Prosím o kontrolu logu, PC se chová nestandartně, nelze ho vypnout, mizí Hlavní panel atd. Děkuji
Logfile of random's system information tool 1.07 (written by random/random)
Run by Kulhy at 2010-06-27 13:06:00
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 16 GB (31%) free of 52 GB
Total RAM: 3327 MB (81% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:06:11, on 27.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kulhy\Dokumenty\Soft\RSIT.exe
C:\Program Files\trend micro\Kulhy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\Program Files\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7900 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AWC AutoSweep.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2010-06-26 798771]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-06 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-06 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2010-06-26 798771]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-05-18 16207872]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-09-25 90112]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-05-14 2029640]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2010-05-17 2345680]
"OEXPRESS"=C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE [2010-06-26 26624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2008-12-16 165144]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2008-12-16 962128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-02-28 570664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2008-12-16 4375032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-11-09 90112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-06-27 13:06:00 ----D---- C:\rsit
2010-06-27 13:06:00 ----D---- C:\Program Files\trend micro
2010-06-27 12:26:15 ----D---- C:\Documents and Settings\Kulhy\Data aplikací\Malwarebytes
2010-06-27 12:26:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-06-27 12:26:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-26 15:43:57 ----A---- C:\LOGFILE.TXT
2010-06-26 15:32:59 ----D---- C:\Program Files\Translat
2010-06-26 15:32:09 ----A---- C:\Program Files\WDICT32.EXE
2010-06-26 15:32:08 ----A---- C:\Program Files\TRNIKONY.EXE
2010-06-25 06:45:58 ----D---- C:\WINDOWS\Performance
2010-06-10 17:41:41 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-10 17:41:37 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-10 17:41:33 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-10 17:39:58 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-10 17:39:55 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-10 17:39:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-10 17:36:41 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
2010-06-04 17:31:35 ----D---- C:\Documents and Settings\Kulhy\Data aplikací\Canon
2010-06-02 15:00:35 ----D---- C:\Documents and Settings\Kulhy\Data aplikací\HD Tune Pro
2010-06-02 14:59:49 ----D---- C:\Program Files\HD Tune Pro
2010-05-31 22:24:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\LangSoft
2010-05-30 23:35:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\AltrixSoft
2010-05-30 23:34:23 ----D---- C:\Program Files\Hard Drive Inspector
2010-05-30 20:26:43 ----D---- C:\Program Files\Common Files\EZB Systems
2010-05-30 20:26:27 ----D---- C:\Program Files\UltraISO
2010-05-28 19:44:37 ----D---- C:\Documents and Settings\Kulhy\Data aplikací\AltrixSoft
2010-05-28 19:44:29 ----D---- C:\Program Files\Common Files\AltrixSoft
======List of files/folders modified in the last 1 months======
2010-06-27 13:06:00 ----RD---- C:\Program Files
2010-06-27 13:06:00 ----D---- C:\WINDOWS\Temp
2010-06-27 12:56:39 ----D---- C:\WINDOWS
2010-06-27 12:53:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-27 12:26:09 ----D---- C:\WINDOWS\system32\drivers
2010-06-26 23:27:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-06-26 23:01:34 ----D---- C:\WINDOWS\Debug
2010-06-26 22:59:31 ----D---- C:\Program Files\CCleaner
2010-06-26 22:19:57 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-06-26 15:42:55 ----D---- C:\Documents and Settings\Kulhy\Data aplikací\LangSoft
2010-06-26 06:36:20 ----D---- C:\Documents and Settings\Kulhy\Data aplikací\Zoner
2010-06-26 06:34:35 ----D---- C:\WINDOWS\Prefetch
2010-06-25 13:47:03 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-25 06:45:32 ----SHD---- C:\Config.Msi
2010-06-25 06:45:31 ----SHD---- C:\WINDOWS\Installer
2010-06-25 06:33:31 ----D---- C:\Program Files\Mozilla Firefox
2010-06-23 22:26:16 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-23 22:26:13 ----RSD---- C:\WINDOWS\assembly
2010-06-23 22:17:27 ----D---- C:\WINDOWS\system32
2010-06-23 22:17:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-23 22:16:55 ----D---- C:\WINDOWS\WinSxS
2010-06-18 11:47:51 ----D---- C:\Program Files\FreeRapid-0.83u1
2010-06-15 19:39:19 ----HD---- C:\WINDOWS\inf
2010-06-14 11:25:22 ----D---- C:\Documents and Settings\Kulhy\Data aplikací\VideoReDo-TVSuite
2010-06-13 23:23:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVerTV
2010-06-11 00:23:28 ----A---- C:\WINDOWS\NeroDigital.ini
2010-06-10 17:41:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-10 17:41:37 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-03 07:31:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\Acronis
2010-06-02 09:56:15 ----D---- C:\Program Files\Common Files\Acronis
2010-06-02 09:56:09 ----D---- C:\Program Files\Acronis
2010-06-01 22:30:01 ----SD---- C:\Documents and Settings\Kulhy\Data aplikací\Microsoft
2010-06-01 15:02:42 ----D---- C:\Program Files\URUSoft
2010-05-30 20:26:43 ----D---- C:\Program Files\Common Files
2010-05-28 21:37:34 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2006-10-31 11008]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-05-14 55768]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-05-14 133000]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2010-05-08 44704]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-11-09 2827776]
R3 AVerBDA6x;AVerBDA6x service; C:\WINDOWS\system32\DRIVERS\AVerBDA716x.sys [2008-04-08 934272]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-05-14 33096]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-05-16 4275712]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-22 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-22 18944]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-05-07 47360]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2006-09-29 10752]
R4 atidgllk;atidgllk; \??\C:\WINDOWS\atidgllk.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSICPL;MSICPL; \??\G:\install4\MSICPL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 NTACCESS;NTACCESS; \??\G:\NTACCESS.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\G:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2008-12-16 554264]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-11-09 430080]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2006-09-29 258560]
R2 AVerRemote;AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [2008-05-05 356352]
R2 AVerScheduleService;AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-05-06 401408]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-05-06 153376]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-10 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-05-14 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 HDDSvc;HDD Information Service; C:\Program Files\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe [2010-05-18 458488]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu logu
Zdravím, tohle fixni v HJT :
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
HJT najdeš zde :
C:\Program Files\trend micro\Kulhy.exe
Fix znamená že spustíš HJT
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :
Služba Google Update
Nero BackItUp Scheduler 3
NMIndexingService
klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.
