyEx
Status: Not hooked
#: 209 Function Name: NtSaveMergedKeys
Status: Not hooked
#: 210 Function Name: NtSecureConnectPort
Status: Not hooked
#: 211 Function Name: NtSetBootEntryOrder
Status: Not hooked
#: 212 Function Name: NtSetBootOptions
Status: Not hooked
#: 213 Function Name: NtSetContextThread
Status: Not hooked
#: 214 Function Name: NtSetDebugFilterState
Status: Not hooked
#: 215 Function Name: NtSetDefaultHardErrorPort
Status: Not hooked
#: 216 Function Name: NtSetDefaultLocale
Status: Not hooked
#: 217 Function Name: NtSetDefaultUILanguage
Status: Not hooked
#: 218 Function Name: NtSetEaFile
Status: Not hooked
#: 219 Function Name: NtSetEvent
Status: Not hooked
#: 220 Function Name: NtSetEventBoostPriority
Status: Not hooked
#: 221 Function Name: NtSetHighEventPair
Status: Not hooked
#: 222 Function Name: NtSetHighWaitLowEventPair
Status: Not hooked
#: 223 Function Name: NtSetInformationDebugObject
Status: Not hooked
#: 224 Function Name: NtSetInformationFile
Status: Not hooked
#: 225 Function Name: NtSetInformationJobObject
Status: Not hooked
#: 226 Function Name: NtSetInformationKey
Status: Not hooked
#: 227 Function Name: NtSetInformationObject
Status: Not hooked
#: 228 Function Name: NtSetInformationProcess
Status: Not hooked
#: 229 Function Name: NtSetInformationThread
Status: Not hooked
#: 230 Function Name: NtSetInformationToken
Status: Not hooked
#: 231 Function Name: NtSetIntervalProfile
Status: Not hooked
#: 232 Function Name: NtSetIoCompletion
Status: Not hooked
#: 233 Function Name: NtSetLdtEntries
Status: Not hooked
#: 234 Function Name: NtSetLowEventPair
Status: Not hooked
#: 235 Function Name: NtSetLowWaitHighEventPair
Status: Not hooked
#: 236 Function Name: NtSetQuotaInformationFile
Status: Not hooked
#: 237 Function Name: NtSetSecurityObject
Status: Not hooked
#: 238 Function Name: NtSetSystemEnvironmentValue
Status: Not hooked
#: 239 Function Name: NtSetSystemEnvironmentValueEx
Status: Not hooked
#: 240 Function Name: NtSetSystemInformation
Status: Not hooked
#: 241 Function Name: NtSetSystemPowerState
Status: Not hooked
#: 242 Function Name: NtSetSystemTime
Status: Not hooked
#: 243 Function Name: NtSetThreadExecutionState
Status: Not hooked
#: 244 Function Name: NtSetTimer
Status: Not hooked
#: 245 Function Name: NtSetTimerResolution
Status: Not hooked
#: 246 Function Name: NtSetUuidSeed
Status: Not hooked
#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xacd70ec8
#: 248 Function Name: NtSetVolumeInformationFile
Status: Not hooked
#: 249 Function Name: NtShutdownSystem
Status: Not hooked
#: 250 Function Name: NtSignalAndWaitForSingleObject
Status: Not hooked
#: 251 Function Name: NtStartProfile
Status: Not hooked
#: 252 Function Name: NtStopProfile
Status: Not hooked
#: 253 Function Name: NtSuspendProcess
Status: Not hooked
#: 254 Function Name: NtSuspendThread
Status: Not hooked
#: 255 Function Name: NtSystemDebugControl
Status: Not hooked
#: 256 Function Name: NtTerminateJobObject
Status: Not hooked
#: 257 Function Name: NtTerminateProcess
Status: Not hooked
#: 258 Function Name: NtTerminateThread
Status: Not hooked
#: 259 Function Name: NtTestAlert
Status: Not hooked
#: 260 Function Name: NtTraceEvent
Status: Not hooked
#: 261 Function Name: NtTranslateFilePath
Status: Not hooked
#: 262 Function Name: NtUnloadDriver
Status: Not hooked
#: 263 Function Name: NtUnloadKey
Status: Not hooked
#: 264 Function Name: NtUnloadKeyEx
Status: Not hooked
#: 265 Function Name: NtUnlockFile
Status: Not hooked
#: 266 Function Name: NtUnlockVirtualMemory
Status: Not hooked
#: 267 Function Name: NtUnmapViewOfSection
Status: Not hooked
#: 268 Function Name: NtVdmControl
Status: Not hooked
#: 269 Function Name: NtWaitForDebugEvent
Status: Not hooked
#: 270 Function Name: NtWaitForMultipleObjects
Status: Not hooked
#: 271 Function Name: NtWaitForSingleObject
Status: Not hooked
#: 272 Function Name: NtWaitHighEventPair
Status: Not hooked
#: 273 Function Name: NtWaitLowEventPair
Status: Not hooked
#: 274 Function Name: NtWriteFile
Status: Not hooked
#: 275 Function Name: NtWriteFileGather
Status: Not hooked
#: 276 Function Name: NtWriteRequestData
Status: Not hooked
#: 277 Function Name: NtWriteVirtualMemory
Status: Not hooked
#: 278 Function Name: NtYieldExecution
