MailServer as iodesila SPAM...

Zpráva

splonk · #1 Příspěvek od **splonk** » 29 dub 2011 13:19

Dobry den
PC, na kerem nam bezi Kerio Connect je asi necim nakazen. Domnivam se ze na nem bezi nejaky SpamRobot (generetor)...
Zde copy z logu:

-------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:24:02, on 29.4.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RemotelyAnywhere\x86\RaMaint.exe
C:\Program Files\RemotelyAnywhere\x86\RemotelyAnywhere.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\Kerio\MailServer\mailserver.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\RemotelyAnywhere\x86\RAGui.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Kerio\MailServer\MailCtrl.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\kerio\mailserver\plugins\spamserver.exe
c:\program files\kerio\mailserver\plugins\spamserver.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\msiexec.exe
X:\Plocha\hijackthis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Poskytovatel aplikace Microsoft Internet Explorer: Provided by J A S
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: 88.146.35.148 kerio
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: IEEventObj Class - {A69DD619-0385-4347-801D-781C09701BF2} - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C363E0F4-1D07-4ffb-A69F-BB7D3F4E70A5} - (no file)
O3 - Toolbar: Autodesk DWF - {F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RemotelyAnywhere GUI] "C:\Program Files\RemotelyAnywhere\x86\RAGui.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Second Copy] "C:\Program Files\SecCopy\SecCopy.exe" /InitialWait=5
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MailCtrl] "C:\Program Files\Kerio\MailServer\MailCtrl.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.dalimil
O15 - Trusted IP range: http://192.168.10.90
O16 - DPF: {0D97B971-27D5-11D4-B105-0050DA068F09} (iProjectViewCZ Class) - http://dalimil/iproject/docmgr/iProject_3.6.0.9_CZ.CAB
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... ctivex.cab
O16 - DPF: {FA71BB2B-E574-494B-818A-634CAB65BAA0} (CMSProjectLink Object) - http://localhost/DovTimesheet/components/MSPL.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://blazena:2000/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{77F4AE7F-F012-4A37-AFAB-78C42ACF5424}: NameServer = 192.168.10.100,192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D46B8034-F1B4-4AD1-BE24-D569364437EA}: NameServer = 192.168.10.100,192.168.1.1
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Connect (KerioMailServer) - Kerio Technologies Inc. - C:\Program Files\Kerio\MailServer\mailserver.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (file missing)
O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - LogMeIn, Inc. - C:\Program Files\RemotelyAnywhere\x86\RaMaint.exe
O23 - Service: RemotelyAnywhere - LogMeIn, Inc. - C:\Program Files\RemotelyAnywhere\x86\RemotelyAnywhere.exe

--
End of file - 10531 bytes
-------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------

Predem dekuji na prozkoumani a zdravim
JASponza

#2 Příspěvek od **motji** » 29 dub 2011 13:36

Hezké odpoledne

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

splonk · #3 Příspěvek od **splonk** » 29 dub 2011 15:27

DD
Nejdriv OTL logfile

dekuji

-------------------------------------------------------------------------
-------------------------------------------------------------------------
-------------------------------------------------------------------------

OTL logfile created on: 29.4.2011 15:58:11 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = X:\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 83,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 10,54 Gb Free Space | 26,99% Space Free | Partition Type: NTFS
Drive D: | 698,46 Gb Total Space | 74,76 Gb Free Space | 10,70% Space Free | Partition Type: NTFS
Drive E: | 74,53 Gb Total Space | 36,32 Gb Free Space | 48,73% Space Free | Partition Type: NTFS
Drive F: | 74,53 Gb Total Space | 26,46 Gb Free Space | 35,50% Space Free | Partition Type: NTFS
Drive Q: | 698,46 Gb Total Space | 74,76 Gb Free Space | 10,70% Space Free | Partition Type: NTFS
Drive S: | 698,46 Gb Total Space | 74,76 Gb Free Space | 10,70% Space Free | Partition Type: NTFS
Drive X: | 35,47 Gb Total Space | 30,31 Gb Free Space | 85,47% Space Free | Partition Type: NTFS
Drive Y: | 465,76 Gb Total Space | 304,94 Gb Free Space | 65,47% Space Free | Partition Type: NTFS

Computer Name: BLAZENA | User Name: Blažena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.04.29 15:29:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- X:\Plocha\OTL.exe
PRC - [2011.04.08 15:24:56 | 000,102,024 | ---- | M] (Kerio Technologies Inc.) -- C:\Program Files\Kerio\MailServer\mailctrl.exe
PRC - [2010.07.02 12:43:40 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010.07.02 12:43:36 | 002,202,704 | ---- | M] (ESET) -- C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe
PRC - [2009.01.11 13:40:44 | 000,355,840 | ---- | M] (Outertech) -- C:\Program Files\CachemanXP\CachemanXP.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.05.25 19:21:40 | 000,112,216 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\RemotelyAnywhere\x86\ramaint.exe
PRC - [2007.04.05 14:18:34 | 000,063,064 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\RemotelyAnywhere\x86\RemotelyAnywhere.exe
PRC - [2007.04.05 14:18:34 | 000,063,064 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\RemotelyAnywhere\x86\RAGui.exe
PRC - [2006.11.03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006.10.16 22:13:28 | 000,230,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2005.12.12 16:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2005.12.12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2005.10.31 11:07:34 | 000,871,936 | ---- | M] (Centered Systems) -- C:\Program Files\SecCopy\SecCopy.exe
PRC - [2004.01.08 10:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE

========== Modules (SafeList) ==========

MOD - [2011.04.29 15:29:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- X:\Plocha\OTL.exe
MOD - [2010.08.23 18:12:33 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004.01.08 10:50:00 | 000,024,064 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2004.01.08 10:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (LBTServ)
SRV - [2011.04.08 15:24:56 | 015,195,784 | ---- | M] (Kerio Technologies Inc.) [Auto | Stopped] -- C:\Program Files\Kerio\MailServer\mailserver.exe -- (KerioMailServer)
SRV - [2010.07.02 12:44:10 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.07.02 12:43:40 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009.04.26 14:15:36 | 000,082,584 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009.01.11 13:40:44 | 000,355,840 | ---- | M] (Outertech) [Auto | Running] -- C:\Program Files\CachemanXP\CachemanXP.exe -- (CachemanXPService)
SRV - [2007.05.25 19:21:40 | 000,112,216 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\RemotelyAnywhere\x86\RaMaint.exe -- (RAMaint)
SRV - [2007.04.05 14:18:34 | 000,063,064 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\RemotelyAnywhere\x86\RemotelyAnywhere.exe -- (RemotelyAnywhere)
SRV - [2006.11.03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006.10.16 22:13:28 | 000,230,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2005.12.12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2005.10.06 18:12:50 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2002.02.08 12:15:20 | 000,263,168 | ---- | M] (O&O Software GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\oodag.exe -- (OODefrag)

========== Driver Services (SafeList) ==========

DRV - [2010.07.02 12:43:48 | 000,095,896 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010.07.02 12:43:04 | 000,140,752 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010.04.28 08:17:46 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.06.22 13:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008.12.19 00:44:00 | 000,028,816 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008.12.19 00:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008.12.19 00:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008.06.03 08:20:54 | 003,100,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.05.08 16:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007.05.25 19:22:30 | 000,083,568 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\RARfsClientNP.dll -- (RARfsClientNP)
DRV - [2007.04.17 15:00:32 | 000,012,992 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\RemotelyAnywhere\x86\rainfo.sys -- (RAInfo)
DRV - [2007.04.17 15:00:30 | 000,010,168 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ramirr.sys -- (ramirr)
DRV - [2007.04.05 12:55:16 | 000,046,000 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\RARfsDriver.sys -- (RARfsDriver)
DRV - [2007.03.07 10:18:54 | 000,395,744 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007.03.07 10:18:54 | 000,039,264 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007.03.07 10:18:29 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007.02.28 03:02:40 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2007.01.23 16:44:00 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006.05.09 11:00:35 | 000,244,608 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005.07.13 11:26:52 | 003,851,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005.05.06 11:12:36 | 000,021,632 | ---- | M] (AMD, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\amdtools.sys -- (amdtools)
DRV - [2005.01.07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003.12.17 10:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003.12.17 10:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2003.06.04 00:48:12 | 000,147,328 | R--- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EL2K_XP.sys -- (EL2000)
DRV - [2002.09.16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [1997.04.22 10:16:00 | 000,006,272 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchT ... f8&oe=utf8
IE - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.08.18 10:31:38 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010.07.30 14:52:40 | 000,000,904 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.10.115 c250
O1 - Hosts: 192.168.10.10 hp
O1 - Hosts: 192.168.10.100 smc
O1 - Hosts: 192.168.1.1 modem
O1 - Hosts: 88.146.35.148 kerio
O1 - Hosts: 192.168.10.24 T160
O1 - Hosts: 192.168.10.99 metodej
O1 - Hosts: 192.168.10.90 dalimil
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEEventObj Class) - {A69DD619-0385-4347-801D-781C09701BF2} - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll (Autodesk, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {C363E0F4-1D07-4ffb-A69F-BB7D3F4E70A5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Autodesk DWF) - {F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll (Autodesk, Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [RemotelyAnywhere GUI] C:\Program Files\RemotelyAnywhere\x86\RAGui.exe (LogMeIn, Inc.)
O4 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003..\Run: [MailCtrl] C:\Program Files\Kerio\MailServer\MailCtrl.exe (Kerio Technologies Inc.)
O4 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003..\Run: [Second Copy] C:\Program Files\SecCopy\SecCopy.exe (Centered Systems)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O15 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\..Trusted Domains: dalimil ([]http in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\..Trusted Domains: mojebanka.cz ([www] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\..Trusted Ranges: Range1 ([http] in Důvěryhodné servery)
O16 - DPF: {0D97B971-27D5-11D4-B105-0050DA068F09} http://dalimil/iproject/docmgr/iProject_3.6.0.9_CZ.CAB (iProjectViewCZ Class)
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} https://www.mojebanka.cz/jars/confwiz/MVSGif.cab (AnimatedGif Control)
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} https://www.mojedatovaschranka.cz/stati ... ctivex.cab (Active602XMLFiller Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/ ... earadj.cab (CTAdjust Class)
O16 - DPF: {FA71BB2B-E574-494B-818A-634CAB65BAA0} http://localhost/DovTimesheet/components/MSPL.cab (CMSProjectLink Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://blazena:2000/activex/RACtrl.cab (Performance Viewer Activex Control)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - File not found
O20 - Winlogon\Notify\RAinit: DllName - RAinit.dll - C:\WINDOWS\System32\RAinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop BackupWallPaper: C:\Documents and Settings\oem\Data aplikací\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.05.09 09:49:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\##Blazena#updateAR3\Shell - "" = AutoRun
O33 - MountPoints2\##Blazena#updateAR3\Shell\AutoRun\command - "" = W:\autoplay.exe
O33 - MountPoints2\{29c1a8a7-aa64-11dc-9259-000a5e658f9f}\Shell\verb1\command - "" = desktop.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 30 Days ==========