Stáhni a ulož na Plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
HJT najdeš zde :
C:\Program Files\trend micro\Kulhy.exe
Fix znamená že spustíš HJT
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :
Služba Google Update
Nero BackItUp Scheduler 3
NMIndexingService
klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.
Stáhni a ulož na Plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
Re: Prosím o kontrolu logu
Provedl jsem vše podle návodu. Bohužel PC během vypracovávání logu ComboFix vždy vytuhne a musí do restarovat. Přikládám log.
ComboFix 10-06-27.04 - Kulhy 28.06.2010 12:01:10.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3327.2840 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\Kulhy\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
ComboFix 10-06-27.04 - Kulhy 28.06.2010 12:01:10.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3327.2840 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\Kulhy\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
Re: Prosím o kontrolu logu
Omlouvám se za vstup - ale než přijde kolega:
Zkuste combofix přejmenovat na cokoliv.com a spustit.
Zkuste combofix přejmenovat na cokoliv.com a spustit.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu logu
Tak jsem to vyzkoušel dle návodu, ale je to stále stejné. Děkuji
Re: Prosím o kontrolu logu
Tak ani v nouzovém režimu ComboFix nevytvoří závěrečný log.
Re: Prosím o kontrolu logu
Já sem kolegovi ještě vlezu 
Najděte na disku C složku qoobox, zararujte ji a pošlete na www.leteckaposta.cz. Link ke stránce vložte Rolimu do sz.
Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:
- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde
Najděte na disku C složku qoobox, zararujte ji a pošlete na www.leteckaposta.cz. Link ke stránce vložte Rolimu do sz.
Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:
Kód: Vybrat vše
netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu logu
OTL logfile created on: 29.6.2010 14:24:53 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Kulhy\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 82,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50,89 Gb Total Space | 15,66 Gb Free Space | 30,77% Space Free | Partition Type: NTFS
Drive D: | 247,20 Gb Total Space | 41,11 Gb Free Space | 16,63% Space Free | Partition Type: NTFS
Drive E: | 465,75 Gb Total Space | 221,91 Gb Free Space | 47,65% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 931,50 Gb Total Space | 0,45 Gb Free Space | 0,05% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KRYTON
Current User Name: Kulhy
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.06.29 14:22:17 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kulhy\Plocha\OTL.exe
PRC - [2010.06.27 19:18:54 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.05.14 15:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009.05.14 15:47:08 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2008.12.16 15:03:40 | 000,554,264 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008.05.06 14:56:23 | 000,401,408 | R--- | M] () -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
PRC - [2008.05.05 16:56:55 | 000,356,352 | R--- | M] (AVerMedia) -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
PRC - [2008.04.14 16:54:42 | 000,159,744 | R--- | M] () -- C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2007.04.13 08:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2006.09.29 10:01:06 | 000,258,560 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
========== Modules (SafeList) ==========
MOD - [2010.06.29 14:22:17 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kulhy\Plocha\OTL.exe
MOD - [2008.04.14 05:19:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - [2010.05.18 06:17:06 | 000,458,488 | ---- | M] (AltrixSoft (http://www.altrixsoft.com/)) [On_Demand | Stopped] -- C:\Program Files\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe -- (HDDSvc)
SRV - [2009.10.27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.05.14 15:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.05.14 15:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2008.12.16 15:03:40 | 000,554,264 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.05.06 14:56:23 | 000,401,408 | R--- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2008.05.05 16:56:55 | 000,356,352 | R--- | M] (AVerMedia) [Auto | Running] -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007.04.13 08:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2006.09.29 10:01:06 | 000,258,560 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
========== Driver Services (SafeList) ==========
DRV - [2010.05.08 06:28:12 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)
DRV - [2010.05.08 06:28:05 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010.05.08 06:28:05 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010.05.08 06:28:00 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2009.10.06 11:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.10.06 11:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.10.06 11:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.10.06 11:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.05.14 15:49:26 | 000,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009.05.14 15:49:26 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009.05.14 15:49:22 | 000,133,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009.05.14 15:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.05.14 15:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.04.08 11:58:42 | 000,934,272 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVerBDA716x.sys -- (AVerBDA6x)
DRV - [2006.11.09 09:16:12 | 002,827,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.10.31 15:55:38 | 000,011,008 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2006.10.25 09:48:00 | 000,012,288 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2006.09.29 10:06:26 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D)
DRV - [2006.05.16 11:32:58 | 004,275,712 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.04.24 11:52:28 | 000,100,736 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006.03.22 08:24:02 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.03.22 08:24:00 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005.10.20 10:29:02 | 000,005,376 | ---- | M] (Overclocking Tool) [Kernel | Disabled | Running] -- C:\WINDOWS\atidgllk.sys -- (atidgllk)
DRV - [2005.03.09 08:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2001.08.17 23:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1417001333-1292428093-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.centrum.cz"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {cdbbb3f6-a50e-4b20-a154-5fcbb3bbf43d}:1.2.6
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2010.25.36
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... id=afex&q="
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.27 20:21:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.27 19:18:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010.05.27 17:50:36 | 000,000,000 | ---D | M]
[2010.05.06 20:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Mozilla\Extensions
[2010.06.26 15:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Mozilla\Firefox\Profiles\fufhg1bn.default\extensions
[2010.06.26 15:42:06 | 000,000,000 | ---D | M] (WebTran) -- C:\Documents and Settings\Kulhy\Data aplikací\Mozilla\Firefox\Profiles\fufhg1bn.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
[2010.05.08 07:01:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kulhy\Data aplikací\Mozilla\Firefox\Profiles\fufhg1bn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.06 22:12:23 | 000,000,000 | ---D | M] (JavaScript Options) -- C:\Documents and Settings\Kulhy\Data aplikací\Mozilla\Firefox\Profiles\fufhg1bn.default\extensions\{cdbbb3f6-a50e-4b20-a154-5fcbb3bbf43d}
[2010.05.08 07:01:02 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Kulhy\Data aplikací\Mozilla\Firefox\Profiles\fufhg1bn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.17 21:17:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kulhy\Data aplikací\Mozilla\Firefox\Profiles\fufhg1bn.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.06.26 15:00:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.01 18:51:34 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.04.01 18:51:34 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.04.01 18:51:34 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.04.01 18:51:34 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.04.01 18:51:34 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2010.06.26 23:26:13 | 000,396,935 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13702 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (WebTransBHO Class) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O4 - HKU\S-1-5-21-1417001333-1292428093-839522115-1004..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1417001333-1292428093-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1417001333-1292428093-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1417001333-1292428093-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1417001333-1292428093-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1417001333-1292428093-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Kulhy\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kulhy\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.05.06 13:01:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010.05.06 12:38:45 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Error closing restore point: The call timed out.
