dobrý den zde je muj Log:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Mirek at 2010-09-10 13:39:59
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 36 GB (48%) free of 76 GB
Total RAM: 1022 MB (63% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:40:41, on 10.9.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\system32\RUNDLL32.EXE
C:\windows\system32\rundll32.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Documents and Settings\Mirek\winsvncd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\nvsvc32.exe
C:\Documents and Settings\Mirek\wincdvns.exe
C:\windows\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp .exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
C:\Documents and Settings\All Users\winrsncd .exe
C:\DOCUME~1\Mirek\LOCALS~1\Temp\Tlv .exe
C:\windows\Tcemov .exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mirek\Plocha\RSIT.exe
C:\Program Files\trend micro\Mirek.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fullarticles.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe" /tray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Java developer Script Browse] C:\windows\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mirek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Windows System Updates] C:\Documents and Settings\Mirek\Data aplikací\winvsrnc.exe
O4 - HKCU\..\Run: [QNB2EB90WX] C:\DOCUME~1\Mirek\LOCALS~1\Temp\Tkr .exe
O4 - HKCU\..\Run: [WindowsSysControl] C:\Documents and Settings\Mirek\Data aplikací\winsvrcn.exe
O4 - HKCU\..\Run: [WinSysControls] \Documents and Settings\Mirek\winrsncd.exe
O4 - HKCU\..\Run: [WinSysMngrs] C:\Documents and Settings\Mirek\Data aplikací\winsvrn.exe
O4 - HKCU\..\Run: [XA5RJ9EADJ] C:\DOCUME~1\Mirek\LOCALS~1\Temp\Tlv .exe
O4 - HKCU\..\Run: [5DR8ZAD8GX] C:\DOCUME~1\Mirek\LOCALS~1\Temp\Tl3 .exe
O4 - HKCU\..\Run: [Windows Boot Control] C:\Documents and Settings\Mirek\Data aplikací\S-2535-6853-2745\winrsvn.exe
O4 - HKCU\..\Run: [Java developer Script Browse] C:\windows\jusched.exe
O4 - HKCU\..\Run: [MSNUpdateService] C:\Documents and Settings\All Users\winsvncd.exe
O4 - HKCU\..\Run: [MSNUpdManagers] C:\Documents and Settings\All Users\wincdvns.exe
O4 - HKCU\..\Run: [OTGV1DNWQQ] C:\windows\Tcemov .exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (User 'Default user')
O4 - Global Startup: GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 7987 bytes
======Scheduled tasks folder======
C:\windows\tasks\At1.job
C:\windows\tasks\At10.job
C:\windows\tasks\At100.job
C:\windows\tasks\At101.job
C:\windows\tasks\At102.job
C:\windows\tasks\At103.job
C:\windows\tasks\At104.job
C:\windows\tasks\At105.job
C:\windows\tasks\At106.job
C:\windows\tasks\At107.job
C:\windows\tasks\At108.job
C:\windows\tasks\At109.job
C:\windows\tasks\At11.job
C:\windows\tasks\At110.job
C:\windows\tasks\At111.job
C:\windows\tasks\At112.job
C:\windows\tasks\At113.job
C:\windows\tasks\At114.job
C:\windows\tasks\At115.job
C:\windows\tasks\At116.job
C:\windows\tasks\At117.job
C:\windows\tasks\At118.job
C:\windows\tasks\At119.job
C:\windows\tasks\At12.job
C:\windows\tasks\At120.job
C:\windows\tasks\At121.job
C:\windows\tasks\At122.job
C:\windows\tasks\At123.job
C:\windows\tasks\At124.job
C:\windows\tasks\At125.job
C:\windows\tasks\At126.job
C:\windows\tasks\At127.job
C:\windows\tasks\At128.job
C:\windows\tasks\At129.job
C:\windows\tasks\At13.job
C:\windows\tasks\At130.job
C:\windows\tasks\At131.job
C:\windows\tasks\At132.job
C:\windows\tasks\At133.job
C:\windows\tasks\At134.job
C:\windows\tasks\At135.job
C:\windows\tasks\At136.job
C:\windows\tasks\At137.job
C:\windows\tasks\At138.job
C:\windows\tasks\At139.job
C:\windows\tasks\At14.job
C:\windows\tasks\At140.job
C:\windows\tasks\At141.job
C:\windows\tasks\At142.job
C:\windows\tasks\At143.job
C:\windows\tasks\At144.job
C:\windows\tasks\At145.job
C:\windows\tasks\At146.job
C:\windows\tasks\At147.job
C:\windows\tasks\At148.job
C:\windows\tasks\At149.job
C:\windows\tasks\At15.job
C:\windows\tasks\At150.job
C:\windows\tasks\At151.job
C:\windows\tasks\At152.job
C:\windows\tasks\At153.job
C:\windows\tasks\At154.job
C:\windows\tasks\At155.job
C:\windows\tasks\At156.job
C:\windows\tasks\At157.job
C:\windows\tasks\At158.job
C:\windows\tasks\At159.job
C:\windows\tasks\At16.job
C:\windows\tasks\At160.job
C:\windows\tasks\At161.job
C:\windows\tasks\At162.job
C:\windows\tasks\At163.job
C:\windows\tasks\At164.job
C:\windows\tasks\At165.job
C:\windows\tasks\At166.job
C:\windows\tasks\At167.job
C:\windows\tasks\At168.job
C:\windows\tasks\At169.job
C:\windows\tasks\At17.job
C:\windows\tasks\At170.job
C:\windows\tasks\At171.job
C:\windows\tasks\At172.job
C:\windows\tasks\At173.job
C:\windows\tasks\At174.job
C:\windows\tasks\At175.job
C:\windows\tasks\At176.job
C:\windows\tasks\At177.job
C:\windows\tasks\At178.job
C:\windows\tasks\At179.job
C:\windows\tasks\At18.job
C:\windows\tasks\At180.job
C:\windows\tasks\At181.job
C:\windows\tasks\At182.job
C:\windows\tasks\At183.job
C:\windows\tasks\At184.job
C:\windows\tasks\At185.job
C:\windows\tasks\At186.job
C:\windows\tasks\At187.job
C:\windows\tasks\At188.job
C:\windows\tasks\At189.job
C:\windows\tasks\At19.job
C:\windows\tasks\At190.job
C:\windows\tasks\At191.job
C:\windows\tasks\At192.job
C:\windows\tasks\At193.job
C:\windows\tasks\At194.job
C:\windows\tasks\At195.job
C:\windows\tasks\At196.job
C:\windows\tasks\At197.job
C:\windows\tasks\At198.job
C:\windows\tasks\At199.job
C:\windows\tasks\At2.job
C:\windows\tasks\At20.job
C:\windows\tasks\At200.job
C:\windows\tasks\At201.job
C:\windows\tasks\At202.job
C:\windows\tasks\At203.job
C:\windows\tasks\At204.job
C:\windows\tasks\At205.job
C:\windows\tasks\At206.job
C:\windows\tasks\At207.job
C:\windows\tasks\At208.job
C:\windows\tasks\At209.job
C:\windows\tasks\At21.job
C:\windows\tasks\At210.job
C:\windows\tasks\At211.job
C:\windows\tasks\At212.job
C:\windows\tasks\At213.job
C:\windows\tasks\At214.job
C:\windows\tasks\At215.job
C:\windows\tasks\At216.job
C:\windows\tasks\At217.job
C:\windows\tasks\At218.job
C:\windows\tasks\At219.job
C:\windows\tasks\At22.job
C:\windows\tasks\At220.job
C:\windows\tasks\At221.job
C:\windows\tasks\At222.job
C:\windows\tasks\At223.job
C:\windows\tasks\At224.job
C:\windows\tasks\At225.job
C:\windows\tasks\At226.job
C:\windows\tasks\At227.job
C:\windows\tasks\At228.job
C:\windows\tasks\At229.job
C:\windows\tasks\At23.job
C:\windows\tasks\At230.job
C:\windows\tasks\At231.job
C:\windows\tasks\At232.job
C:\windows\tasks\At233.job
C:\windows\tasks\At234.job
C:\windows\tasks\At235.job
C:\windows\tasks\At236.job
C:\windows\tasks\At237.job
C:\windows\tasks\At238.job
C:\windows\tasks\At239.job
C:\windows\tasks\At24.job
C:\windows\tasks\At240.job
C:\windows\tasks\At241.job
C:\windows\tasks\At242.job
C:\windows\tasks\At243.job
C:\windows\tasks\At244.job
C:\windows\tasks\At245.job
C:\windows\tasks\At246.job
C:\windows\tasks\At247.job
C:\windows\tasks\At248.job
C:\windows\tasks\At249.job
C:\windows\tasks\At25.job
C:\windows\tasks\At250.job
C:\windows\tasks\At251.job
C:\windows\tasks\At252.job
C:\windows\tasks\At253.job
C:\windows\tasks\At254.job
C:\windows\tasks\At255.job
C:\windows\tasks\At256.job
C:\windows\tasks\At257.job
C:\windows\tasks\At258.job
C:\windows\tasks\At259.job
C:\windows\tasks\At26.job
C:\windows\tasks\At260.job
C:\windows\tasks\At261.job
C:\windows\tasks\At262.job
C:\windows\tasks\At263.job
C:\windows\tasks\At264.job
C:\windows\tasks\At265.job
C:\windows\tasks\At266.job
C:\windows\tasks\At267.job
C:\windows\tasks\At268.job
C:\windows\tasks\At269.job
C:\windows\tasks\At27.job
C:\windows\tasks\At270.job
C:\windows\tasks\At271.job
C:\windows\tasks\At272.job
C:\windows\tasks\At273.job
C:\windows\tasks\At274.job
C:\windows\tasks\At275.job
C:\windows\tasks\At276.job
C:\windows\tasks\At277.job
C:\windows\tasks\At278.job
C:\windows\tasks\At279.job
C:\windows\tasks\At28.job
C:\windows\tasks\At280.job
C:\windows\tasks\At281.job
C:\windows\tasks\At282.job
C:\windows\tasks\At283.job
C:\windows\tasks\At284.job
C:\windows\tasks\At285.job
C:\windows\tasks\At286.job
C:\windows\tasks\At287.job
C:\windows\tasks\At288.job
C:\windows\tasks\At289.job
C:\windows\tasks\At29.job
C:\windows\tasks\At290.job
C:\windows\tasks\At291.job
C:\windows\tasks\At292.job
C:\windows\tasks\At293.job
C:\windows\tasks\At294.job
C:\windows\tasks\At295.job
C:\windows\tasks\At296.job
C:\windows\tasks\At297.job
C:\windows\tasks\At298.job
C:\windows\tasks\At299.job
C:\windows\tasks\At3.job
C:\windows\tasks\At30.job
C:\windows\tasks\At300.job
C:\windows\tasks\At301.job
C:\windows\tasks\At302.job
C:\windows\tasks\At303.job
C:\windows\tasks\At304.job
C:\windows\tasks\At305.job
C:\windows\tasks\At306.job
C:\windows\tasks\At307.job
C:\windows\tasks\At308.job
C:\windows\tasks\At309.job
C:\windows\tasks\At31.job
C:\windows\tasks\At310.job
C:\windows\tasks\At311.job
C:\windows\tasks\At312.job
C:\windows\tasks\At313.job
C:\windows\tasks\At314.job
C:\windows\tasks\At315.job
C:\windows\tasks\At316.job
C:\windows\tasks\At317.job
C:\windows\tasks\At318.job
C:\windows\tasks\At319.job
C:\windows\tasks\At32.job
C:\windows\tasks\At320.job
C:\windows\tasks\At321.job
C:\windows\tasks\At322.job
C:\windows\tasks\At323.job
C:\windows\tasks\At324.job
C:\windows\tasks\At325.job
C:\windows\tasks\At326.job
C:\windows\tasks\At327.job
C:\windows\tasks\At328.job
C:\windows\tasks\At329.job
C:\windows\tasks\At33.job
C:\windows\tasks\At330.job
C:\windows\tasks\At331.job
C:\windows\tasks\At332.job
C:\windows\tasks\At333.job
C:\windows\tasks\At334.job
C:\windows\tasks\At335.job
C:\windows\tasks\At336.job
C:\windows\tasks\At337.job
C:\windows\tasks\At338.job
C:\windows\tasks\At339.job
C:\windows\tasks\At34.job
C:\windows\tasks\At340.job
C:\windows\tasks\At341.job
C:\windows\tasks\At342.job
C:\windows\tasks\At343.job
C:\windows\tasks\At344.job
C:\windows\tasks\At345.job
C:\windows\tasks\At346.job
C:\windows\tasks\At347.job
C:\windows\tasks\At348.job
C:\windows\tasks\At349.job
C:\windows\tasks\At35.job
C:\windows\tasks\At350.job
C:\windows\tasks\At351.job
C:\windows\tasks\At352.job
C:\windows\tasks\At353.job
C:\windows\tasks\At354.job
C:\windows\tasks\At355.job
C:\windows\tasks\At356.job
C:\windows\tasks\At357.job
C:\windows\tasks\At358.job
C:\windows\tasks\At359.job
C:\windows\tasks\At36.job
C:\windows\tasks\At360.job
C:\windows\tasks\At361.job
C:\windows\tasks\At362.job
C:\windows\tasks\At363.job
C:\windows\tasks\At364.job
C:\windows\tasks\At365.job
C:\windows\tasks\At366.job
C:\windows\tasks\At367.job
C:\windows\tasks\At368.job
C:\windows\tasks\At369.job
C:\windows\tasks\At37.job
C:\windows\tasks\At370.job
C:\windows\tasks\At371.job
C:\windows\tasks\At372.job
C:\windows\tasks\At373.job
C:\windows\tasks\At374.job
C:\windows\tasks\At375.job
C:\windows\tasks\At376.job
C:\windows\tasks\At377.job
C:\windows\tasks\At378.job
C:\windows\tasks\At379.job
C:\windows\tasks\At38.job
C:\windows\tasks\At380.job
C:\windows\tasks\At381.job
C:\windows\tasks\At382.job
C:\windows\tasks\At383.job
C:\windows\tasks\At384.job
C:\windows\tasks\At385.job
C:\windows\tasks\At386.job
C:\windows\tasks\At387.job
C:\windows\tasks\At388.job
C:\windows\tasks\At389.job
C:\windows\tasks\At39.job
C:\windows\tasks\At390.job
C:\windows\tasks\At391.job
C:\windows\tasks\At392.job
C:\windows\tasks\At393.job
C:\windows\tasks\At394.job
C:\windows\tasks\At395.job
C:\windows\tasks\At396.job
C:\windows\tasks\At397.job
C:\windows\tasks\At398.job
C:\windows\tasks\At399.job
C:\windows\tasks\At4.job
C:\windows\tasks\At40.job
C:\windows\tasks\At400.job
C:\windows\tasks\At401.job
C:\windows\tasks\At402.job
C:\windows\tasks\At403.job
C:\windows\tasks\At404.job
C:\windows\tasks\At405.job
C:\windows\tasks\At406.job
C:\windows\tasks\At407.job
C:\windows\tasks\At408.job
C:\windows\tasks\At409.job
C:\windows\tasks\At41.job
C:\windows\tasks\At410.job
C:\windows\tasks\At411.job
C:\windows\tasks\At412.job
C:\windows\tasks\At413.job
C:\windows\tasks\At414.job
C:\windows\tasks\At415.job
C:\windows\tasks\At416.job
C:\windows\tasks\At417.job
C:\windows\tasks\At418.job
C:\windows\tasks\At419.job
C:\windows\tasks\At42.job
C:\windows\tasks\At420.job
C:\windows\tasks\At421.job
C:\windows\tasks\At422.job
C:\windows\tasks\At423.job
C:\windows\tasks\At424.job
C:\windows\tasks\At425.job
C:\windows\tasks\At426.job
C:\windows\tasks\At427.job
C:\windows\tasks\At428.job
C:\windows\tasks\At429.job
C:\windows\tasks\At43.job
C:\windows\tasks\At430.job
C:\windows\tasks\At431.job
C:\windows\tasks\At432.job
C:\windows\tasks\At433.job
C:\windows\tasks\At434.job
C:\windows\tasks\At435.job
C:\windows\tasks\At436.job
C:\windows\tasks\At437.job
C:\windows\tasks\At438.job
C:\windows\tasks\At439.job
C:\windows\tasks\At44.job
C:\windows\tasks\At440.job
C:\windows\tasks\At441.job
C:\windows\tasks\At442.job
C:\windows\tasks\At443.job
C:\windows\tasks\At444.job
C:\windows\tasks\At445.job
C:\windows\tasks\At446.job
C:\windows\tasks\At447.job
C:\windows\tasks\At448.job
C:\windows\tasks\At449.job
C:\windows\tasks\At45.job
C:\windows\tasks\At450.job
C:\windows\tasks\At451.job
C:\windows\tasks\At452.job
C:\windows\tasks\At453.job
C:\windows\tasks\At454.job
C:\windows\tasks\At455.job
C:\windows\tasks\At456.job
C:\windows\tasks\At457.job
C:\windows\tasks\At458.job
C:\windows\tasks\At459.job
C:\windows\tasks\At46.job
C:\windows\tasks\At460.job
C:\windows\tasks\At461.job
C:\windows\tasks\At462.job
C:\windows\tasks\At463.job
C:\windows\tasks\At464.job
C:\windows\tasks\At465.job
C:\windows\tasks\At466.job
C:\windows\tasks\At467.job
C:\windows\tasks\At468.job
C:\windows\tasks\At469.job
C:\windows\tasks\At47.job
C:\windows\tasks\At470.job
C:\windows\tasks\At471.job
C:\windows\tasks\At472.job
C:\windows\tasks\At473.job
C:\windows\tasks\At474.job
C:\windows\tasks\At475.job
C:\windows\tasks\At476.job
C:\windows\tasks\At477.job
C:\windows\tasks\At478.job
C:\windows\tasks\At479.job
C:\windows\tasks\At48.job
C:\windows\tasks\At480.job
C:\windows\tasks\At481.job
C:\windows\tasks\At482.job
C:\windows\tasks\At483.job
C:\windows\tasks\At484.job
C:\windows\tasks\At485.job
C:\windows\tasks\At486.job
C:\windows\tasks\At487.job
C:\windows\tasks\At488.job
C:\windows\tasks\At489.job
C:\windows\tasks\At49.job
C:\windows\tasks\At490.job
C:\windows\tasks\At491.job
C:\windows\tasks\At492.job
C:\windows\tasks\At493.job
C:\windows\tasks\At494.job
C:\windows\tasks\At495.job
C:\windows\tasks\At496.job
C:\windows\tasks\At497.job