[2011.04.29 15:48:24 | 000,580,608 | ---- | C] (OldTimer Tools) -- X:\Plocha\OTL.exe
[2011.04.29 13:20:35 | 000,396,288 | ---- | C] (Trend Micro Inc.) -- X:\Plocha\hijackthis.exe
[2011.04.28 01:13:56 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011.04.28 01:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2011.04.27 18:28:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\oem\Local Settings\Data aplikací\ESET
[2011.04.11 07:40:25 | 000,000,000 | ---D | C] -- X:\Plocha\Nod32
[2011.04.08 15:24:44 | 000,061,064 | ---- | C] (Kerio Technologies Inc.) -- C:\WINDOWS\System32\kmsperf.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.04.29 15:48:39 | 000,000,632 | ---- | M] () -- X:\Plocha\VIRY.CZ • Zobrazit téma - MailServer as iodesila SPAM....website
[2011.04.29 15:47:14 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.04.29 15:45:03 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.04.29 15:43:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.04.29 15:43:54 | 3220,492,288 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.29 15:43:52 | 3220,525,056 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011.04.29 15:29:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- X:\Plocha\OTL.exe
[2011.04.29 13:20:08 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- X:\Plocha\hijackthis.exe
[2011.04.29 12:20:09 | 000,000,032 | ---- | M] () -- C:\Documents and Settings\oem\Data aplikací\ntl.ini
[2011.04.29 11:32:05 | 000,000,133 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Kerio Connect Administration.url
[2011.04.29 11:31:40 | 000,510,644 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.04.29 11:31:40 | 000,506,774 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2011.04.29 11:31:40 | 000,110,506 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2011.04.29 11:31:40 | 000,098,224 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.04.29 10:33:43 | 000,000,470 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E1C0E22C-8EBE-497F-A63E-E78B81BE0A57}.job
[2011.04.28 01:12:07 | 000,000,977 | ---- | M] () -- X:\Plocha\Windows Defender.lnk
[2011.04.28 01:10:43 | 005,159,424 | ---- | M] () -- X:\Plocha\WindowsDefender.msi
[2011.04.26 09:51:39 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2011.04.14 11:53:35 | 000,514,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.04.14 11:41:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.04.08 15:24:44 | 000,061,064 | ---- | M] (Kerio Technologies Inc.) -- C:\WINDOWS\System32\kmsperf.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.04.29 15:48:39 | 000,000,632 | ---- | C] () -- X:\Plocha\VIRY.CZ • Zobrazit téma - MailServer as iodesila SPAM....website
[2011.04.29 11:32:05 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Kerio Connect Administration.url
[2011.04.28 01:15:12 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.04.28 01:12:34 | 000,000,977 | ---- | C] () -- X:\Plocha\Windows Defender.lnk
[2011.04.28 01:12:07 | 000,000,977 | ---- | C] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Windows Defender.lnk
[2011.04.28 01:10:43 | 005,159,424 | ---- | C] () -- X:\Plocha\WindowsDefender.msi
[2010.09.27 17:11:35 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\xrxi1l3.dll
[2010.01.14 16:39:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SetPointInstall.ini
[2009.04.26 14:44:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009.02.04 16:17:25 | 000,000,117 | ---- | C] () -- C:\WINDOWS\StwPh.INI
[2008.11.12 13:39:27 | 000,003,568 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008.06.10 15:12:05 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\DWFPortMon3.dll
[2008.06.03 04:47:46 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008.06.03 04:47:46 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008.06.03 04:47:46 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008.01.17 16:30:30 | 000,000,139 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007.10.22 08:02:27 | 000,000,373 | ---- | C] () -- C:\WINDOWS\NetOp.INI
[2007.06.06 19:58:30 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\ktzlib80.dll
[2007.05.22 20:14:58 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007.03.14 11:34:33 | 003,425,792 | ---- | C] () -- C:\WINDOWS\System32\libfilefmt-1.1.2.dll
[2007.03.14 11:34:33 | 000,710,656 | ---- | C] () -- C:\WINDOWS\System32\libmcl-3.1.3.dll
[2007.03.14 11:34:33 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\libavi-dd-1.2.1.dll
[2006.11.09 08:45:52 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\oem\Data aplikací\$_hpcst$.hpc
[2006.09.07 15:17:24 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ktzlib.dll
[2006.08.03 15:01:28 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\oem\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.06.12 15:41:48 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ktssleay32_0.9.7.2.dll
[2006.06.12 15:41:38 | 000,802,816 | ---- | C] () -- C:\WINDOWS\System32\ktlibeay32_0.9.7.2.dll
[2006.05.13 19:09:55 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\QTSBandwidthCache
[2006.05.13 18:37:42 | 000,221,236 | ---- | C] () -- C:\WINDOWS\System32\ar3rpc.dll
[2006.05.13 18:35:21 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\RXDDI.DLL
[2006.05.13 17:38:18 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\vchelpex.sys
[2006.05.13 17:24:21 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2006.05.13 17:24:21 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2006.05.13 17:22:34 | 000,006,688 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2006.05.13 17:22:33 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2006.05.13 15:12:44 | 000,000,744 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.05.13 14:57:08 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\oem\Data aplikací\ntl.ini
[2006.05.13 14:57:04 | 000,000,069 | ---- | C] () -- C:\WINDOWS\System32\NOTEPAD.INI.MS
[2006.05.13 14:57:04 | 000,000,069 | ---- | C] () -- C:\WINDOWS\System32\NOTEPAD.INI
[2006.05.13 14:06:53 | 000,087,040 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2006.05.12 17:42:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006.05.09 12:18:50 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsProbe.sys
[2006.05.09 12:18:41 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2006.05.09 11:42:01 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006.05.09 11:41:01 | 000,514,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006.05.09 11:14:22 | 000,000,123 | ---- | C] () -- C:\Documents and Settings\oem\Local Settings\Data aplikací\fusioncache.dat
[2006.05.09 11:08:34 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2006.05.09 10:49:32 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006.05.09 10:47:16 | 000,005,691 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006.05.09 10:47:15 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2006.05.09 10:47:12 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006.05.09 09:51:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006.05.09 09:47:14 | 000,024,380 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006.04.19 00:30:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006.04.19 00:30:13 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2006.03.22 02:38:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006.03.02 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006.03.02 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006.03.02 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006.03.02 14:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2006.03.02 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006.03.02 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006.03.02 14:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2006.03.02 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006.03.02 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.03.02 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006.03.02 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006.02.13 22:29:25 | 000,172,033 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004.08.18 14:00:00 | 000,510,644 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.18 14:00:00 | 000,506,774 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2004.08.18 14:00:00 | 000,110,506 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2004.08.18 14:00:00 | 000,098,224 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.18 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002.02.06 16:09:02 | 000,034,888 | ---- | C] () -- C:\WINDOWS\System32\oodbs.exe
[2001.12.16 18:03:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\oodagrs.dll
[2001.11.24 13:15:28 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\oodagmg.dll
[2001.10.28 17:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2001.07.07 05:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011.04.27 15:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AccuRender
[2007.03.07 10:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Acronis
[2008.05.16 15:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Analyzer
[2009.04.26 12:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2007.10.22 08:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Danware Data
[2010.08.18 10:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2006.05.13 17:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Right Hemisphere
[2010.07.30 14:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Tarma Installer
[2006.10.12 17:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\ACD Systems
[2006.05.13 17:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\ACD Systems
[2006.05.13 17:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\ACDInTouch
[2009.04.26 12:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Autodesk
[2009.04.26 14:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\CADwerx
[2008.01.04 19:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Danware Data
[2007.02.22 19:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Downloaded Installations
[2011.03.14 15:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\GHISLER
[2006.05.12 09:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\IsolatedStorage
[2006.05.17 23:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Kerio
[2006.05.13 14:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Leadertech
[2006.10.10 12:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Opera
[2006.05.13 17:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Right Hemisphere
[2009.02.04 19:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\STORMWARE
[2008.11.28 09:35:46 | 000,000,110 | ---- | M] () -- C:\WINDOWS\Tasks\Critical Battery Alarm Program.job
[2011.04.29 15:47:14 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011.04.29 10:33:43 | 000,000,470 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E1C0E22C-8EBE-497F-A63E-E78B81BE0A57}.job