========== Files/Folders - Created Within 30 Days ==========
[2010.06.29 14:21:54 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kulhy\Plocha\OTL.exe
[2010.06.29 06:56:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.06.29 06:52:45 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010.06.27 23:22:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kulhy\Local Settings\Data aplikací\ESET
[2010.06.27 23:20:08 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.06.27 23:19:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.06.27 23:19:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.06.27 23:19:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.06.27 23:19:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.06.27 23:19:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.06.27 23:17:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.06.27 13:06:00 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.06.27 13:06:00 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.27 12:26:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kulhy\Data aplikací\Malwarebytes
[2010.06.27 12:26:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.06.27 12:26:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.06.27 12:26:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.06.27 12:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.06.26 23:27:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kulhy\Recent
[2010.06.26 15:43:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kulhy\Plocha\PC Translator
[2010.06.26 15:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\Translat
[2010.06.26 15:32:08 | 000,243,712 | ---- | C] (LangSoft s.r.o.) -- C:\Program Files\TRNIKONY.EXE
[2010.06.25 06:45:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2010.06.25 06:45:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kulhy\Local Settings\Data aplikací\Microsoft Corporation
[2010.06.11 01:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kulhy\Plocha\Slovensko
[2010.06.04 17:31:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kulhy\Data aplikací\Canon
[2010.06.02 15:00:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kulhy\Data aplikací\HD Tune Pro
[2010.06.02 14:59:49 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune Pro
[2010.05.31 22:24:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\LangSoft
[2010.05.31 22:24:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\Kulhy
[2010.05.30 23:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\AltrixSoft
[2010.05.30 23:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\Hard Drive Inspector
[2010.05.30 20:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EZB Systems
[2010.05.30 20:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\UltraISO
[2010.05.30 20:26:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kulhy\Dokumenty\My ISO Files
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.06.29 14:31:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.29 14:22:17 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kulhy\Plocha\OTL.exe
[2010.06.29 14:10:06 | 000,017,074 | ---- | M] () -- C:\Qoobox.zip
[2010.06.29 14:04:53 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\AWC AutoSweep.job
[2010.06.29 14:04:47 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.29 14:04:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.29 14:04:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.29 07:04:02 | 008,912,896 | -H-- | M] () -- C:\Documents and Settings\Kulhy\NTUSER.DAT
[2010.06.29 07:04:02 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\Kulhy\ntuser.ini
[2010.06.29 07:01:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.28 11:31:26 | 003,722,395 | R--- | M] () -- C:\Documents and Settings\Kulhy\Plocha\ComboFix.exe
[2010.06.27 23:20:14 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.06.27 12:26:11 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.06.26 23:26:13 | 000,396,935 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.06.26 15:32:10 | 001,173,504 | ---- | M] () -- C:\Program Files\WDICT32.EXE
[2010.06.26 15:32:09 | 000,000,004 | ---- | M] () -- C:\Program Files\USER.NET
[2010.06.26 15:32:08 | 000,243,712 | ---- | M] (LangSoft s.r.o.) -- C:\Program Files\TRNIKONY.EXE
[2010.06.26 06:35:51 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Zoner Photo Studio 12.lnk
[2010.06.24 10:43:07 | 000,196,608 | ---- | M] () -- C:\WINDOWS\System32\drivers\aStandard.bin
[2010.06.23 22:17:06 | 000,986,538 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.23 22:17:06 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.23 22:17:06 | 000,432,004 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.06.23 22:17:06 | 000,079,062 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.06.23 22:17:06 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.15 15:16:39 | 000,001,842 | ---- | M] () -- C:\Documents and Settings\Kulhy\intlname.ols
[2010.06.11 00:23:28 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.06.10 22:05:00 | 000,121,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.04 17:32:00 | 026,092,134 | ---- | M] () -- C:\Documents and Settings\Kulhy\Plocha\sc.bmp
[2010.06.03 19:31:13 | 000,002,828 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010.06.01 15:02:54 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Kulhy\Plocha\Subtitle Workshop.lnk
[2010.05.30 20:24:30 | 000,000,108 | ---- | M] () -- C:\Documents and Settings\Kulhy\default.pls
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.06.29 14:10:06 | 000,017,074 | ---- | C] () -- C:\Qoobox.zip
[2010.06.27 23:20:14 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.06.27 23:20:11 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010.06.27 23:19:08 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.06.27 23:19:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.06.27 23:19:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.06.27 23:19:08 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.06.27 23:19:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.06.27 23:14:35 | 003,722,395 | R--- | C] () -- C:\Documents and Settings\Kulhy\Plocha\ComboFix.exe
[2010.06.27 12:26:11 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.06.26 15:32:09 | 001,173,504 | ---- | C] () -- C:\Program Files\WDICT32.EXE
[2010.06.26 15:32:09 | 000,000,004 | ---- | C] () -- C:\Program Files\USER.NET
[2010.06.26 06:35:51 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Zoner Photo Studio 12.lnk
[2010.06.04 17:32:07 | 026,092,134 | ---- | C] () -- C:\Documents and Settings\Kulhy\Plocha\sc.bmp
[2010.06.03 06:39:48 | 000,000,356 | ---- | C] () -- C:\Documents and Settings\Kulhy\Plocha\DATA 2 Media.lnk
[2010.06.01 15:02:54 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\Kulhy\Plocha\Subtitle Workshop.lnk
[2010.05.27 17:34:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PAVSHRB.INI
[2010.05.09 05:59:14 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\BCFAD72D12.sys
[2010.05.09 05:59:13 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010.05.08 06:46:55 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.05.06 21:55:01 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2010.05.06 21:24:23 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.05.06 17:53:35 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010.05.06 17:53:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\716xCoInstaller.dll
[2010.05.06 17:51:09 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.dll
[2010.05.06 17:51:09 | 000,003,456 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.sys
[2010.05.06 17:50:50 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\sptlib03.dll
[2010.05.06 17:50:50 | 000,258,048 | R--- | C] () -- C:\WINDOWS\System32\sptlib01.dll
[2010.05.06 17:50:50 | 000,253,952 | R--- | C] () -- C:\WINDOWS\System32\sptlib02.dll
[2010.05.06 17:03:50 | 000,639,046 | ---- | C] () -- C:\WINDOWS\aticlocklib.dll
[2010.05.06 17:03:50 | 000,110,592 | ---- | C] () -- C:\WINDOWS\R5ClkLib.dll
[2010.05.06 17:03:48 | 000,011,136 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2010.05.06 17:03:48 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2010.05.06 17:03:47 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2010.05.06 13:18:10 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2010.06.03 07:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Acronis
