SERVICES.EXE

Zpráva

Jahaba · #31 Příspěvek od **Jahaba** » 12 bře 2010 18:13

Tady je nový log z ComboFixu.

ComboFix 10-03-11.06 - Jaroslav 12.03.2010 17:52:40.7.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.584 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jaroslav\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jaroslav\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ReadMe.txt

c:\windows\system32\services.exe . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-12 do 2010-03-12 )))))))))))))))))))))))))))))))
.

2010-03-11 17:52 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\57947352.sys
2010-03-11 17:52 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\5794735.sys
2010-03-11 17:52 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\57947351.sys
2010-03-10 19:23 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-10 19:23 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 19:23 . 2010-03-10 19:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-07 09:24 . 2010-03-07 09:24 -------- d-----w- c:\program files\trend micro
2010-03-07 09:24 . 2010-03-07 09:24 -------- d-----w- C:\rsit
2010-02-23 21:36 . 2010-02-23 21:36 -------- d-----w- c:\program files\CrystalDiskInfo
2010-02-23 21:31 . 2010-02-23 21:31 -------- d-----w- c:\program files\Common Files\AltrixSoft
2010-02-21 16:26 . 2001-05-11 12:18 420240 ----a-w- c:\windows\system32\mpg4c32.dll
2010-02-21 09:24 . 2010-02-21 09:24 -------- d-----w- c:\windows\WinAVI Video Converter 9.0
2010-02-21 09:24 . 2010-02-21 09:24 -------- d-----w- c:\program files\WinAVI Video Converter 9.0
2010-02-19 18:53 . 2001-07-13 12:56 14976 ----a-w- c:\windows\system32\drivers\SBKUPNT.SYS
2010-02-19 18:53 . 1997-02-08 16:11 13312 ----a-w- c:\windows\system32\DEVLOAD.EXE
2010-02-15 17:01 . 2009-02-13 19:02 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 17:34 . 2010-02-05 17:34 -------- d-----w- c:\program files\linguatec
2010-02-04 19:04 . 2010-02-04 19:04 -------- d-----w- c:\program files\MyPlayCity.com
2010-02-04 17:37 . 2002-09-23 09:00 93496 ----a-w- c:\windows\system32\perfc005.dat
2010-02-04 17:37 . 2002-09-23 09:00 457398 ----a-w- c:\windows\system32\perfh005.dat
2009-12-31 16:50 . 2002-09-23 09:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2002-09-23 09:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-14 07:10 . 2002-09-23 09:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2002-09-23 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[-] 2002-08-29 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\drivers\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 344064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2003-09-17 77824]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-14 81920]
"NeroFilterCheck"="c:\windows\System32\NeroCheck.exe" [2001-07-09 155648]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2005-09-22 454144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-04-09 949376]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Jaroslav\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Z stupce - taskmgr.exe.lnk - c:\windows\system32\taskmgr.exe [2002-9-23 137216]
setup_9.0.0.722_10.03.2010_22-29.lnk - c:\documents and settings\Jaroslav\Plocha\Virus Removal Tool\setup_9.0.0.722_10.03.2010_22-29\startup.exe [2010-3-11 72208]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Wireless Utility.lnk - c:\program files\EDIMAX\Common\RaUI.exe [2009-12-5 1601536]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\WINDOWS\\System32\\PnkBstrA.exe"=
"c:\\WINDOWS\\System32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ESET\\NOD32KUI.EXE"=
"c:\\Program Files\\EA Games\\MOHAA\\MOHAA.exe"=
"c:\\Program Files\\EA Games\\MOHAA\\moh_Breakthrough.exe"=
"c:\\Program Files\\EA Games\\MOHAA\\moh_spearhead.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 57947352;57947352 Boot Guard Driver;c:\windows\system32\drivers\57947352.sys [11.3.2010 18:52 37392]
R0 IODrv;IODrv;c:\windows\system32\drivers\Iodrv.sys [16.2.2009 21:59 8080]
R1 57947351;57947351;c:\windows\system32\drivers\57947351.sys [11.3.2010 18:52 128016]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [9.4.2009 19:22 15424]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [28.9.2009 20:10 159600]
R1 prodrv03;Star Force copy protection driver v3;c:\windows\system32\drivers\prodrv03.sys [5.3.2003 16:39 115968]
R1 setup_9.0.0.722_10.03.2010_22-29drv;setup_9.0.0.722_10.03.2010_22-29drv;c:\windows\system32\drivers\5794735.sys [11.3.2010 18:52 315408]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [13.5.2008 21:08 142592]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [28.9.2009 20:10 73840]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [19.2.2010 19:53 14976]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [28.9.2009 20:09 95640]
R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [27.12.2007 18:58 10260864]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8.2.2010 20:00 135664]
S3 USBVSP;USBVSP;c:\windows\system32\drivers\usbvsp.sys [12.12.2003 19:51 89856]
S3 V90drv;v90drv;c:\windows\system32\drivers\v90drv.sys [1.1.1980 1432836]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [15.2.2010 18:01 11520]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.12.2005 18:18 642560]
.
Obsah adresáře 'Naplánované úlohy'

2010-03-12 c:\windows\Tasks\User_Feed_Synchronization-{4C1DBB86-7F64-4F0E-ACDE-03BAEADDB565}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

2010-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 19:00]

2010-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 19:00]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\windows\system32\imon.dll
TCP: {109FD390-F319-4387-9CBD-7733B14B67BC} = 192.168.0.5
TCP: {9F785618-84F9-491C-B0A9-DA67810F72D1} = 10.97.39.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java
DPF: {70EDCF63-CA7E-4812-8528-DA1EA2FD53B6} - hxxp://www.skiosvetimany.cz/VitaminCtrl_2_1_0_26.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-12 18:04
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1659004503-1708537768-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1360)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1416)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(3388)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Eset\nod32krn.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\windows\SOUNDMAN.EXE
c:\program files\EDIMAX\Common\RalinkRegistryWriter.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\documents and settings\Jaroslav\Plocha\Virus Removal Tool\setup_9.0.0.722_10.03.2010_22-29\setup_9.0.0.722_10.03.2010_22-29.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-03-12 18:10:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-12 17:10
ComboFix2.txt 2010-03-07 11:32
ComboFix3.txt 2010-03-07 10:23
ComboFix4.txt 2007-08-03 22:31

Před spuštěním: Volných bajtů: 14 549 123 072
Po spuštění: Volných bajtů: 14 477 099 008

Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - 4BF2CC353A1128ABB2815861B4B8473D

#32 Příspěvek od **Caroprd111** » 12 bře 2010 18:24

Následující kroky proveďte přesně v pořadí jak jsou.