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Second Copy" = "C:\Program Files\SecCopy\SecCopy.exe" /InitialWait=5 -- [2005.10.31 11:07:34 | 000,871,936 | ---- | M] (Centered Systems)
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 05:22:17 | 000,015,360 | ---- | M] (Microsoft Corporation)
"H/PC Connection Agent" = "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" -- [2006.11.13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation)
"MailCtrl" = "C:\Program Files\Kerio\MailServer\MailCtrl.exe" -- [2011.04.08 15:24:56 | 000,102,024 | ---- | M] (Kerio Technologies Inc.)

< c:\windows\*.* /U >
[8 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2006.05.13 16:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Right Hemisphere

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2006.05.13 17:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\ACD Systems
[2006.05.13 17:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\ACDInTouch
[2008.03.04 10:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Adobe
[2006.05.16 18:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\AdobeAUM
[2009.03.03 11:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\AdobeUM
[2006.05.13 19:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Apple Computer
[2006.05.09 11:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\ATI
[2009.04.26 12:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Autodesk
[2009.04.26 14:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\CADwerx
[2008.01.04 19:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Danware Data
[2007.02.22 19:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Downloaded Installations
[2009.04.06 12:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\FastStone
[2011.03.14 15:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\GHISLER
[2006.10.24 18:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Google
[2006.05.31 14:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Help
[2006.05.09 09:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Identities
[2009.04.02 17:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\InstallShield
[2006.05.12 09:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\IsolatedStorage
[2006.05.17 23:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Kerio
[2006.05.11 19:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Lavasoft
[2006.05.13 14:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Leadertech
[2008.03.12 11:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Logitech
[2006.06.22 21:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Macromedia
[2009.10.21 10:59:14 | 000,000,000 | --SD | M] -- C:\Documents and Settings\oem\Data aplikací\Microsoft
[2006.10.10 12:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Opera
[2006.05.13 17:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Right Hemisphere
[2009.02.04 19:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\STORMWARE
[2006.07.19 11:56:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Sun

< %APPDATA%\*.exe /s >
[2010.01.14 18:26:42 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\oem\Data aplikací\Microsoft\Installer\{3101CB58-3482-4D21-AF1A-7057FC935355}\ARPPRODUCTICON.exe
[2006.05.13 15:01:27 | 000,004,710 | R--- | M] () -- C:\Documents and Settings\oem\Data aplikací\Microsoft\Installer\{53480510-9ED5-4726-9BE5-292C82DBAC3F}\oodcnt.exe
[2006.05.13 15:01:27 | 000,004,710 | R--- | M] () -- C:\Documents and Settings\oem\Data aplikací\Microsoft\Installer\{53480510-9ED5-4726-9BE5-292C82DBAC3F}\PRO.exe
[2006.05.13 15:01:27 | 000,032,768 | R--- | M] () -- C:\Documents and Settings\oem\Data aplikací\Microsoft\Installer\{53480510-9ED5-4726-9BE5-292C82DBAC3F}\_D2766EED1705_484E_8F39_C13060EFC35D.exe
[2006.05.12 09:27:10 | 000,025,214 | R--- | M] () -- C:\Documents and Settings\oem\Data aplikací\Microsoft\Installer\{CE378F36-E404-4244-A33F-F50A2A6D31BD}\ARPPRODUCTICON.exe

< MD5 for: AGP440.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.10.29 09:31:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009.10.29 09:31:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: AHCIX86.SYS >
[2008.03.08 03:24:52 | 000,176,136 | ---- | M] (AMD Technologies Inc.) MD5=B6E729A575F84938A08D367E8352EB86 -- C:\ATI\SUPPORT\8-6_xp32_dd_ccc_wdm_enu_64783\SBDrv\RAID7xx\x86\ahcix86.sys

< MD5 for: ATAPI.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.10.29 09:31:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009.10.29 09:31:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CDROM.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2009.10.29 09:31:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2009.10.29 09:31:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2011.04.08 15:26:28 | 000,081,544 | ---- | M] () MD5=0F6EF6A61AE3CB893D3F78E5030D1042 -- C:\Program Files\Kerio\MailServer\plugins\spamassassin\site\lib\auto\Win32\EventLog\EventLog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\explorer.exe
[2007.06.13 15:11:59 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

< MD5 for: HAL.DLL >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2009.10.29 09:31:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2009.10.29 09:31:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\hal.dll

< MD5 for: CHANGER.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2009.10.29 09:31:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2009.10.29 09:31:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\changer.sys

< MD5 for: IASTOR.SYS >
[2005.03.09 12:09:18 | 000,870,912 | ---- | M] (Intel Corporation) MD5=79AE2A97C120F282845D854D0F070EA9 -- C:\WINDOWS\OemDir\iaStor.sys
[2005.03.09 12:09:18 | 000,870,912 | ---- | M] (Intel Corporation) MD5=79AE2A97C120F282845D854D0F070EA9 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: ISAPNP.SYS >
[2009.10.29 09:31:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2009.10.29 09:31:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2006.01.13 19:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[2007.10.30 18:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 14:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 05:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009.03.08 05:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009.10.28 18:57:33 | 000,524,288 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.10.28 15:11:53 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2009.10.28 18:57:33 | 046,923,776 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.10.28 18:57:33 | 004,980,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 05:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009.03.08 05:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2011.04.29 11:31:40 | 000,110,506 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2011.04.29 11:31:40 | 000,098,224 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2011.04.29 11:31:40 | 000,506,774 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2011.04.29 11:31:40 | 000,510,644 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2011.04.29 11:31:40 | 001,222,282 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2011.04.29 15:45:03 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >

-------------------------------------------------------------------------
-------------------------------------------------------------------------
-------------------------------------------------------------------------

splonk · #4 Příspěvek od **splonk** » 29 dub 2011 15:27

DD
Nejdriv OTL logfile

dekuji

-------------------------------------------------------------------------
-------------------------------------------------------------------------
-------------------------------------------------------------------------

OTL logfile created on: 29.4.2011 15:58:11 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = X:\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 83,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 10,54 Gb Free Space | 26,99% Space Free | Partition Type: NTFS
Drive D: | 698,46 Gb Total Space | 74,76 Gb Free Space | 10,70% Space Free | Partition Type: NTFS
Drive E: | 74,53 Gb Total Space | 36,32 Gb Free Space | 48,73% Space Free | Partition Type: NTFS
Drive F: | 74,53 Gb Total Space | 26,46 Gb Free Space | 35,50% Space Free | Partition Type: NTFS
Drive Q: | 698,46 Gb Total Space | 74,76 Gb Free Space | 10,70% Space Free | Partition Type: NTFS
Drive S: | 698,46 Gb Total Space | 74,76 Gb Free Space | 10,70% Space Free | Partition Type: NTFS
Drive X: | 35,47 Gb Total Space | 30,31 Gb Free Space | 85,47% Space Free | Partition Type: NTFS
Drive Y: | 465,76 Gb Total Space | 304,94 Gb Free Space | 65,47% Space Free | Partition Type: NTFS

Computer Name: BLAZENA | User Name: Blažena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.04.29 15:29:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- X:\Plocha\OTL.exe
PRC - [2011.04.08 15:24:56 | 000,102,024 | ---- | M] (Kerio Technologies Inc.) -- C:\Program Files\Kerio\MailServer\mailctrl.exe
PRC - [2010.07.02 12:43:40 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010.07.02 12:43:36 | 002,202,704 | ---- | M] (ESET) -- C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe
PRC - [2009.01.11 13:40:44 | 000,355,840 | ---- | M] (Outertech) -- C:\Program Files\CachemanXP\CachemanXP.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.05.25 19:21:40 | 000,112,216 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\RemotelyAnywhere\x86\ramaint.exe
PRC - [2007.04.05 14:18:34 | 000,063,064 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\RemotelyAnywhere\x86\RemotelyAnywhere.exe
PRC - [2007.04.05 14:18:34 | 000,063,064 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\RemotelyAnywhere\x86\RAGui.exe
PRC - [2006.11.03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006.10.16 22:13:28 | 000,230,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2005.12.12 16:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2005.12.12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2005.10.31 11:07:34 | 000,871,936 | ---- | M] (Centered Systems) -- C:\Program Files\SecCopy\SecCopy.exe
PRC - [2004.01.08 10:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE

========== Modules (SafeList) ==========

MOD - [2011.04.29 15:29:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- X:\Plocha\OTL.exe
MOD - [2010.08.23 18:12:33 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004.01.08 10:50:00 | 000,024,064 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2004.01.08 10:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (LBTServ)
SRV - [2011.04.08 15:24:56 | 015,195,784 | ---- | M] (Kerio Technologies Inc.) [Auto | Stopped] -- C:\Program Files\Kerio\MailServer\mailserver.exe -- (KerioMailServer)
SRV - [2010.07.02 12:44:10 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.07.02 12:43:40 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009.04.26 14:15:36 | 000,082,584 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009.01.11 13:40:44 | 000,355,840 | ---- | M] (Outertech) [Auto | Running] -- C:\Program Files\CachemanXP\CachemanXP.exe -- (CachemanXPService)
SRV - [2007.05.25 19:21:40 | 000,112,216 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\RemotelyAnywhere\x86\RaMaint.exe -- (RAMaint)
SRV - [2007.04.05 14:18:34 | 000,063,064 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\RemotelyAnywhere\x86\RemotelyAnywhere.exe -- (RemotelyAnywhere)
SRV - [2006.11.03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006.10.16 22:13:28 | 000,230,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2005.12.12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2005.10.06 18:12:50 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2002.02.08 12:15:20 | 000,263,168 | ---- | M] (O&O Software GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\oodag.exe -- (OODefrag)

========== Driver Services (SafeList) ==========

DRV - [2010.07.02 12:43:48 | 000,095,896 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010.07.02 12:43:04 | 000,140,752 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010.04.28 08:17:46 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.06.22 13:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008.12.19 00:44:00 | 000,028,816 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008.12.19 00:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008.12.19 00:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008.06.03 08:20:54 | 003,100,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.05.08 16:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007.05.25 19:22:30 | 000,083,568 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\RARfsClientNP.dll -- (RARfsClientNP)
DRV - [2007.04.17 15:00:32 | 000,012,992 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\RemotelyAnywhere\x86\rainfo.sys -- (RAInfo)
DRV - [2007.04.17 15:00:30 | 000,010,168 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ramirr.sys -- (ramirr)
DRV - [2007.04.05 12:55:16 | 000,046,000 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\RARfsDriver.sys -- (RARfsDriver)
DRV - [2007.03.07 10:18:54 | 000,395,744 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007.03.07 10:18:54 | 000,039,264 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007.03.07 10:18:29 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007.02.28 03:02:40 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2007.01.23 16:44:00 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006.05.09 11:00:35 | 000,244,608 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005.07.13 11:26:52 | 003,851,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005.05.06 11:12:36 | 000,021,632 | ---- | M] (AMD, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\amdtools.sys -- (amdtools)
DRV - [2005.01.07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003.12.17 10:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003.12.17 10:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2003.06.04 00:48:12 | 000,147,328 | R--- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EL2K_XP.sys -- (EL2000)
DRV - [2002.09.16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [1997.04.22 10:16:00 | 000,006,272 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchT ... f8&oe=utf8
IE - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.08.18 10:31:38 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010.07.30 14:52:40 | 000,000,904 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.10.115 c250
O1 - Hosts: 192.168.10.10 hp
O1 - Hosts: 192.168.10.100 smc
O1 - Hosts: 192.168.1.1 modem
O1 - Hosts: 88.146.35.148 kerio
O1 - Hosts: 192.168.10.24 T160
O1 - Hosts: 192.168.10.99 metodej
O1 - Hosts: 192.168.10.90 dalimil
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEEventObj Class) - {A69DD619-0385-4347-801D-781C09701BF2} - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll (Autodesk, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {C363E0F4-1D07-4ffb-A69F-BB7D3F4E70A5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Autodesk DWF) - {F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll (Autodesk, Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [RemotelyAnywhere GUI] C:\Program Files\RemotelyAnywhere\x86\RAGui.exe (LogMeIn, Inc.)
O4 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003..\Run: [MailCtrl] C:\Program Files\Kerio\MailServer\MailCtrl.exe (Kerio Technologies Inc.)
O4 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003..\Run: [Second Copy] C:\Program Files\SecCopy\SecCopy.exe (Centered Systems)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O15 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\..Trusted Domains: dalimil ([]http in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\..Trusted Domains: mojebanka.cz ([www] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1214440339-1060284298-1417001333-1003\..Trusted Ranges: Range1 ([http] in Důvěryhodné servery)
O16 - DPF: {0D97B971-27D5-11D4-B105-0050DA068F09} http://dalimil/iproject/docmgr/iProject_3.6.0.9_CZ.CAB (iProjectViewCZ Class)
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} https://www.mojebanka.cz/jars/confwiz/MVSGif.cab (AnimatedGif Control)
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} https://www.mojedatovaschranka.cz/stati ... ctivex.cab (Active602XMLFiller Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/ ... earadj.cab (CTAdjust Class)
O16 - DPF: {FA71BB2B-E574-494B-818A-634CAB65BAA0} http://localhost/DovTimesheet/components/MSPL.cab (CMSProjectLink Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://blazena:2000/activex/RACtrl.cab (Performance Viewer Activex Control)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - File not found
O20 - Winlogon\Notify\RAinit: DllName - RAinit.dll - C:\WINDOWS\System32\RAinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop BackupWallPaper: C:\Documents and Settings\oem\Data aplikací\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.05.09 09:49:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\##Blazena#updateAR3\Shell - "" = AutoRun
O33 - MountPoints2\##Blazena#updateAR3\Shell\AutoRun\command - "" = W:\autoplay.exe
O33 - MountPoints2\{29c1a8a7-aa64-11dc-9259-000a5e658f9f}\Shell\verb1\command - "" = desktop.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 30 Days ==========