C:\windows\tasks\At498.job
C:\windows\tasks\At499.job
C:\windows\tasks\At5.job
C:\windows\tasks\At50.job
C:\windows\tasks\At500.job
C:\windows\tasks\At501.job
C:\windows\tasks\At502.job
C:\windows\tasks\At503.job
C:\windows\tasks\At504.job
C:\windows\tasks\At505.job
C:\windows\tasks\At506.job
C:\windows\tasks\At507.job
C:\windows\tasks\At508.job
C:\windows\tasks\At509.job
C:\windows\tasks\At51.job
C:\windows\tasks\At510.job
C:\windows\tasks\At511.job
C:\windows\tasks\At512.job
C:\windows\tasks\At513.job
C:\windows\tasks\At514.job
C:\windows\tasks\At515.job
C:\windows\tasks\At516.job
C:\windows\tasks\At517.job
C:\windows\tasks\At518.job
C:\windows\tasks\At519.job
C:\windows\tasks\At52.job
C:\windows\tasks\At520.job
C:\windows\tasks\At521.job
C:\windows\tasks\At522.job
C:\windows\tasks\At523.job
C:\windows\tasks\At524.job
C:\windows\tasks\At525.job
C:\windows\tasks\At526.job
C:\windows\tasks\At527.job
C:\windows\tasks\At528.job
C:\windows\tasks\At529.job
C:\windows\tasks\At53.job
C:\windows\tasks\At530.job
C:\windows\tasks\At531.job
C:\windows\tasks\At532.job
C:\windows\tasks\At533.job
C:\windows\tasks\At534.job
C:\windows\tasks\At535.job
C:\windows\tasks\At536.job
C:\windows\tasks\At537.job
C:\windows\tasks\At538.job
C:\windows\tasks\At539.job
C:\windows\tasks\At54.job
C:\windows\tasks\At540.job
C:\windows\tasks\At541.job
C:\windows\tasks\At542.job
C:\windows\tasks\At543.job
C:\windows\tasks\At544.job
C:\windows\tasks\At545.job
C:\windows\tasks\At546.job
C:\windows\tasks\At547.job
C:\windows\tasks\At548.job
C:\windows\tasks\At549.job
C:\windows\tasks\At55.job
C:\windows\tasks\At550.job
C:\windows\tasks\At551.job
C:\windows\tasks\At552.job
C:\windows\tasks\At553.job
C:\windows\tasks\At554.job
C:\windows\tasks\At555.job
C:\windows\tasks\At556.job
C:\windows\tasks\At557.job
C:\windows\tasks\At558.job
C:\windows\tasks\At559.job
C:\windows\tasks\At56.job
C:\windows\tasks\At560.job
C:\windows\tasks\At561.job
C:\windows\tasks\At562.job
C:\windows\tasks\At563.job
C:\windows\tasks\At564.job
C:\windows\tasks\At565.job
C:\windows\tasks\At566.job
C:\windows\tasks\At567.job
C:\windows\tasks\At568.job
C:\windows\tasks\At569.job
C:\windows\tasks\At57.job
C:\windows\tasks\At570.job
C:\windows\tasks\At571.job
C:\windows\tasks\At572.job
C:\windows\tasks\At573.job
C:\windows\tasks\At574.job
C:\windows\tasks\At575.job
C:\windows\tasks\At576.job
C:\windows\tasks\At577.job
C:\windows\tasks\At578.job
C:\windows\tasks\At579.job
C:\windows\tasks\At58.job
C:\windows\tasks\At580.job
C:\windows\tasks\At581.job
C:\windows\tasks\At582.job
C:\windows\tasks\At583.job
C:\windows\tasks\At584.job
C:\windows\tasks\At585.job
C:\windows\tasks\At586.job
C:\windows\tasks\At587.job
C:\windows\tasks\At588.job
C:\windows\tasks\At589.job
C:\windows\tasks\At59.job
C:\windows\tasks\At590.job
C:\windows\tasks\At591.job
C:\windows\tasks\At592.job
C:\windows\tasks\At593.job
C:\windows\tasks\At594.job
C:\windows\tasks\At595.job
C:\windows\tasks\At596.job
C:\windows\tasks\At597.job
C:\windows\tasks\At598.job
C:\windows\tasks\At599.job
C:\windows\tasks\At6.job
C:\windows\tasks\At60.job
C:\windows\tasks\At600.job
C:\windows\tasks\At601.job
C:\windows\tasks\At602.job
C:\windows\tasks\At603.job
C:\windows\tasks\At604.job
C:\windows\tasks\At605.job
C:\windows\tasks\At606.job
C:\windows\tasks\At607.job
C:\windows\tasks\At608.job
C:\windows\tasks\At609.job
C:\windows\tasks\At61.job
C:\windows\tasks\At610.job
C:\windows\tasks\At611.job
C:\windows\tasks\At612.job
C:\windows\tasks\At613.job
C:\windows\tasks\At614.job
C:\windows\tasks\At615.job
C:\windows\tasks\At616.job
C:\windows\tasks\At617.job
C:\windows\tasks\At618.job
C:\windows\tasks\At619.job
C:\windows\tasks\At62.job
C:\windows\tasks\At620.job
C:\windows\tasks\At621.job
C:\windows\tasks\At622.job
C:\windows\tasks\At623.job
C:\windows\tasks\At624.job
C:\windows\tasks\At625.job
C:\windows\tasks\At626.job
C:\windows\tasks\At627.job
C:\windows\tasks\At628.job
C:\windows\tasks\At629.job
C:\windows\tasks\At63.job
C:\windows\tasks\At630.job
C:\windows\tasks\At631.job
C:\windows\tasks\At632.job
C:\windows\tasks\At633.job
C:\windows\tasks\At634.job
C:\windows\tasks\At635.job
C:\windows\tasks\At636.job
C:\windows\tasks\At637.job
C:\windows\tasks\At638.job
C:\windows\tasks\At639.job
C:\windows\tasks\At64.job
C:\windows\tasks\At640.job
C:\windows\tasks\At641.job
C:\windows\tasks\At642.job
C:\windows\tasks\At643.job
C:\windows\tasks\At644.job
C:\windows\tasks\At645.job
C:\windows\tasks\At646.job
C:\windows\tasks\At647.job
C:\windows\tasks\At648.job
C:\windows\tasks\At649.job
C:\windows\tasks\At65.job
C:\windows\tasks\At650.job
C:\windows\tasks\At651.job
C:\windows\tasks\At652.job
C:\windows\tasks\At653.job
C:\windows\tasks\At654.job
C:\windows\tasks\At655.job
C:\windows\tasks\At656.job
C:\windows\tasks\At657.job
C:\windows\tasks\At658.job
C:\windows\tasks\At659.job
C:\windows\tasks\At66.job
C:\windows\tasks\At660.job
C:\windows\tasks\At661.job
C:\windows\tasks\At662.job
C:\windows\tasks\At663.job
C:\windows\tasks\At664.job
C:\windows\tasks\At665.job
C:\windows\tasks\At666.job
C:\windows\tasks\At667.job
C:\windows\tasks\At668.job
C:\windows\tasks\At669.job
C:\windows\tasks\At67.job
C:\windows\tasks\At670.job
C:\windows\tasks\At671.job
C:\windows\tasks\At672.job
C:\windows\tasks\At673.job
C:\windows\tasks\At674.job
C:\windows\tasks\At675.job
C:\windows\tasks\At676.job
C:\windows\tasks\At677.job
C:\windows\tasks\At678.job
C:\windows\tasks\At679.job
C:\windows\tasks\At68.job
C:\windows\tasks\At680.job
C:\windows\tasks\At681.job
C:\windows\tasks\At682.job
C:\windows\tasks\At683.job
C:\windows\tasks\At684.job
C:\windows\tasks\At685.job
C:\windows\tasks\At686.job
C:\windows\tasks\At687.job
C:\windows\tasks\At688.job
C:\windows\tasks\At689.job
C:\windows\tasks\At69.job
C:\windows\tasks\At690.job
C:\windows\tasks\At691.job
C:\windows\tasks\At692.job
C:\windows\tasks\At693.job
C:\windows\tasks\At694.job
C:\windows\tasks\At695.job
C:\windows\tasks\At696.job
C:\windows\tasks\At697.job
C:\windows\tasks\At698.job
C:\windows\tasks\At699.job
C:\windows\tasks\At7.job
C:\windows\tasks\At70.job
C:\windows\tasks\At700.job
C:\windows\tasks\At701.job
C:\windows\tasks\At702.job
C:\windows\tasks\At703.job
C:\windows\tasks\At704.job
C:\windows\tasks\At705.job
C:\windows\tasks\At706.job
C:\windows\tasks\At707.job
C:\windows\tasks\At708.job
C:\windows\tasks\At709.job
C:\windows\tasks\At71.job
C:\windows\tasks\At710.job
C:\windows\tasks\At711.job
C:\windows\tasks\At712.job
C:\windows\tasks\At713.job
C:\windows\tasks\At714.job
C:\windows\tasks\At715.job
C:\windows\tasks\At716.job
C:\windows\tasks\At717.job
C:\windows\tasks\At718.job
C:\windows\tasks\At719.job
C:\windows\tasks\At72.job
C:\windows\tasks\At720.job
C:\windows\tasks\At721.job
C:\windows\tasks\At722.job
C:\windows\tasks\At723.job
C:\windows\tasks\At724.job
C:\windows\tasks\At725.job
C:\windows\tasks\At726.job
C:\windows\tasks\At727.job
C:\windows\tasks\At728.job
C:\windows\tasks\At729.job
C:\windows\tasks\At73.job
C:\windows\tasks\At730.job
C:\windows\tasks\At731.job
C:\windows\tasks\At732.job
C:\windows\tasks\At733.job
C:\windows\tasks\At734.job
C:\windows\tasks\At735.job
C:\windows\tasks\At736.job
C:\windows\tasks\At737.job
C:\windows\tasks\At738.job
C:\windows\tasks\At739.job
C:\windows\tasks\At74.job
C:\windows\tasks\At740.job
C:\windows\tasks\At741.job
C:\windows\tasks\At742.job
C:\windows\tasks\At743.job
C:\windows\tasks\At744.job
C:\windows\tasks\At745.job
C:\windows\tasks\At746.job
C:\windows\tasks\At747.job
C:\windows\tasks\At748.job
C:\windows\tasks\At749.job
C:\windows\tasks\At75.job
C:\windows\tasks\At750.job
C:\windows\tasks\At751.job
C:\windows\tasks\At752.job
C:\windows\tasks\At753.job
C:\windows\tasks\At754.job
C:\windows\tasks\At755.job
C:\windows\tasks\At756.job
C:\windows\tasks\At757.job
C:\windows\tasks\At758.job
C:\windows\tasks\At759.job
C:\windows\tasks\At76.job
C:\windows\tasks\At760.job
C:\windows\tasks\At761.job
C:\windows\tasks\At762.job
C:\windows\tasks\At763.job
C:\windows\tasks\At764.job
C:\windows\tasks\At765.job
C:\windows\tasks\At766.job
C:\windows\tasks\At767.job
C:\windows\tasks\At768.job
C:\windows\tasks\At769.job
C:\windows\tasks\At77.job
C:\windows\tasks\At770.job
C:\windows\tasks\At771.job
C:\windows\tasks\At772.job
C:\windows\tasks\At773.job
C:\windows\tasks\At774.job
C:\windows\tasks\At775.job
C:\windows\tasks\At776.job
C:\windows\tasks\At777.job
C:\windows\tasks\At778.job
C:\windows\tasks\At779.job
C:\windows\tasks\At78.job
C:\windows\tasks\At780.job
C:\windows\tasks\At781.job
C:\windows\tasks\At782.job
C:\windows\tasks\At783.job
C:\windows\tasks\At784.job
C:\windows\tasks\At785.job
C:\windows\tasks\At786.job
C:\windows\tasks\At787.job
C:\windows\tasks\At788.job
C:\windows\tasks\At789.job
C:\windows\tasks\At79.job
C:\windows\tasks\At790.job
C:\windows\tasks\At791.job
C:\windows\tasks\At792.job
C:\windows\tasks\At793.job
C:\windows\tasks\At794.job
C:\windows\tasks\At795.job
C:\windows\tasks\At796.job
C:\windows\tasks\At797.job
C:\windows\tasks\At798.job
C:\windows\tasks\At799.job
C:\windows\tasks\At8.job
C:\windows\tasks\At80.job
C:\windows\tasks\At800.job
C:\windows\tasks\At801.job
C:\windows\tasks\At802.job
C:\windows\tasks\At803.job
C:\windows\tasks\At804.job
C:\windows\tasks\At805.job
C:\windows\tasks\At806.job
C:\windows\tasks\At807.job
C:\windows\tasks\At808.job
C:\windows\tasks\At809.job
C:\windows\tasks\At81.job
C:\windows\tasks\At810.job
C:\windows\tasks\At811.job
C:\windows\tasks\At812.job
C:\windows\tasks\At813.job
C:\windows\tasks\At814.job
C:\windows\tasks\At815.job
C:\windows\tasks\At816.job
C:\windows\tasks\At817.job
C:\windows\tasks\At818.job
C:\windows\tasks\At819.job
C:\windows\tasks\At82.job
C:\windows\tasks\At820.job
C:\windows\tasks\At821.job
C:\windows\tasks\At822.job
C:\windows\tasks\At823.job
C:\windows\tasks\At824.job
C:\windows\tasks\At825.job
C:\windows\tasks\At826.job
C:\windows\tasks\At827.job
C:\windows\tasks\At828.job
C:\windows\tasks\At829.job
C:\windows\tasks\At83.job
C:\windows\tasks\At830.job
C:\windows\tasks\At831.job
C:\windows\tasks\At832.job
C:\windows\tasks\At833.job
C:\windows\tasks\At834.job
C:\windows\tasks\At835.job
C:\windows\tasks\At836.job
C:\windows\tasks\At837.job
C:\windows\tasks\At838.job
C:\windows\tasks\At839.job
C:\windows\tasks\At84.job
C:\windows\tasks\At840.job
C:\windows\tasks\At841.job
C:\windows\tasks\At842.job
C:\windows\tasks\At843.job
C:\windows\tasks\At844.job
C:\windows\tasks\At845.job
C:\windows\tasks\At846.job
C:\windows\tasks\At847.job
C:\windows\tasks\At848.job
C:\windows\tasks\At849.job
C:\windows\tasks\At85.job
C:\windows\tasks\At850.job
C:\windows\tasks\At851.job
C:\windows\tasks\At852.job
C:\windows\tasks\At853.job
C:\windows\tasks\At854.job
C:\windows\tasks\At855.job
C:\windows\tasks\At856.job
C:\windows\tasks\At857.job
C:\windows\tasks\At858.job
C:\windows\tasks\At859.job
C:\windows\tasks\At86.job
C:\windows\tasks\At860.job
C:\windows\tasks\At861.job
C:\windows\tasks\At862.job
C:\windows\tasks\At863.job
C:\windows\tasks\At864.job
C:\windows\tasks\At865.job
C:\windows\tasks\At866.job
C:\windows\tasks\At867.job
C:\windows\tasks\At868.job
C:\windows\tasks\At869.job
C:\windows\tasks\At87.job
C:\windows\tasks\At870.job
C:\windows\tasks\At871.job
C:\windows\tasks\At872.job
C:\windows\tasks\At873.job
C:\windows\tasks\At874.job
C:\windows\tasks\At875.job
C:\windows\tasks\At876.job
C:\windows\tasks\At877.job
C:\windows\tasks\At878.job
C:\windows\tasks\At879.job
C:\windows\tasks\At88.job
C:\windows\tasks\At880.job
C:\windows\tasks\At881.job
C:\windows\tasks\At882.job
C:\windows\tasks\At883.job
C:\windows\tasks\At884.job
C:\windows\tasks\At885.job
C:\windows\tasks\At886.job
C:\windows\tasks\At887.job
C:\windows\tasks\At888.job
C:\windows\tasks\At889.job
C:\windows\tasks\At89.job
C:\windows\tasks\At890.job
C:\windows\tasks\At891.job
C:\windows\tasks\At892.job
C:\windows\tasks\At893.job
C:\windows\tasks\At894.job
C:\windows\tasks\At895.job
C:\windows\tasks\At896.job
C:\windows\tasks\At897.job
C:\windows\tasks\At898.job
C:\windows\tasks\At899.job
C:\windows\tasks\At9.job
C:\windows\tasks\At90.job
C:\windows\tasks\At900.job
C:\windows\tasks\At901.job
C:\windows\tasks\At902.job
C:\windows\tasks\At903.job
C:\windows\tasks\At904.job
C:\windows\tasks\At905.job
C:\windows\tasks\At906.job
C:\windows\tasks\At907.job
C:\windows\tasks\At908.job
C:\windows\tasks\At909.job
C:\windows\tasks\At91.job
C:\windows\tasks\At910.job
C:\windows\tasks\At911.job
C:\windows\tasks\At912.job
C:\windows\tasks\At913.job
C:\windows\tasks\At914.job
C:\windows\tasks\At915.job
C:\windows\tasks\At916.job
C:\windows\tasks\At917.job
C:\windows\tasks\At918.job
C:\windows\tasks\At919.job
C:\windows\tasks\At92.job
C:\windows\tasks\At920.job
C:\windows\tasks\At921.job
C:\windows\tasks\At922.job
C:\windows\tasks\At923.job
C:\windows\tasks\At924.job
C:\windows\tasks\At925.job
C:\windows\tasks\At926.job
C:\windows\tasks\At927.job
C:\windows\tasks\At928.job
C:\windows\tasks\At929.job
C:\windows\tasks\At93.job
C:\windows\tasks\At930.job
C:\windows\tasks\At931.job
C:\windows\tasks\At932.job
C:\windows\tasks\At933.job
C:\windows\tasks\At934.job
C:\windows\tasks\At935.job
C:\windows\tasks\At936.job
C:\windows\tasks\At937.job
C:\windows\tasks\At938.job
C:\windows\tasks\At939.job
C:\windows\tasks\At94.job
C:\windows\tasks\At940.job
C:\windows\tasks\At941.job
C:\windows\tasks\At942.job
C:\windows\tasks\At943.job
C:\windows\tasks\At944.job
C:\windows\tasks\At945.job
C:\windows\tasks\At946.job
C:\windows\tasks\At947.job
C:\windows\tasks\At948.job
C:\windows\tasks\At949.job
C:\windows\tasks\At95.job
C:\windows\tasks\At950.job
C:\windows\tasks\At951.job
C:\windows\tasks\At952.job
C:\windows\tasks\At953.job
C:\windows\tasks\At954.job
C:\windows\tasks\At955.job
C:\windows\tasks\At956.job
C:\windows\tasks\At957.job
C:\windows\tasks\At958.job
C:\windows\tasks\At959.job
C:\windows\tasks\At96.job
C:\windows\tasks\At960.job
C:\windows\tasks\At97.job
C:\windows\tasks\At98.job
C:\windows\tasks\At99.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1177238915-839522115-1003Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1177238915-839522115-1003UA.job
C:\windows\tasks\WGASetup.job
C:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