Status: Not hooked
#: 279 Function Name: NtCreateKeyedEvent
Status: Not hooked
#: 280 Function Name: NtOpenKeyedEvent
Status: Not hooked
#: 281 Function Name: NtReleaseKeyedEvent
Status: Not hooked
#: 282 Function Name: NtWaitForKeyedEvent
Status: Not hooked
#: 283 Function Name: NtQueryPortInformationProcess
Status: Not hooked
Stealth Objectes:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/07/20 21:01
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: ayjpunuvࠅ扏煓ࠁఄ灐†raspptp., IRP_MJ_CREATE]
Process: System Address: 0x89bab500 Size: 121
Object: Hidden Code [Driver: ayjpunuvࠅ扏煓ࠁఄ灐†raspptp., IRP_MJ_CLOSE]
Process: System Address: 0x89bab500 Size: 121
Object: Hidden Code [Driver: ayjpunuvࠅ扏煓ࠁఄ灐†raspptp., IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89bab500 Size: 121
Object: Hidden Code [Driver: ayjpunuvࠅ扏煓ࠁఄ灐†raspptp., IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89bab500 Size: 121
Object: Hidden Code [Driver: ayjpunuvࠅ扏煓ࠁఄ灐†raspptp., IRP_MJ_POWER]
Process: System Address: 0x89bab500 Size: 121
Object: Hidden Code [Driver: ayjpunuvࠅ扏煓ࠁఄ灐†raspptp., IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89bab500 Size: 121
Object: Hidden Code [Driver: ayjpunuvࠅ扏煓ࠁఄ灐†raspptp., IRP_MJ_PNP]
Process: System Address: 0x89bab500 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x89bb11f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x89bb11f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x89bb11f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x89bb11f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89bb11f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89bb11f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89bb11f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89bb11f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x89bb11f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89bb11f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x89bb11f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x89de51f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x89de51f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x89de51f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x89de51f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89de51f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89de51f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89de51f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89de51f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x89de51f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89de51f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x89de51f8 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x89b5d500 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x89b5d500 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89b5d500 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89b5d500 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x89b5d500 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89b5d500 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x89b5d500 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x89e561f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x89e561f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x89e561f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89e561f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89e561f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89e561f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89e561f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x89e561f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x89e561f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89e561f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x89e561f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x89b78500 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x89b78500 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89b78500 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89b78500 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x89b78500 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x89b78500 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x89bd41f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x89bd41f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89bd41f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89bd41f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x89bd41f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89bd41f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x89bd41f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: Cdfsࠅ扏煓隈뉸ࠂఉ晇癦펠, IRP_MJ_CREATE]