[2011.04.29 15:48:24 | 000,580,608 | ---- | C] (OldTimer Tools) -- X:\Plocha\OTL.exe
[2011.04.29 13:20:35 | 000,396,288 | ---- | C] (Trend Micro Inc.) -- X:\Plocha\hijackthis.exe
[2011.04.28 01:13:56 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011.04.28 01:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2011.04.27 18:28:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\oem\Local Settings\Data aplikací\ESET
[2011.04.11 07:40:25 | 000,000,000 | ---D | C] -- X:\Plocha\Nod32
[2011.04.08 15:24:44 | 000,061,064 | ---- | C] (Kerio Technologies Inc.) -- C:\WINDOWS\System32\kmsperf.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.04.29 15:48:39 | 000,000,632 | ---- | M] () -- X:\Plocha\VIRY.CZ • Zobrazit téma - MailServer as iodesila SPAM....website
[2011.04.29 15:47:14 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.04.29 15:45:03 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.04.29 15:43:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.04.29 15:43:54 | 3220,492,288 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.29 15:43:52 | 3220,525,056 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011.04.29 15:29:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- X:\Plocha\OTL.exe
[2011.04.29 13:20:08 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- X:\Plocha\hijackthis.exe
[2011.04.29 12:20:09 | 000,000,032 | ---- | M] () -- C:\Documents and Settings\oem\Data aplikací\ntl.ini
[2011.04.29 11:32:05 | 000,000,133 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Kerio Connect Administration.url
[2011.04.29 11:31:40 | 000,510,644 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.04.29 11:31:40 | 000,506,774 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2011.04.29 11:31:40 | 000,110,506 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2011.04.29 11:31:40 | 000,098,224 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.04.29 10:33:43 | 000,000,470 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E1C0E22C-8EBE-497F-A63E-E78B81BE0A57}.job
[2011.04.28 01:12:07 | 000,000,977 | ---- | M] () -- X:\Plocha\Windows Defender.lnk
[2011.04.28 01:10:43 | 005,159,424 | ---- | M] () -- X:\Plocha\WindowsDefender.msi
[2011.04.26 09:51:39 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2011.04.14 11:53:35 | 000,514,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.04.14 11:41:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.04.08 15:24:44 | 000,061,064 | ---- | M] (Kerio Technologies Inc.) -- C:\WINDOWS\System32\kmsperf.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.04.29 15:48:39 | 000,000,632 | ---- | C] () -- X:\Plocha\VIRY.CZ • Zobrazit téma - MailServer as iodesila SPAM....website
[2011.04.29 11:32:05 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Kerio Connect Administration.url
[2011.04.28 01:15:12 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.04.28 01:12:34 | 000,000,977 | ---- | C] () -- X:\Plocha\Windows Defender.lnk
[2011.04.28 01:12:07 | 000,000,977 | ---- | C] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Windows Defender.lnk
[2011.04.28 01:10:43 | 005,159,424 | ---- | C] () -- X:\Plocha\WindowsDefender.msi
[2010.09.27 17:11:35 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\xrxi1l3.dll
[2010.01.14 16:39:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SetPointInstall.ini
[2009.04.26 14:44:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009.02.04 16:17:25 | 000,000,117 | ---- | C] () -- C:\WINDOWS\StwPh.INI
[2008.11.12 13:39:27 | 000,003,568 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008.06.10 15:12:05 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\DWFPortMon3.dll
[2008.06.03 04:47:46 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008.06.03 04:47:46 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008.06.03 04:47:46 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008.01.17 16:30:30 | 000,000,139 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007.10.22 08:02:27 | 000,000,373 | ---- | C] () -- C:\WINDOWS\NetOp.INI
[2007.06.06 19:58:30 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\ktzlib80.dll
[2007.05.22 20:14:58 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007.03.14 11:34:33 | 003,425,792 | ---- | C] () -- C:\WINDOWS\System32\libfilefmt-1.1.2.dll
[2007.03.14 11:34:33 | 000,710,656 | ---- | C] () -- C:\WINDOWS\System32\libmcl-3.1.3.dll
[2007.03.14 11:34:33 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\libavi-dd-1.2.1.dll
[2006.11.09 08:45:52 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\oem\Data aplikací\$_hpcst$.hpc
[2006.09.07 15:17:24 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ktzlib.dll
[2006.08.03 15:01:28 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\oem\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.06.12 15:41:48 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ktssleay32_0.9.7.2.dll
[2006.06.12 15:41:38 | 000,802,816 | ---- | C] () -- C:\WINDOWS\System32\ktlibeay32_0.9.7.2.dll
[2006.05.13 19:09:55 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\QTSBandwidthCache
[2006.05.13 18:37:42 | 000,221,236 | ---- | C] () -- C:\WINDOWS\System32\ar3rpc.dll
[2006.05.13 18:35:21 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\RXDDI.DLL
[2006.05.13 17:38:18 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\vchelpex.sys
[2006.05.13 17:24:21 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2006.05.13 17:24:21 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2006.05.13 17:22:34 | 000,006,688 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2006.05.13 17:22:33 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2006.05.13 15:12:44 | 000,000,744 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.05.13 14:57:08 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\oem\Data aplikací\ntl.ini
[2006.05.13 14:57:04 | 000,000,069 | ---- | C] () -- C:\WINDOWS\System32\NOTEPAD.INI.MS
[2006.05.13 14:57:04 | 000,000,069 | ---- | C] () -- C:\WINDOWS\System32\NOTEPAD.INI
[2006.05.13 14:06:53 | 000,087,040 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2006.05.12 17:42:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006.05.09 12:18:50 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsProbe.sys
[2006.05.09 12:18:41 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2006.05.09 11:42:01 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006.05.09 11:41:01 | 000,514,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006.05.09 11:14:22 | 000,000,123 | ---- | C] () -- C:\Documents and Settings\oem\Local Settings\Data aplikací\fusioncache.dat
[2006.05.09 11:08:34 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2006.05.09 10:49:32 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006.05.09 10:47:16 | 000,005,691 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006.05.09 10:47:15 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2006.05.09 10:47:12 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006.05.09 09:51:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006.05.09 09:47:14 | 000,024,380 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006.04.19 00:30:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006.04.19 00:30:13 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2006.03.22 02:38:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006.03.02 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006.03.02 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006.03.02 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006.03.02 14:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2006.03.02 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006.03.02 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006.03.02 14:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2006.03.02 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006.03.02 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.03.02 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006.03.02 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006.02.13 22:29:25 | 000,172,033 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004.08.18 14:00:00 | 000,510,644 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.18 14:00:00 | 000,506,774 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2004.08.18 14:00:00 | 000,110,506 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2004.08.18 14:00:00 | 000,098,224 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.18 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002.02.06 16:09:02 | 000,034,888 | ---- | C] () -- C:\WINDOWS\System32\oodbs.exe
[2001.12.16 18:03:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\oodagrs.dll
[2001.11.24 13:15:28 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\oodagmg.dll
[2001.10.28 17:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2001.07.07 05:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011.04.27 15:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AccuRender
[2007.03.07 10:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Acronis
[2008.05.16 15:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Analyzer
[2009.04.26 12:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2007.10.22 08:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Danware Data
[2010.08.18 10:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2006.05.13 17:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Right Hemisphere
[2010.07.30 14:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Tarma Installer
[2006.10.12 17:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\ACD Systems
[2006.05.13 17:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\ACD Systems
[2006.05.13 17:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\ACDInTouch
[2009.04.26 12:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Autodesk
[2009.04.26 14:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\CADwerx
[2008.01.04 19:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Danware Data
[2007.02.22 19:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Downloaded Installations
[2011.03.14 15:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\GHISLER
[2006.05.12 09:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\IsolatedStorage
[2006.05.17 23:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Kerio
[2006.05.13 14:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Leadertech
[2006.10.10 12:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Opera
[2006.05.13 17:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Right Hemisphere
[2009.02.04 19:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\STORMWARE
[2008.11.28 09:35:46 | 000,000,110 | ---- | M] () -- C:\WINDOWS\Tasks\Critical Battery Alarm Program.job
[2011.04.29 15:47:14 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011.04.29 10:33:43 | 000,000,470 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E1C0E22C-8EBE-497F-A63E-E78B81BE0A57}.job

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Second Copy" = "C:\Program Files\SecCopy\SecCopy.exe" /InitialWait=5 -- [2005.10.31 11:07:34 | 000,871,936 | ---- | M] (Centered Systems)
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 05:22:17 | 000,015,360 | ---- | M] (Microsoft Corporation)
"H/PC Connection Agent" = "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" -- [2006.11.13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation)
"MailCtrl" = "C:\Program Files\Kerio\MailServer\MailCtrl.exe" -- [2011.04.08 15:24:56 | 000,102,024 | ---- | M] (Kerio Technologies Inc.)

< c:\windows\*.* /U >
[8 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2006.05.13 16:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Right Hemisphere

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2006.05.13 17:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\ACD Systems
[2006.05.13 17:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\ACDInTouch
[2008.03.04 10:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Adobe
[2006.05.16 18:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\AdobeAUM
[2009.03.03 11:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\AdobeUM
[2006.05.13 19:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Apple Computer
[2006.05.09 11:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\ATI
[2009.04.26 12:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Autodesk
[2009.04.26 14:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\CADwerx
[2008.01.04 19:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Danware Data
[2007.02.22 19:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Downloaded Installations
[2009.04.06 12:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\FastStone
[2011.03.14 15:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\GHISLER
[2006.10.24 18:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Google
[2006.05.31 14:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Help
[2006.05.09 09:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Identities
[2009.04.02 17:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\InstallShield
[2006.05.12 09:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\IsolatedStorage
[2006.05.17 23:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Kerio
[2006.05.11 19:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Lavasoft
[2006.05.13 14:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Leadertech
[2008.03.12 11:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Logitech
[2006.06.22 21:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Macromedia
[2009.10.21 10:59:14 | 000,000,000 | --SD | M] -- C:\Documents and Settings\oem\Data aplikací\Microsoft
[2006.10.10 12:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Opera
[2006.05.13 17:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Right Hemisphere
[2009.02.04 19:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\STORMWARE
[2006.07.19 11:56:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Data aplikací\Sun

< %APPDATA%\*.exe /s >
[2010.01.14 18:26:42 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\oem\Data aplikací\Microsoft\Installer\{3101CB58-3482-4D21-AF1A-7057FC935355}\ARPPRODUCTICON.exe
[2006.05.13 15:01:27 | 000,004,710 | R--- | M] () -- C:\Documents and Settings\oem\Data aplikací\Microsoft\Installer\{53480510-9ED5-4726-9BE5-292C82DBAC3F}\oodcnt.exe
[2006.05.13 15:01:27 | 000,004,710 | R--- | M] () -- C:\Documents and Settings\oem\Data aplikací\Microsoft\Installer\{53480510-9ED5-4726-9BE5-292C82DBAC3F}\PRO.exe
[2006.05.13 15:01:27 | 000,032,768 | R--- | M] () -- C:\Documents and Settings\oem\Data aplikací\Microsoft\Installer\{53480510-9ED5-4726-9BE5-292C82DBAC3F}\_D2766EED1705_484E_8F39_C13060EFC35D.exe
[2006.05.12 09:27:10 | 000,025,214 | R--- | M] () -- C:\Documents and Settings\oem\Data aplikací\Microsoft\Installer\{CE378F36-E404-4244-A33F-F50A2A6D31BD}\ARPPRODUCTICON.exe

< MD5 for: AGP440.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.10.29 09:31:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009.10.29 09:31:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: AHCIX86.SYS >
[2008.03.08 03:24:52 | 000,176,136 | ---- | M] (AMD Technologies Inc.) MD5=B6E729A575F84938A08D367E8352EB86 -- C:\ATI\SUPPORT\8-6_xp32_dd_ccc_wdm_enu_64783\SBDrv\RAID7xx\x86\ahcix86.sys

< MD5 for: ATAPI.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.10.29 09:31:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009.10.29 09:31:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CDROM.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2009.10.29 09:31:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2009.10.29 09:31:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2011.04.08 15:26:28 | 000,081,544 | ---- | M] () MD5=0F6EF6A61AE3CB893D3F78E5030D1042 -- C:\Program Files\Kerio\MailServer\plugins\spamassassin\site\lib\auto\Win32\EventLog\EventLog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\explorer.exe
[2007.06.13 15:11:59 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

< MD5 for: HAL.DLL >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2009.10.29 09:31:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2009.10.29 09:31:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\hal.dll