Burn4Free Toolbar Helper - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll [2010-06-06 806912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-21 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-06-21 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_0.dll [2010-08-30 2734688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - Burn4Free Toolbar - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll [2010-06-06 806912]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_0.dll [2010-08-30 2734688]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\windows\system32\HDAShCut.exe [2010-08-31 35844]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2010-08-31 35844]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe [2010-09-08 35848]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2010-08-31 35844]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-02-24 5537792]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-02-24 86016]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-08-31 35844]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-08-31 35844]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-08-31 35844]
"Java developer Script Browse"=C:\windows\jusched.exe [2010-08-31 35844]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\windows\system32\ctfmon.exe [2004-08-17 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2010-09-08 35848]
"Pando Media Booster"=C:\Program Files\Pando Networks\Media Booster\PMB.exe [2010-09-08 35848]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-09-08 35848]
"Google Update"=C:\Documents and Settings\Mirek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe /c []
"Steam"=C:\Program Files\Steam\Steam.exe [2010-09-08 35848]
"Windows System Updates"=C:\Documents and Settings\Mirek\Data aplikací\winvsrnc.exe [2010-09-08 35848]
"QNB2EB90WX"=C:\DOCUME~1\Mirek\LOCALS~1\Temp\Tkr .exe [2010-09-08 35848]
"WindowsSysControl"=C:\Documents and Settings\Mirek\Data aplikací\winsvrcn.exe [2010-09-08 35848]
"WinSysControls"=\Documents and Settings\Mirek\winrsncd.exe [2010-07-10 105984]
"WinSysMngrs"=C:\Documents and Settings\Mirek\Data aplikací\winsvrn.exe [2010-09-08 35848]
"XA5RJ9EADJ"=C:\DOCUME~1\Mirek\LOCALS~1\Temp\Tlv .exe [2010-09-10 35852]
"5DR8ZAD8GX"=C:\DOCUME~1\Mirek\LOCALS~1\Temp\Tl3 .exe [2010-09-08 35848]
"Windows Boot Control"=C:\Documents and Settings\Mirek\Data aplikací\S-2535-6853-2745\winrsvn.exe [2010-09-08 35848]
"Java developer Script Browse"=C:\windows\jusched.exe [2010-08-31 35844]
"MSNUpdateService"=C:\Documents and Settings\All Users\winsvncd.exe [2010-08-30 97792]
"MSNUpdManagers"=C:\Documents and Settings\All Users\wincdvns.exe [2010-09-07 97792]
"OTGV1DNWQQ"=C:\windows\Tcemov .exe [2010-09-08 35848]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
GamersFirst LIVE!.lnk - C:\Program Files\GamersFirst\LIVE!\Live.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe"="C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\EA GAMES\Battlefield 2\Bf2_w32ded.exe"="C:\Program Files\EA GAMES\Battlefield 2\Bf2_w32ded.exe:*:Enabled:Bf2_w32ded"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Disabled:Football Manager 2010"
"C:\Hry\Pro Evolution Soccer 2010\pes2010.exe"="C:\Hry\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Steam\steamapps\michal290\day of defeat\hl.exe"="C:\Program Files\Steam\steamapps\michal290\day of defeat\hl.exe:*:Enabled:Day of Defeat"
"C:\Documents and Settings\Mirek\Data aplikací\winvsrnc.exe"="C:\Documents and Settings\Mirek\Data aplikací\winvsrnc.exe:*:Enabled:Windows System Updates"
"C:\Documents and Settings\Mirek\Plocha\Age Of Empires 2 CZ!!!!\Age Of Empires 2 CZ!!!!\empires2.exe"="C:\Documents and Settings\Mirek\Plocha\Age Of Empires 2 CZ!!!!\Age Of Empires 2 CZ!!!!\empires2.exe:*:Enabled:Age of Empires II"
"C:\Documents and Settings\Mirek\Data aplikací\winsvrcn.exe"="C:\Documents and Settings\Mirek\Data aplikací\winsvrcn.exe:*:Enabled:WindowsSysControl"
"C:\Hry\Age Of Empires 2 CZ!!!!\Age Of Empires 2 CZ!!!!\empires2.exe"="C:\Hry\Age Of Empires 2 CZ!!!!\Age Of Empires 2 CZ!!!!\empires2.exe:*:Enabled:Age of Empires II"
"C:\Documents and Settings\Mirek\Data aplikací\winsvrn.exe"="C:\Documents and Settings\Mirek\Data aplikací\winsvrn.exe:*:Enabled:WinSysMngrs"
"C:\Documents and Settings\Mirek\Data aplikací\S-4535-6842-8745\winsvn32.exe"="C:\Documents and Settings\Mirek\Data aplikací\S-4535-6842-8745\winsvn32.exe:*:Enabled:Windows Update Services"
"C:\Documents and Settings\Mirek\Data aplikací\S-2535-6853-2745\winrsvn.exe"="C:\Documents and Settings\Mirek\Data aplikací\S-2535-6853-2745\winrsvn.exe:*:Enabled:Windows Boot Control"
"C:\DOCUME~1\Mirek\LOCALS~1\Temp\7561205.exe"="C:\windows\jusched.exe:*:Enabled:Java developer Script Browse"
"C:\Documents and Settings\Mirek\Data aplikací\U-2535-6853-8747\winusbmgr.exe"="C:\Documents and Settings\Mirek\Data aplikací\U-2535-6853-8747\winusbmgr.exe:*:Enabled:Windows USB Service"
"C:\Documents and Settings\Mirek\Data aplikací\K-7695-6489-5842\csrrsn.exe"="C:\Documents and Settings\Mirek\Data aplikací\K-7695-6489-5842\csrrsn.exe:*:Enabled:WinSysCntrl32"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-09-10 13:40:00 ----D---- C:\Program Files\trend micro
2010-09-10 13:39:59 ----D---- C:\rsit
2010-09-08 08:44:52 ----RASH---- C:\windows\Tcemov .exe
2010-09-08 08:44:52 ----RASH---- C:\windows\Tcemov .exe
2010-09-08 08:44:52 ----A---- C:\windows\Tcemov.exe
2010-09-08 08:44:52 ----A---- C:\windows\Tcemov .exe
2010-09-07 16:31:37 ----RA---- C:\Documents and Settings\Mirek\Data aplikací\e1Jch.txt
2010-09-05 17:16:51 ----A---- C:\windows\Tcemou.exe
2010-09-04 15:28:58 ----A---- C:\windows\Tcemot.exe
2010-09-02 21:19:17 ----RA---- C:\Documents and Settings\Mirek\Data aplikací\Bkdi1.txt
2010-09-02 20:04:22 ----A---- C:\windows\Tcemos.exe
2010-09-01 20:57:17 ----A---- C:\windows\Tcemor.exe
2010-08-31 19:04:12 ----A---- C:\windows\Tcemoq.exe
2010-08-31 15:54:06 ----D---- C:\Toolbar4Free Toolbar images
2010-08-31 15:16:31 ----A---- C:\Documents and Settings\All Users\Data aplikací\TpEJV76b.exe
2010-08-31 09:26:57 ----A---- C:\windows\Tcemop.exe
2010-08-30 21:10:13 ----RA---- C:\Documents and Settings\Mirek\Data aplikací\BgmeL.txt
2010-08-30 19:58:59 ----RA---- C:\Documents and Settings\Mirek\Data aplikací\Ge6IC.txt
2010-08-30 19:24:40 ----RA---- C:\Documents and Settings\Mirek\Data aplikací\BgMek.txt
2010-08-30 18:04:35 ----RA---- C:\Documents and Settings\Mirek\Data aplikací\CN0E6.txt
2010-08-30 18:01:11 ----RA---- C:\Documents and Settings\Mirek\Data aplikací\KJ6Hb.txt
2010-08-24 16:10:35 ----RSHD---- C:\Documents and Settings\Mirek\Data aplikací\K-7695-6489-5842
2010-08-24 16:10:34 ----RA---- C:\Documents and Settings\Mirek\Data aplikací\lL166.txt
2010-08-24 16:04:34 ----A---- C:\windows\Tcemoo.exe
2010-08-23 15:16:47 ----RA---- C:\Documents and Settings\Mirek\Data aplikací\JHml0.txt
2010-08-21 02:24:33 ----A---- C:\windows\Tcemon.exe
2010-08-18 21:27:07 ----RA---- C:\Documents and Settings\Mirek\Data aplikací\EDIb7.txt
2010-08-18 18:50:28 ----RSHD---- C:\Documents and Settings\Mirek\Data aplikací\U-2535-6853-8747
2010-08-17 21:15:32 ----RSH---- C:\windows\jusched.exe
2010-08-17 21:15:32 ----RASH---- C:\windows\jusched .exe
2010-08-16 20:02:58 ----RA---- C:\Documents and Settings\Mirek\Data aplikací\kj6hC.txt
2010-08-16 16:57:59 ----RSHD---- C:\Documents and Settings\Mirek\Data aplikací\S-2535-6853-2745
======List of files/folders modified in the last 1 months======
2010-09-10 13:40:00 ----RD---- C:\Program Files
2010-09-10 13:37:32 ----D---- C:\Program Files\Mozilla Firefox
2010-09-10 13:28:07 ----SD---- C:\windows\Tasks
2010-09-10 13:00:04 ----A---- C:\windows\SchedLgU.Txt
2010-09-10 11:00:24 ----D---- C:\windows\Temp
2010-09-10 06:16:30 ----D---- C:\Program Files\Steam
2010-09-09 16:30:08 ----D---- C:\WINDOWS
2010-09-09 09:49:51 ----D---- C:\Program Files\Messenger
2010-09-08 15:45:35 ----RSH---- C:\Documents and Settings\Mirek\Data aplikací\winvsrnc.exe
2010-09-08 15:45:35 ----RSH---- C:\Documents and Settings\Mirek\Data aplikací\winsvrn.exe
2010-09-08 15:45:35 ----RSH---- C:\Documents and Settings\Mirek\Data aplikací\winsvrcn.exe
2010-09-08 15:45:34 ----D---- C:\Program Files\DAEMON Tools Lite
2010-09-08 14:00:41 ----AH---- C:\windows\system32\winrtsnr.txt
2010-09-07 18:27:35 ----D---- C:\windows\Prefetch
2010-09-07 17:25:17 ----D---- C:\Documents and Settings\Mirek\Data aplikací\Skype
2010-09-07 17:25:04 ----D---- C:\Documents and Settings\Mirek\Data aplikací\skypePM
2010-09-07 08:35:21 ----RSD---- C:\windows\Fonts
2010-09-01 21:54:12 ----D---- C:\windows\system32\CatRoot2
2010-08-31 18:37:05 ----D---- C:\Program Files\Czech Soccer Manager 2002 FE
2010-08-31 15:12:22 ----D---- C:\windows\system32
2010-08-31 15:12:22 ----A---- C:\windows\system32\HDAShCut.exe
2010-08-30 19:29:39 ----D---- C:\Program Files\BS_Player
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 nvata;nvata; C:\windows\system32\DRIVERS\nvata.sys [2006-04-24 100736]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2010-06-10 691696]
R1 intelppm;Řadič procesoru Intel; C:\windows\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R2 cpuz134;cpuz134; \??\C:\windows\system32\drivers\cpuz134_x32.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\ADIHdAud.sys [2005-10-05 141312]
R3 AEAudioService;AEAudio Service; C:\windows\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 hidusb;Ovladač třídy standardu HID; C:\windows\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; C:\windows\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2005-02-24 3454144]
R3 pcouffin;VSO Software pcouffin; C:\windows\System32\Drivers\pcouffin.sys [2010-06-06 47360]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\windows\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 SenFiltService;SenFilt Service; C:\windows\system32\drivers\Senfilt.sys [2005-08-11 393088]
S3 a9j78uu1;a9j78uu1; C:\windows\system32\drivers\a9j78uu1.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\windows\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\windows\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\windows\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\windows\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\windows\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\windows\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\windows\system32\DRIVERS\yk51x86.sys [2005-03-30 230400]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 BthServ;Bluetooth Support Service; C:\windows\system32\svchost.exe [2004-08-17 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-06-21 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\windows\system32\nvsvc32.exe [2005-02-24 127043]
R2 SSHNAS;SSHNAS; C:\windows\system32\svchost.exe [2004-08-17 14336]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Dekuji za váš čas.
S přáním hezkého dne Berka.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Pomalé PC - padání aplikací, ...
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Pomalé PC - padání aplikací, ...
zde log:
ComboFix 10-09-09.04 - Mirek 10.09.2010 14:06:39.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1022.783 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mirek\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Mirek\LOCALS~1\Temp\Tkr .exe
c:\docume~1\Mirek\LOCALS~1\Temp\Tkr.exe
c:\docume~1\Mirek\LOCALS~1\Temp\Tl3 .exe
c:\docume~1\Mirek\LOCALS~1\Temp\Tl3 .exe
c:\docume~1\Mirek\LOCALS~1\Temp\Tl3 .exe
c:\docume~1\Mirek\LOCALS~1\Temp\Tl3 .exe
c:\docume~1\Mirek\LOCALS~1\Temp\Tl3 .exe
c:\docume~1\Mirek\LOCALS~1\Temp\Tl3 .exe
c:\docume~1\Mirek\LOCALS~1\Temp\Tlv .exe
c:\docume~1\Mirek\LOCALS~1\Temp\Tlv .exe
c:\docume~1\Mirek\LOCALS~1\Temp\Tlv .exe
c:\docume~1\Mirek\LOCALS~1\Temp\tmx.exe
c:\documents and settings\All Users\wincdvns .exe
c:\documents and settings\All Users\wincdvns.exe
c:\documents and settings\All Users\winrsncd .exe
c:\documents and settings\All Users\winrsncd.exe
c:\documents and settings\All Users\winsvncd .exe
c:\documents and settings\All Users\winsvncd.exe
c:\documents and settings\Mirek\AVSPMJGDAV.exe
c:\documents and settings\Mirek\Data aplikací\chrtmp
c:\documents and settings\Mirek\Data aplikací\inst.exe
c:\documents and settings\Mirek\Data aplikací\S-2535-6853-2745\winrsvn.exe
c:\documents and settings\Mirek\Data aplikací\winsvrcn .exe
c:\documents and settings\Mirek\Data aplikací\winsvrcn.exe
c:\documents and settings\Mirek\Data aplikací\winsvrn .exe
c:\documents and settings\Mirek\Data aplikací\winsvrn.exe
c:\documents and settings\Mirek\Data aplikací\winvsrnc .exe
c:\documents and settings\Mirek\Data aplikací\winvsrnc.exe
c:\documents and settings\Mirek\DAVSGDAVSP.exe
c:\documents and settings\Mirek\DAVSPMJGDA.exe
c:\documents and settings\Mirek\DJGMJPMJPM.exe
c:\documents and settings\Mirek\GDPMJGSPMJ.exe
c:\documents and settings\Mirek\JGDAVSPMJG.exe
c:\documents and settings\Mirek\PJGDPMJPMS.exe
c:\documents and settings\Mirek\SMAVSVSPDA.exe
c:\documents and settings\Mirek\SPMJGDAVSP.exe
c:\documents and settings\Mirek\VSAVSAVDAG.exe
c:\documents and settings\Mirek\VSAVSAVDAV.exe
c:\documents and settings\Mirek\wincdvns.exe
c:\documents and settings\Mirek\winrsncd .exe
c:\documents and settings\Mirek\winrsncd.exe
c:\documents and settings\Mirek\winsvncd.exe
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\program files\Analog Devices\Core\smax4pnp.exe
c:\program files\Analog Devices\SoundMAX\Smax4 .exe
c:\program files\Analog Devices\SoundMAX\Smax4 .exe
c:\program files\Analog Devices\SoundMAX\Smax4 .exe
c:\program files\Analog Devices\SoundMAX\Smax4 .exe
c:\program files\Analog Devices\SoundMAX\Smax4 .exe
c:\program files\Analog Devices\SoundMAX\Smax4 .exe
c:\program files\Analog Devices\SoundMAX\Smax4 .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
c:\program files\Common Files\Java\Java Update\jusched.exe
c:\program files\DAEMON Tools Lite\DTLite.exe
c:\program files\HP\HP Software Update\HPWuSchd2.exe
c:\program files\Messenger\msmsgs.exe
c:\program files\Pando Networks\Media Booster\PMB.exe
c:\program files\Steam\Steam.exe
c:\windows\jusched.exe
c:\windows\system32\sshnas21.dll
c:\windows\system32\winrtsnr.txt
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tcemop.exe
c:\windows\Tcemoq.exe
c:\windows\Tcemor.exe
c:\windows\Tcemos.exe
c:\windows\Tcemot.exe
c:\windows\Tcemou.exe
c:\windows\Tcemov .exe
c:\windows\Tcemov .exe
c:\windows\Tcemov.exe
.