Obrázek

Stáhněte a rozbalte soubory z přílohy na disk i:\ (cesta bude např. c:\services.exe, nesmí to být archív

).

Soubory.zip: (107.9 KiB) Staženo 20 x

Pokud nemáte, přesuňte Combofix na plochu

Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

FCopy:: 
c:\services.exe | c:\windows\system32\services.exe
c:\atapi.sys | c:\windows\system32\drivers\atapi.sys

RegLock::
[HKEY_USERS\S-1-5-21-1659004503-1708537768-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]

Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Jahaba · #33 Příspěvek od **Jahaba** » 13 bře 2010 14:00

Zdravím,
nerozumím prvnímu bodu: Stáhněte a rozbalte soubory z přílohy na disk i:\ (cesta bude např. c:\services.exe, nesmí to být archív ).
Nemám disk i:, a není mi jasná poznámka. Prosím o přesnější popis.
Děkuji za pochopení.

#34 Příspěvek od **Caroprd111** » 13 bře 2010 16:23

Omlouvám se

Má tam být "na disk c:".

Jahaba · #35 Příspěvek od **Jahaba** » 13 bře 2010 19:39

Tady je nový log z ComboFixu.

ComboFix 10-03-11.06 - Jaroslav 13.03.2010 19:19:45.8.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.608 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jaroslav\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jaroslav\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\services.exe

.
--------------- FCopy ---------------

c:\services.exe --> c:\windows\system32\services.exe
c:\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-13 do 2010-03-13 )))))))))))))))))))))))))))))))
.

2010-03-13 18:14 . 2008-04-13 22:10 96512 ------w- C:\atapi.sys
2010-03-13 18:12 . 2010-03-13 18:12 110492 ----a-w- C:\Soubory.zip
2010-03-10 19:23 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-10 19:23 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 19:23 . 2010-03-10 19:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-07 09:24 . 2010-03-07 09:24 -------- d-----w- c:\program files\trend micro
2010-03-07 09:24 . 2010-03-07 09:24 -------- d-----w- C:\rsit
2010-02-23 21:36 . 2010-02-23 21:36 -------- d-----w- c:\program files\CrystalDiskInfo
2010-02-23 21:31 . 2010-02-23 21:31 -------- d-----w- c:\program files\Common Files\AltrixSoft
2010-02-21 16:26 . 2001-05-11 12:18 420240 ----a-w- c:\windows\system32\mpg4c32.dll
2010-02-21 09:24 . 2010-02-21 09:24 -------- d-----w- c:\windows\WinAVI Video Converter 9.0
2010-02-21 09:24 . 2010-02-21 09:24 -------- d-----w- c:\program files\WinAVI Video Converter 9.0
2010-02-19 18:53 . 2001-07-13 12:56 14976 ----a-w- c:\windows\system32\drivers\SBKUPNT.SYS
2010-02-19 18:53 . 1997-02-08 16:11 13312 ----a-w- c:\windows\system32\DEVLOAD.EXE
2010-02-15 17:01 . 2009-02-13 19:02 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 17:34 . 2010-02-05 17:34 -------- d-----w- c:\program files\linguatec
2010-02-04 19:04 . 2010-02-04 19:04 -------- d-----w- c:\program files\MyPlayCity.com
2010-02-04 17:37 . 2002-09-23 09:00 93496 ----a-w- c:\windows\system32\perfc005.dat
2010-02-04 17:37 . 2002-09-23 09:00 457398 ----a-w- c:\windows\system32\perfh005.dat
2009-12-31 16:50 . 2002-09-23 09:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2002-09-23 09:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-14 07:10 . 2002-09-23 09:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 344064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2003-09-17 77824]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-14 81920]
"NeroFilterCheck"="c:\windows\System32\NeroCheck.exe" [2001-07-09 155648]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2005-09-22 454144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-04-09 949376]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Jaroslav\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Z stupce - taskmgr.exe.lnk - c:\windows\system32\taskmgr.exe [2002-9-23 137216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Wireless Utility.lnk - c:\program files\EDIMAX\Common\RaUI.exe [2009-12-5 1601536]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\WINDOWS\\System32\\PnkBstrA.exe"=
"c:\\WINDOWS\\System32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ESET\\NOD32KUI.EXE"=
"c:\\Program Files\\EA Games\\MOHAA\\MOHAA.exe"=
"c:\\Program Files\\EA Games\\MOHAA\\moh_Breakthrough.exe"=
"c:\\Program Files\\EA Games\\MOHAA\\moh_spearhead.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 IODrv;IODrv;c:\windows\system32\drivers\Iodrv.sys [16.2.2009 21:59 8080]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [9.4.2009 19:22 15424]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [28.9.2009 20:10 159600]
R1 prodrv03;Star Force copy protection driver v3;c:\windows\system32\drivers\prodrv03.sys [5.3.2003 16:39 115968]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [13.5.2008 21:08 142592]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [28.9.2009 20:10 73840]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [19.2.2010 19:53 14976]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [28.9.2009 20:09 95640]
R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [27.12.2007 18:58 10260864]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8.2.2010 20:00 135664]
S3 USBVSP;USBVSP;c:\windows\system32\drivers\usbvsp.sys [12.12.2003 19:51 89856]
S3 V90drv;v90drv;c:\windows\system32\drivers\v90drv.sys [1.1.1980 1432836]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [15.2.2010 18:01 11520]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.12.2005 18:18 642560]
.
Obsah adresáře 'Naplánované úlohy'