< MD5 for: CHANGER.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2009.10.29 09:31:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2009.10.29 09:31:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\changer.sys

< MD5 for: IASTOR.SYS >
[2005.03.09 12:09:18 | 000,870,912 | ---- | M] (Intel Corporation) MD5=79AE2A97C120F282845D854D0F070EA9 -- C:\WINDOWS\OemDir\iaStor.sys
[2005.03.09 12:09:18 | 000,870,912 | ---- | M] (Intel Corporation) MD5=79AE2A97C120F282845D854D0F070EA9 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: ISAPNP.SYS >
[2009.10.29 09:31:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2009.10.29 09:31:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2006.01.13 19:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[2007.10.30 18:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 14:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 05:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009.03.08 05:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009.10.28 18:57:33 | 000,524,288 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.10.28 15:11:53 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2009.10.28 18:57:33 | 046,923,776 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.10.28 18:57:33 | 004,980,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 05:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009.03.08 05:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2011.04.29 11:31:40 | 000,110,506 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2011.04.29 11:31:40 | 000,098,224 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2011.04.29 11:31:40 | 000,506,774 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2011.04.29 11:31:40 | 000,510,644 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2011.04.29 11:31:40 | 001,222,282 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2011.04.29 15:45:03 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >

-------------------------------------------------------------------------
-------------------------------------------------------------------------
-------------------------------------------------------------------------

splonk · #5 Příspěvek od **splonk** » 29 dub 2011 15:29

... a jeste OTL extras

-----------------------------------------------------------------
-----------------------------------------------------------------
-----------------------------------------------------------------

OTL Extras logfile created on: 29.4.2011 15:58:11 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = X:\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 83,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 10,54 Gb Free Space | 26,99% Space Free | Partition Type: NTFS
Drive D: | 698,46 Gb Total Space | 74,76 Gb Free Space | 10,70% Space Free | Partition Type: NTFS
Drive E: | 74,53 Gb Total Space | 36,32 Gb Free Space | 48,73% Space Free | Partition Type: NTFS
Drive F: | 74,53 Gb Total Space | 26,46 Gb Free Space | 35,50% Space Free | Partition Type: NTFS
Drive Q: | 698,46 Gb Total Space | 74,76 Gb Free Space | 10,70% Space Free | Partition Type: NTFS
Drive S: | 698,46 Gb Total Space | 74,76 Gb Free Space | 10,70% Space Free | Partition Type: NTFS
Drive X: | 35,47 Gb Total Space | 30,31 Gb Free Space | 85,47% Space Free | Partition Type: NTFS
Drive Y: | 465,76 Gb Total Space | 304,94 Gb Free Space | 65,47% Space Free | Partition Type: NTFS

Computer Name: BLAZENA | User Name: Blažena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.)
Directory [DosHere] -- C:\WINDOWS\system32\cmd.exe /k cd "%1" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"80:TCP" = 80:TCP:*:Enabled:HTTP
"443:TCP" = 443:TCP:*:Enabled:HTTPS
"2000:TCP" = 2000:TCP:*:Disabled:RemoteAnywhere
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kerio\MailServer\mailctrl.exe" = C:\Program Files\Kerio\MailServer\mailctrl.exe:*:Enabled:Engine Monitor -- (Kerio Technologies Inc.)
"C:\Program Files\ArchVision\ArchVision Content Manager\rpcACMftp.exe" = C:\Program Files\ArchVision\ArchVision Content Manager\rpcACMftp.exe:*:Disabled:ArchVision Content Manager -- (ArchVision)
"C:\Program Files\ArchVision\ArchVision Content Manager\rpcACMapp.exe" = C:\Program Files\ArchVision\ArchVision Content Manager\rpcACMapp.exe:*:Disabled:ArchVision Content Manager -- (ArchVision)
"C:\Program Files\Kerio\Outlook Connector\kassist.exe" = C:\Program Files\Kerio\Outlook Connector\kassist.exe:*:Enabled:kassist -- (Kerio Technologies Inc.)
"C:\Program Files\Kerio\Admin\kadmin.exe" = C:\Program Files\Kerio\Admin\kadmin.exe:*:Enabled:Administration Console

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0D007124-D161-472B-BEF8-7EBBDD4DCA33}" = RemotelyAnywhere
"{1116FD69-3C49-BE9A-C206-E8BA26CCA10F}" = CCC Help English
"{16FE2579-06B2-3E32-58F2-4B70B69A3070}" = ccc-core-preinstall
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1EB21F28-E3AF-A317-4658-6C0C455C2F61}" = Catalyst Control Center Core Implementation
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38AD6EA4-BBC1-4A95-B792-9950D48E2171}" = Kerio Visual C++ 2005 redistributable permanent package
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis True Image Home
"{43A537BA-8921-4872-9007-8644A2FDA094}" = RPC File System
"{43EE631D-41BB-4A05-8709-F5A8C3E9A6CF}" = STORMWARE POHODA CZ Start
"{46D9C523-FABB-FFF1-321D-F493A68E2C3E}" = Catalyst Control Center Graphics Previews Common
"{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}" = QuickTime
"{53480510-9ED5-4726-9BE5-292C82DBAC3F}" = O&O Defrag Professional Edition
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5783F2D7-4004-0409-0002-0060B0CE6BBA}" = Autodesk Architectural Desktop 2006
"{5783F2D7-7004-0409-0002-0060B0CE6BBA}" = AutoCAD Architecture 2009
"{57D32909-FCA8-A78B-2AD2-2A50F5E11858}" = ccc-core-static
"{57EA735B-4F1D-9FC5-6A36-B0C0F1D704FE}" = Catalyst Control Center Graphics Light
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5E1F3B6B-600C-446A-A8E7-6E12F7317F1B}" = Kerio MailServer (Uninstalled)
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{680EBB6D-5C58-4DCA-89F8-C9CB17B0C610}" = StormWare GLX
"{68564BAB-D64E-4C0D-AFF6-AA0039881D15}" = Kerio Outlook Connector (Offline Edition)
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6D189A36-1B06-4B19-9AAD-505F026C85F4}" = STORMWARE POHODA CZ Start
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7C7E2212-D0A9-4325-9442-CA37F91D69FB}" = AccuRender nXt
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8F5C2A7E-DE9E-4642-AD0F-E29FE903422A}" = Autodesk DWF Writer 4.0
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{3C3813E1-C370-4F32-9639-8B43C7C780CD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{F67648A4-713E-4298-BBAD-A83D8283B0F3}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{2659571A-3405-4486-B7D8-2F125BC0E3B2}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{9172D6AA-B3CB-4AE8-86EF-932B12540D65}" = TimeTTracker MX2, Enterprise Edition
"{960D7B65-4A01-4243-9CDC-4182818AEBBA}" = ArchVision Content Manager
"{97A1DE36-FE84-49A9-B281-84AB02EBDBC6}" = STORMWARE POHODA CZ Start
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9EDFEDD1-5CF0-469B-83A5-9FA089BA7DF8}_is1" = infoSYS Ghost Printer
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3E70456-0177-4BD7-9BD5-F419288201E9}" = TimeTTracker MX
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A4512736-8D63-4298-9271-5329931FA46B}" = Microsoft SQL Server Management Studio Express
"{A8E4A353-374A-47EC-9C0C-40FBB635DE21}" = STORMWARE POHODA CZ Komplet
"{AC275F6D-C763-4F80-BBFC-9FAAE6392A81}" = Kerio Outlook Connector (Uninstalled)
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.4 - Czech
"{ADC2809F-E3E7-487D-9684-D71452186FD3}" = Machine Check Analysis Tool
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B75C664F-070C-4E38-918C-DC98F877F837}" = ESET NOD32 Antivirus
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BF094379-4559-4811-B349-794D86BC9268}" = Kerio Connect
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE378F36-E404-4244-A33F-F50A2A6D31BD}" = Microsoft Color Control Panel Applet for Windows XP
"{D0532EDD-60A8-49E4-9D90-F3E9BD87CA59}" = Kerio Outlook Connector
"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
"{DE31F8AA-B12D-3A38-E561-C657EED45465}" = Catalyst Control Center Graphics Full Existing
"{E61CAE2E-6D6E-43C1-941B-17A69BC144C5}" = 602XML Filler
"{E6EB53D4-5AD0-07F0-2DAC-0A2D624DF39D}" = ccc-utility
"{E74CC47C-28D3-25E1-14D2-68EBC87C31BA}" = Skins
"{E963824C-6455-48D9-80A2-75D52AE9A524}" = StormWare Pohoda CZ
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EA7B0159-CEA4-4BD2-BA71-CDEE6A08A183}" = NetCenter EasyLink
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F251B61F-9D18-13C4-02EE-71A36343D442}" = Catalyst Control Center Graphics Full New
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FBD3BB88-04DB-411A-AFA6-4FA78D3F8C89}" = RPC Plugin for Photoshop
"602XMLFiller_CAB" = 602XML Filler rozšíření pro Internet Explorer
"ACDSee" = ACDSee
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AutoCAD Architecture 2009" = AutoCAD Architecture 2009
"AutoCAD Architecture 2009 Version 4" = AutoCAD Architecture 2009 Version 4
"CachemanXP 1.8.0.10" = CachemanXP 1.8.0.10
"Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1
"Deep Exploration" = Deep Exploration
"DisplaySet" = DisplaySet
"DocBar 2.0 for AutoCAD 2000-2009_is1" = DocBar 2.0 for AutoCAD 2000-2009
"DosHere" = Command Prompt Here PowerToy
"Driver Genius Professional Edition 2007_is1" = Driver Genius Professional Edition 2007
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FastStone Capture" = FastStone Capture 5.8
"FileSync" = FileSync
"HijackThis" = HijackThis 2.0.2
"chgtype" = CoolTools ChangeType v1.00
"ie8" = Windows Internet Explorer 8
"InstallShield_{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}" = QuickTime
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"iPROJECT client" = iPROJECT client 3.6.0.5.
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSTargetContextSubmenu" = Target Context Menu (Remove Only)
"MSTrueTypeProperties" = Microsoft OpenType Font Properties Extension (Remove Only)
"NoteTab Light_is1" = NoteTab Light (Remove only)
"PicaView" = PicaView
"rootexplore" = Explore From Here (Remove only)
"R-Studio 4.2NSIS" = R-Studio 4.2
"Second Copy (7.0)" = Second Copy (7.0)
"SendToX.PowerToy" = Send To Extensions PowerToy
"SmoothMove(tm) Pan Viewer 5.0 release 1" = SmoothMove(tm) Pan Viewer 5.0 release 1
"STORMWARE PDF Printer_is1" = STORMWARE PDF Printer 5.0.0.614
"Totalcmd" = Total Commander (Remove or Repair)
"Tweak UI 2.10" = Tweak UI
"ViewCompanion_is1" = ViewCompanion Standard 2.69
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = The GIMP 2.2.13
"WinGTK-2_is1" = GTK+ 2.8.18-1 runtime environment
"WinRAR archiver" = WinRAR archiver
"Xerox Phaser 6110MFP" = Xerox Phaser 6110MFP
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29.4.2011 9:44:16 | Computer Name = BLAZENA | Source = MSSQL$SQLEXPRESS | ID = 17049
Description = Unable to cycle error log file from 'C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG.5' to 'C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.6'
due to OS error '5(Přístup byl odepřen.)'. A process outside of SQL Server may
be preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 29.4.2011 9:44:16 | Computer Name = BLAZENA | Source = MSSQL$SQLEXPRESS | ID = 17049
Description = Unable to cycle error log file from 'C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG.4' to 'C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.5'
due to OS error '5(Přístup byl odepřen.)'. A process outside of SQL Server may
be preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 29.4.2011 9:44:16 | Computer Name = BLAZENA | Source = MSSQL$SQLEXPRESS | ID = 17049
Description = Unable to cycle error log file from 'C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG.3' to 'C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.4'
due to OS error '5(Přístup byl odepřen.)'. A process outside of SQL Server may
be preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 29.4.2011 9:44:16 | Computer Name = BLAZENA | Source = MSSQL$SQLEXPRESS | ID = 17049
Description = Unable to cycle error log file from 'C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG.2' to 'C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.3'
due to OS error '5(Přístup byl odepřen.)'. A process outside of SQL Server may
be preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 29.4.2011 9:44:16 | Computer Name = BLAZENA | Source = MSSQL$SQLEXPRESS | ID = 17049
Description = Unable to cycle error log file from 'C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG.1' to 'C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.2'
due to OS error '5(Přístup byl odepřen.)'. A process outside of SQL Server may
be preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 29.4.2011 9:44:16 | Computer Name = BLAZENA | Source = MSSQL$SQLEXPRESS | ID = 17049
Description = Unable to cycle error log file from 'C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG' to 'C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.1'
due to OS error '5(Přístup byl odepřen.)'. A process outside of SQL Server may
be preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 29.4.2011 9:44:17 | Computer Name = BLAZENA | Source = MSSQL$SQLEXPRESS | ID = 17207
Description = FCB::Open: Operating system error 5(Přístup byl odepřen.) occurred
while creating or opening file 'C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 29.4.2011 9:44:17 | Computer Name = BLAZENA | Source = MSSQL$SQLEXPRESS | ID = 17204
Description = FCB::Open failed: Could not open file C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\DATA\master.mdf for file number 1. OS error: 5(Přístup byl
odepřen.).