Nakažená kopie c:\windows\system32\drivers\serial.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
-------\Service_SSHNAS
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-10 do 2010-09-10 )))))))))))))))))))))))))))))))
.
2010-09-10 11:40 . 2010-09-10 11:40 -------- d-----w- c:\program files\trend micro
2010-09-10 11:39 . 2010-09-10 11:40 -------- d-----w- C:\rsit
2010-09-08 06:44 . 2010-09-07 18:06 208896 ----a-w- c:\windows\Tcemov.exe
2010-08-31 13:54 . 2010-08-31 13:54 -------- d-----w- C:\Toolbar4Free Toolbar images
2010-08-31 13:53 . 2010-08-31 13:53 -------- d-----r- c:\documents and settings\NetworkService\Oblíbené položky
2010-08-24 14:04 . 2010-08-23 14:01 204800 ----a-w- c:\windows\Tcemoo.exe
2010-08-21 00:24 . 2010-08-21 00:24 214016 ----a-w- c:\windows\Tcemon.exe
2010-08-17 19:15 . 2010-08-17 19:15 126976 --sha-r- c:\windows\jusched .exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-10 12:18 . 2010-06-13 17:42 -------- d-----w- c:\program files\Steam
2010-09-10 12:18 . 2010-06-10 06:47 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-08-31 16:37 . 2010-08-03 13:17 -------- d-----w- c:\program files\Czech Soccer Manager 2002 FE
2010-08-31 13:12 . 2004-10-27 13:21 35844 ----a-w- c:\windows\system32\HDAShCut.exe
2010-08-30 17:29 . 2010-07-18 12:49 -------- d-----w- c:\program files\BS_Player
2010-07-28 18:12 . 2010-07-29 06:45 190976 ----a-w- c:\windows\Tcemom.exe
2010-07-28 15:31 . 2010-07-28 15:31 190976 ----a-w- c:\windows\Tcemol.exe
2010-07-27 10:47 . 2010-07-27 10:47 -------- d-----w- c:\program files\CPUID
2010-07-27 10:46 . 2010-07-27 10:46 193536 ----a-w- c:\windows\Tcemok.exe
2010-07-22 17:41 . 2010-07-22 20:53 172032 ----a-w- c:\windows\Tcemoj.exe
2010-07-22 17:41 . 2010-07-22 20:01 172032 ----a-w- c:\windows\Tcemoi.exe
2010-07-22 17:41 . 2010-07-22 19:11 172032 ----a-w- c:\windows\Tcemoh.exe
2010-07-22 17:41 . 2010-07-22 18:32 172032 ----a-w- c:\windows\Tcemog.exe
2010-07-22 14:03 . 2010-07-22 17:37 172032 ----a-w- c:\windows\Tcemof.exe
2010-07-18 12:49 . 2010-07-18 12:49 -------- d-----w- c:\program files\Conduit
2010-07-18 12:49 . 2010-07-18 12:49 -------- d-----w- c:\program files\Webteh
2010-07-11 20:30 . 2010-07-12 09:10 174080 ----a-w- c:\windows\Tcemoe.exe
2010-07-09 11:18 . 2010-07-27 10:47 20328 ----a-w- c:\windows\system32\drivers\cpuz134_x32.sys
2010-07-06 16:05 . 2010-07-06 20:17 205312 ----a-w- c:\windows\Tcemod.exe
2010-07-02 18:05 . 2010-07-03 01:49 213504 ----a-w- c:\windows\Tcemoc.exe
2010-07-02 05:56 . 2010-07-02 05:56 171008 ----a-w- c:\windows\Tcemob.exe
2010-06-30 16:45 . 2010-06-30 16:45 206336 ----a-w- c:\windows\Tcemoa.exe
2010-06-23 01:02 . 2001-10-25 14:00 77850 ----a-w- c:\windows\system32\perfc005.dat
2010-06-23 01:02 . 2001-10-25 14:00 428744 ----a-w- c:\windows\system32\perfh005.dat
2010-06-21 11:16 . 2010-06-21 11:16 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-15 14:35 . 2010-06-15 14:35 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-14 14:30 . 2010-05-23 12:26 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2008-12-17 22:25 . 2010-05-23 15:52 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 22:25 . 2010-05-23 15:52 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 22:25 . 2010-05-23 15:52 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 22:25 . 2010-05-23 15:52 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 22:25 . 2010-05-23 15:52 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-08-30 2734688]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2010-06-06 13:16 806912 ----a-w- c:\program files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-08-30 17:29 2734688 ----a-w- c:\program files\BS_Player\tbBS_0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [2010-06-06 806912]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-08-30 2734688]
[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [2010-06-06 806912]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-08-30 2734688]
[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-06-03 2937528]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Google Update"="c:\documents and settings\Mirek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [N/A]
"Steam"="c:\program files\Steam\Steam.exe" [2010-08-24 1242448]
"Windows System Updates"="c:\documents and settings\Mirek\Data aplikací\winvsrnc.exe" [N/A]
"WindowsSysControl"="c:\documents and settings\Mirek\Data aplikací\winsvrcn.exe" [N/A]
"WinSysControls"="\Documents and Settings\Mirek\winrsncd.exe" [N/A]
"WinSysMngrs"="c:\documents and settings\Mirek\Data aplikací\winsvrn.exe" [N/A]
"Windows Boot Control"="c:\documents and settings\Mirek\Data aplikací\S-2535-6853-2745\winrsvn.exe" [N/A]
"MSNUpdateService"="c:\documents and settings\All Users\winsvncd.exe" [N/A]
"MSNUpdManagers"="c:\documents and settings\All Users\wincdvns.exe" [N/A]
"OTGV1DNWQQ"="c:\windows\Tcemov .exe" [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2010-08-31 35844]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
"nwiz"="nwiz.exe" [2005-02-24 1495040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-02-24 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Hry\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\steamapps\\michal290\\day of defeat\\hl.exe"=
"c:\\Hry\\Age Of Empires 2 CZ!!!!\\Age Of Empires 2 CZ!!!!\\empires2.exe"=
"c:\\Documents and Settings\\Mirek\\Data aplikací\\S-4535-6842-8745\\winsvn32.exe"=
"c:\\Documents and Settings\\Mirek\\Data aplikací\\U-2535-6853-8747\\winusbmgr.exe"=
"c:\\Documents and Settings\\Mirek\\Data aplikací\\K-7695-6489-5842\\csrrsn.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59120:TCP"= 59120:TCP:Pando Media Booster
"59120:UDP"= 59120:UDP:Pando Media Booster
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [27.7.2010 12:47 20328]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.6.2010 8:47 691696]
.
Obsah adresáře 'Naplánované úlohy'
2010-09-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-05-25 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://fullarticles.net
FF - ProfilePath - c:\documents and settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q=
FF - component: c:\documents and settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-GamersFirst LIVE! - c:\program files\GamersFirst\LIVE!\uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-10 14:18
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3388)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HDAShCut.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\windows\Tcemov.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Celkový čas: 2010-09-10 14:25:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-10 12:25
Před spuštěním: Volných bajtů: 38 058 614 784
Po spuštění: Volných bajtů: 40 655 470 592
- - End Of File - - F5694B29CA15DD95AFA456A78079B93D
ComboFix 10-09-09.04 - Mirek 10.09.2010 14:06:39.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1022.783 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mirek\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Mirek\LOCALS~1\Temp\Tkr .exe
c:\docume~1\Mirek\LOCALS~1\Temp\Tkr.exe
c:\docume~1\Mirek\LOCALS~1\Temp\Tl3 .exe
c:\docume~1\Mirek\LOCALS~1\Temp\Tl3 .exe
c:\docume~1\Mirek\LOCALS~1\Temp\Tl3 .exe
c:\docume~1\Mirek\LOCALS~1\Temp\Tl3 .exe
c:\docume~1\Mirek\LOCALS~1\Temp\Tl3 .exe
c:\docume~1\Mirek\LOCALS~1\Temp\Tl3 .exe
c:\docume~1\Mirek\LOCALS~1\Temp\Tlv .exe
c:\docume~1\Mirek\LOCALS~1\Temp\Tlv .exe
c:\docume~1\Mirek\LOCALS~1\Temp\Tlv .exe
c:\docume~1\Mirek\LOCALS~1\Temp\tmx.exe
c:\documents and settings\All Users\wincdvns .exe
c:\documents and settings\All Users\wincdvns.exe
c:\documents and settings\All Users\winrsncd .exe
c:\documents and settings\All Users\winrsncd.exe
c:\documents and settings\All Users\winsvncd .exe
c:\documents and settings\All Users\winsvncd.exe
c:\documents and settings\Mirek\AVSPMJGDAV.exe
c:\documents and settings\Mirek\Data aplikací\chrtmp
c:\documents and settings\Mirek\Data aplikací\inst.exe
c:\documents and settings\Mirek\Data aplikací\S-2535-6853-2745\winrsvn.exe
c:\documents and settings\Mirek\Data aplikací\winsvrcn .exe
c:\documents and settings\Mirek\Data aplikací\winsvrcn.exe
c:\documents and settings\Mirek\Data aplikací\winsvrn .exe
c:\documents and settings\Mirek\Data aplikací\winsvrn.exe
c:\documents and settings\Mirek\Data aplikací\winvsrnc .exe
c:\documents and settings\Mirek\Data aplikací\winvsrnc.exe
c:\documents and settings\Mirek\DAVSGDAVSP.exe
c:\documents and settings\Mirek\DAVSPMJGDA.exe
c:\documents and settings\Mirek\DJGMJPMJPM.exe
c:\documents and settings\Mirek\GDPMJGSPMJ.exe
c:\documents and settings\Mirek\JGDAVSPMJG.exe
c:\documents and settings\Mirek\PJGDPMJPMS.exe
c:\documents and settings\Mirek\SMAVSVSPDA.exe
c:\documents and settings\Mirek\SPMJGDAVSP.exe
c:\documents and settings\Mirek\VSAVSAVDAG.exe
c:\documents and settings\Mirek\VSAVSAVDAV.exe
c:\documents and settings\Mirek\wincdvns.exe
c:\documents and settings\Mirek\winrsncd .exe
c:\documents and settings\Mirek\winrsncd.exe
c:\documents and settings\Mirek\winsvncd.exe
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\program files\Analog Devices\Core\smax4pnp.exe
c:\program files\Analog Devices\SoundMAX\Smax4 .exe
c:\program files\Analog Devices\SoundMAX\Smax4 .exe
c:\program files\Analog Devices\SoundMAX\Smax4 .exe
c:\program files\Analog Devices\SoundMAX\Smax4 .exe
c:\program files\Analog Devices\SoundMAX\Smax4 .exe
c:\program files\Analog Devices\SoundMAX\Smax4 .exe
c:\program files\Analog Devices\SoundMAX\Smax4 .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
c:\program files\Common Files\Java\Java Update\jusched.exe
c:\program files\DAEMON Tools Lite\DTLite.exe
c:\program files\HP\HP Software Update\HPWuSchd2.exe
c:\program files\Messenger\msmsgs.exe
c:\program files\Pando Networks\Media Booster\PMB.exe
c:\program files\Steam\Steam.exe
c:\windows\jusched.exe
c:\windows\system32\sshnas21.dll
c:\windows\system32\winrtsnr.txt
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tcemop.exe
c:\windows\Tcemoq.exe
c:\windows\Tcemor.exe
c:\windows\Tcemos.exe
c:\windows\Tcemot.exe
c:\windows\Tcemou.exe
c:\windows\Tcemov .exe
c:\windows\Tcemov .exe
c:\windows\Tcemov.exe
Kód: Vybrat vše
<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe ---^> c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\program files\Analog Devices\Core\smax4pnp .exe ---^> c:\program files\Analog Devices\Core\smax4pnp.exe
c:\program files\Analog Devices\SoundMAX\Smax4 .exe ---^> c:\program files\Analog Devices\SoundMAX\Smax4.exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe ---^> c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
c:\program files\Common Files\Java\Java Update\jusched .exe ---^> c:\program files\Common Files\Java\Java Update\jusched.exe
c:\program files\DAEMON Tools Lite\DTLite .exe ---^> c:\program files\DAEMON Tools Lite\DTLite.exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe ---^> c:\program files\HP\HP Software Update\HPWuSchd2.exe
c:\program files\Messenger\msmsgs .exe ---^> c:\program files\Messenger\msmsgs.exe
c:\program files\Pando Networks\Media Booster\PMB .exe ---^> c:\program files\Pando Networks\Media Booster\PMB.exe
c:\program files\Steam\Steam .exe ---^> c:\program files\Steam\Steam.exe
c:\windows\Tcemov .exe ---^> c:\windows\Tcemov.exe
</pre> Nakažená kopie c:\windows\system32\drivers\serial.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
-------\Service_SSHNAS
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-10 do 2010-09-10 )))))))))))))))))))))))))))))))
.
2010-09-10 11:40 . 2010-09-10 11:40 -------- d-----w- c:\program files\trend micro
2010-09-10 11:39 . 2010-09-10 11:40 -------- d-----w- C:\rsit
2010-09-08 06:44 . 2010-09-07 18:06 208896 ----a-w- c:\windows\Tcemov.exe
2010-08-31 13:54 . 2010-08-31 13:54 -------- d-----w- C:\Toolbar4Free Toolbar images
2010-08-31 13:53 . 2010-08-31 13:53 -------- d-----r- c:\documents and settings\NetworkService\Oblíbené položky
2010-08-24 14:04 . 2010-08-23 14:01 204800 ----a-w- c:\windows\Tcemoo.exe
2010-08-21 00:24 . 2010-08-21 00:24 214016 ----a-w- c:\windows\Tcemon.exe
2010-08-17 19:15 . 2010-08-17 19:15 126976 --sha-r- c:\windows\jusched .exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-10 12:18 . 2010-06-13 17:42 -------- d-----w- c:\program files\Steam
2010-09-10 12:18 . 2010-06-10 06:47 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-08-31 16:37 . 2010-08-03 13:17 -------- d-----w- c:\program files\Czech Soccer Manager 2002 FE
2010-08-31 13:12 . 2004-10-27 13:21 35844 ----a-w- c:\windows\system32\HDAShCut.exe
2010-08-30 17:29 . 2010-07-18 12:49 -------- d-----w- c:\program files\BS_Player
2010-07-28 18:12 . 2010-07-29 06:45 190976 ----a-w- c:\windows\Tcemom.exe
2010-07-28 15:31 . 2010-07-28 15:31 190976 ----a-w- c:\windows\Tcemol.exe
2010-07-27 10:47 . 2010-07-27 10:47 -------- d-----w- c:\program files\CPUID
2010-07-27 10:46 . 2010-07-27 10:46 193536 ----a-w- c:\windows\Tcemok.exe
2010-07-22 17:41 . 2010-07-22 20:53 172032 ----a-w- c:\windows\Tcemoj.exe
2010-07-22 17:41 . 2010-07-22 20:01 172032 ----a-w- c:\windows\Tcemoi.exe
2010-07-22 17:41 . 2010-07-22 19:11 172032 ----a-w- c:\windows\Tcemoh.exe
2010-07-22 17:41 . 2010-07-22 18:32 172032 ----a-w- c:\windows\Tcemog.exe
2010-07-22 14:03 . 2010-07-22 17:37 172032 ----a-w- c:\windows\Tcemof.exe
2010-07-18 12:49 . 2010-07-18 12:49 -------- d-----w- c:\program files\Conduit
2010-07-18 12:49 . 2010-07-18 12:49 -------- d-----w- c:\program files\Webteh
2010-07-11 20:30 . 2010-07-12 09:10 174080 ----a-w- c:\windows\Tcemoe.exe
2010-07-09 11:18 . 2010-07-27 10:47 20328 ----a-w- c:\windows\system32\drivers\cpuz134_x32.sys
2010-07-06 16:05 . 2010-07-06 20:17 205312 ----a-w- c:\windows\Tcemod.exe
2010-07-02 18:05 . 2010-07-03 01:49 213504 ----a-w- c:\windows\Tcemoc.exe
2010-07-02 05:56 . 2010-07-02 05:56 171008 ----a-w- c:\windows\Tcemob.exe
2010-06-30 16:45 . 2010-06-30 16:45 206336 ----a-w- c:\windows\Tcemoa.exe
2010-06-23 01:02 . 2001-10-25 14:00 77850 ----a-w- c:\windows\system32\perfc005.dat
2010-06-23 01:02 . 2001-10-25 14:00 428744 ----a-w- c:\windows\system32\perfh005.dat
2010-06-21 11:16 . 2010-06-21 11:16 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-15 14:35 . 2010-06-15 14:35 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-14 14:30 . 2010-05-23 12:26 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2008-12-17 22:25 . 2010-05-23 15:52 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 22:25 . 2010-05-23 15:52 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 22:25 . 2010-05-23 15:52 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 22:25 . 2010-05-23 15:52 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 22:25 . 2010-05-23 15:52 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
Kód: Vybrat vše
<pre>
c:\windows\jusched .exe
c:\windows\system32\HDAShCut .exe
</pre>.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-08-30 2734688]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2010-06-06 13:16 806912 ----a-w- c:\program files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-08-30 17:29 2734688 ----a-w- c:\program files\BS_Player\tbBS_0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [2010-06-06 806912]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-08-30 2734688]
[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [2010-06-06 806912]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-08-30 2734688]
[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-06-03 2937528]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Google Update"="c:\documents and settings\Mirek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [N/A]
"Steam"="c:\program files\Steam\Steam.exe" [2010-08-24 1242448]
"Windows System Updates"="c:\documents and settings\Mirek\Data aplikací\winvsrnc.exe" [N/A]
"WindowsSysControl"="c:\documents and settings\Mirek\Data aplikací\winsvrcn.exe" [N/A]
"WinSysControls"="\Documents and Settings\Mirek\winrsncd.exe" [N/A]
"WinSysMngrs"="c:\documents and settings\Mirek\Data aplikací\winsvrn.exe" [N/A]
"Windows Boot Control"="c:\documents and settings\Mirek\Data aplikací\S-2535-6853-2745\winrsvn.exe" [N/A]
"MSNUpdateService"="c:\documents and settings\All Users\winsvncd.exe" [N/A]
"MSNUpdManagers"="c:\documents and settings\All Users\wincdvns.exe" [N/A]
"OTGV1DNWQQ"="c:\windows\Tcemov .exe" [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2010-08-31 35844]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
"nwiz"="nwiz.exe" [2005-02-24 1495040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-02-24 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Hry\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\steamapps\\michal290\\day of defeat\\hl.exe"=
"c:\\Hry\\Age Of Empires 2 CZ!!!!\\Age Of Empires 2 CZ!!!!\\empires2.exe"=
"c:\\Documents and Settings\\Mirek\\Data aplikací\\S-4535-6842-8745\\winsvn32.exe"=
"c:\\Documents and Settings\\Mirek\\Data aplikací\\U-2535-6853-8747\\winusbmgr.exe"=
"c:\\Documents and Settings\\Mirek\\Data aplikací\\K-7695-6489-5842\\csrrsn.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59120:TCP"= 59120:TCP:Pando Media Booster
"59120:UDP"= 59120:UDP:Pando Media Booster
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [27.7.2010 12:47 20328]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.6.2010 8:47 691696]
.