[2010.05.30 23:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AltrixSoft
[2010.06.13 23:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVerTV
[2010.05.06 21:40:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
[2010.05.06 21:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
[2010.05.06 13:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2010.05.09 16:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2010.06.26 15:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\LangSoft
[2010.05.09 16:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2010.05.06 21:54:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ScanSoft
[2010.05.08 15:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Sony
[2010.06.26 22:19:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.05.18 19:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\vsosdk
[2010.05.08 06:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Acronis
[2010.05.28 19:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\AltrixSoft
[2010.06.04 17:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Canon
[2010.05.06 13:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\ESET
[2010.05.10 22:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\GHISLER
[2010.06.02 15:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\HD Tune Pro
[2010.05.06 21:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\IObit
[2010.06.26 15:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\LangSoft
[2010.05.09 16:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Nokia
[2010.05.09 16:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\PC Suite
[2010.05.08 14:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Publish Providers
[2010.05.06 21:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\ScanSoft
[2010.05.08 15:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Sony
[2010.05.07 14:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\URSoft
[2010.06.14 11:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\VideoReDo-TVSuite
[2010.05.26 06:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\VitySoft
[2010.05.18 21:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Vso
[2010.06.26 06:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Zoner
[2010.05.08 06:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\Acronis
[2010.05.07 14:45:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\ESET
[2010.05.09 16:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\PC Suite
[2010.06.29 14:04:53 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\AWC AutoSweep.job
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"egui" = "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice -- [2009.05.14 15:47:08 | 002,029,640 | ---- | M] (ESET)
< c:\windows\*.* /U >
[6 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010.05.08 06:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Acronis
[2010.05.06 22:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Adobe
[2010.05.06 21:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\AdobeUM
[2010.05.28 19:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\AltrixSoft
[2010.05.09 15:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Apple Computer
[2010.05.06 17:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\ATI
[2010.06.04 17:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Canon
[2010.05.09 05:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Corel
[2010.05.06 13:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\ESET
[2010.05.10 22:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\GHISLER
[2010.05.10 20:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Google
[2010.06.02 15:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\HD Tune Pro
[2010.05.06 13:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Identities
[2010.05.06 21:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\IObit
[2010.06.26 15:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\LangSoft
[2010.05.08 06:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Macromedia
[2010.06.27 12:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Malwarebytes
[2010.06.01 22:30:01 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Microsoft
[2010.05.06 20:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Mozilla
[2010.05.07 15:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Nero
[2010.05.09 16:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Nokia
[2010.05.09 16:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\PC Suite
[2010.05.08 14:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Publish Providers
[2010.05.06 21:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\ScanSoft
[2010.05.08 15:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Sony
[2010.05.06 13:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Sun
[2010.05.07 14:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\URSoft
[2010.06.14 11:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\VideoReDo-TVSuite
[2010.05.26 06:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\VitySoft
[2010.05.18 21:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Vso
[2010.06.26 06:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Zoner
< %APPDATA%\*.exe /s >
[2010.05.07 15:20:37 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Kulhy\Data aplikací\inst.exe
[2010.05.06 17:01:20 | 000,009,158 | R--- | M] () -- C:\Documents and Settings\Kulhy\Data aplikací\Microsoft\Installer\{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}\ARPPRODUCTICON.exe
[2010.06.26 06:39:00 | 007,377,592 | ---- | M] (ZONER software ) -- C:\Documents and Settings\Kulhy\Data aplikací\Zoner\NLMDB\product.0032\autoupdate.cz\ZPS12_Update_Build09.exe
< MD5 for: AGP440.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.05.06 20:43:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010.05.06 20:43:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.05.06 20:43:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010.05.06 20:43:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006.03.02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006.03.02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
< MD5 for: CDROM.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2010.05.06 20:43:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2010.05.06 20:43:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2006.03.02 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2006.03.02 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2006.03.02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006.03.02 14:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: HAL.DLL >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2010.05.06 20:43:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2010.05.06 20:43:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2006.03.02 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
< MD5 for: CHANGER.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2010.05.06 20:43:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2010.05.06 20:43:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
< MD5 for: ISAPNP.SYS >
[2010.05.06 20:43:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2010.05.06 20:43:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2006.03.02 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2006.03.02 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2006.03.02 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
< MD5 for: NETLOGON.DLL >
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2006.03.02 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: NVATA.SYS >
[2006.04.24 11:52:28 | 000,100,736 | R--- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\system32\drivers\nvata.sys
< MD5 for: SCECLI.DLL >
[2006.03.02 14:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2006.03.02 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2006.03.02 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006.03.02 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2006.03.02 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2006.03.02 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2006.03.02 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2010.05.06 12:43:25 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010.05.06 12:43:25 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010.05.06 12:43:25 | 000,499,712 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2010.06.29 07:01:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