Process: System Address: 0x89b61500 Size: 121
Object: Hidden Code [Driver: Cdfsࠅ扏煓隈뉸ࠂఉ晇癦펠, IRP_MJ_CLOSE]
Process: System Address: 0x89b61500 Size: 121
Object: Hidden Code [Driver: Cdfsࠅ扏煓隈뉸ࠂఉ晇癦펠, IRP_MJ_READ]
Process: System Address: 0x89b61500 Size: 121
Object: Hidden Code [Driver: Cdfsࠅ扏煓隈뉸ࠂఉ晇癦펠, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89b61500 Size: 121
Object: Hidden Code [Driver: Cdfsࠅ扏煓隈뉸ࠂఉ晇癦펠, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89b61500 Size: 121
Object: Hidden Code [Driver: Cdfsࠅ扏煓隈뉸ࠂఉ晇癦펠, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89b61500 Size: 121
Object: Hidden Code [Driver: Cdfsࠅ扏煓隈뉸ࠂఉ晇癦펠, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89b61500 Size: 121
Object: Hidden Code [Driver: Cdfsࠅ扏煓隈뉸ࠂఉ晇癦펠, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89b61500 Size: 121
Object: Hidden Code [Driver: Cdfsࠅ扏煓隈뉸ࠂఉ晇癦펠, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89b61500 Size: 121
Object: Hidden Code [Driver: Cdfsࠅ扏煓隈뉸ࠂఉ晇癦펠, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89b61500 Size: 121
Object: Hidden Code [Driver: Cdfsࠅ扏煓隈뉸ࠂఉ晇癦펠, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89b61500 Size: 121
Object: Hidden Code [Driver: Cdfsࠅ扏煓隈뉸ࠂఉ晇癦펠, IRP_MJ_CLEANUP]
Process: System Address: 0x89b61500 Size: 121
Object: Hidden Code [Driver: Cdfsࠅ扏煓隈뉸ࠂఉ晇癦펠, IRP_MJ_PNP]
Process: System Address: 0x89b61500 Size: 121
Hidden services:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/07/20 21:01
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Hidden Services
-------------------
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/07/20 20:59
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Hidden/Locked Files
-------------------
SSDT:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/07/20 21:00
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
SSDT
-------------------
#: 000 Function Name: NtAcceptConnectPort
Status: Not hooked
#: 001 Function Name: NtAccessCheck
Status: Not hooked
#: 002 Function Name: NtAccessCheckAndAuditAlarm
Status: Not hooked
#: 003 Function Name: NtAccessCheckByType
Status: Not hooked
#: 004 Function Name: NtAccessCheckByTypeAndAuditAlarm
Status: Not hooked
#: 005 Function Name: NtAccessCheckByTypeResultList
Status: Not hooked
#: 006 Function Name: NtAccessCheckByTypeResultListAndAuditAlarm
Status: Not hooked
#: 007 Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle
Status: Not hooked
#: 008 Function Name: NtAddAtom
Status: Not hooked
#: 009 Function Name: NtAddBootEntry
Status: Not hooked
#: 010 Function Name: NtAdjustGroupsToken
Status: Not hooked
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Not hooked
#: 012 Function Name: NtAlertResumeThread
Status: Not hooked
#: 013 Function Name: NtAlertThread
Status: Not hooked
#: 014 Function Name: NtAllocateLocallyUniqueId
Status: Not hooked
#: 015 Function Name: NtAllocateUserPhysicalPages
Status: Not hooked
#: 016 Function Name: NtAllocateUuids
Status: Not hooked
#: 017 Function Name: NtAllocateVirtualMemory
Status: Not hooked
#: 018 Function Name: NtAreMappedFilesTheSame
Status: Not hooked
#: 019 Function Name: NtAssignProcessToJobObject
Status: Not hooked
#: 020 Function Name: NtCallbackReturn
Status: Not hooked
#: 021 Function Name: NtCancelDeviceWakeupRequest
Status: Not hooked
#: 022 Function Name: NtCancelIoFile
Status: Not hooked
#: 023 Function Name: NtCancelTimer
Status: Not hooked
#: 024 Function Name: NtClearEvent
Status: Not hooked
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xacd70cd2
#: 026 Function Name: NtCloseObjectAuditAlarm
Status: Not hooked
#: 027 Function Name: NtCompactKeys
Status: Not hooked
#: 028 Function Name: NtCompareTokens
Status: Not hooked
#: 029 Function Name: NtCompleteConnectPort
Status: Not hooked
#: 030 Function Name: NtCompressKey
Status: Not hooked
#: 031 Function Name: NtConnectPort
Status: Not hooked
#: 032 Function Name: NtContinue
Status: Not hooked