Obsah adresáře 'Naplánované úlohy'
2010-09-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-05-25 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://fullarticles.net
FF - ProfilePath - c:\documents and settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q=
FF - component: c:\documents and settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-GamersFirst LIVE! - c:\program files\GamersFirst\LIVE!\uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-10 14:18
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3388)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HDAShCut.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\windows\Tcemov.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Celkový čas: 2010-09-10 14:25:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-10 12:25
Před spuštěním: Volných bajtů: 38 058 614 784
Po spuštění: Volných bajtů: 40 655 470 592
- - End Of File - - F5694B29CA15DD95AFA456A78079B93D
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Pomalé PC - padání aplikací, ...
Pokud nemáte, přesuňte Combofix na plochu
- Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.
Kód: Vybrat vše
File::
c:\windows\jusched .exe
c:\windows\Tcemov.exe
c:\windows\Tcemoo.exe
c:\windows\Tcemon.exe
c:\windows\Tcemok.exe
c:\windows\Tcemoj.exe
c:\windows\Tcemoi.exe
c:\windows\Tcemoh.exe
c:\windows\Tcemog.exe
c:\windows\Tcemoe.exe
c:\windows\Tcemof.exe
c:\windows\Tcemod.exe
c:\windows\Tcemoc.exe
c:\windows\Tcemob.exe
c:\windows\Tcemoa.exe
c:\windows\system32\ezsidmv.dat
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=-
"Windows System Updates"=-
"WindowsSysControl"=-
"WinSysControls"=-
"WinSysMngrs"=-
"Windows Boot Control"=-
"MSNUpdateService"=-
"MSNUpdManagers"=-
"OTGV1DNWQQ"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"c:\\Documents and Settings\\Mirek\\Data aplikací\\S-4535-6842-8745\\winsvn32.exe"=-
"c:\\Documents and Settings\\Mirek\\Data aplikací\\U-2535-6853-8747\\winusbmgr.exe"=-
"c:\\Documents and Settings\\Mirek\\Data aplikací\\K-7695-6489-5842\\csrrsn.exe"=-
RenV::
c:\windows\system32\HDAShCut .exe- Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
- Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
- Po aplikaci na Vás vypadne další log,vložte ho sem
Re: Pomalé PC - padání aplikací, ...
omlouvám se za zpoždění, něco mi do toho vlezlo
zde je ten log:
ComboFix 10-09-09.04 - Mirek 10.09.2010 20:11:11.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1022.658 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mirek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Mirek\Plocha\CFScript.txt.txt
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
FILE ::
"c:\windows\jusched .exe"
"c:\windows\system32\ezsidmv.dat"
"c:\windows\Tcemoa.exe"
"c:\windows\Tcemob.exe"
"c:\windows\Tcemoc.exe"
"c:\windows\Tcemod.exe"
"c:\windows\Tcemoe.exe"
"c:\windows\Tcemof.exe"
"c:\windows\Tcemog.exe"
"c:\windows\Tcemoh.exe"
"c:\windows\Tcemoi.exe"
"c:\windows\Tcemoj.exe"
"c:\windows\Tcemok.exe"
"c:\windows\Tcemon.exe"
"c:\windows\Tcemoo.exe"
"c:\windows\Tcemov.exe"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\jusched .exe
c:\windows\system32\ezsidmv.dat
c:\windows\Tcemoa.exe
c:\windows\Tcemob.exe
c:\windows\Tcemoc.exe
c:\windows\Tcemod.exe
c:\windows\Tcemoe.exe
c:\windows\Tcemof.exe
c:\windows\Tcemog.exe
c:\windows\Tcemoh.exe
c:\windows\Tcemoi.exe
c:\windows\Tcemoj.exe
c:\windows\Tcemok.exe
c:\windows\Tcemon.exe
c:\windows\Tcemoo.exe
c:\windows\Tcemov.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-10 do 2010-09-10 )))))))))))))))))))))))))))))))
.
2010-09-10 11:40 . 2010-09-10 11:40 -------- d-----w- c:\program files\trend micro
2010-09-10 11:39 . 2010-09-10 11:40 -------- d-----w- C:\rsit
2010-08-31 13:54 . 2010-08-31 13:54 -------- d-----w- C:\Toolbar4Free Toolbar images
2010-08-31 13:53 . 2010-08-31 13:53 -------- d-----r- c:\documents and settings\NetworkService\Oblíbené položky
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-10 12:18 . 2010-06-13 17:42 -------- d-----w- c:\program files\Steam
2010-09-10 12:18 . 2010-06-10 06:47 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-08-31 16:37 . 2010-08-03 13:17 -------- d-----w- c:\program files\Czech Soccer Manager 2002 FE
2010-08-30 17:29 . 2010-07-18 12:49 -------- d-----w- c:\program files\BS_Player
2010-07-28 18:12 . 2010-07-29 06:45 190976 ----a-w- c:\windows\Tcemom.exe
2010-07-28 15:31 . 2010-07-28 15:31 190976 ----a-w- c:\windows\Tcemol.exe
2010-07-27 10:47 . 2010-07-27 10:47 -------- d-----w- c:\program files\CPUID
2010-07-18 12:49 . 2010-07-18 12:49 -------- d-----w- c:\program files\Conduit
2010-07-18 12:49 . 2010-07-18 12:49 -------- d-----w- c:\program files\Webteh
2010-07-09 11:18 . 2010-07-27 10:47 20328 ----a-w- c:\windows\system32\drivers\cpuz134_x32.sys
2010-06-23 01:02 . 2001-10-25 14:00 77850 ----a-w- c:\windows\system32\perfc005.dat
2010-06-23 01:02 . 2001-10-25 14:00 428744 ----a-w- c:\windows\system32\perfh005.dat
2010-06-21 11:16 . 2010-06-21 11:16 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-14 14:30 . 2010-05-23 12:26 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2008-12-17 22:25 . 2010-05-23 15:52 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 22:25 . 2010-05-23 15:52 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 22:25 . 2010-05-23 15:52 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 22:25 . 2010-05-23 15:52 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 22:25 . 2010-05-23 15:52 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-09-10_12.18.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-10-27 13:21 . 2004-10-27 13:21 61952 c:\windows\system32\HDAShCut.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-08-30 2734688]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2010-06-06 13:16 806912 ----a-w- c:\program files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-08-30 17:29 2734688 ----a-w- c:\program files\BS_Player\tbBS_0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [2010-06-06 806912]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-08-30 2734688]
[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [2010-06-06 806912]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-08-30 2734688]
[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-06-03 2937528]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Steam"="c:\program files\Steam\Steam.exe" [2010-08-24 1242448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
"nwiz"="nwiz.exe" [2005-02-24 1495040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-02-24 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Hry\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\steamapps\\michal290\\day of defeat\\hl.exe"=
"c:\\Hry\\Age Of Empires 2 CZ!!!!\\Age Of Empires 2 CZ!!!!\\empires2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59120:TCP"= 59120:TCP:Pando Media Booster
"59120:UDP"= 59120:UDP:Pando Media Booster
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [27.7.2010 12:47 20328]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.6.2010 8:47 691696]
.
Obsah adresáře 'Naplánované úlohy'
2010-09-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-05-25 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://fullarticles.net
FF - ProfilePath - c:\documents and settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q=
FF - component: c:\documents and settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-10 20:15
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2010-09-10 20:17:34
ComboFix-quarantined-files.txt 2010-09-10 18:17
ComboFix2.txt 2010-09-10 12:25
Před spuštěním: Volných bajtů: 41 633 718 272
Po spuštění: Volných bajtů: 41 650 552 832
- - End Of File - - 4B263F7A6E7C2C315DCF2CAF31C9388C
zde je ten log:
ComboFix 10-09-09.04 - Mirek 10.09.2010 20:11:11.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1022.658 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mirek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Mirek\Plocha\CFScript.txt.txt
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
FILE ::
"c:\windows\jusched .exe"
"c:\windows\system32\ezsidmv.dat"
"c:\windows\Tcemoa.exe"
"c:\windows\Tcemob.exe"
"c:\windows\Tcemoc.exe"
"c:\windows\Tcemod.exe"
"c:\windows\Tcemoe.exe"
"c:\windows\Tcemof.exe"
"c:\windows\Tcemog.exe"
"c:\windows\Tcemoh.exe"
"c:\windows\Tcemoi.exe"
"c:\windows\Tcemoj.exe"
"c:\windows\Tcemok.exe"
"c:\windows\Tcemon.exe"
"c:\windows\Tcemoo.exe"
"c:\windows\Tcemov.exe"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\jusched .exe
c:\windows\system32\ezsidmv.dat
c:\windows\Tcemoa.exe
c:\windows\Tcemob.exe
c:\windows\Tcemoc.exe
c:\windows\Tcemod.exe
c:\windows\Tcemoe.exe
c:\windows\Tcemof.exe
c:\windows\Tcemog.exe
c:\windows\Tcemoh.exe
c:\windows\Tcemoi.exe
c:\windows\Tcemoj.exe
c:\windows\Tcemok.exe
c:\windows\Tcemon.exe
c:\windows\Tcemoo.exe
c:\windows\Tcemov.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-10 do 2010-09-10 )))))))))))))))))))))))))))))))
.
2010-09-10 11:40 . 2010-09-10 11:40 -------- d-----w- c:\program files\trend micro
2010-09-10 11:39 . 2010-09-10 11:40 -------- d-----w- C:\rsit
2010-08-31 13:54 . 2010-08-31 13:54 -------- d-----w- C:\Toolbar4Free Toolbar images
2010-08-31 13:53 . 2010-08-31 13:53 -------- d-----r- c:\documents and settings\NetworkService\Oblíbené položky
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-10 12:18 . 2010-06-13 17:42 -------- d-----w- c:\program files\Steam
2010-09-10 12:18 . 2010-06-10 06:47 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-08-31 16:37 . 2010-08-03 13:17 -------- d-----w- c:\program files\Czech Soccer Manager 2002 FE
2010-08-30 17:29 . 2010-07-18 12:49 -------- d-----w- c:\program files\BS_Player
2010-07-28 18:12 . 2010-07-29 06:45 190976 ----a-w- c:\windows\Tcemom.exe
2010-07-28 15:31 . 2010-07-28 15:31 190976 ----a-w- c:\windows\Tcemol.exe
2010-07-27 10:47 . 2010-07-27 10:47 -------- d-----w- c:\program files\CPUID
2010-07-18 12:49 . 2010-07-18 12:49 -------- d-----w- c:\program files\Conduit
2010-07-18 12:49 . 2010-07-18 12:49 -------- d-----w- c:\program files\Webteh
2010-07-09 11:18 . 2010-07-27 10:47 20328 ----a-w- c:\windows\system32\drivers\cpuz134_x32.sys
2010-06-23 01:02 . 2001-10-25 14:00 77850 ----a-w- c:\windows\system32\perfc005.dat
2010-06-23 01:02 . 2001-10-25 14:00 428744 ----a-w- c:\windows\system32\perfh005.dat
2010-06-21 11:16 . 2010-06-21 11:16 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-14 14:30 . 2010-05-23 12:26 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2008-12-17 22:25 . 2010-05-23 15:52 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 22:25 . 2010-05-23 15:52 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 22:25 . 2010-05-23 15:52 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 22:25 . 2010-05-23 15:52 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 22:25 . 2010-05-23 15:52 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-09-10_12.18.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-10-27 13:21 . 2004-10-27 13:21 61952 c:\windows\system32\HDAShCut.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-08-30 2734688]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2010-06-06 13:16 806912 ----a-w- c:\program files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-08-30 17:29 2734688 ----a-w- c:\program files\BS_Player\tbBS_0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [2010-06-06 806912]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-08-30 2734688]
[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [2010-06-06 806912]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-08-30 2734688]
[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-06-03 2937528]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Steam"="c:\program files\Steam\Steam.exe" [2010-08-24 1242448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
"nwiz"="nwiz.exe" [2005-02-24 1495040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-02-24 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Hry\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\steamapps\\michal290\\day of defeat\\hl.exe"=
"c:\\Hry\\Age Of Empires 2 CZ!!!!\\Age Of Empires 2 CZ!!!!\\empires2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59120:TCP"= 59120:TCP:Pando Media Booster
"59120:UDP"= 59120:UDP:Pando Media Booster
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [27.7.2010 12:47 20328]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.6.2010 8:47 691696]
.
Obsah adresáře 'Naplánované úlohy'
2010-09-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-05-25 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://fullarticles.net
FF - ProfilePath - c:\documents and settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q=
FF - component: c:\documents and settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-10 20:15
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2010-09-10 20:17:34
ComboFix-quarantined-files.txt 2010-09-10 18:17
ComboFix2.txt 2010-09-10 12:25
Před spuštěním: Volných bajtů: 41 633 718 272
Po spuštění: Volných bajtů: 41 650 552 832
- - End Of File - - 4B263F7A6E7C2C315DCF2CAF31C9388C
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Pomalé PC - padání aplikací, ...
Doporučuji odinstalovat (pokud nepoužíváte) toolbary (lišty) v Přidat nebo odebrat programy. Odinstalujte všechny emulátory virtuálních mechanik. Stáhněte SPTD http://www.duplexsecure.com/en/downloads
- Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
- zvolte možnost Uninstall a restartujte PC.
Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe
- Klikněte na "Disable" a restartujte PC.
Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe Start > Spustit (Win + R)- Vyskočí okénko, zkopírujte do něj:
Kód: Vybrat vše
"%userprofile%\plocha\mbr" -t- Klikněte na OK
- Vytvoří se log s názvem mbr.log, vložte ho sem.
Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878Re: Pomalé PC - padání aplikací, ...
- program SPTD mim nenabízí možnost uinstal - píše že sptd nebylo detekováno
- toolbary odinstalovány
- log z mbr:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
- 1scan z gmer:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-09-10 20:51:54
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Mirek\LOCALS~1\Temp\uxtdqpoc.sys
---- System - GMER 1.0.15 ----
Code \??\C:\ComboFix\catchme.sys pIofCallDriver
---- EOF - GMER 1.0.15 ----
- 2.scan z gmer:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-10 22:14:00
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Mirek\LOCALS~1\Temp\uxtdqpoc.sys
---- Kernel code sections - GMER 1.0.15 ----
init C:\windows\system32\drivers\Senfilt.sys entry point in "init" section [0xF46FBA80]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1616] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158306d3f0
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158306d3f0@001fe4274f95 0x0E 0xC5 0x32 0xDE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB0 0x6F 0xB0 0xD4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x03 0x76 0xF1 0xED ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBB 0xF2 0x65 0x90 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00158306d3f0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00158306d3f0@001fe4274f95 0x0E 0xC5 0x32 0xDE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB0 0x6F 0xB0 0xD4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x03 0x76 0xF1 0xED ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBB 0xF2 0x65 0x90 ...
---- EOF - GMER 1.0.15 ----
- toolbary odinstalovány
- log z mbr:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
- 1scan z gmer:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-09-10 20:51:54
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Mirek\LOCALS~1\Temp\uxtdqpoc.sys
---- System - GMER 1.0.15 ----
Code \??\C:\ComboFix\catchme.sys pIofCallDriver
---- EOF - GMER 1.0.15 ----
- 2.scan z gmer:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-10 22:14:00
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Mirek\LOCALS~1\Temp\uxtdqpoc.sys
---- Kernel code sections - GMER 1.0.15 ----
init C:\windows\system32\drivers\Senfilt.sys entry point in "init" section [0xF46FBA80]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1616] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158306d3f0
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158306d3f0@001fe4274f95 0x0E 0xC5 0x32 0xDE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB0 0x6F 0xB0 0xD4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x03 0x76 0xF1 0xED ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBB 0xF2 0x65 0x90 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00158306d3f0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00158306d3f0@001fe4274f95 0x0E 0xC5 0x32 0xDE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB0 0x6F 0xB0 0xD4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x03 0x76 0xF1 0xED ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBB 0xF2 0x65 0x90 ...