========== Alternate Data Streams ==========
@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:66633281
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:B3D74A13
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:0888F409
< End of report >
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Kulhy\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 82,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50,89 Gb Total Space | 15,66 Gb Free Space | 30,77% Space Free | Partition Type: NTFS
Drive D: | 247,20 Gb Total Space | 41,11 Gb Free Space | 16,63% Space Free | Partition Type: NTFS
Drive E: | 465,75 Gb Total Space | 221,91 Gb Free Space | 47,65% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 931,50 Gb Total Space | 0,45 Gb Free Space | 0,05% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KRYTON
Current User Name: Kulhy
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.06.29 14:22:17 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kulhy\Plocha\OTL.exe
PRC - [2010.06.27 19:18:54 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.05.14 15:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009.05.14 15:47:08 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2008.12.16 15:03:40 | 000,554,264 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008.05.06 14:56:23 | 000,401,408 | R--- | M] () -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
PRC - [2008.05.05 16:56:55 | 000,356,352 | R--- | M] (AVerMedia) -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
PRC - [2008.04.14 16:54:42 | 000,159,744 | R--- | M] () -- C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2007.04.13 08:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2006.09.29 10:01:06 | 000,258,560 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
========== Modules (SafeList) ==========
MOD - [2010.06.29 14:22:17 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kulhy\Plocha\OTL.exe
MOD - [2008.04.14 05:19:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - [2010.05.18 06:17:06 | 000,458,488 | ---- | M] (AltrixSoft (http://www.altrixsoft.com/)) [On_Demand | Stopped] -- C:\Program Files\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe -- (HDDSvc)
SRV - [2009.10.27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.05.14 15:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.05.14 15:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2008.12.16 15:03:40 | 000,554,264 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.05.06 14:56:23 | 000,401,408 | R--- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2008.05.05 16:56:55 | 000,356,352 | R--- | M] (AVerMedia) [Auto | Running] -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007.04.13 08:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2006.09.29 10:01:06 | 000,258,560 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
========== Driver Services (SafeList) ==========
DRV - [2010.05.08 06:28:12 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)
DRV - [2010.05.08 06:28:05 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010.05.08 06:28:05 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010.05.08 06:28:00 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2009.10.06 11:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.10.06 11:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.10.06 11:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.10.06 11:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.05.14 15:49:26 | 000,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009.05.14 15:49:26 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009.05.14 15:49:22 | 000,133,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009.05.14 15:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.05.14 15:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.04.08 11:58:42 | 000,934,272 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVerBDA716x.sys -- (AVerBDA6x)
DRV - [2006.11.09 09:16:12 | 002,827,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.10.31 15:55:38 | 000,011,008 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2006.10.25 09:48:00 | 000,012,288 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2006.09.29 10:06:26 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D)
DRV - [2006.05.16 11:32:58 | 004,275,712 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.04.24 11:52:28 | 000,100,736 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006.03.22 08:24:02 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.03.22 08:24:00 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005.10.20 10:29:02 | 000,005,376 | ---- | M] (Overclocking Tool) [Kernel | Disabled | Running] -- C:\WINDOWS\atidgllk.sys -- (atidgllk)
DRV - [2005.03.09 08:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2001.08.17 23:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1417001333-1292428093-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.centrum.cz"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {cdbbb3f6-a50e-4b20-a154-5fcbb3bbf43d}:1.2.6
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2010.25.36
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... id=afex&q="
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.27 20:21:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.27 19:18:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010.05.27 17:50:36 | 000,000,000 | ---D | M]
[2010.05.06 20:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Mozilla\Extensions
[2010.06.26 15:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Mozilla\Firefox\Profiles\fufhg1bn.default\extensions
[2010.06.26 15:42:06 | 000,000,000 | ---D | M] (WebTran) -- C:\Documents and Settings\Kulhy\Data aplikací\Mozilla\Firefox\Profiles\fufhg1bn.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
[2010.05.08 07:01:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kulhy\Data aplikací\Mozilla\Firefox\Profiles\fufhg1bn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.06 22:12:23 | 000,000,000 | ---D | M] (JavaScript Options) -- C:\Documents and Settings\Kulhy\Data aplikací\Mozilla\Firefox\Profiles\fufhg1bn.default\extensions\{cdbbb3f6-a50e-4b20-a154-5fcbb3bbf43d}
[2010.05.08 07:01:02 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Kulhy\Data aplikací\Mozilla\Firefox\Profiles\fufhg1bn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.17 21:17:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kulhy\Data aplikací\Mozilla\Firefox\Profiles\fufhg1bn.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.06.26 15:00:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.01 18:51:34 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.04.01 18:51:34 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.04.01 18:51:34 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.04.01 18:51:34 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.04.01 18:51:34 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2010.06.26 23:26:13 | 000,396,935 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13702 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (WebTransBHO Class) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O4 - HKU\S-1-5-21-1417001333-1292428093-839522115-1004..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1417001333-1292428093-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1417001333-1292428093-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1417001333-1292428093-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1417001333-1292428093-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1417001333-1292428093-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Kulhy\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kulhy\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.05.06 13:01:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010.05.06 12:38:45 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Error closing restore point: The call timed out.