#: 033 Function Name: NtCreateDebugObject
Status: Not hooked
#: 034 Function Name: NtCreateDirectoryObject
Status: Not hooked
#: 035 Function Name: NtCreateEvent
Status: Not hooked
#: 036 Function Name: NtCreateEventPair
Status: Not hooked
#: 037 Function Name: NtCreateFile
Status: Not hooked
#: 038 Function Name: NtCreateIoCompletion
Status: Not hooked
#: 039 Function Name: NtCreateJobObject
Status: Not hooked
#: 040 Function Name: NtCreateJobSet
Status: Not hooked
#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xacd70b8e
#: 042 Function Name: NtCreateMailslotFile
Status: Not hooked
#: 043 Function Name: NtCreateMutant
Status: Not hooked
#: 044 Function Name: NtCreateNamedPipeFile
Status: Not hooked
#: 045 Function Name: NtCreatePagingFile
Status: Not hooked
#: 046 Function Name: NtCreatePort
Status: Not hooked
#: 047 Function Name: NtCreateProcess
Status: Not hooked
#: 048 Function Name: NtCreateProcessEx
Status: Not hooked
#: 049 Function Name: NtCreateProfile
Status: Not hooked
#: 050 Function Name: NtCreateSection
Status: Not hooked
#: 051 Function Name: NtCreateSemaphore
Status: Not hooked
#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Not hooked
#: 053 Function Name: NtCreateThread
Status: Not hooked
#: 054 Function Name: NtCreateTimer
Status: Not hooked
#: 055 Function Name: NtCreateToken
Status: Not hooked
#: 056 Function Name: NtCreateWaitablePort
Status: Not hooked
#: 057 Function Name: NtDebugActiveProcess
Status: Not hooked
#: 058 Function Name: NtDebugContinue
Status: Not hooked
#: 059 Function Name: NtDelayExecution
Status: Not hooked
#: 060 Function Name: NtDeleteAtom
Status: Not hooked
#: 061 Function Name: NtDeleteBootEntry
Status: Not hooked
#: 062 Function Name: NtDeleteFile
Status: Not hooked
#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xacd71142
#: 064 Function Name: NtDeleteObjectAuditAlarm
Status: Not hooked
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xacd7106c
#: 066 Function Name: NtDeviceIoControlFile
Status: Not hooked
#: 067 Function Name: NtDisplayString
Status: Not hooked
#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xacd70764
#: 069 Function Name: NtDuplicateToken
Status: Not hooked
#: 070 Function Name: NtEnumerateBootEntries
Status: Not hooked
#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sprk.sys" at address 0xb9ecdda4
#: 072 Function Name: NtEnumerateSystemEnvironmentValuesEx
Status: Not hooked
#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sprk.sys" at address 0xb9ece132
#: 074 Function Name: NtExtendSection
Status: Not hooked
#: 075 Function Name: NtFilterToken
Status: Not hooked
#: 076 Function Name: NtFindAtom
Status: Not hooked
#: 077 Function Name: NtFlushBuffersFile
Status: Not hooked
#: 078 Function Name: NtFlushInstructionCache
Status: Not hooked
#: 079 Function Name: NtFlushKey
Status: Not hooked
#: 080 Function Name: NtFlushVirtualMemory
Status: Not hooked
#: 081 Function Name: NtFlushWriteBuffer
Status: Not hooked
#: 082 Function Name: NtFreeUserPhysicalPages
Status: Not hooked
#: 083 Function Name: NtFreeVirtualMemory
Status: Not hooked
#: 084 Function Name: NtFsControlFile
Status: Not hooked
#: 085 Function Name: NtGetContextThread
Status: Not hooked
#: 086 Function Name: NtGetDevicePowerState
Status: Not hooked
#: 087 Function Name: NtGetPlugPlayEvent
Status: Not hooked
#: 088 Function Name: NtGetWriteWatch
Status: Not hooked
#: 089 Function Name: NtImpersonateAnonymousToken
Status: Not hooked
#: 090 Function Name: NtImpersonateClientOfPort
Status: Not hooked
#: 091 Function Name: NtImpersonateThread
Status: Not hooked
#: 092 Function Name: NtInitializeRegistry
Status: Not hooked
#: 093 Function Name: NtInitiatePowerAction
Status: Not hooked
#: 094 Function Name: NtIsProcessInJob
Status: Not hooked
#: 095 Function Name: NtIsSystemResumeAutomatic
Status: Not hooked
#: 096 Function Name: NtListenPort
Status: Not hooked
#: 097 Function Name: NtLoadDriver
Status: Not hooked
#: 098 Function Name: NtLoadKey
Status: Not hooked
#: 099 Function Name: NtLoadKey2
Status: Not hooked
#: 100 Function Name: NtLockFile
Status: Not hooked
#: 101 Function Name: NtLockProductActivationKeys
Status: Not hooked
#: 102 Function Name: NtLockRegistryKey
Status: Not hooked