---- EOF - GMER 1.0.15 ----
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Pomalé PC - padání aplikací, ...
Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu
- Spusťte, poté do spodního políčka vložte následující skript.
Kód: Vybrat vše
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
autochk.exe
Senfilt.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT
- Označte položku Pro všechny uživatele.
- Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
- Po dokončení, sem vložte logy OTL.Txt a Extras.txt
Re: Pomalé PC - padání aplikací, ...
otl log:
OTL logfile created on: 10.9.2010 22:27:28 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Mirek\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1 022,00 Mb Total Physical Memory | 708,00 Mb Available Physical Memory | 69,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 38,83 Gb Free Space | 52,11% Space Free | Partition Type: NTFS
Drive D: | 4,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BERKA
Current User Name: Mirek
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.09.10 22:26:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mirek\Plocha\OTL.exe
PRC - [2010.06.03 19:03:55 | 002,937,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2008.12.18 00:25:53 | 007,678,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2005.05.20 03:11:06 | 000,925,696 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010.09.10 22:26:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mirek\Plocha\OTL.exe
MOD - [2004.08.17 15:48:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004.08.03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\windows\System32\hidserv.dll -- (HidServ)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2006.03.03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010.07.09 13:18:54 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2010.06.10 08:47:46 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2006.04.24 11:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005.10.05 11:21:10 | 000,141,312 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2005.08.11 07:49:28 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005.03.30 08:24:00 | 000,230,400 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005.02.24 07:32:00 | 003,454,144 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004.10.27 15:21:36 | 000,138,240 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004.10.27 15:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.08.04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1275210071-1177238915-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fullarticles.net
IE - HKU\S-1-5-21-1275210071-1177238915-839522115-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1275210071-1177238915-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "BS Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.as ... earchTerms}"
FF - prefs.js..browser.search.selectedEngine: "BS Player Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT17505 ... hSource=13"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.as ... 1750559&q="
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.23 17:52:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.21 13:16:50 | 000,000,000 | ---D | M]
[2010.09.10 21:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\extensions
[2010.06.17 13:49:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.28 09:13:51 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010.05.29 00:08:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.07.18 14:49:21 | 000,000,000 | ---D | M] (BS Player Toolbar) -- C:\Documents and Settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
[2010.01.20 13:13:52 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\searchplugins\conduit.xml
[2010.06.10 08:47:49 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\searchplugins\daemon-search.xml
[2010.09.10 13:47:32 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\searchplugins\icqplugin.xml
[2010.09.10 21:36:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.06.21 13:16:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.05.23 17:52:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2008.12.18 00:25:55 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2008.12.18 00:25:55 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2008.12.18 00:25:55 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2008.12.18 00:25:55 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2008.12.18 00:25:55 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2010.06.21 13:16:34 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.06.03 19:03:55 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2006.06.04 22:11:07 | 000,001,118 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\centrum-cz.xml
[2006.06.04 22:11:07 | 000,000,661 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2006.06.04 22:11:07 | 000,001,674 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2006.08.25 17:16:33 | 000,001,302 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2006.06.04 22:11:07 | 000,000,765 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
O1 HOSTS File: ([2010.09.10 20:15:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-1177238915-839522115-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-1177238915-839522115-1003\..\Toolbar\WebBrowser: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No CLSID value found.
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\windows\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\windows\System32\HDAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\windows\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKU\S-1-5-21-1275210071-1177238915-839522115-1003..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1275210071-1177238915-839522115-1003..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-1177238915-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1275210071-1177238915-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1275210071-1177238915-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1275210071-1177238915-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.154.230.1 10.154.214.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Mirek\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mirek\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\windows\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)
========== Files/Folders - Created Within 30 Days ==========
[2010.09.10 22:26:28 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mirek\Plocha\OTL.exe
[2010.09.10 20:50:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mirek\Plocha\gmer
[2010.09.10 20:40:27 | 000,596,536 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\Mirek\Plocha\SPTDinst-v174-x86.exe
[2010.09.10 13:58:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2010.09.10 13:58:56 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2010.09.10 13:58:56 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2010.09.10 13:58:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2010.09.10 13:58:37 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2010.09.10 13:56:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.09.10 13:40:00 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.09.10 13:39:59 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.31 15:54:06 | 000,000,000 | ---D | C] -- C:\Toolbar4Free Toolbar images
[2010.08.31 15:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Data aplikací\Macromedia
[2010.08.31 15:53:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Data aplikací\Adobe
[2010.08.31 15:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Conduit
[2010.08.31 15:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\BS_Player
[2010.08.24 16:10:35 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Mirek\Data aplikací\K-7695-6489-5842
[2010.08.18 18:50:28 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Mirek\Data aplikací\U-2535-6853-8747
[2010.08.16 16:57:59 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Mirek\Data aplikací\S-2535-6853-2745
[2010.06.06 16:32:57 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Mirek\Data aplikací\pcouffin.sys
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.09.10 22:26:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mirek\Plocha\OTL.exe
[2010.09.10 22:25:34 | 000,000,260 | ---- | M] () -- C:\windows\tasks\WGASetup.job
[2010.09.10 22:22:30 | 000,023,773 | ---- | M] () -- C:\windows\System32\nvapps.xml
[2010.09.10 22:22:28 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010.09.10 22:22:26 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2010.09.10 20:50:38 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Mirek\Plocha\gmer.zip
[2010.09.10 20:43:39 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Mirek\Plocha\mbr.exe
[2010.09.10 20:43:26 | 000,000,156 | ---- | M] () -- C:\Documents and Settings\Mirek\defogger_reenable
[2010.09.10 20:43:17 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Mirek\Plocha\Defogger.exe
[2010.09.10 20:40:28 | 000,596,536 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\Mirek\Plocha\SPTDinst-v174-x86.exe
[2010.09.10 20:16:02 | 000,000,227 | ---- | M] () -- C:\windows\system.ini
[2010.09.10 20:15:53 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2010.09.10 18:20:33 | 000,071,170 | ---- | M] () -- C:\Documents and Settings\All Users\Data aplikací\TpEJV76b.exe
[2010.09.10 18:20:33 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Data aplikací\R85QQQf8.dat
[2010.09.10 14:17:16 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Mirek\NTUSER.DAT
[2010.09.10 14:17:16 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Mirek\ntuser.ini
[2010.09.10 13:57:16 | 004,263,414 | -H-- | M] () -- C:\Documents and Settings\Mirek\Local Settings\Data aplikací\IconCache.db
[2010.09.10 13:53:27 | 003,842,041 | R--- | M] () -- C:\Documents and Settings\Mirek\Plocha\ComboFix.exe
[2010.09.10 13:39:36 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Mirek\Plocha\RSIT.exe
[2010.09.07 17:24:41 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2010.09.06 23:21:17 | 000,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2010.08.23 15:43:06 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\Mirek\Plocha\Google Chrome.lnk
[2010.08.23 09:54:51 | 000,013,752 | ---- | M] () -- C:\Documents and Settings\Mirek\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.09.10 20:50:38 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Mirek\Plocha\gmer.zip
[2010.09.10 20:44:09 | 000,000,195 | ---- | C] () -- C:\Documents and Settings\Mirek\mbr.log
[2010.09.10 20:43:40 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Mirek\Plocha\mbr.exe
[2010.09.10 20:43:25 | 000,000,156 | ---- | C] () -- C:\Documents and Settings\Mirek\defogger_reenable
[2010.09.10 20:43:18 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Mirek\Plocha\Defogger.exe
[2010.09.10 13:58:56 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2010.09.10 13:58:56 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2010.09.10 13:58:56 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2010.09.10 13:58:56 | 000,077,312 | ---- | C] () -- C:\windows\MBR.exe
[2010.09.10 13:58:56 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2010.09.10 13:53:11 | 003,842,041 | R--- | C] () -- C:\Documents and Settings\Mirek\Plocha\ComboFix.exe
[2010.09.10 13:39:36 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Mirek\Plocha\RSIT.exe
[2010.09.07 17:44:06 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Mirek\winrtsn99.txt
[2010.09.07 16:31:37 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\e1Jch.txt
[2010.09.02 21:19:17 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\Bkdi1.txt
[2010.08.31 15:16:31 | 000,071,170 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\TpEJV76b.exe
[2010.08.31 15:16:30 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\R85QQQf8.dat
[2010.08.30 21:10:13 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\BgmeL.txt
[2010.08.30 19:58:59 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\Ge6IC.txt
[2010.08.30 19:24:40 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\BgMek.txt
[2010.08.30 18:04:35 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\CN0E6.txt
[2010.08.30 18:01:11 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\KJ6Hb.txt
[2010.08.24 16:10:34 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\lL166.txt
[2010.08.23 15:16:47 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\JHml0.txt
[2010.08.18 21:27:07 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\EDIb7.txt
[2010.08.16 20:02:58 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\kj6hC.txt
[2010.08.09 20:31:33 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\lLE6c.txt
[2010.08.09 20:28:09 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\NMeKE.txt
[2010.08.09 20:20:46 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\Bd6CH.txt
[2010.07.29 21:01:17 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\ih8GM.txt
[2010.07.28 12:28:36 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\ei66G.txt
[2010.07.27 13:17:13 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\j618A.txt
[2010.07.27 12:41:06 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\JiC7N.txt
[2010.07.23 14:55:38 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\B18NG.txt
[2010.07.23 08:26:40 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\KJcHb.txt
[2010.07.22 15:01:36 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\BekD6.txt
[2010.07.22 13:28:10 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\bnf70.txt
[2010.07.22 08:26:13 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\BMEDI.txt
[2010.07.12 20:20:32 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\gf71j.txt
[2010.07.10 12:11:23 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\B18Nf.txt
[2010.07.07 14:41:32 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\nmFkE.txt
[2010.07.07 14:20:47 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\N7DcH.txt
[2010.07.06 15:05:21 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\bAf7e.txt
[2010.07.05 15:10:24 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\LKdI1.txt
[2010.07.02 20:05:09 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\DCfFk.txt
[2010.06.30 18:45:37 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\B1j61.txt
[2010.06.30 18:45:36 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\F6D6g.txt
[2010.06.06 16:33:19 | 000,001,041 | ---- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\vso_ts_preview.xml
[2010.06.06 16:33:08 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\pcouffin.log
[2010.06.06 16:32:57 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\pcouffin.cat
[2010.06.06 16:32:57 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\pcouffin.inf
[2010.06.06 13:14:08 | 000,000,547 | ---- | C] () -- C:\windows\System32\ff_vfw.dll.manifest
[2010.06.06 13:14:07 | 000,057,344 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2010.05.23 15:47:09 | 000,018,783 | ---- | C] () -- C:\windows\Ascd_tmp.ini
[2010.05.23 15:47:06 | 000,005,810 | R--- | C] () -- C:\windows\System32\drivers\ASACPI.sys
[2010.05.23 15:47:02 | 000,005,824 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2010.05.23 15:34:35 | 000,077,824 | R--- | C] () -- C:\windows\System32\HPZIDS01.dll
[2010.05.23 15:29:38 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
[2010.05.23 15:20:58 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Mirek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.23 14:53:17 | 000,000,709 | R--- | C] () -- C:\windows\System32\AsusSetup.ini
[2010.05.23 14:53:17 | 000,000,263 | R--- | C] () -- C:\windows\System32\raidmgmt.ini
[2010.05.23 14:52:45 | 000,019,025 | ---- | C] () -- C:\windows\Ascd_log.ini
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\windows\System32\xlive.dll.cat
[2008.02.29 06:14:04 | 000,223,744 | ---- | C] () -- C:\windows\System32\b4fm.dll
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\windows\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,761,856 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\windows\System32\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\windows\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\windows\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\windows\System32\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\windows\System32\ogg.dll
[2005.02.24 07:32:00 | 000,540,672 | ---- | C] () -- C:\windows\System32\nvhwvid.dll
[2004.07.17 11:36:38 | 000,027,440 | ---- | C] () -- C:\windows\System32\drivers\secdrv.sys
[2001.07.07 03:00:00 | 000,003,165 | ---- | C] () -- C:\windows\System32\HPTCPMON.INI
========== LOP Check ==========
[2010.06.10 08:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2010.06.15 23:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Electronic Arts
[2010.05.29 00:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2010.06.14 20:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\KONAMI
[2010.06.03 19:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PMB Files
[2010.06.14 20:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Sports Interactive
[2010.06.13 14:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Test Drive Unlimited
[2010.06.06 17:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\vsosdk
[2010.07.18 16:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\BSplayer
[2010.07.18 14:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\BSplayer Pro
[2010.06.10 08:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\DAEMON Tools Lite
[2010.05.24 08:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\Image Zone Express
[2010.08.24 16:10:35 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\Mirek\Data aplikací\K-7695-6489-5842
[2010.09.10 14:12:34 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\Mirek\Data aplikací\S-2535-6853-2745
[2010.07.27 12:41:07 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\Mirek\Data aplikací\S-4535-6842-8745
[2010.06.14 20:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\Sports Interactive
[2010.06.17 19:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\Tropico 3
[2010.08.18 18:50:28 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\Mirek\Data aplikací\U-2535-6853-8747
[2010.06.23 08:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\Vso
[2010.09.10 22:25:34 | 000,000,260 | ---- | M] () -- C:\windows\Tasks\WGASetup.job
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Pando Media Booster" = C:\Program Files\Pando Networks\Media Booster\PMB.exe -- [2010.06.03 19:03:55 | 002,937,528 | ---- | M] ()
"Steam" = "C:\Program Files\Steam\Steam.exe" -silent -- [2010.08.24 16:04:12 | 001,242,448 | ---- | M] (Valve Corporation)
< c:\windows\*.* /U >
[3 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010.05.27 21:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\Adobe
[2010.07.18 16:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\BSplayer
[2010.07.18 14:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\BSplayer Pro
[2010.06.10 08:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\DAEMON Tools Lite
[2010.06.06 15:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\dvdcss
[2010.05.24 08:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\HP
[2010.05.23 14:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\Identities
[2010.05.24 08:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\Image Zone Express
[2010.08.24 16:10:35 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\Mirek\Data aplikací\K-7695-6489-5842
[2010.05.23 16:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\Macromedia
[2010.06.28 09:44:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Mirek\Data aplikací\Microsoft
[2010.05.23 17:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\Mozilla
[2010.09.10 14:12:34 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\Mirek\Data aplikací\S-2535-6853-2745
[2010.07.27 12:41:07 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\Mirek\Data aplikací\S-4535-6842-8745
[2010.09.07 17:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\Skype
[2010.09.07 17:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\skypePM
[2010.06.14 20:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\Sports Interactive
[2010.06.21 13:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\Sun
[2010.06.17 19:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\Tropico 3
[2010.08.18 18:50:28 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\Mirek\Data aplikací\U-2535-6853-8747
[2010.06.23 09:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\vlc
[2010.06.23 08:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\Vso
[2010.05.23 21:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\WinRAR
< %APPDATA%\*.exe /s >
[2009.11.14 19:11:36 | 000,113,152 | ---- | M] () -- C:\Documents and Settings\Mirek\Data aplikací\BSplayer\Haali media splitter\dsmux.exe
[2009.11.14 19:33:40 | 000,357,888 | ---- | M] () -- C:\Documents and Settings\Mirek\Data aplikací\BSplayer\Haali media splitter\gdsmux.exe
[2009.11.14 19:11:36 | 000,136,704 | ---- | M] () -- C:\Documents and Settings\Mirek\Data aplikací\BSplayer\Haali media splitter\mkv2vfr.exe
[2010.02.23 16:00:42 | 000,042,288 | ---- | M] () -- C:\Documents and Settings\Mirek\Data aplikací\BSplayer\Haali media splitter\uninstall.exe
[2010.08.24 16:10:34 | 000,047,616 | RHS- | M] () -- C:\Documents and Settings\Mirek\Data aplikací\K-7695-6489-5842\csrrsn.exe
[2010.05.23 17:00:33 | 001,956,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Mirek\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2010.08.16 16:57:55 | 000,080,896 | RHS- | M] () -- C:\Documents and Settings\Mirek\Data aplikací\S-2535-6853-2745\winrsvn .exe
[2010.07.27 12:40:58 | 000,078,848 | RHS- | M] () -- C:\Documents and Settings\Mirek\Data aplikací\S-4535-6842-8745\winsvn32.exe
[2010.08.18 18:50:27 | 000,139,264 | RHS- | M] ( ) -- C:\Documents and Settings\Mirek\Data aplikací\U-2535-6853-8747\winusbmgr.exe
< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\agp440.sys
< MD5 for: ATAPI.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\autochk.exe
[2004.08.17 15:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\system32\autochk.exe
[2004.08.17 15:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\system32\dllcache\autochk.exe
< MD5 for: CDROM.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\cdrom.sys
[2004.08.03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\hal.dll
[2004.08.03 22:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\changer.sys
< MD5 for: ISAPNP.SYS >
[2001.10.25 16:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\isapnp.sys
< MD5 for: LSASS.EXE >
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\netlogon.dll
< MD5 for: NVATA.SYS >
[2006.04.24 11:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\system32\drivers\nvata.sys
< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\scecli.dll
< MD5 for: SENFILT.SYS >
[2005.08.11 07:49:28 | 000,393,088 | R--- | M] (Sensaura) MD5=ECA77BEEB2BE8D573CF1B265E44FBFBD -- C:\WINDOWS\system32\drivers\senfilt.sys
< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\dllcache\smss.exe
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\smss.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2006.01.02 12:15:01 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006.01.02 12:15:01 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006.01.02 12:15:01 | 000,483,328 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0\0
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2010.09.10 22:22:30 | 000,023,773 | ---- | M] () -- C:\WINDOWS\system32\nvapps.xml
[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
< End of report >
OTL logfile created on: 10.9.2010 22:27:28 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Mirek\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1 022,00 Mb Total Physical Memory | 708,00 Mb Available Physical Memory | 69,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 38,83 Gb Free Space | 52,11% Space Free | Partition Type: NTFS
Drive D: | 4,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BERKA
Current User Name: Mirek
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.09.10 22:26:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mirek\Plocha\OTL.exe
PRC - [2010.06.03 19:03:55 | 002,937,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2008.12.18 00:25:53 | 007,678,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2005.05.20 03:11:06 | 000,925,696 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010.09.10 22:26:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mirek\Plocha\OTL.exe
MOD - [2004.08.17 15:48:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004.08.03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\windows\System32\hidserv.dll -- (HidServ)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2006.03.03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010.07.09 13:18:54 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2010.06.10 08:47:46 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2006.04.24 11:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005.10.05 11:21:10 | 000,141,312 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2005.08.11 07:49:28 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005.03.30 08:24:00 | 000,230,400 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005.02.24 07:32:00 | 003,454,144 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004.10.27 15:21:36 | 000,138,240 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004.10.27 15:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.08.04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1275210071-1177238915-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fullarticles.net
IE - HKU\S-1-5-21-1275210071-1177238915-839522115-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1275210071-1177238915-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "BS Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.as ... earchTerms}"
FF - prefs.js..browser.search.selectedEngine: "BS Player Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT17505 ... hSource=13"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.as ... 1750559&q="
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.23 17:52:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.21 13:16:50 | 000,000,000 | ---D | M]
[2010.09.10 21:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\extensions
[2010.06.17 13:49:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.28 09:13:51 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010.05.29 00:08:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.07.18 14:49:21 | 000,000,000 | ---D | M] (BS Player Toolbar) -- C:\Documents and Settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
[2010.01.20 13:13:52 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\searchplugins\conduit.xml
[2010.06.10 08:47:49 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\searchplugins\daemon-search.xml
[2010.09.10 13:47:32 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\uvnaahgv.default\searchplugins\icqplugin.xml
[2010.09.10 21:36:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.06.21 13:16:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.05.23 17:52:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2008.12.18 00:25:55 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2008.12.18 00:25:55 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2008.12.18 00:25:55 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2008.12.18 00:25:55 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2008.12.18 00:25:55 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2010.06.21 13:16:34 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.06.03 19:03:55 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2006.06.04 22:11:07 | 000,001,118 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\centrum-cz.xml
[2006.06.04 22:11:07 | 000,000,661 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2006.06.04 22:11:07 | 000,001,674 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2006.08.25 17:16:33 | 000,001,302 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2006.06.04 22:11:07 | 000,000,765 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
O1 HOSTS File: ([2010.09.10 20:15:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-1177238915-839522115-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-1177238915-839522115-1003\..\Toolbar\WebBrowser: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No CLSID value found.