========== Files/Folders - Created Within 30 Days ==========
[2010.06.29 14:21:54 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kulhy\Plocha\OTL.exe
[2010.06.29 06:56:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.06.29 06:52:45 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010.06.27 23:22:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kulhy\Local Settings\Data aplikací\ESET
[2010.06.27 23:20:08 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.06.27 23:19:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.06.27 23:19:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.06.27 23:19:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.06.27 23:19:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.06.27 23:19:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.06.27 23:17:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.06.27 13:06:00 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.06.27 13:06:00 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.27 12:26:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kulhy\Data aplikací\Malwarebytes
[2010.06.27 12:26:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.06.27 12:26:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.06.27 12:26:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.06.27 12:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.06.26 23:27:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kulhy\Recent
[2010.06.26 15:43:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kulhy\Plocha\PC Translator
[2010.06.26 15:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\Translat
[2010.06.26 15:32:08 | 000,243,712 | ---- | C] (LangSoft s.r.o.) -- C:\Program Files\TRNIKONY.EXE
[2010.06.25 06:45:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2010.06.25 06:45:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kulhy\Local Settings\Data aplikací\Microsoft Corporation
[2010.06.11 01:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kulhy\Plocha\Slovensko
[2010.06.04 17:31:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kulhy\Data aplikací\Canon
[2010.06.02 15:00:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kulhy\Data aplikací\HD Tune Pro
[2010.06.02 14:59:49 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune Pro
[2010.05.31 22:24:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\LangSoft
[2010.05.31 22:24:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\Kulhy
[2010.05.30 23:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\AltrixSoft
[2010.05.30 23:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\Hard Drive Inspector
[2010.05.30 20:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EZB Systems
[2010.05.30 20:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\UltraISO
[2010.05.30 20:26:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kulhy\Dokumenty\My ISO Files
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.06.29 14:31:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.29 14:22:17 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kulhy\Plocha\OTL.exe
[2010.06.29 14:10:06 | 000,017,074 | ---- | M] () -- C:\Qoobox.zip
[2010.06.29 14:04:53 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\AWC AutoSweep.job
[2010.06.29 14:04:47 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.29 14:04:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.29 14:04:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.29 07:04:02 | 008,912,896 | -H-- | M] () -- C:\Documents and Settings\Kulhy\NTUSER.DAT
[2010.06.29 07:04:02 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\Kulhy\ntuser.ini
[2010.06.29 07:01:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.28 11:31:26 | 003,722,395 | R--- | M] () -- C:\Documents and Settings\Kulhy\Plocha\ComboFix.exe
[2010.06.27 23:20:14 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.06.27 12:26:11 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.06.26 23:26:13 | 000,396,935 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.06.26 15:32:10 | 001,173,504 | ---- | M] () -- C:\Program Files\WDICT32.EXE
[2010.06.26 15:32:09 | 000,000,004 | ---- | M] () -- C:\Program Files\USER.NET
[2010.06.26 15:32:08 | 000,243,712 | ---- | M] (LangSoft s.r.o.) -- C:\Program Files\TRNIKONY.EXE
[2010.06.26 06:35:51 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Zoner Photo Studio 12.lnk
[2010.06.24 10:43:07 | 000,196,608 | ---- | M] () -- C:\WINDOWS\System32\drivers\aStandard.bin
[2010.06.23 22:17:06 | 000,986,538 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.23 22:17:06 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.23 22:17:06 | 000,432,004 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.06.23 22:17:06 | 000,079,062 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.06.23 22:17:06 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.15 15:16:39 | 000,001,842 | ---- | M] () -- C:\Documents and Settings\Kulhy\intlname.ols
[2010.06.11 00:23:28 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.06.10 22:05:00 | 000,121,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.04 17:32:00 | 026,092,134 | ---- | M] () -- C:\Documents and Settings\Kulhy\Plocha\sc.bmp
[2010.06.03 19:31:13 | 000,002,828 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010.06.01 15:02:54 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Kulhy\Plocha\Subtitle Workshop.lnk
[2010.05.30 20:24:30 | 000,000,108 | ---- | M] () -- C:\Documents and Settings\Kulhy\default.pls
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.06.29 14:10:06 | 000,017,074 | ---- | C] () -- C:\Qoobox.zip
[2010.06.27 23:20:14 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.06.27 23:20:11 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010.06.27 23:19:08 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.06.27 23:19:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.06.27 23:19:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.06.27 23:19:08 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.06.27 23:19:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.06.27 23:14:35 | 003,722,395 | R--- | C] () -- C:\Documents and Settings\Kulhy\Plocha\ComboFix.exe
[2010.06.27 12:26:11 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.06.26 15:32:09 | 001,173,504 | ---- | C] () -- C:\Program Files\WDICT32.EXE
[2010.06.26 15:32:09 | 000,000,004 | ---- | C] () -- C:\Program Files\USER.NET
[2010.06.26 06:35:51 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Zoner Photo Studio 12.lnk
[2010.06.04 17:32:07 | 026,092,134 | ---- | C] () -- C:\Documents and Settings\Kulhy\Plocha\sc.bmp
[2010.06.03 06:39:48 | 000,000,356 | ---- | C] () -- C:\Documents and Settings\Kulhy\Plocha\DATA 2 Media.lnk
[2010.06.01 15:02:54 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\Kulhy\Plocha\Subtitle Workshop.lnk
[2010.05.27 17:34:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PAVSHRB.INI
[2010.05.09 05:59:14 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\BCFAD72D12.sys
[2010.05.09 05:59:13 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010.05.08 06:46:55 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.05.06 21:55:01 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2010.05.06 21:24:23 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.05.06 17:53:35 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010.05.06 17:53:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\716xCoInstaller.dll
[2010.05.06 17:51:09 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.dll
[2010.05.06 17:51:09 | 000,003,456 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.sys
[2010.05.06 17:50:50 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\sptlib03.dll
[2010.05.06 17:50:50 | 000,258,048 | R--- | C] () -- C:\WINDOWS\System32\sptlib01.dll
[2010.05.06 17:50:50 | 000,253,952 | R--- | C] () -- C:\WINDOWS\System32\sptlib02.dll
[2010.05.06 17:03:50 | 000,639,046 | ---- | C] () -- C:\WINDOWS\aticlocklib.dll
[2010.05.06 17:03:50 | 000,110,592 | ---- | C] () -- C:\WINDOWS\R5ClkLib.dll
[2010.05.06 17:03:48 | 000,011,136 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2010.05.06 17:03:48 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2010.05.06 17:03:47 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2010.05.06 13:18:10 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2010.06.03 07:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Acronis
[2010.05.30 23:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AltrixSoft
[2010.06.13 23:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVerTV
[2010.05.06 21:40:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
[2010.05.06 21:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
[2010.05.06 13:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2010.05.09 16:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2010.06.26 15:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\LangSoft
[2010.05.09 16:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2010.05.06 21:54:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ScanSoft
[2010.05.08 15:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Sony
[2010.06.26 22:19:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.05.18 19:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\vsosdk
[2010.05.08 06:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Acronis
[2010.05.28 19:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\AltrixSoft
[2010.06.04 17:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Canon
[2010.05.06 13:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\ESET
[2010.05.10 22:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\GHISLER
[2010.06.02 15:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\HD Tune Pro
[2010.05.06 21:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\IObit
[2010.06.26 15:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\LangSoft
[2010.05.09 16:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Nokia
[2010.05.09 16:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\PC Suite
[2010.05.08 14:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Publish Providers
[2010.05.06 21:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\ScanSoft
[2010.05.08 15:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Sony
[2010.05.07 14:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\URSoft
[2010.06.14 11:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\VideoReDo-TVSuite
[2010.05.26 06:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\VitySoft
[2010.05.18 21:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Vso
[2010.06.26 06:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Zoner
[2010.05.08 06:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\Acronis
[2010.05.07 14:45:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\ESET
[2010.05.09 16:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\PC Suite
[2010.06.29 14:04:53 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\AWC AutoSweep.job