#: 103 Function Name: NtLockVirtualMemory
Status: Not hooked
#: 104 Function Name: NtMakePermanentObject
Status: Not hooked
#: 105 Function Name: NtMakeTemporaryObject
Status: Not hooked
#: 106 Function Name: NtMapUserPhysicalPages
Status: Not hooked
#: 107 Function Name: NtMapUserPhysicalPagesScatter
Status: Not hooked
#: 108 Function Name: NtMapViewOfSection
Status: Not hooked
#: 109 Function Name: NtModifyBootEntry
Status: Not hooked
#: 110 Function Name: NtNotifyChangeDirectoryFile
Status: Not hooked
#: 111 Function Name: NtNotifyChangeKey
Status: Not hooked
#: 112 Function Name: NtNotifyChangeMultipleKeys
Status: Not hooked
#: 113 Function Name: NtOpenDirectoryObject
Status: Not hooked
#: 114 Function Name: NtOpenEvent
Status: Not hooked
#: 115 Function Name: NtOpenEventPair
Status: Not hooked
#: 116 Function Name: NtOpenFile
Status: Not hooked
#: 117 Function Name: NtOpenIoCompletion
Status: Not hooked
#: 118 Function Name: NtOpenJobObject
Status: Not hooked
#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xacd70c68
#: 120 Function Name: NtOpenMutant
Status: Not hooked
#: 121 Function Name: NtOpenObjectAuditAlarm
Status: Not hooked
#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xacd706a4
#: 123 Function Name: NtOpenProcessToken
Status: Not hooked
#: 124 Function Name: NtOpenProcessTokenEx
Status: Not hooked
#: 125 Function Name: NtOpenSection
Status: Not hooked
#: 126 Function Name: NtOpenSemaphore
Status: Not hooked
#: 127 Function Name: NtOpenSymbolicLinkObject
Status: Not hooked
#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xacd70708
#: 129 Function Name: NtOpenThreadToken
Status: Not hooked
#: 130 Function Name: NtOpenThreadTokenEx
Status: Not hooked
#: 131 Function Name: NtOpenTimer
Status: Not hooked
#: 132 Function Name: NtPlugPlayControl
Status: Not hooked
#: 133 Function Name: NtPowerInformation
Status: Not hooked
#: 134 Function Name: NtPrivilegeCheck
Status: Not hooked
#: 135 Function Name: NtPrivilegeObjectAuditAlarm
Status: Not hooked
#: 136 Function Name: NtPrivilegedServiceAuditAlarm
Status: Not hooked
#: 137 Function Name: NtProtectVirtualMemory
Status: Not hooked
#: 138 Function Name: NtPulseEvent
Status: Not hooked
#: 139 Function Name: NtQueryAttributesFile
Status: Not hooked
#: 140 Function Name: NtQueryBootEntryOrder
Status: Not hooked
#: 141 Function Name: NtQueryBootOptions
Status: Not hooked
#: 142 Function Name: NtQueryDebugFilterState
Status: Not hooked
#: 143 Function Name: NtQueryDefaultLocale
Status: Not hooked
#: 144 Function Name: NtQueryDefaultUILanguage
Status: Not hooked
#: 145 Function Name: NtQueryDirectoryFile
Status: Not hooked
#: 146 Function Name: NtQueryDirectoryObject
Status: Not hooked
#: 147 Function Name: NtQueryEaFile
Status: Not hooked
#: 148 Function Name: NtQueryEvent
Status: Not hooked
#: 149 Function Name: NtQueryFullAttributesFile
Status: Not hooked
#: 150 Function Name: NtQueryInformationAtom
Status: Not hooked
#: 151 Function Name: NtQueryInformationFile
Status: Not hooked
#: 152 Function Name: NtQueryInformationJobObject
Status: Not hooked
#: 153 Function Name: NtQueryInformationPort
Status: Not hooked
#: 154 Function Name: NtQueryInformationProcess
Status: Not hooked
#: 155 Function Name: NtQueryInformationThread
Status: Not hooked
#: 156 Function Name: NtQueryInformationToken
Status: Not hooked
#: 157 Function Name: NtQueryInstallUILanguage
Status: Not hooked
#: 158 Function Name: NtQueryIntervalProfile
Status: Not hooked
#: 159 Function Name: NtQueryIoCompletion
Status: Not hooked
#: 160 Function Name: NtQueryKey
Status: Hooked by "sprk.sys" at address 0xb9ece20a
#: 161 Function Name: NtQueryMultipleValueKey
Status: Not hooked
#: 162 Function Name: NtQueryMutant
Status: Not hooked
#: 163 Function Name: NtQueryObject
Status: Not hooked
#: 164 Function Name: NtQueryOpenSubKeys
Status: Not hooked
#: 165 Function Name: NtQueryPerformanceCounter
Status: Not hooked
#: 166 Function Name: NtQueryQuotaInformationFile
Status: Not hooked
#: 167 Function Name: NtQuerySection
Status: Not hooked
#: 168 Function Name: NtQuerySecurityObject
Status: Not hooked
#: 169 Function Name: NtQuerySemaphore
Status: Not hooked
#: 170 Function Name: NtQuerySymbolicLinkObject
Status: Not hooked
#: 171 Function Name: NtQuerySystemEnvironmentValue