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\windows\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\windows\System32\HDAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\windows\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKU\S-1-5-21-1275210071-1177238915-839522115-1003..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1275210071-1177238915-839522115-1003..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-1177238915-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1275210071-1177238915-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1275210071-1177238915-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1275210071-1177238915-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.154.230.1 10.154.214.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Mirek\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mirek\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\windows\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)
========== Files/Folders - Created Within 30 Days ==========
[2010.09.10 22:26:28 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mirek\Plocha\OTL.exe
[2010.09.10 20:50:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mirek\Plocha\gmer
[2010.09.10 20:40:27 | 000,596,536 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\Mirek\Plocha\SPTDinst-v174-x86.exe
[2010.09.10 13:58:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2010.09.10 13:58:56 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2010.09.10 13:58:56 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2010.09.10 13:58:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2010.09.10 13:58:37 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2010.09.10 13:56:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.09.10 13:40:00 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.09.10 13:39:59 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.31 15:54:06 | 000,000,000 | ---D | C] -- C:\Toolbar4Free Toolbar images
[2010.08.31 15:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Data aplikací\Macromedia
[2010.08.31 15:53:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Data aplikací\Adobe
[2010.08.31 15:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Conduit
[2010.08.31 15:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\BS_Player
[2010.08.24 16:10:35 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Mirek\Data aplikací\K-7695-6489-5842
[2010.08.18 18:50:28 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Mirek\Data aplikací\U-2535-6853-8747
[2010.08.16 16:57:59 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Mirek\Data aplikací\S-2535-6853-2745
[2010.06.06 16:32:57 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Mirek\Data aplikací\pcouffin.sys
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.09.10 22:26:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mirek\Plocha\OTL.exe
[2010.09.10 22:25:34 | 000,000,260 | ---- | M] () -- C:\windows\tasks\WGASetup.job
[2010.09.10 22:22:30 | 000,023,773 | ---- | M] () -- C:\windows\System32\nvapps.xml
[2010.09.10 22:22:28 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010.09.10 22:22:26 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2010.09.10 20:50:38 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Mirek\Plocha\gmer.zip
[2010.09.10 20:43:39 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Mirek\Plocha\mbr.exe
[2010.09.10 20:43:26 | 000,000,156 | ---- | M] () -- C:\Documents and Settings\Mirek\defogger_reenable
[2010.09.10 20:43:17 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Mirek\Plocha\Defogger.exe
[2010.09.10 20:40:28 | 000,596,536 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\Mirek\Plocha\SPTDinst-v174-x86.exe
[2010.09.10 20:16:02 | 000,000,227 | ---- | M] () -- C:\windows\system.ini
[2010.09.10 20:15:53 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2010.09.10 18:20:33 | 000,071,170 | ---- | M] () -- C:\Documents and Settings\All Users\Data aplikací\TpEJV76b.exe
[2010.09.10 18:20:33 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Data aplikací\R85QQQf8.dat
[2010.09.10 14:17:16 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Mirek\NTUSER.DAT
[2010.09.10 14:17:16 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Mirek\ntuser.ini
[2010.09.10 13:57:16 | 004,263,414 | -H-- | M] () -- C:\Documents and Settings\Mirek\Local Settings\Data aplikací\IconCache.db
[2010.09.10 13:53:27 | 003,842,041 | R--- | M] () -- C:\Documents and Settings\Mirek\Plocha\ComboFix.exe
[2010.09.10 13:39:36 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Mirek\Plocha\RSIT.exe
[2010.09.07 17:24:41 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2010.09.06 23:21:17 | 000,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2010.08.23 15:43:06 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\Mirek\Plocha\Google Chrome.lnk
[2010.08.23 09:54:51 | 000,013,752 | ---- | M] () -- C:\Documents and Settings\Mirek\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.09.10 20:50:38 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Mirek\Plocha\gmer.zip
[2010.09.10 20:44:09 | 000,000,195 | ---- | C] () -- C:\Documents and Settings\Mirek\mbr.log
[2010.09.10 20:43:40 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Mirek\Plocha\mbr.exe
[2010.09.10 20:43:25 | 000,000,156 | ---- | C] () -- C:\Documents and Settings\Mirek\defogger_reenable
[2010.09.10 20:43:18 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Mirek\Plocha\Defogger.exe
[2010.09.10 13:58:56 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2010.09.10 13:58:56 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2010.09.10 13:58:56 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2010.09.10 13:58:56 | 000,077,312 | ---- | C] () -- C:\windows\MBR.exe
[2010.09.10 13:58:56 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2010.09.10 13:53:11 | 003,842,041 | R--- | C] () -- C:\Documents and Settings\Mirek\Plocha\ComboFix.exe
[2010.09.10 13:39:36 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Mirek\Plocha\RSIT.exe
[2010.09.07 17:44:06 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Mirek\winrtsn99.txt
[2010.09.07 16:31:37 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\e1Jch.txt
[2010.09.02 21:19:17 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\Bkdi1.txt
[2010.08.31 15:16:31 | 000,071,170 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\TpEJV76b.exe
[2010.08.31 15:16:30 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\R85QQQf8.dat
[2010.08.30 21:10:13 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\BgmeL.txt
[2010.08.30 19:58:59 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\Ge6IC.txt
[2010.08.30 19:24:40 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\BgMek.txt
[2010.08.30 18:04:35 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\CN0E6.txt
[2010.08.30 18:01:11 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\KJ6Hb.txt
[2010.08.24 16:10:34 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\lL166.txt
[2010.08.23 15:16:47 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\JHml0.txt
[2010.08.18 21:27:07 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\EDIb7.txt
[2010.08.16 20:02:58 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\kj6hC.txt
[2010.08.09 20:31:33 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\lLE6c.txt
[2010.08.09 20:28:09 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\NMeKE.txt
[2010.08.09 20:20:46 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\Bd6CH.txt
[2010.07.29 21:01:17 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\ih8GM.txt
[2010.07.28 12:28:36 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\ei66G.txt
[2010.07.27 13:17:13 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\j618A.txt
[2010.07.27 12:41:06 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\JiC7N.txt
[2010.07.23 14:55:38 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\B18NG.txt
[2010.07.23 08:26:40 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\KJcHb.txt
[2010.07.22 15:01:36 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\BekD6.txt
[2010.07.22 13:28:10 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\bnf70.txt
[2010.07.22 08:26:13 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\BMEDI.txt
[2010.07.12 20:20:32 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\gf71j.txt
[2010.07.10 12:11:23 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\B18Nf.txt
[2010.07.07 14:41:32 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\nmFkE.txt
[2010.07.07 14:20:47 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\N7DcH.txt
[2010.07.06 15:05:21 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\bAf7e.txt
[2010.07.05 15:10:24 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\LKdI1.txt
[2010.07.02 20:05:09 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\DCfFk.txt
[2010.06.30 18:45:37 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\B1j61.txt
[2010.06.30 18:45:36 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\F6D6g.txt
[2010.06.06 16:33:19 | 000,001,041 | ---- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\vso_ts_preview.xml
[2010.06.06 16:33:08 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\pcouffin.log
[2010.06.06 16:32:57 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\pcouffin.cat
[2010.06.06 16:32:57 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\pcouffin.inf
[2010.06.06 13:14:08 | 000,000,547 | ---- | C] () -- C:\windows\System32\ff_vfw.dll.manifest
[2010.06.06 13:14:07 | 000,057,344 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2010.05.23 15:47:09 | 000,018,783 | ---- | C] () -- C:\windows\Ascd_tmp.ini
[2010.05.23 15:47:06 | 000,005,810 | R--- | C] () -- C:\windows\System32\drivers\ASACPI.sys
[2010.05.23 15:47:02 | 000,005,824 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2010.05.23 15:34:35 | 000,077,824 | R--- | C] () -- C:\windows\System32\HPZIDS01.dll
[2010.05.23 15:29:38 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
[2010.05.23 15:20:58 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Mirek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.23 14:53:17 | 000,000,709 | R--- | C] () -- C:\windows\System32\AsusSetup.ini
[2010.05.23 14:53:17 | 000,000,263 | R--- | C] () -- C:\windows\System32\raidmgmt.ini
[2010.05.23 14:52:45 | 000,019,025 | ---- | C] () -- C:\windows\Ascd_log.ini
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\windows\System32\xlive.dll.cat
[2008.02.29 06:14:04 | 000,223,744 | ---- | C] () -- C:\windows\System32\b4fm.dll
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\windows\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,761,856 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\windows\System32\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\windows\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\windows\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\windows\System32\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\windows\System32\ogg.dll
[2005.02.24 07:32:00 | 000,540,672 | ---- | C] () -- C:\windows\System32\nvhwvid.dll
[2004.07.17 11:36:38 | 000,027,440 | ---- | C] () -- C:\windows\System32\drivers\secdrv.sys
[2001.07.07 03:00:00 | 000,003,165 | ---- | C] () -- C:\windows\System32\HPTCPMON.INI
========== LOP Check ==========
[2010.06.10 08:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2010.06.15 23:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Electronic Arts
[2010.05.29 00:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2010.06.14 20:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\KONAMI
[2010.06.03 19:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PMB Files
[2010.06.14 20:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Sports Interactive
[2010.06.13 14:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Test Drive Unlimited
[2010.06.06 17:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\vsosdk
[2010.07.18 16:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\BSplayer
[2010.07.18 14:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\BSplayer Pro
[2010.06.10 08:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\DAEMON Tools Lite
[2010.05.24 08:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\Image Zone Express
[2010.08.24 16:10:35 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\Mirek\Data aplikací\K-7695-6489-5842
[2010.09.10 14:12:34 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\Mirek\Data aplikací\S-2535-6853-2745
[2010.07.27 12:41:07 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\Mirek\Data aplikací\S-4535-6842-8745
[2010.06.14 20:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\Sports Interactive
[2010.06.17 19:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\Tropico 3
[2010.08.18 18:50:28 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\Mirek\Data aplikací\U-2535-6853-8747
[2010.06.23 08:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\Vso
[2010.09.10 22:25:34 | 000,000,260 | ---- | M] () -- C:\windows\Tasks\WGASetup.job
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Pando Media Booster" = C:\Program Files\Pando Networks\Media Booster\PMB.exe -- [2010.06.03 19:03:55 | 002,937,528 | ---- | M] ()
"Steam" = "C:\Program Files\Steam\Steam.exe" -silent -- [2010.08.24 16:04:12 | 001,242,448 | ---- | M] (Valve Corporation)
< c:\windows\*.* /U >
[3 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010.05.27 21:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\Adobe
[2010.07.18 16:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\BSplayer
[2010.07.18 14:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\BSplayer Pro
[2010.06.10 08:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\DAEMON Tools Lite
[2010.06.06 15:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\dvdcss
[2010.05.24 08:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\HP
[2010.05.23 14:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\Identities
[2010.05.24 08:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\Image Zone Express
[2010.08.24 16:10:35 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\Mirek\Data aplikací\K-7695-6489-5842
[2010.05.23 16:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\Macromedia
[2010.06.28 09:44:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Mirek\Data aplikací\Microsoft
[2010.05.23 17:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\Mozilla
[2010.09.10 14:12:34 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\Mirek\Data aplikací\S-2535-6853-2745
[2010.07.27 12:41:07 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\Mirek\Data aplikací\S-4535-6842-8745
[2010.09.07 17:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\Skype
[2010.09.07 17:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\skypePM
[2010.06.14 20:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\Sports Interactive
[2010.06.21 13:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\Sun
[2010.06.17 19:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\Tropico 3
[2010.08.18 18:50:28 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\Mirek\Data aplikací\U-2535-6853-8747
[2010.06.23 09:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\vlc
[2010.06.23 08:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\Vso
[2010.05.23 21:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mirek\Data aplikací\WinRAR
< %APPDATA%\*.exe /s >
[2009.11.14 19:11:36 | 000,113,152 | ---- | M] () -- C:\Documents and Settings\Mirek\Data aplikací\BSplayer\Haali media splitter\dsmux.exe
[2009.11.14 19:33:40 | 000,357,888 | ---- | M] () -- C:\Documents and Settings\Mirek\Data aplikací\BSplayer\Haali media splitter\gdsmux.exe
[2009.11.14 19:11:36 | 000,136,704 | ---- | M] () -- C:\Documents and Settings\Mirek\Data aplikací\BSplayer\Haali media splitter\mkv2vfr.exe
[2010.02.23 16:00:42 | 000,042,288 | ---- | M] () -- C:\Documents and Settings\Mirek\Data aplikací\BSplayer\Haali media splitter\uninstall.exe
[2010.08.24 16:10:34 | 000,047,616 | RHS- | M] () -- C:\Documents and Settings\Mirek\Data aplikací\K-7695-6489-5842\csrrsn.exe
[2010.05.23 17:00:33 | 001,956,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Mirek\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2010.08.16 16:57:55 | 000,080,896 | RHS- | M] () -- C:\Documents and Settings\Mirek\Data aplikací\S-2535-6853-2745\winrsvn .exe
[2010.07.27 12:40:58 | 000,078,848 | RHS- | M] () -- C:\Documents and Settings\Mirek\Data aplikací\S-4535-6842-8745\winsvn32.exe
[2010.08.18 18:50:27 | 000,139,264 | RHS- | M] ( ) -- C:\Documents and Settings\Mirek\Data aplikací\U-2535-6853-8747\winusbmgr.exe
< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\agp440.sys
< MD5 for: ATAPI.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\autochk.exe
[2004.08.17 15:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\system32\autochk.exe
[2004.08.17 15:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\system32\dllcache\autochk.exe
< MD5 for: CDROM.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\cdrom.sys
[2004.08.03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\hal.dll
[2004.08.03 22:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\changer.sys
< MD5 for: ISAPNP.SYS >
[2001.10.25 16:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\isapnp.sys
< MD5 for: LSASS.EXE >
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\netlogon.dll
< MD5 for: NVATA.SYS >
[2006.04.24 11:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\system32\drivers\nvata.sys
< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\scecli.dll
< MD5 for: SENFILT.SYS >
[2005.08.11 07:49:28 | 000,393,088 | R--- | M] (Sensaura) MD5=ECA77BEEB2BE8D573CF1B265E44FBFBD -- C:\WINDOWS\system32\drivers\senfilt.sys
< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\dllcache\smss.exe
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\smss.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2006.01.02 12:15:01 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006.01.02 12:15:01 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006.01.02 12:15:01 | 000,483,328 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0\0
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2010.09.10 22:22:30 | 000,023,773 | ---- | M] () -- C:\WINDOWS\system32\nvapps.xml
[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
< End of report >
Re: Pomalé PC - padání aplikací, ...
extras log:
OTL Extras logfile created on: 10.9.2010 22:27:28 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Mirek\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1 022,00 Mb Total Physical Memory | 708,00 Mb Available Physical Memory | 69,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 38,83 Gb Free Space | 52,11% Space Free | Partition Type: NTFS
Drive D: | 4,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BERKA
Current User Name: Mirek
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-1275210071-1177238915-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"59120:TCP" = 59120:TCP:*:Enabled:Pando Media Booster
"59120:UDP" = 59120:UDP:*:Enabled:Pando Media Booster
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\QIP\qip.exe" = C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager -- (The Author of QIP)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Valve\hl.exe" = C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Hry\Pro Evolution Soccer 2010\pes2010.exe" = C:\Hry\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010 -- (Konami Digital Entertainment Co., Ltd.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Steam\steamapps\michal290\day of defeat\hl.exe" = C:\Program Files\Steam\steamapps\michal290\day of defeat\hl.exe:*:Enabled:Day of Defeat -- (Valve)
"C:\Hry\Age Of Empires 2 CZ!!!!\Age Of Empires 2 CZ!!!!\empires2.exe" = C:\Hry\Age Of Empires 2 CZ!!!!\Age Of Empires 2 CZ!!!!\empires2.exe:*:Enabled:Age of Empires II -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2F881B56-CBDF-4EC6-A8D2-6412A879C66A}_is1" = AMR Player 1.2
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1029-7B44-A93000000001}" = Adobe Reader 9.3 - Czech
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.3.313
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AviSynth" = AviSynth 2.5
"BSPlayerf" = BS.Player FREE
"Burn4Free" = Burn4Free CD and DVD
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"Czech Soccer Manager 2002 Final Editionverze 4.0 (31.3.2006)" = Czech Soccer Manager 2002 Final Edition
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"HaaliMkx" = Haali Media Splitter
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"KaM - The Peasants Rebellion" = KaM - The Peasants Rebellion
"Kubik SMS DreamCom_is1" = Kubik SMS DreamCom 5.83
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"NVIDIA Drivers" = NVIDIA Drivers
"Steam App 30" = Day of Defeat
"WIC" = Windows Imaging Component
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1275210071-1177238915-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"QIP 2005" = QIP 2005 8095
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30.6.2010 4:59:00 | Computer Name = BERKA | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.