2010-03-13 c:\windows\Tasks\User_Feed_Synchronization-{4C1DBB86-7F64-4F0E-ACDE-03BAEADDB565}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

2010-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 19:00]

2010-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 19:00]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\windows\system32\imon.dll
TCP: {109FD390-F319-4387-9CBD-7733B14B67BC} = 192.168.0.5
TCP: {9F785618-84F9-491C-B0A9-DA67810F72D1} = 10.97.39.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java
DPF: {70EDCF63-CA7E-4812-8528-DA1EA2FD53B6} - hxxp://www.skiosvetimany.cz/VitaminCtrl_2_1_0_26.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-13 19:26
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1659004503-1708537768-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1352)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1408)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2010-03-13 19:28:35
ComboFix-quarantined-files.txt 2010-03-13 18:28
ComboFix2.txt 2010-03-12 17:10
ComboFix3.txt 2010-03-07 11:32
ComboFix4.txt 2010-03-07 10:23
ComboFix5.txt 2010-03-13 18:18

Před spuštěním: Volných bajtů: 14 719 549 440
Po spuštění: Volných bajtů: 14 685 470 720

Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - 012652BA2FD581A029B9A6BC33CE930E

#36 Příspěvek od **Caroprd111** » 13 bře 2010 19:58

Jak to vypadá s PC

Jahaba · #37 Příspěvek od **Jahaba** » 13 bře 2010 20:22

Asi se opakuji, ale pořád stejné.

#38 Příspěvek od **Caroprd111** » 13 bře 2010 21:43

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe

Spusťte program, poté klikněte na Run Scan
Až program dokončí svou činnost, vložte sem logy OTL.Txt a Extras.txt

Jahaba · #39 Příspěvek od **Jahaba** » 14 bře 2010 09:42

Tady je log OTL.txt:

OTL logfile created on: 14.3.2010 9:26:05 - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\Jaroslav\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 023,00 Mb Total Physical Memory | 606,00 Mb Available Physical Memory | 59,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,51 Gb Total Space | 13,84 Gb Free Space | 18,57% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 296,00 Gb Total Space | 8,64 Gb Free Space | 2,92% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALIVIO6000
Current User Name: Jaroslav
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.03.14 09:25:00 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jaroslav\Plocha\OTL.exe
PRC - [2009.12.15 19:04:46 | 000,488,960 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2009.04.09 19:21:42 | 000,949,376 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32kui.exe
PRC - [2009.04.09 19:21:42 | 000,552,064 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe
PRC - [2009.02.23 10:49:16 | 002,652,056 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2008.12.11 16:58:44 | 000,146,800 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2008.08.31 20:18:24 | 001,601,536 | ---- | M] (Edimax Technology Co.) -- C:\Program Files\EDIMAX\Common\RaUI.exe
PRC - [2008.05.12 23:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\EDIMAX\Common\RalinkRegistryWriter.exe
PRC - [2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.01.11 22:16:00 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2007.04.16 15:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005.10.28 16:25:44 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005.09.22 22:31:30 | 000,454,144 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
PRC - [2005.04.06 16:03:28 | 000,110,592 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
PRC - [2001.11.29 16:10:28 | 000,045,056 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe

========== Modules (SafeList) ==========

MOD - [2010.03.14 09:25:00 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jaroslav\Plocha\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009.12.15 19:04:46 | 000,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2009.06.02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.04.09 19:21:42 | 000,552,064 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn)
SRV - [2008.12.11 16:58:44 | 000,146,800 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.05.12 23:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\EDIMAX\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2005.04.06 16:03:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2001.11.29 16:10:28 | 000,045,056 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService)