Status: Not hooked
#: 172 Function Name: NtQuerySystemEnvironmentValueEx
Status: Not hooked
#: 173 Function Name: NtQuerySystemInformation
Status: Not hooked
#: 174 Function Name: NtQuerySystemTime
Status: Not hooked
#: 175 Function Name: NtQueryTimer
Status: Not hooked
#: 176 Function Name: NtQueryTimerResolution
Status: Not hooked
#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xacd70d88
#: 178 Function Name: NtQueryVirtualMemory
Status: Not hooked
#: 179 Function Name: NtQueryVolumeInformationFile
Status: Not hooked
#: 180 Function Name: NtQueueApcThread
Status: Not hooked
#: 181 Function Name: NtRaiseException
Status: Not hooked
#: 182 Function Name: NtRaiseHardError
Status: Not hooked
#: 183 Function Name: NtReadFile
Status: Not hooked
#: 184 Function Name: NtReadFileScatter
Status: Not hooked
#: 185 Function Name: NtReadRequestData
Status: Not hooked
#: 186 Function Name: NtReadVirtualMemory
Status: Not hooked
#: 187 Function Name: NtRegisterThreadTerminatePort
Status: Not hooked
#: 188 Function Name: NtReleaseMutant
Status: Not hooked
#: 189 Function Name: NtReleaseSemaphore
Status: Not hooked
#: 190 Function Name: NtRemoveIoCompletion
Status: Not hooked
#: 191 Function Name: NtRemoveProcessDebug
Status: Not hooked
#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xacd71210
#: 193 Function Name: NtReplaceKey
Status: Not hooked
#: 194 Function Name: NtReplyPort
Status: Not hooked
#: 195 Function Name: NtReplyWaitReceivePort
Status: Not hooked
#: 196 Function Name: NtReplyWaitReceivePortEx
Status: Not hooked
#: 197 Function Name: NtReplyWaitReplyPort
Status: Not hooked
#: 198 Function Name: NtRequestDeviceWakeup
Status: Not hooked
#: 199 Function Name: NtRequestPort
Status: Not hooked
#: 200 Function Name: NtRequestWaitReplyPort
Status: Not hooked
#: 201 Function Name: NtRequestWakeupLatency
Status: Not hooked
#: 202 Function Name: NtResetEvent
Status: Not hooked
#: 203 Function Name: NtResetWriteWatch
Status: Not hooked
#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xacd70d48
#: 205 Function Name: NtResumeProcess
Status: Not hooked
#: 206 Function Name: NtResumeThread
Status: Not hooked
#: 207 Function Name: NtSaveKey
Status: Not hooked
#: 208 Function Name: NtSaveKeyEx
Status: Not hooked
#: 209 Function Name: NtSaveMergedKeys
Status: Not hooked
#: 210 Function Name: NtSecureConnectPort
Status: Not hooked
#: 211 Function Name: NtSetBootEntryOrder
Status: Not hooked
#: 212 Function Name: NtSetBootOptions
Status: Not hooked
#: 213 Function Name: NtSetContextThread
Status: Not hooked
#: 214 Function Name: NtSetDebugFilterState
Status: Not hooked
#: 215 Function Name: NtSetDefaultHardErrorPort
Status: Not hooked
#: 216 Function Name: NtSetDefaultLocale
Status: Not hooked
#: 217 Function Name: NtSetDefaultUILanguage
Status: Not hooked
#: 218 Function Name: NtSetEaFile
Status: Not hooked
#: 219 Function Name: NtSetEvent
Status: Not hooked
#: 220 Function Name: NtSetEventBoostPriority
Status: Not hooked
#: 221 Function Name: NtSetHighEventPair
Status: Not hooked
#: 222 Function Name: NtSetHighWaitLowEventPair
Status: Not hooked
#: 223 Function Name: NtSetInformationDebugObject
Status: Not hooked
#: 224 Function Name: NtSetInformationFile
Status: Not hooked
#: 225 Function Name: NtSetInformationJobObject
Status: Not hooked
#: 226 Function Name: NtSetInformationKey
Status: Not hooked
#: 227 Function Name: NtSetInformationObject
Status: Not hooked
#: 228 Function Name: NtSetInformationProcess
Status: Not hooked
#: 229 Function Name: NtSetInformationThread
Status: Not hooked
#: 230 Function Name: NtSetInformationToken
Status: Not hooked
#: 231 Function Name: NtSetIntervalProfile
Status: Not hooked
#: 232 Function Name: NtSetIoCompletion
Status: Not hooked
#: 233 Function Name: NtSetLdtEntries
Status: Not hooked
#: 234 Function Name: NtSetLowEventPair
Status: Not hooked
#: 235 Function Name: NtSetLowWaitHighEventPair
Status: Not hooked
#: 236 Function Name: NtSetQuotaInformationFile
Status: Not hooked
#: 237 Function Name: NtSetSecurityObject
Status: Not hooked
#: 238 Function Name: NtSetSystemEnvironmentValue
Status: Not hooked
#: 239 Function Name: NtSetSystemEnvironmentValueEx
Status: Not hooked
#: 240 Function Name: NtSetSystemInformation
Status: Not hooked