Error - 1.7.2010 6:47:02 | Computer Name = BERKA | Source = Google Update | ID = 20
Description =
Error - 1.7.2010 9:43:43 | Computer Name = BERKA | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2900.2180, chybující modul
vgx.dll, verze 6.0.2900.2180, adresa chyby 0x0005c4c7.
Error - 13.7.2010 16:17:45 | Computer Name = BERKA | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace chrome.exe, verze 0.0.0.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 13.7.2010 16:17:53 | Computer Name = BERKA | Source = Application Hang | ID = 1001
Description = Chybný blok 35273598
Error - 27.7.2010 6:46:19 | Computer Name = BERKA | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
Error - 27.7.2010 6:46:19 | Computer Name = BERKA | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
Error - 27.7.2010 6:46:34 | Computer Name = BERKA | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Daná operace se vrátila, protože vypršel časový limit.
Error - 27.7.2010 6:46:41 | Computer Name = BERKA | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
Error - 17.8.2010 11:42:05 | Computer Name = BERKA | Source = Google Update | ID = 20
Description =
[ System Events ]
Error - 10.9.2010 4:35:00 | Computer Name = BERKA | Source = Schedule | ID = 7901
Description = Příkaz At491.job neuspěl při startu v důsledku následující chyby:
%%2147942402
Error - 10.9.2010 5:35:00 | Computer Name = BERKA | Source = Schedule | ID = 7901
Description = Příkaz At12.job neuspěl při startu v důsledku následující chyby: %%2147942402
Error - 10.9.2010 5:35:00 | Computer Name = BERKA | Source = Schedule | ID = 7901
Description = Příkaz At492.job neuspěl při startu v důsledku následující chyby:
%%2147942402
Error - 10.9.2010 6:35:00 | Computer Name = BERKA | Source = Schedule | ID = 7901
Description = Příkaz At13.job neuspěl při startu v důsledku následující chyby: %%2147942402
Error - 10.9.2010 6:35:00 | Computer Name = BERKA | Source = Schedule | ID = 7901
Description = Příkaz At493.job neuspěl při startu v důsledku následující chyby:
%%2147942402
Error - 10.9.2010 7:35:00 | Computer Name = BERKA | Source = Schedule | ID = 7901
Description = Příkaz At14.job neuspěl při startu v důsledku následující chyby: %%2147942402
Error - 10.9.2010 7:35:00 | Computer Name = BERKA | Source = Schedule | ID = 7901
Description = Příkaz At494.job neuspěl při startu v důsledku následující chyby:
%%2147942402
Error - 10.9.2010 7:59:01 | Computer Name = BERKA | Source = Ftdisk | ID = 262189
Description = Systému se nepodařilo úspěšně načíst ovladač výpisu stavu systému.
Error - 10.9.2010 7:59:01 | Computer Name = BERKA | Source = Ftdisk | ID = 262193
Description = Konfigurace stránkovacího souboru pro výpis stavu systému se nezdařila.
Přesvědčte se, zda na spouštěcím oddílu disku je stránkovací soubor a zda je na
něm dostatek místa pro uložení obsahu celé fyzické paměti.
Error - 10.9.2010 15:20:20 | Computer Name = BERKA | Source = DCOM | ID = 10010
Description = Server {0002DF01-0000-0000-C000-000000000046} se v daném časovém limitu
neregistroval u služby DCOM.
< End of report >
OTL Extras logfile created on: 10.9.2010 22:27:28 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Mirek\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1 022,00 Mb Total Physical Memory | 708,00 Mb Available Physical Memory | 69,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 38,83 Gb Free Space | 52,11% Space Free | Partition Type: NTFS
Drive D: | 4,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BERKA
Current User Name: Mirek
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-1275210071-1177238915-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"59120:TCP" = 59120:TCP:*:Enabled:Pando Media Booster
"59120:UDP" = 59120:UDP:*:Enabled:Pando Media Booster
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\QIP\qip.exe" = C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager -- (The Author of QIP)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Valve\hl.exe" = C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Hry\Pro Evolution Soccer 2010\pes2010.exe" = C:\Hry\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010 -- (Konami Digital Entertainment Co., Ltd.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Steam\steamapps\michal290\day of defeat\hl.exe" = C:\Program Files\Steam\steamapps\michal290\day of defeat\hl.exe:*:Enabled:Day of Defeat -- (Valve)
"C:\Hry\Age Of Empires 2 CZ!!!!\Age Of Empires 2 CZ!!!!\empires2.exe" = C:\Hry\Age Of Empires 2 CZ!!!!\Age Of Empires 2 CZ!!!!\empires2.exe:*:Enabled:Age of Empires II -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2F881B56-CBDF-4EC6-A8D2-6412A879C66A}_is1" = AMR Player 1.2
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1029-7B44-A93000000001}" = Adobe Reader 9.3 - Czech
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.3.313
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AviSynth" = AviSynth 2.5
"BSPlayerf" = BS.Player FREE
"Burn4Free" = Burn4Free CD and DVD
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"Czech Soccer Manager 2002 Final Editionverze 4.0 (31.3.2006)" = Czech Soccer Manager 2002 Final Edition
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"HaaliMkx" = Haali Media Splitter
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"KaM - The Peasants Rebellion" = KaM - The Peasants Rebellion
"Kubik SMS DreamCom_is1" = Kubik SMS DreamCom 5.83
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"NVIDIA Drivers" = NVIDIA Drivers
"Steam App 30" = Day of Defeat
"WIC" = Windows Imaging Component
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1275210071-1177238915-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"QIP 2005" = QIP 2005 8095
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30.6.2010 4:59:00 | Computer Name = BERKA | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.
Error - 1.7.2010 6:47:02 | Computer Name = BERKA | Source = Google Update | ID = 20
Description =
Error - 1.7.2010 9:43:43 | Computer Name = BERKA | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2900.2180, chybující modul
vgx.dll, verze 6.0.2900.2180, adresa chyby 0x0005c4c7.
Error - 13.7.2010 16:17:45 | Computer Name = BERKA | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace chrome.exe, verze 0.0.0.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 13.7.2010 16:17:53 | Computer Name = BERKA | Source = Application Hang | ID = 1001
Description = Chybný blok 35273598
Error - 27.7.2010 6:46:19 | Computer Name = BERKA | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
Error - 27.7.2010 6:46:19 | Computer Name = BERKA | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
Error - 27.7.2010 6:46:34 | Computer Name = BERKA | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Daná operace se vrátila, protože vypršel časový limit.
Error - 27.7.2010 6:46:41 | Computer Name = BERKA | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
Error - 17.8.2010 11:42:05 | Computer Name = BERKA | Source = Google Update | ID = 20
Description =
[ System Events ]
Error - 10.9.2010 4:35:00 | Computer Name = BERKA | Source = Schedule | ID = 7901
Description = Příkaz At491.job neuspěl při startu v důsledku následující chyby:
%%2147942402
Error - 10.9.2010 5:35:00 | Computer Name = BERKA | Source = Schedule | ID = 7901
Description = Příkaz At12.job neuspěl při startu v důsledku následující chyby: %%2147942402
Error - 10.9.2010 5:35:00 | Computer Name = BERKA | Source = Schedule | ID = 7901
Description = Příkaz At492.job neuspěl při startu v důsledku následující chyby:
%%2147942402
Error - 10.9.2010 6:35:00 | Computer Name = BERKA | Source = Schedule | ID = 7901
Description = Příkaz At13.job neuspěl při startu v důsledku následující chyby: %%2147942402
Error - 10.9.2010 6:35:00 | Computer Name = BERKA | Source = Schedule | ID = 7901
Description = Příkaz At493.job neuspěl při startu v důsledku následující chyby:
%%2147942402
Error - 10.9.2010 7:35:00 | Computer Name = BERKA | Source = Schedule | ID = 7901
Description = Příkaz At14.job neuspěl při startu v důsledku následující chyby: %%2147942402
Error - 10.9.2010 7:35:00 | Computer Name = BERKA | Source = Schedule | ID = 7901
Description = Příkaz At494.job neuspěl při startu v důsledku následující chyby:
%%2147942402
Error - 10.9.2010 7:59:01 | Computer Name = BERKA | Source = Ftdisk | ID = 262189
Description = Systému se nepodařilo úspěšně načíst ovladač výpisu stavu systému.
Error - 10.9.2010 7:59:01 | Computer Name = BERKA | Source = Ftdisk | ID = 262193
Description = Konfigurace stránkovacího souboru pro výpis stavu systému se nezdařila.
Přesvědčte se, zda na spouštěcím oddílu disku je stránkovací soubor a zda je na
něm dostatek místa pro uložení obsahu celé fyzické paměti.
Error - 10.9.2010 15:20:20 | Computer Name = BERKA | Source = DCOM | ID = 10010
Description = Server {0002DF01-0000-0000-C000-000000000046} se v daném časovém limitu
neregistroval u služby DCOM.
< End of report >
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Pomalé PC - padání aplikací, ...
Spusťte OTL a do spodního okna vložte následující skript.
Kód: Vybrat vše
:Commands
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
IE - HKU\S-1-5-21-1275210071-1177238915-839522115-1003\..\URLSearchHook: - Reg Error: Key error. File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-1177238915-839522115-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-1177238915-839522115-1003\..\Toolbar\WebBrowser: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No CLSID value found.
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[2010.09.10 18:20:33 | 000,071,170 | ---- | M] () -- C:\Documents and Settings\All Users\Data aplikací\TpEJV76b.exe
[2010.09.10 18:20:33 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Data aplikací\R85QQQf8.dat
[2010.09.07 16:31:37 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\e1Jch.txt
[2010.09.02 21:19:17 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\Bkdi1.txt
[2010.08.30 21:10:13 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\BgmeL.txt
[2010.08.30 19:58:59 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\Ge6IC.txt
[2010.08.30 19:24:40 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\BgMek.txt
[2010.08.30 18:04:35 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\CN0E6.txt
[2010.08.30 18:01:11 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\KJ6Hb.txt
[2010.08.24 16:10:34 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\lL166.txt
[2010.08.23 15:16:47 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\JHml0.txt
[2010.08.18 21:27:07 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\EDIb7.txt
[2010.08.16 20:02:58 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\kj6hC.txt
[2010.08.09 20:31:33 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\lLE6c.txt
[2010.08.09 20:28:09 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\NMeKE.txt
[2010.08.09 20:20:46 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\Bd6CH.txt
[2010.07.29 21:01:17 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\ih8GM.txt
[2010.07.28 12:28:36 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\ei66G.txt
[2010.07.27 13:17:13 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\j618A.txt
[2010.07.27 12:41:06 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\JiC7N.txt
[2010.07.23 14:55:38 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\B18NG.txt
[2010.07.23 08:26:40 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\KJcHb.txt
[2010.07.22 15:01:36 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\BekD6.txt
[2010.07.22 13:28:10 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\bnf70.txt
[2010.07.22 08:26:13 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\BMEDI.txt
[2010.07.12 20:20:32 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\gf71j.txt
[2010.07.10 12:11:23 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\B18Nf.txt
[2010.07.07 14:41:32 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\nmFkE.txt
[2010.07.07 14:20:47 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\N7DcH.txt
[2010.07.06 15:05:21 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\bAf7e.txt
[2010.07.05 15:10:24 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\LKdI1.txt
[2010.07.02 20:05:09 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\DCfFk.txt
[2010.06.30 18:45:37 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\B1j61.txt
[2010.06.30 18:45:36 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mirek\Data aplikací\F6D6g.txt
[2010.08.24 16:10:35 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\Mirek\Data aplikací\K-7695-6489-5842
[2010.09.10 14:12:34 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\Mirek\Data aplikací\S-2535-6853-2745
[2010.07.27 12:41:07 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\Mirek\Data aplikací\S-4535-6842-8745
[2010.08.18 18:50:28 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\Mirek\Data aplikací\U-2535-6853-8747Re: Pomalé PC - padání aplikací, ...
log:
All processes killed
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Mirek
->Temp folder emptied: 285162 bytes
->Temporary Internet Files folder emptied: 35337 bytes
->Java cache emptied: 258598 bytes
->FireFox cache emptied: 12538281 bytes
->Google Chrome cache emptied: 265499688 bytes
->Flash cache emptied: 1985641 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 916 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114584 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32768 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 270,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: Guest
User: LocalService
User: Mirek
->Flash cache emptied: 0 bytes
User: NetworkService
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
Restore points cleared and new OTL Restore Point set!
========== OTL ==========
Service EagleNT stopped successfully!
Service EagleNT deleted successfully!
File C:\windows\System32\drivers\EagleNT.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys not found.
Registry value HKEY_USERS\S-1-5-21-1275210071-1177238915-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}\ not found.
Registry value HKEY_USERS\S-1-5-21-1275210071-1177238915-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\S-1-5-21-1275210071-1177238915-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}\ not found.
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\GamersFirst LIVE!.lnk moved successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Documents and Settings\All Users\Data aplikací\TpEJV76b.exe moved successfully.
C:\Documents and Settings\All Users\Data aplikací\R85QQQf8.dat moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\e1Jch.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\Bkdi1.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\BgmeL.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\Ge6IC.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\BgMek.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\CN0E6.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\KJ6Hb.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\lL166.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\JHml0.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\EDIb7.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\kj6hC.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\lLE6c.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\NMeKE.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\Bd6CH.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\ih8GM.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\ei66G.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\j618A.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\JiC7N.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\B18NG.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\KJcHb.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\BekD6.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\bnf70.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\BMEDI.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\gf71j.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\B18Nf.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\nmFkE.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\N7DcH.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\bAf7e.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\LKdI1.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\DCfFk.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\B1j61.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\F6D6g.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\K-7695-6489-5842 folder moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\S-2535-6853-2745 folder moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\S-4535-6842-8745 folder moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\U-2535-6853-8747 folder moved successfully.
OTL by OldTimer - Version 3.2.11.0 log created on 09112010_161356
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
All processes killed
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Mirek
->Temp folder emptied: 285162 bytes
->Temporary Internet Files folder emptied: 35337 bytes
->Java cache emptied: 258598 bytes
->FireFox cache emptied: 12538281 bytes
->Google Chrome cache emptied: 265499688 bytes
->Flash cache emptied: 1985641 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 916 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114584 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32768 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 270,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: Guest
User: LocalService
User: Mirek
->Flash cache emptied: 0 bytes
User: NetworkService
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
Restore points cleared and new OTL Restore Point set!
========== OTL ==========
Service EagleNT stopped successfully!
Service EagleNT deleted successfully!
File C:\windows\System32\drivers\EagleNT.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys not found.
Registry value HKEY_USERS\S-1-5-21-1275210071-1177238915-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}\ not found.
Registry value HKEY_USERS\S-1-5-21-1275210071-1177238915-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\S-1-5-21-1275210071-1177238915-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}\ not found.
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\GamersFirst LIVE!.lnk moved successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Documents and Settings\All Users\Data aplikací\TpEJV76b.exe moved successfully.
C:\Documents and Settings\All Users\Data aplikací\R85QQQf8.dat moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\e1Jch.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\Bkdi1.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\BgmeL.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\Ge6IC.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\BgMek.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\CN0E6.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\KJ6Hb.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\lL166.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\JHml0.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\EDIb7.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\kj6hC.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\lLE6c.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\NMeKE.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\Bd6CH.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\ih8GM.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\ei66G.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\j618A.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\JiC7N.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\B18NG.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\KJcHb.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\BekD6.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\bnf70.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\BMEDI.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\gf71j.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\B18Nf.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\nmFkE.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\N7DcH.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\bAf7e.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\LKdI1.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\DCfFk.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\B1j61.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\F6D6g.txt moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\K-7695-6489-5842 folder moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\S-2535-6853-2745 folder moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\S-4535-6842-8745 folder moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\U-2535-6853-8747 folder moved successfully.
OTL by OldTimer - Version 3.2.11.0 log created on 09112010_161356
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Přispějete na provoz fóra?