========== Driver Services (SafeList) ==========

DRV - [2009.04.09 19:21:42 | 000,512,096 | ---- | M] (Eset ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)
DRV - [2009.04.09 19:21:42 | 000,015,424 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv)
DRV - [2009.02.13 20:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2009.01.21 10:38:32 | 000,095,640 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2009.01.05 22:11:58 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2008.12.18 12:16:56 | 000,073,840 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2008.12.11 08:38:22 | 000,159,600 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2008.09.22 12:29:18 | 000,097,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctfw.sys -- (SFilter)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.30 00:44:44 | 000,619,136 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008.04.13 19:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.01.29 17:56:16 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2007.04.27 16:22:00 | 000,100,448 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctfw1.sys -- (pctfw1)
DRV - [2007.04.25 16:20:48 | 004,030,144 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007.03.07 16:58:30 | 010,260,864 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp325.sys -- (SNP325) USB PC Camera (SNPSTD325)
DRV - [2006.12.14 00:41:54 | 000,015,440 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2006.12.14 00:41:50 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2006.08.25 12:55:08 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2006.08.25 12:51:38 | 000,642,560 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2006.05.03 17:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.01.19 13:31:34 | 000,010,068 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2005.11.29 16:44:54 | 000,014,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter)
DRV - [2005.10.27 08:09:04 | 000,019,200 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2005.10.23 17:25:12 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005.08.31 10:34:52 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2005.08.31 10:34:10 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2005.07.29 16:21:32 | 000,011,988 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBTEnum.sys -- (BTHidEnum)
DRV - [2005.06.02 19:28:38 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005.04.30 14:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2005.03.25 17:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2004.12.17 17:14:44 | 000,013,952 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2004.10.19 13:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004.08.09 12:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.08.09 12:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004.07.19 15:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2004.05.17 16:52:40 | 000,028,276 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2003.12.04 11:33:20 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2003.12.01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003.03.05 16:39:06 | 000,115,968 | ---- | M] (Protection Technology Co.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv03.sys -- (prodrv03)
DRV - [2002.11.11 09:41:30 | 000,089,856 | ---- | M] (Atmel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbvsp.sys -- (USBVSP)
DRV - [2002.05.06 10:44:22 | 002,383,460 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2001.12.05 14:48:12 | 000,322,948 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2001.11.29 16:10:32 | 001,432,836 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\v90drv.sys -- (V90drv)
DRV - [2001.11.29 16:10:28 | 000,033,028 | ---- | M] (Vireo Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2001.11.29 16:10:26 | 000,175,160 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2001.11.29 16:10:20 | 000,607,732 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2001.11.29 16:10:14 | 000,172,708 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2001.08.17 22:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001.08.17 21:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001.08.17 20:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2001.07.13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)
DRV - [2001.01.17 13:56:06 | 000,008,080 | ---- | M] (QDI Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\IODRV.SYS -- (IODrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = http://google.icq.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchT ... f8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.07.07 16:07:08 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010.03.12 18:03:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Wireless Utility.lnk = C:\Program Files\EDIMAX\Common\RaUI.exe (Edimax Technology Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\imon.dll (Eset )
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 4193547328 (WUWebControl Class)
O16 - DPF: {70EDCF63-CA7E-4812-8528-DA1EA2FD53B6} http://www.skiosvetimany.cz/VitaminCtrl_2_1_0_26.cab (VitaminCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crl ... crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.97.39.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Jaroslav\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jaroslav\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.01.29 17:58:40 | 000,000,145 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.03.14 09:25:08 | 000,555,008 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jaroslav\Plocha\OTL.exe
[2010.03.13 21:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010.03.13 20:37:13 | 000,000,000 | -HSD | C] -- C:\Recycled
[2010.03.13 19:14:23 | 000,096,512 | ---- | C] (Microsoft Corporation) -- C:\atapi.sys
[2010.03.12 17:12:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jaroslav\Recent
[2010.03.10 22:31:21 | 066,777,464 | ---- | C] ( ) -- C:\Documents and Settings\Jaroslav\Plocha\setup_9.0.0.722_10.03.2010_22-29.exe
[2010.03.10 20:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jaroslav\Data aplikací\Malwarebytes
[2010.03.10 20:23:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.03.10 20:23:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.03.10 20:23:43 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.03.10 20:23:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.03.10 20:20:03 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jaroslav\Plocha\mbam-setup.exe
[2010.03.07 11:14:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.03.07 11:10:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.03.07 11:10:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.03.07 11:10:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.03.07 11:10:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.03.07 11:09:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.03.07 10:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.03.07 10:24:35 | 000,000,000 | ---D | C] -- C:\rsit
[2010.02.27 10:19:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jaroslav\Plocha\Mamka-zařídit