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"egui" = "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice -- [2009.05.14 15:47:08 | 002,029,640 | ---- | M] (ESET)
< c:\windows\*.* /U >
[6 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010.05.08 06:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Acronis
[2010.05.06 22:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Adobe
[2010.05.06 21:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\AdobeUM
[2010.05.28 19:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\AltrixSoft
[2010.05.09 15:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Apple Computer
[2010.05.06 17:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\ATI
[2010.06.04 17:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Canon
[2010.05.09 05:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Corel
[2010.05.06 13:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\ESET
[2010.05.10 22:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\GHISLER
[2010.05.10 20:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Google
[2010.06.02 15:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\HD Tune Pro
[2010.05.06 13:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Identities
[2010.05.06 21:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\IObit
[2010.06.26 15:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\LangSoft
[2010.05.08 06:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Macromedia
[2010.06.27 12:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Malwarebytes
[2010.06.01 22:30:01 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Microsoft
[2010.05.06 20:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Mozilla
[2010.05.07 15:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Nero
[2010.05.09 16:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Nokia
[2010.05.09 16:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\PC Suite
[2010.05.08 14:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Publish Providers
[2010.05.06 21:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\ScanSoft
[2010.05.08 15:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Sony
[2010.05.06 13:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Sun
[2010.05.07 14:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\URSoft
[2010.06.14 11:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\VideoReDo-TVSuite
[2010.05.26 06:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\VitySoft
[2010.05.18 21:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Vso
[2010.06.26 06:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kulhy\Data aplikací\Zoner
< %APPDATA%\*.exe /s >
[2010.05.07 15:20:37 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Kulhy\Data aplikací\inst.exe
[2010.05.06 17:01:20 | 000,009,158 | R--- | M] () -- C:\Documents and Settings\Kulhy\Data aplikací\Microsoft\Installer\{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}\ARPPRODUCTICON.exe
[2010.06.26 06:39:00 | 007,377,592 | ---- | M] (ZONER software ) -- C:\Documents and Settings\Kulhy\Data aplikací\Zoner\NLMDB\product.0032\autoupdate.cz\ZPS12_Update_Build09.exe
< MD5 for: AGP440.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.05.06 20:43:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010.05.06 20:43:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.05.06 20:43:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010.05.06 20:43:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006.03.02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006.03.02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
< MD5 for: CDROM.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2010.05.06 20:43:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2010.05.06 20:43:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2006.03.02 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2006.03.02 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2006.03.02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006.03.02 14:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: HAL.DLL >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2010.05.06 20:43:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2010.05.06 20:43:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2006.03.02 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
< MD5 for: CHANGER.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2010.05.06 20:43:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2010.05.06 20:43:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
< MD5 for: ISAPNP.SYS >
[2010.05.06 20:43:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2010.05.06 20:43:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2006.03.02 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2006.03.02 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2006.03.02 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
< MD5 for: NETLOGON.DLL >
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2006.03.02 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: NVATA.SYS >
[2006.04.24 11:52:28 | 000,100,736 | R--- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\system32\drivers\nvata.sys
< MD5 for: SCECLI.DLL >
[2006.03.02 14:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2006.03.02 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2006.03.02 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006.03.02 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2006.03.02 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2006.03.02 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2006.03.02 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2010.05.06 12:43:25 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010.05.06 12:43:25 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010.05.06 12:43:25 | 000,499,712 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2010.06.29 07:01:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
========== Alternate Data Streams ==========
@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:66633281
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:B3D74A13
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:0888F409
< End of report >
Re: Prosím o kontrolu logu
OTL Extras logfile created on: 29.6.2010 14:24:53 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Kulhy\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 82,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50,89 Gb Total Space | 15,66 Gb Free Space | 30,77% Space Free | Partition Type: NTFS
Drive D: | 247,20 Gb Total Space | 41,11 Gb Free Space | 16,63% Space Free | Partition Type: NTFS
Drive E: | 465,75 Gb Total Space | 221,91 Gb Free Space | 47,65% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 931,50 Gb Total Space | 0,45 Gb Free Space | 0,05% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KRYTON
Current User Name: Kulhy
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-1417001333-1292428093-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h
"{0CBC9A39-5A64-446E-8D6B-0E75987D9425}" = ASUS ATI Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis Disk Director Suite
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{27575922-AF37-4BB3-8DEA-B2E1EB25A403}" = ATI Catalyst Control Center
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Gamer OSD
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36DB05B6-721B-4001-87EA-7AC42E3BB0F6}" = Sony Cinescore Plug-In 1.0
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AEA9A23-D627-4699-8A0F-FC474308C2E6}" = Sony Sound Forge 9.0
"{521F829A-CBDD-4525-A94C-05D4650E9F71}" = DVD Architect Pro 5.0
"{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{71CBF9BB-7E07-4A9D-BF30-84C11810B242}" = ESET Smart Security
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9622AE32-1EE6-4EB6-A86F-B3346A34BAE0}" = Sony Cinescore 1.0
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A70500000002}" = Adobe Reader 7.0.5 - Czech
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3A13A35-63AC-427a-92E6-960C1D01FABB}" = Poradce pro upgrade na systém Windows 7
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{D6D5CB84-0E6E-4E69-B300-C690B6911029}" = Nero 8
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.3.313
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Balíček ovladače systému Windows - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.62
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Balíček ovladače systému Windows - Nokia Modem (06/01/2009 7.01.0.4)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"ATI Display Driver" = ATI Display Driver
"AVerMedia H788-Series PCIe TV Tuner" = AVerMedia H788-Series PCIe TV Tuner 1.3.0.44
"AVerMedia MCE Encoder x86" = AVerMedia MCE Encoder x86 3.2.1.84
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"DVDFab 7_is1" = DVDFab 7.0.3.0 (26/03/2010)
"Hard Drive Inspector" = Hard Drive Inspector Professional 3.80 build # 352
"HD Tune Pro_is1" = HD Tune Pro 4.50
"HijackThis" = HijackThis 2.0.2
"Icon Restore_is1" = Icon Restore 1.0
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"Magic Bullet Editors 2.0 Vegas" = Magic Bullet Editors 2.0 Vegas
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Tagger_is1" = Media Tagger v1.3.5
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiNODLogin" = ESET Antivirus License Finder (MiNODLogin)
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"NewBlue 3D Explosions for Windows" = NewBlue 3D Explosions for Windows
"NewBlue 3D Transformations for Windows" = NewBlue 3D Transformations for Windows
"NewBlue Art Blends for Windows" = NewBlue Art Blends for Windows
"NewBlue Art Effects for Windows" = NewBlue Art Effects for Windows
"NewBlue Film Effects for Windows" = NewBlue Film Effects for Windows
"NewBlue Motion Blends for Windows" = NewBlue Motion Blends for Windows
"NewBlue Motion Effects for Windows" = NewBlue Motion Effects for Windows
"NewBlue Paint Blends for Windows" = NewBlue Paint Blends for Windows
"NewBlue Paint Effects for Windows" = NewBlue Paint Effects for Windows
"NewBlue Sampler Pack for Windows" = NewBlue Sampler Pack for Windows
"NewBlue Video Essentials for Windows" = NewBlue Video Essentials for Windows
"NewBlue Video Essentials II for Windows" = NewBlue Video Essentials II for Windows
"NewBlue Video Essentials III for Windows" = NewBlue Video Essentials III for Windows
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PC Translator" = PC Translator
"PluginPac" = DebugMode PluginPac (remove only)
"Registrace uživatele zařízení Canon MP610 series" = Registrace uživatele zařízení Canon MP610 series
"Sonic Foundry Noise Reduction" = Sonic Foundry Noise Reduction
"SpiceMASTER 2.5 PRO for Vegas" = SpiceMASTER 2.5 PRO for Vegas
"SubtitleCreator" = SubtitleCreator
"SubtitleWorkshop" = Subtitle Workshop 2.51
"The KMPlayer" = The KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"UltraISO_is1" = UltraISO Premium V9.36
"ViceVersa - FREE!" = ViceVersa - FREE!