Error - 29.4.2011 9:44:17 | Computer Name = BLAZENA | Source = MSSQL$SQLEXPRESS | ID = 17207
Description = FCB::Open: Operating system error 5(Přístup byl odepřen.) occurred
while creating or opening file 'C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 29.4.2011 9:44:17 | Computer Name = BLAZENA | Source = MSSQL$SQLEXPRESS | ID = 17204
Description = FCB::Open failed: Could not open file C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\DATA\mastlog.ldf for file number 2. OS error: 5(Přístup byl
odepřen.).

[ System Events ]
Error - 30.9.2010 10:49:59 | Computer Name = BLAZENA | Source = Service Control Manager | ID = 7000
Description = Služba SSPORT neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 30.9.2010 10:49:59 | Computer Name = BLAZENA | Source = Service Control Manager | ID = 7024
Description = Služba SQL Server (SQLEXPRESS) ukončena s chybou 3417 (0xD59), specifickou
pro službu.

Error - 30.9.2010 11:17:50 | Computer Name = BLAZENA | Source = Service Control Manager | ID = 7000
Description = Služba SSPORT neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 30.9.2010 11:17:50 | Computer Name = BLAZENA | Source = Service Control Manager | ID = 7024
Description = Služba SQL Server (SQLEXPRESS) ukončena s chybou 3417 (0xD59), specifickou
pro službu.

Error - 3.10.2010 6:28:54 | Computer Name = BLAZENA | Source = Service Control Manager | ID = 7000
Description = Služba SSPORT neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 3.10.2010 6:28:54 | Computer Name = BLAZENA | Source = Service Control Manager | ID = 7024
Description = Služba SQL Server (SQLEXPRESS) ukončena s chybou 3417 (0xD59), specifickou
pro službu.

Error - 5.10.2010 3:47:40 | Computer Name = BLAZENA | Source = TermServDevices | ID = 1111
Description = Ovladač Canon MP470 series Printer nezbytný pro tiskárnu Canon MP470
series Printer je neznámý. Požádejte správce o instalaci ovladače a po ní se přihlaste
znovu.

Error - 8.10.2010 6:18:34 | Computer Name = BLAZENA | Source = Service Control Manager | ID = 7000
Description = Služba SSPORT neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 8.10.2010 6:18:34 | Computer Name = BLAZENA | Source = Service Control Manager | ID = 7024
Description = Služba SQL Server (SQLEXPRESS) ukončena s chybou 3417 (0xD59), specifickou
pro službu.

Error - 19.10.2010 3:37:22 | Computer Name = BLAZENA | Source = MRxSmb | ID = 8003
Description = Hlavní prohledávač přijal oznámení serveru od počítače DOUBRAVKA, který
se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{77F4AE7F-F012-4A37.
Hlavní
prohledávač bude ukončen nebo bude vyvolána volba.

< End of report >

#6 Příspěvek od **motji** » 29 dub 2011 18:08

Já se budu chvilku ptát, až Vám něco nesmažu, se servery nemám moc zkušeností. Správně by jste se měl obrátit na Vaše IT oddělení

.

Jednotka X - to máte linux nebo tak něco?

Tyto záznamy v hosts znáte?
O1 - Hosts: 192.168.10.115 c250
O1 - Hosts: 192.168.10.10 hp
O1 - Hosts: 192.168.10.100 smc
O1 - Hosts: 192.168.10.24 T160
O1 - Hosts: 192.168.10.99 metodej
O1 - Hosts: 192.168.10.90 dalimil

Dejte soubor otestovat na http://www.virustotal.com
C:\WINDOWS\System32\xrxi1l3.dll
C:\Documents and Settings\oem\Data aplikací\Microsoft\Installer\{53480510-9ED5-4726-9BE5-292C82DBAC3F}\oodcnt.exe
C:\Documents and Settings\oem\Data aplikací\Microsoft\Installer\{53480510-9ED5-4726-9BE5-292C82DBAC3F}\PRO.exe
C:\Documents and Settings\oem\Data aplikací\Microsoft\Installer\{53480510-9ED5-4726-9BE5-292C82DBAC3F}\_D2766EED1705_484E_8F39_C13060EFC35D.exe

-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky
-pokud se Vás zeptá, dejte soubor otestovat znovu, tak aby to byl soubor z Vašeho počítače

Jinak ale nic nevidím

, combofix nechci použít, ať vám něco neodpálím

, proč myslíte, že odesíláte spam?

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT

-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

splonk · #7 Příspěvek od **splonk** » 29 dub 2011 19:23

DD
Dekuji pekne

, tak ze postupne, odpovedi na vase otazky (bez citaci

):

Ono je to vlastne pracovni stanice na ktere je nainstalovan Mailserver, a nekde od roku 2007 se nic zasadniho s nim neprovadelo (parkrat se vymenil zdroj, hdd apod.) IT oddeleni jsem ja

, na nic schopnejsiha zatim nemame

.