[2010.02.26 17:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jaroslav\Local Settings\Data aplikací\Temp
[2010.02.23 22:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\CrystalDiskInfo
[2010.02.23 22:31:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jaroslav\Data aplikací\AltrixSoft
[2010.02.23 22:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AltrixSoft
[2010.02.23 20:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jaroslav\Plocha\SamsungSoftware
[2010.02.21 17:26:07 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mp4sds32.ax
[2010.02.21 17:26:06 | 000,420,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mpg4c32.dll
[2010.02.21 10:25:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jaroslav\Local Settings\Data aplikací\WinAVI
[2010.02.21 10:24:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinAVI Video Converter 9.0
[2010.02.21 10:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\WinAVI Video Converter 9.0
[2010.02.17 16:34:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jaroslav\Plocha\Záloha Samsung
[2010.02.15 18:01:57 | 000,011,520 | ---- | C] (Western Digital Technologies) -- C:\WINDOWS\System32\drivers\wdcsam.sys
[2010.02.15 17:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jaroslav\Local Settings\Data aplikací\Western Digital
[2010.02.08 20:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Google
[2010.02.08 20:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Google
[2009.12.08 19:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Adobe
[2007.12.27 18:58:41 | 000,147,456 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp325.dll
[2007.12.27 18:58:41 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpx32.dll
[2007.12.23 19:29:58 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnp325.dll
[2007.12.23 19:29:58 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp325.dll
[2003.03.04 09:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2003.03.04 09:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2003.03.04 09:22:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2003.03.04 09:22:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[1980.01.01 00:00:00 | 001,432,836 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\v90drv.sys
[1980.01.01 00:00:00 | 000,175,160 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.03.14 09:25:20 | 000,000,472 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4C1DBB86-7F64-4F0E-ACDE-03BAEADDB565}.job
[2010.03.14 09:25:00 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jaroslav\Plocha\OTL.exe
[2010.03.14 09:21:40 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.03.14 09:21:36 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.14 09:21:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.03.14 09:21:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.13 23:26:44 | 010,223,616 | ---- | M] () -- C:\Documents and Settings\Jaroslav\ntuser.dat
[2010.03.13 23:26:44 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\Jaroslav\ntuser.ini
[2010.03.13 23:18:02 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.13 21:28:20 | 000,002,180 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.03.13 19:26:38 | 000,000,314 | ---- | M] () -- C:\WINDOWS\System.ini
[2010.03.13 19:14:06 | 000,072,704 | ---- | M] () -- C:\Documents and Settings\Jaroslav\Plocha\Soubory.doc
[2010.03.13 19:13:14 | 000,002,563 | ---- | M] () -- C:\Documents and Settings\Jaroslav\Plocha\Microsoft Office Word 2007.lnk
[2010.03.12 18:21:16 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.12 18:01:44 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010.03.12 17:45:18 | 003,888,122 | R--- | M] () -- C:\Documents and Settings\Jaroslav\Plocha\ComboFix.exe
[2010.03.11 23:35:52 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Jaroslav\Plocha\Autoscan.doc
[2010.03.11 12:20:04 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.03.11 12:20:04 | 000,000,100 | ---- | M] () -- C:\Documents and Settings\Jaroslav\default.pls
[2010.03.10 22:31:22 | 066,777,464 | ---- | M] ( ) -- C:\Documents and Settings\Jaroslav\Plocha\setup_9.0.0.722_10.03.2010_22-29.exe
[2010.03.10 20:23:58 | 000,000,605 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.03.10 20:19:56 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jaroslav\Plocha\mbam-setup.exe
[2010.03.07 14:49:04 | 000,001,384 | ---- | M] () -- C:\Documents and Settings\Jaroslav\Plocha\Průzkumník Windows.lnk
[2010.03.07 14:34:08 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Jaroslav\Plocha\mbr.exe
[2010.03.07 14:09:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jaroslav\defogger_reenable
[2010.03.07 14:08:36 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Jaroslav\Plocha\Defogger.exe
[2010.03.07 13:26:18 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Jaroslav\Plocha\Virus total.doc
[2010.03.07 13:02:24 | 001,980,928 | ---- | M] () -- C:\Documents and Settings\Jaroslav\Plocha\Virtuální jednotky.doc
[2010.03.07 11:14:40 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.03.07 10:23:24 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\Jaroslav\Plocha\RSIT.exe
[2010.03.04 20:41:14 | 000,030,121 | -H-- | M] () -- C:\TREEINFO.WC
[2010.03.04 18:35:06 | 000,000,043 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\.zreglib
[2010.03.03 22:10:52 | 000,001,324 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.02.28 13:39:16 | 000,000,067 | ---- | M] () -- C:\WINDOWS\AVIConverter.INI
[2010.02.28 13:31:48 | 000,138,240 | ---- | M] () -- C:\Documents and Settings\Jaroslav\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.26 22:12:32 | 000,001,457 | ---- | M] () -- C:\Documents and Settings\Jaroslav\Plocha\CCleaner.lnk
[2010.02.23 22:36:48 | 000,001,552 | ---- | M] () -- C:\Documents and Settings\Jaroslav\Plocha\CrystalDiskInfo.lnk
[2010.02.22 18:15:42 | 000,413,696 | ---- | M] () -- C:\Documents and Settings\Jaroslav\Plocha\Flash Disk- rychlost.doc
[2010.02.21 10:25:18 | 000,001,647 | ---- | M] () -- C:\Documents and Settings\Jaroslav\Plocha\WinAVI 9.0.lnk
[2010.02.15 16:46:16 | 000,000,482 | ---- | M] () -- C:\WINDOWS\WEBTRAN4.INI
[2010.02.14 22:02:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.03.13 19:14:04 | 000,072,704 | ---- | C] () -- C:\Documents and Settings\Jaroslav\Plocha\Soubory.doc
[2010.03.11 23:35:51 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Jaroslav\Plocha\Autoscan.doc
[2010.03.10 20:23:56 | 000,000,605 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.03.07 14:50:17 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Jaroslav\Plocha\Gmer.exe
[2010.03.07 14:09:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jaroslav\defogger_reenable
[2010.03.07 14:08:34 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Jaroslav\Plocha\Defogger.exe
[2010.03.07 13:52:46 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Jaroslav\Plocha\mbr.exe
[2010.03.07 13:26:16 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Jaroslav\Plocha\Virus total.doc
[2010.03.07 13:02:21 | 001,980,928 | ---- | C] () -- C:\Documents and Settings\Jaroslav\Plocha\Virtuální jednotky.doc