#: 241 Function Name: NtSetSystemPowerState
Status: Not hooked
#: 242 Function Name: NtSetSystemTime
Status: Not hooked
#: 243 Function Name: NtSetThreadExecutionState
Status: Not hooked
#: 244 Function Name: NtSetTimer
Status: Not hooked
#: 245 Function Name: NtSetTimerResolution
Status: Not hooked
#: 246 Function Name: NtSetUuidSeed
Status: Not hooked
#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xacd70ec8
#: 248 Function Name: NtSetVolumeInformationFile
Status: Not hooked
#: 249 Function Name: NtShutdownSystem
Status: Not hooked
#: 250 Function Name: NtSignalAndWaitForSingleObject
Status: Not hooked
#: 251 Function Name: NtStartProfile
Status: Not hooked
#: 252 Function Name: NtStopProfile
Status: Not hooked
#: 253 Function Name: NtSuspendProcess
Status: Not hooked
#: 254 Function Name: NtSuspendThread
Status: Not hooked
#: 255 Function Name: NtSystemDebugControl
Status: Not hooked
#: 256 Function Name: NtTerminateJobObject
Status: Not hooked
#: 257 Function Name: NtTerminateProcess
Status: Not hooked
#: 258 Function Name: NtTerminateThread
Status: Not hooked
#: 259 Function Name: NtTestAlert
Status: Not hooked
#: 260 Function Name: NtTraceEvent
Status: Not hooked
#: 261 Function Name: NtTranslateFilePath
Status: Not hooked
#: 262 Function Name: NtUnloadDriver
Status: Not hooked
#: 263 Function Name: NtUnloadKey
Status: Not hooked
#: 264 Function Name: NtUnloadKeyEx
Status: Not hooked
#: 265 Function Name: NtUnlockFile
Status: Not hooked
#: 266 Function Name: NtUnlockVirtualMemory
Status: Not hooked
#: 267 Function Name: NtUnmapViewOfSection
Status: Not hooked
#: 268 Function Name: NtVdmControl
Status: Not hooked
#: 269 Function Name: NtWaitForDebugEvent
Status: Not hooked
#: 270 Function Name: NtWaitForMultipleObjects
Status: Not hooked
#: 271 Function Name: NtWaitForSingleObject
Status: Not hooked
#: 272 Function Name: NtWaitHighEventPair
Status: Not hooked
#: 273 Function Name: NtWaitLowEventPair
Status: Not hooked
#: 274 Function Name: NtWriteFile
Status: Not hooked
#: 275 Function Name: NtWriteFileGather
Status: Not hooked
#: 276 Function Name: NtWriteRequestData
Status: Not hooked
#: 277 Function Name: NtWriteVirtualMemory
Status: Not hooked
#: 278 Function Name: NtYieldExecution
Status: Not hooked
#: 279 Function Name: NtCreateKeyedEvent
Status: Not hooked
#: 280 Function Name: NtOpenKeyedEvent
Status: Not hooked
#: 281 Function Name: NtReleaseKeyedEvent
Status: Not hooked
#: 282 Function Name: NtWaitForKeyedEvent
Status: Not hooked
#: 283 Function Name: NtQueryPortInformationProcess
Status: Not hooked
Stealth Objectes:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/07/20 21:01
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x89e541f8 Size: 121
Object: Hidden Code [Driver: ayjpunuvࠅ扏煓ࠁఄ灐†raspptp., IRP_MJ_CREATE]
Process: System Address: 0x89bab500 Size: 121
Object: Hidden Code [Driver: ayjpunuvࠅ扏煓ࠁఄ灐†raspptp., IRP_MJ_CLOSE]
Process: System Address: 0x89bab500 Size: 121
Object: Hidden Code [Driver: ayjpunuvࠅ扏煓ࠁఄ灐†raspptp., IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89bab500 Size: 121
Object: Hidden Code [Driver: ayjpunuvࠅ扏煓ࠁఄ灐†raspptp., IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89bab500 Size: 121
Object: Hidden Code [Driver: ayjpunuvࠅ扏煓ࠁఄ灐†raspptp., IRP_MJ_POWER]
Process: System Address: 0x89bab500 Size: 121
Object: Hidden Code [Driver: ayjpunuvࠅ扏煓ࠁఄ灐†raspptp., IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89bab500 Size: 121
Object: Hidden Code [Driver: ayjpunuvࠅ扏煓ࠁఄ灐†raspptp., IRP_MJ_PNP]
Process: System Address: 0x89bab500 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x89bb11f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x89bb11f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x89bb11f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x89bb11f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89bb11f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89bb11f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89bb11f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89bb11f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x89bb11f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89bb11f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x89bb11f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x89de51f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x89de51f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x89de51f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x89de51f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89de51f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89de51f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89de51f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89de51f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x89de51f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89de51f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x89de51f8 