Jednotka X je partition systemoveho HDD. Na Ccku mam OS na Xko si davam Plochu, Favorites apod. abych pri reinstalaci toto neztratil. Kazdopadne, nic ohledne Linuxu.

Zaznamy v Hosts znam, jsou to okolna zarizeni ovladana pres webove rozhrani... Sam jsem je zadaval.

Soubory otestovany.
dll-ko - je OK - pry neco od nejake tiskarny...
zbytek patri aplikaci "O&O defragment...pro" - tady mi to zahlasilo chybu pri uploadu (vicekrat) tak jsem tu app odinstaloval (klasicky pres pridat a odebrat programy) a slozka obsahujici tyto tri soubory zmizela. Tak to je asi OK...

S Combofixem - souhlas -

A proc si to myslim... uz nam zablokovaly odesilani posty (SMTP) na domene

. A pak v logu mail servru lze sledovat jak to odesila... pak, jednou za cas se to azhlti, odpoji a zadne emaily nachodi ven.... proste vopruz.

Log z MBAM Vam poslu, jakmile bude hotov... dal jsem oscanovat i HDD kam se ukladaji emaily... tzn spousta drobnych souboru - tak ze to asi potrva

Jeste poznamka na konec: pro prohlednuti OTL logu jsem si vsim ze je widowsacky firewall vypnuty (a zadny jiny na PC nebezi) Tak jsem ho zapnul, restartoval sluzbu mailservru a uz 3 hodiny to bezi jak ma

. Neuvedomuji si ale, proc ten FW byl vypnuty

, a clovek co se o to "staral" prede mnou o tom nic nevi. ???

Kazdopadne diky moc a za par hodin se ozvu s .log-em

hezky vecer

splonk · #8 Příspěvek od **splonk** » 29 dub 2011 19:29

Dobry vecer
Tak jsem, zda se, kecal...

Pustil jsem nejdriv rychly scan (asi dle navodu ze stranky ze ktere jsem MBAM stahoval

)
Zde je log - log z uplneho scanu poslu pak take....
************************************
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29.4.2011 19:51:21
mbam-log-2011-04-29 (19-51-12).txt

Typ kontroly: Rychlý test
Testované objekty: 190854
Uplynulý cas: 8 minut, 39 sekund

Infikované procesy v pameti: 0
Infikované moduly v pameti: 0
Infikované klíce v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 3
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v pameti:
(Žádné škodlivé položky nebyly zjišteny)

Infikované moduly v pameti:
(Žádné škodlivé položky nebyly zjišteny)

Infikované klíce v registru:
(Žádné škodlivé položky nebyly zjišteny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjišteny)

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjišteny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjišteny)

**************************************************

#9 Příspěvek od **motji** » 29 dub 2011 19:35

Fajn, udělejte ještě uplný sken. Při mazání v mbamu počítejte s tím, že se pc restartuje.
Někde tam asi opravdu bude rootkit, ale kde

Pak ještě udělejte sken gmerem.

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.

splonk · #10 Příspěvek od **splonk** » 29 dub 2011 23:33

Dobry podvecer
MBAM dokocil praci a log je identicky s logem z rychleho scanu:

*************************************************

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 6474

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

30.4.2011 0:27:04
mbam-log-2011-04-30 (00-26-53).txt

Typ kontroly: Úplný test (C:\|E:\|F:\|X:\|)
Testované objekty: 360500
Uplynulý cas: 4 hodin, 27 minut, 11 sekund

Infikované procesy v pameti: 0
Infikované moduly v pameti: 0
Infikované klíce v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 3
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v pameti:
(Žádné škodlivé položky nebyly zjišteny)

Infikované moduly v pameti:
(Žádné škodlivé položky nebyly zjišteny)

Infikované klíce v registru:
(Žádné škodlivé položky nebyly zjišteny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjišteny)

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjišteny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjišteny)
***************************************************

Ted jsu na GMER - pak se ozvu

Diky a hezky vecer
JASponza

#11 Příspěvek od **motji** » 29 dub 2011 23:38

Tak to v mbamu smažte. Ještě tu tak do 1 budu, pak až ráno

splonk · #12 Příspěvek od **splonk** » 30 dub 2011 17:05

Dobry den

tak tady predkaldam 2 logy z GMERu
MBAM znovuspoustim a pak one tri polozky smaznu
Diky

1.
****************************************************
GMER 1.0.15.15572 - http://www.gmer.net
Rootkit quick scan 2011-04-30 00:35:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-f ST3808110AS rev.3.AAD
Running: gmer.exe; Driver: C:\Temp\uxrdqpow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

---- EOF - GMER 1.0.15 ----
*********************************************************

2.
*********************************************************
GMER 1.0.15.15572 - http://www.gmer.net
Rootkit scan 2011-04-30 17:48:24
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-f ST3808110AS rev.3.AAD
Running: gmer.exe; Driver: C:\Temp\uxrdqpow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xF2141610]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xF2141C10]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xF2141730]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xF21414B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xF2141570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xF21416D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwQueueApcThread [0xF2141790]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xF2141690]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xF2141650]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xF21417D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xF2141510]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xF2141590]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xF21414D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xF21415D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xF2141750]

INT 0x62 ? FC8F56FC
INT 0x63 ? FC8F4BBC
INT 0x73 ? FC42DE54
INT 0x82 ? FC960E54
INT 0x83 ? FC75644C
INT 0x92 ? FC1FE2AC
INT 0xA3 ? FC770E54
INT 0xA4 ? FC39B634
INT 0xB1 ? FC95389C
INT 0xB4 ? FC3B8E54

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF5955000, 0x198FE0, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[912] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 414E54BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 415BDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 416B5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 416B5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 416B50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 416B4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 416B4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 416B517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 416B4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 414E54BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 415B9B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 415AD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 415BDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 41524664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 416B5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 416B5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 416B50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 416B4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 416B4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 416B517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 416B4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] ole32.dll!CoCreateInstance 774EF1AC 5 Bytes JMP 415BDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] ole32.dll!OleLoadFromStream 7751981B 5 Bytes JMP 416B547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[5524] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG04.00.00.01SERVER 3A1A54C25AE6901578D4607B49A97CE96A70ECA04C7901180549AA468C9D6DA24B27D485FA1DAFD243D1F68D90F0223285724D8AA193F5535541B4D8C0D2ABF44785A78BAF7E146A8468CDBCE5DA6DD90D179AB61E6C83C397ADF9E5FA12E9E9F7FB911E39E943EF1D950D2F740B146299B07C49758E2D783FD6C5AE18E91E3CC7E89F3DBC91C1EC92E9214249F9CDC1692462993E567CF36318A5A757BA441CC73A9F9BC0FD9DDD8C8B3A04D4F258635EECF935F174802E3F5F6DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6A0AC4980AC7933A6171C11EC38DE3DA6A0AC4980AC79330E8DFD73BF0ABAE1D7B42A8AC18464DAC1CAE26EC44CFB9512365323C8C634DE3834266D1B353083AE2D99372959B0C0AF18CC07161499C2BAECF189ACABC0AF6CA5BF23968C094C9B513F98EE275C255238DE469ADFE350950C606776009CB9702A8E6852C6390362F2C3534182CD718E2647412DB9546BBFD572E2CFE77A8A40F02A97E644C6B5FC49251241218152F64088131DD27D020DF54EA8562C20700C89FD0B5D85CBB4176D3203885E86BA564C77D9AFFE814783F6EE6719B865813769C9A53231F69590DF1156A03800612AEF3E399D341BB25E4923549E20B894596C224B599109B27F003A410AD2A5C0A4B75A561

---- EOF - GMER 1.0.15 ----
***********************************************************

#13 Příspěvek od **motji** » 30 dub 2011 17:09

Tak já nevím, ale gmer je ok

. Jste si jistý, že za to může tento pc?

splonk · #14 Příspěvek od **splonk** » 02 kvě 2011 11:14

Dobry den
... predevcera se mi nejak asi neodeslala odpoved ???!!!
Jist si prave uplne nejsem, muze to asi byt jakykoliv PC na siti (cca 20ks). Co s tim? Ze by FW zablokoval cestu "utocnikovy". Porad ale nekde na nas ciha, a to se mi nelibi

. Lze ho nejak odchiti, v pripade zebych opet otevrel FW? A nebo je to blbost?

Dekuji

#15 Příspěvek od **motji** » 02 kvě 2011 14:21

Co máte za firewall? Máte ještě nějaký HW router?
Pokud ve firewallu vidíte blokování, zjistíte, na který pc to jde podle Ip adresy?

VIRY.CZ

MailServer as iodesila SPAM...

MailServer as iodesila SPAM...

Re: MailServer as iodesila SPAM...

Re: MailServer as iodesila SPAM...

Re: MailServer as iodesila SPAM...

Re: MailServer as iodesila SPAM...

Re: MailServer as iodesila SPAM...

Re: MailServer as iodesila SPAM...

Re: MailServer as iodesila SPAM...

Re: MailServer as iodesila SPAM...

Re: MailServer as iodesila SPAM...

Re: MailServer as iodesila SPAM...

Re: MailServer as iodesila SPAM...

Re: MailServer as iodesila SPAM...

Re: MailServer as iodesila SPAM...

Re: MailServer as iodesila SPAM...