[2010.03.07 11:14:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.03.07 11:14:38 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010.03.07 11:10:11 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.03.07 11:10:05 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.03.07 11:10:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.03.07 11:10:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.03.07 11:10:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.03.07 10:59:01 | 003,888,122 | R--- | C] () -- C:\Documents and Settings\Jaroslav\Plocha\ComboFix.exe
[2010.03.07 10:23:12 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\Jaroslav\Plocha\RSIT.exe
[2010.02.23 22:36:46 | 000,001,552 | ---- | C] () -- C:\Documents and Settings\Jaroslav\Plocha\CrystalDiskInfo.lnk
[2010.02.21 10:25:16 | 000,001,647 | ---- | C] () -- C:\Documents and Settings\Jaroslav\Plocha\WinAVI 9.0.lnk
[2010.02.19 19:53:27 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
[2010.02.19 19:53:27 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\DEVLOAD.EXE
[2010.02.19 19:52:37 | 000,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
[2009.06.10 17:48:30 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009.06.10 17:48:27 | 000,013,984 | ---- | C] () -- C:\WINDOWS\System32\Kara_v.dll
[2009.06.10 17:48:26 | 000,083,456 | ---- | C] () -- C:\WINDOWS\System32\Kara_K.dll
[2009.04.09 19:22:37 | 000,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2009.02.16 21:59:37 | 000,003,904 | R--- | C] () -- C:\WINDOWS\System32\drivers\Mapmem.sys
[2008.08.02 23:47:29 | 000,000,147 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008.08.02 15:41:05 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008.05.13 21:08:28 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2008.01.29 17:59:43 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2008.01.29 17:56:19 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2008.01.29 17:56:19 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2008.01.29 17:56:19 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2008.01.29 17:56:19 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2008.01.05 22:37:06 | 000,103,736 | ---- | C] () -- C:\Documents and Settings\Jaroslav\Data aplikací\PnkBstrB.exe
[2007.12.27 18:58:42 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snp325.ini
[2007.08.26 16:13:44 | 000,001,182 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2007.06.12 21:25:54 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007.06.12 21:25:34 | 000,471,552 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007.06.09 21:14:51 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007.02.08 18:46:01 | 000,000,043 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\.zreglib
[2006.11.22 13:41:18 | 000,014,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2006.10.30 19:09:21 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.08.07 21:16:47 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2006.07.22 11:08:42 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AVIConverter.INI
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005.07.29 16:21:32 | 000,011,988 | ---- | C] () -- C:\WINDOWS\System32\drivers\VBTEnum.sys
[2005.06.26 17:06:51 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005.06.26 17:06:51 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005.06.26 17:06:51 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005.06.23 19:22:36 | 000,000,442 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005.05.17 16:20:04 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\Twavbx32.dll
[2005.05.17 16:20:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\Bc40hot.dll
[2005.05.17 16:01:38 | 000,000,086 | ---- | C] () -- C:\WINDOWS\TEXTWARE.INI
[2005.05.17 16:01:32 | 000,284,672 | ---- | C] () -- C:\WINDOWS\System32\MPGPlay.dll
[2005.05.17 16:01:31 | 000,209,408 | ---- | C] () -- C:\WINDOWS\System32\Twasbb01.dll
[2005.02.09 21:07:04 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2004.12.23 18:56:35 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004.12.20 18:24:03 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004.12.17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004.06.02 20:03:34 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2004.05.11 18:45:46 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2004.04.29 18:23:07 | 000,034,373 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004.02.29 14:31:23 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Thps3.INI
[2004.02.25 17:07:43 | 000,000,290 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2004.02.15 18:07:49 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2004.01.05 18:51:25 | 000,000,033 | ---- | C] () -- C:\WINDOWS\WTRDCTM.INI
[2004.01.05 18:48:59 | 000,000,482 | ---- | C] () -- C:\WINDOWS\WEBTRAN4.INI
[2004.01.05 18:48:53 | 000,003,519 | ---- | C] () -- C:\WINDOWS\WTRAN32.INI
[2004.01.05 18:48:53 | 000,001,528 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2003.12.12 20:06:17 | 000,138,240 | ---- | C] () -- C:\Documents and Settings\Jaroslav\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003.08.02 11:43:19 | 000,000,316 | ---- | C] () -- C:\WINDOWS\ClonyCDs.ini
[2003.08.02 11:28:43 | 000,000,257 | ---- | C] () -- C:\WINDOWS\Clony2.ini
[2003.07.22 17:16:46 | 000,000,770 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2003.04.16 17:40:12 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2003.04.16 17:39:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\libfaad.dll
[2003.03.21 15:33:12 | 000,000,406 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003.03.21 10:02:04 | 000,000,091 | ---- | C] () -- C:\WINDOWS\HEU.INI
[2003.03.19 18:49:20 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2003.03.19 18:47:18 | 000,023,056 | ---- | C] () -- C:\WINDOWS\System32\Pkwdcl.dll
[2003.03.15 13:18:39 | 000,550,100 | ---- | C] () -- C:\WINDOWS\System32\drivers\PcCam.sys
[2003.03.06 22:17:44 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\shellses.dll
[2003.03.05 17:05:54 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003.03.05 16:53:31 | 000,002,180 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2003.03.04 13:02:49 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2003.03.04 10:43:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2003.03.04 10:30:48 | 000,000,030 | ---- | C] () -- C:\WINDOWS\TextSpy.ini
[2003.03.04 10:12:37 | 000,013,373 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2003.03.04 10:12:34 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2002.09.11 14:33:19 | 000,280,064 | ---- | C] () -- C:\WINDOWS\cncs232.dll
[2001.12.26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1999.01.22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1996.11.18 01:00:00 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[1980.01.01 00:00:00 | 002,383,460 | ---- | C] () -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[1980.01.01 00:00:00 | 000,607,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[1980.01.01 00:00:00 | 000,322,948 | ---- | C] () -- C:\WINDOWS\System32\drivers\slntamr.sys
[1980.01.01 00:00:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[1980.01.01 00:00:00 | 000,172,708 | ---- | C] () -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[1980.01.01 00:00:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll