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x89b5d500 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x89b5d500 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89b5d500 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89b5d500 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x89b5d500 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89b5d500 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x89b5d500 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x89e561f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x89e561f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x89e561f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89e561f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89e561f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89e561f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89e561f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x89e561f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x89e561f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89e561f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x89e561f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x89b78500 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x89b78500 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89b78500 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89b78500 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x89b78500 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x89b78500 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x89bd41f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x89bd41f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89bd41f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89bd41f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x89bd41f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89bd41f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x89bd41f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x8999b500 Size: 121
Object: Hidden Code [Driver: Cdfsࠅ扏煓隈뉸ࠂఉ晇癦펠, IRP_MJ_CREATE]
Process: System Address: 0x89b61500 Size: 121
Object: Hidden Code [Driver: Cdfsࠅ扏煓隈뉸ࠂఉ晇癦펠, IRP_MJ_CLOSE]
Process: System Address: 0x89b61500 Size: 121
Object: Hidden Code [Driver: Cdfsࠅ扏煓隈뉸ࠂఉ晇癦펠, IRP_MJ_READ]
Process: System Address: 0x89b61500 Size: 121
Object: Hidden Code [Driver: Cdfsࠅ扏煓隈뉸ࠂఉ晇癦펠, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89b61500 Size: 121
Object: Hidden Code [Driver: Cdfsࠅ扏煓隈뉸ࠂఉ晇癦펠, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89b61500 Size: 121
Object: Hidden Code [Driver: Cdfsࠅ扏煓隈뉸ࠂఉ晇癦펠, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89b61500 Size: 121
Object: Hidden Code [Driver: Cdfsࠅ扏煓隈뉸ࠂఉ晇癦펠, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89b61500 Size: 121
Object: Hidden Code [Driver: Cdfsࠅ扏煓隈뉸ࠂఉ晇癦펠, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89b61500 Size: 121
Object: Hidden Code [Driver: Cdfsࠅ扏煓隈뉸ࠂఉ晇癦펠, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89b61500 Size: 121
Object: Hidden Code [Driver: Cdfsࠅ扏煓隈뉸ࠂఉ晇癦펠, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89b61500 Size: 121
Object: Hidden Code [Driver: Cdfsࠅ扏煓隈뉸ࠂఉ晇癦펠, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89b61500 Size: 121
Object: Hidden Code [Driver: Cdfsࠅ扏煓隈뉸ࠂఉ晇癦펠, IRP_MJ_CLEANUP]
Process: System Address: 0x89b61500 Size: 121
Object: Hidden Code [Driver: Cdfsࠅ扏煓隈뉸ࠂఉ晇癦펠, IRP_MJ_PNP]
Process: System Address: 0x89b61500 Size: 121
Hidden services:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/07/20 21:01
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Hidden Services
-------------------
Přispějete na provoz fóra?