========== Files - Unicode (All) ==========
[2006.02.07 18:08:46 | 000,003,995 | ---- | M] ()(C:\WINDOWS\System32\??E) -- C:\WINDOWS\System32\៦矵E
[2006.02.07 18:08:38 | 000,003,995 | ---- | C] ()(C:\WINDOWS\System32\??E) -- C:\WINDOWS\System32\៦矵E
< End of report >

Jahaba · #40 Příspěvek od **Jahaba** » 14 bře 2010 09:43

A tady je log Extras.txt:

OTL Extras logfile created on: 14.3.2010 9:26:05 - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\Jaroslav\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 023,00 Mb Total Physical Memory | 606,00 Mb Available Physical Memory | 59,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,51 Gb Total Space | 13,84 Gb Free Space | 18,57% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 296,00 Gb Total Space | 8,64 Gb Free Space | 2,92% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALIVIO6000
Current User Name: Jaroslav
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation)
"C:\Program Files\Valve\hl.exe" = C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\ESET\NOD32KUI.EXE" = C:\Program Files\ESET\NOD32KUI.EXE:*:Enabled:NOD32 Control Center -- (Eset )
"C:\Program Files\EA Games\MOHAA\MOHAA.exe" = C:\Program Files\EA Games\MOHAA\MOHAA.exe:*:Disabled:Medal of Honor Allied Assault -- (Electronic Arts Inc.)
"C:\Program Files\EA Games\MOHAA\moh_Breakthrough.exe" = C:\Program Files\EA Games\MOHAA\moh_Breakthrough.exe:*:Disabled:Medal of Honor Allied Assault(tm) Breakthrough -- (Electronic Arts Inc.)
"C:\Program Files\EA Games\MOHAA\moh_spearhead.exe" = C:\Program Files\EA Games\MOHAA\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault(tm) Spearhead -- (Electronic Arts Inc.)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000405-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{200F584F-848D-4B6B-B1A1-C74D735F18A4}" = InstallRTC
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = EDIMAX Edimax Wireless LAN
"{29ED0BFC-FBC1-4498-AB5F-C63FCA6B736C}" = Offroad
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = HydraVision
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault(tm)
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.5
"{5FB31CB9-A4A2-49FD-00AF-41785B21FDEE}" = F1 Challenge 99-02
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76F4DD9B-C246-4BE0-00B6-3DE9ABF72299}" = Need For Speed Hot Pursuit 2
"{77CBA219-C6FC-46B2-8FDC-DF14E2DBCC20}" = BlueSoleil
"{7914BE1E-F186-4790-B8F4-9F63C52A41C1}" = Medal of Honor Allied Assault(tm) Spearhead
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Ve světě podnikání
"{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}" = Medal of Honor Allied Assault(tm) Breakthrough
"{844C6FC3-852E-11D6-8D60-00105A22D3D2}" = ATI Multimedia Center 7.8.0.0
"{84B2CF01-194D-2284-B313-F2E0D78D1029}" = Nero 7 Demo
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{93293322-B694-4270-B7FE-DDE1A681ACCA}" = linguatec Voice Reader
"{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A99968BE-C155-474C-0089-33239DEE1CE2}" = Need For Speed Underground
"{AC76BA86-7AD7-1029-7B44-A81200000003}" = Adobe Reader 8 - Czech
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B151F020-1DEE-4716-944F-2759FC3C51DA}" = World Racing
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C72D7008-266D-4DD8-BF3C-296B736127F6}" = Mafia
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX v2.1
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{DFF29C16-11B8-4AD2-AC1A-2841DA197982}" = Rally Championship Xtreme
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = 325 USB PC Camera _beta
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"µTorrent CZ_is1" = µTorrent CZ 1.8.3 (build 15772)
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"AnyDVD" = AnyDVD
"ATI Display Driver" = ATI Display Driver
"AVI Joiner_is1" = AVI Joiner version 1.0
"AXIS Media Control SDK_is1" = AXIS Media Control SDK 4.13
"Boilsoft AVI to VCD SVCD DVD Converter_is1" = Boilosft AVI to VCD SVCD DVD Converter 3.61
"BSPlayer1" = BSPlayer
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"CrystalDiskInfo_is1" = CrystalDiskInfo 3.4.0 Beta1
"CrystalDiskMark_is1" = CrystalDiskMark 2.2.0n
"CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard
"DeleteProdRunControl_UK" = IBM ViaVoice Command and Control Runtime 5.3 - UK English
"DivX Codec" = DivX 5.0.3 Pro Bundle
"DivXG400" = DivXG400
"DVD Shrink_is1" = DVD Shrink 3.2
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Balíček ovladače systému Windows - Nokia Modem (06/01/2009 4.1)
"EAX Unified" = EAX Unified
"Encarta Virtual Globe 3.0" = Microsoft Encarta World Atlas 1998 Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Balíček ovladače systému Windows - Nokia Modem (06/01/2009 7.01.0.3)
"HijackThis" = HijackThis 2.0.2
"Hollywood FX 5" = Pinnacle Hollywood FX 5
"Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Indeo® Software" = Indeo® Software
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"InstallShield_{B151F020-1DEE-4716-944F-2759FC3C51DA}" = World Racing
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"Karaoke 5_is1" = Karaoke 5 ver. 36.6
"KLiteCodecPack_is1" = K-Lite Codec Pack
"Lexicon 3.0" = Lingea Lexicon 2000
"Lexicon 4.0" = Lingea Lexicon 2002
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Medal of Honor Allied Assault v 1.0.0.1_is1" = Medal of Honor Allied Assault v 1.0.0.1
"Mercedes-Benz Truck Racing" = Mercedes-Benz Truck Racing
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mini Golf_is1" = Mini Golf
"Motocross Madness 2" = Microsoft Motocross Madness 2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Network Play System (Patching)" = Network Play System (Patching)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NOD32" = Antivirový systém NOD32
"Nokia PC Suite" = Nokia PC Suite
"Nový Robinson" = Nový Robinson
"PC Tools Firewall Plus" = PC Tools Firewall Plus 5.0
"PhotoFiltre" = PhotoFiltre
"QDI StepEasy 2.0" = QDI StepEasy 2.0
"QuickTime" = QuickTime
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"RollerCoaster Tycoon Setup" = Roll
"Shockwave" = Shockwave
"SLAMRNTV" = Smart Link 56K Voice Modem
"Spyware Terminator_is1" = Spyware Terminator
"ST5UNST #1" = Kronika Českých zemí
"USB PC Camera Driver" = USB PC Camera Driver
"VMidi" = vanBasco's Karaoke Player
"WinAVI Video Converter 9.09.0" = WinAVI Video Converter 9.0
"Wincmd" = Windows Commander (Remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XviD" = XviD MPEG-4 Codec
"Xvid CZ 1.01_is1" = Xvid CZ 1.01
"ZAV1_is1" = ZAV 4.48 (32bit)
"Zoner Photo Studio 9_is1" = Zoner Photo Studio 9
"Zoo Tycoon 1.0" = Zoo Tycoon Expanded

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8.12.2009 14:30:45 | Computer Name = ALIVIO6000 | Source = Windows Search Service | ID = 3024
Description =

Error - 8.12.2009 14:45:57 | Computer Name = ALIVIO6000 | Source = Windows Search Service | ID = 3024
Description =

Error - 18.12.2009 16:20:57 | Computer Name = ALIVIO6000 | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 8.0.6001.18702, chybující modul
unknown, verze 0.0.0.0, adresa chyby 0x034951ea.

Error - 18.12.2009 16:21:33 | Computer Name = ALIVIO6000 | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 8.0.6001.18702, chybující modul
unknown, verze 0.0.0.0, adresa chyby 0x035951ea.

Error - 20.12.2009 14:13:04 | Computer Name = ALIVIO6000 | Source = Application Error | ID = 1000
Description = Chybující aplikace wmplayer.exe, verze 11.0.5721.5145, chybující modul
mpeg2dmx.ax, verze 2.0.84.30429, adresa chyby 0x0000dff3.

Error - 20.12.2009 14:13:37 | Computer Name = ALIVIO6000 | Source = Application Error | ID = 1000
Description = Chybující aplikace wmplayer.exe, verze 11.0.5721.5145, chybující modul
mpeg2dmx.ax, verze 2.0.84.30429, adresa chyby 0x0000dff3.

Error - 9.1.2010 13:21:29 | Computer Name = ALIVIO6000 | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application powerpnt.exe, version 12.0.4518.1014, stamp 45428035,
faulting module emzmp3sourcefilter.dll, version 2.9.0.0, stamp 49ec3371, debug?
0, fault address 0x0000e379.

Error - 9.1.2010 13:22:09 | Computer Name = ALIVIO6000 | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application powerpnt.exe, version 12.0.4518.1014, stamp 45428035,
faulting module emzmp3sourcefilter.dll, version 2.9.0.0, stamp 49ec3371, debug?
0, fault address 0x0000e379.

Error - 16.2.2010 13:05:05 | Computer Name = ALIVIO6000 | Source = Google Update | ID = 20
Description =

Error - 7.3.2010 6:48:58 | Computer Name = ALIVIO6000 | Source = Application Error | ID = 1000
Description = Chybující aplikace pev.exe, verze 0.0.0.0, chybující modul pev.exe,
verze 0.0.0.0, adresa chyby 0x00090ae0.

[ OSession Events ]
Error - 9.1.2010 13:21:25 | Computer Name = ALIVIO6000 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 8 seconds with 0 seconds of active time. This session ended with a crash.

Error - 9.1.2010 13:22:08 | Computer Name = ALIVIO6000 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 35 seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12.3.2010 12:13:54 | Computer Name = ALIVIO6000 | Source = MRxSmb | ID = 8003
Description = Hlavní prohledávač přijal oznámení serveru od počítače ASPIRE5100,
který
se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{47646FFD-2EC0-482.
Hlavní
prohledávač bude ukončen nebo bude vyvolána volba.

Error - 12.3.2010 12:51:43 | Computer Name = ALIVIO6000 | Source = Service Control Manager | ID = 7034
Description = Služba BlueSoleil Hid Service byla neočekávaně ukončena. Tento stav
nastal již 1krát.

Error - 12.3.2010 12:51:43 | Computer Name = ALIVIO6000 | Source = Service Control Manager | ID = 7034
Description = Služba Spyware Terminator Realtime Shield Service byla neočekávaně
ukončena. Tento stav nastal již 1krát.

Error - 12.3.2010 12:52:55 | Computer Name = ALIVIO6000 | Source = Service Control Manager | ID = 7016
Description = Služba SmartLinkService ohlásila neplatný současný stav 0.

Error - 12.3.2010 13:04:01 | Computer Name = ALIVIO6000 | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: IntelIde

Error - 12.3.2010 13:08:28 | Computer Name = ALIVIO6000 | Source = Service Control Manager | ID = 7016
Description = Služba SmartLinkService ohlásila neplatný současný stav 0.

Error - 12.3.2010 13:13:57 | Computer Name = ALIVIO6000 | Source = MRxSmb | ID = 8003
Description = Hlavní prohledávač přijal oznámení serveru od počítače ASPIRE5100,
který
se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{47646FFD-2EC0-482.
Hlavní
prohledávač bude ukončen nebo bude vyvolána volba.

Error - 13.3.2010 14:19:26 | Computer Name = ALIVIO6000 | Source = Service Control Manager | ID = 7034
Description = Služba BlueSoleil Hid Service byla neočekávaně ukončena. Tento stav
nastal již 1krát.

Error - 13.3.2010 14:19:26 | Computer Name = ALIVIO6000 | Source = Service Control Manager | ID = 7034
Description = Služba Spyware Terminator Realtime Shield Service byla neočekávaně
ukončena. Tento stav nastal již 1krát.

Error - 13.3.2010 14:19:56 | Computer Name = ALIVIO6000 | Source = Service Control Manager | ID = 7016
Description = Služba SmartLinkService ohlásila neplatný současný stav 0.

< End of report >

#41 Příspěvek od **Caroprd111** » 14 bře 2010 15:22

Nelegální software zde neřešíme (představuje bezpečnostní hrozbu).
Obstarejte si legální zabezpečení PC (antivir, firewall), poté sem vložte log z RSIT a budeme pokračovat

Vyberte si třeba free Avast + nějaký firewall http://www.viry.cz/forum/viewtopic.php?f=29&t=6152 + http://www.viry.cz/forum/viewtopic.php?f=41&t=6523

Jahaba · #42 Příspěvek od **Jahaba** » 15 srp 2010 21:11

Zdravím,
již jsem to vyřešil a PC je OK.
Jinak díky za ochotu.

#43 Příspěvek od **Caroprd111** » 15 srp 2010 21:50

Nemáte zač

VIRY.CZ

SERVICES.EXE

Re: SERVICES.EXE

Re: SERVICES.EXE

Re: SERVICES.EXE

Re: SERVICES.EXE

Re: SERVICES.EXE

Re: SERVICES.EXE

Re: SERVICES.EXE

Re: SERVICES.EXE

Re: SERVICES.EXE

Re: SERVICES.EXE

Re: SERVICES.EXE

Re: SERVICES.EXE

Re: SERVICES.EXE