"VideoReDoTVSuite_is1" = VideoReDo TVSuite Version 3.1.5.565
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"Your Uninstaller!_is1" = Your Uninstaller! Version 6.3
"ZonerPhotoStudio12_CZ_is1" = Zoner Photo Studio 12
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 1.6.2010 9:14:58 | Computer Name = KRYTON | Source = Application Error | ID = 1000
Description = Chybující aplikace subtitleworkshop.exe, verze 0.0.0.0, chybující
modul avmmcevenc.ax, verze 3.2.1.84, adresa chyby 0x0002b725.
Error - 5.6.2010 9:03:19 | Computer Name = KRYTON | Source = Microsoft Office 11 | ID = 1000
Description =
Error - 25.6.2010 0:31:16 | Computer Name = KRYTON | Source = Microsoft Office 11 | ID = 2000
Description =
Error - 29.6.2010 0:38:07 | Computer Name = KRYTON | Source = Google Update | ID = 20
Description =
[ System Events ]
Error - 29.6.2010 0:30:01 | Computer Name = KRYTON | Source = Service Control Manager | ID = 7001
Description = Služba Podpora rozhraní NetBIOS nad protokolem TCP/IP závisí na službě
AFD, která neuspěla při spuštění v důsledku následující chyby: %%31
Error - 29.6.2010 0:30:01 | Computer Name = KRYTON | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: AFD AmdK8 asuskbnt ehdrv epfwtdi Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss
Tcpip
Error - 29.6.2010 0:33:11 | Computer Name = KRYTON | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\D.
Error - 29.6.2010 0:51:15 | Computer Name = KRYTON | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 29.6.2010 0:52:42 | Computer Name = KRYTON | Source = Service Control Manager | ID = 7001
Description = Služba Klient DHCP závisí na službě Rozhraní NetBios nad protokolem
TCP/IP, která neuspěla při spuštění v důsledku následující chyby: %%31
Error - 29.6.2010 0:52:42 | Computer Name = KRYTON | Source = Service Control Manager | ID = 7001
Description = Služba Klient DNS závisí na službě Ovladač protokolu TCP/IP, která
neuspěla při spuštění v důsledku následující chyby: %%31
Error - 29.6.2010 0:52:42 | Computer Name = KRYTON | Source = Service Control Manager | ID = 7001
Description = Služba Podpora rozhraní NetBIOS nad protokolem TCP/IP závisí na službě
AFD, která neuspěla při spuštění v důsledku následující chyby: %%31
Error - 29.6.2010 0:52:42 | Computer Name = KRYTON | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: AFD AmdK8 asuskbnt ehdrv epfwtdi Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss
Tcpip
Error - 29.6.2010 0:56:54 | Computer Name = KRYTON | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\D.
Error - 29.6.2010 8:25:20 | Computer Name = KRYTON | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\D.
< End of report >
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Kulhy\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 82,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50,89 Gb Total Space | 15,66 Gb Free Space | 30,77% Space Free | Partition Type: NTFS
Drive D: | 247,20 Gb Total Space | 41,11 Gb Free Space | 16,63% Space Free | Partition Type: NTFS
Drive E: | 465,75 Gb Total Space | 221,91 Gb Free Space | 47,65% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 931,50 Gb Total Space | 0,45 Gb Free Space | 0,05% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KRYTON
Current User Name: Kulhy
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-1417001333-1292428093-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h
"{0CBC9A39-5A64-446E-8D6B-0E75987D9425}" = ASUS ATI Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis Disk Director Suite
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{27575922-AF37-4BB3-8DEA-B2E1EB25A403}" = ATI Catalyst Control Center
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Gamer OSD
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36DB05B6-721B-4001-87EA-7AC42E3BB0F6}" = Sony Cinescore Plug-In 1.0
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AEA9A23-D627-4699-8A0F-FC474308C2E6}" = Sony Sound Forge 9.0
"{521F829A-CBDD-4525-A94C-05D4650E9F71}" = DVD Architect Pro 5.0
"{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{71CBF9BB-7E07-4A9D-BF30-84C11810B242}" = ESET Smart Security
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9622AE32-1EE6-4EB6-A86F-B3346A34BAE0}" = Sony Cinescore 1.0
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A70500000002}" = Adobe Reader 7.0.5 - Czech
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3A13A35-63AC-427a-92E6-960C1D01FABB}" = Poradce pro upgrade na systém Windows 7
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{D6D5CB84-0E6E-4E69-B300-C690B6911029}" = Nero 8
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.3.313
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Balíček ovladače systému Windows - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.62
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Balíček ovladače systému Windows - Nokia Modem (06/01/2009 7.01.0.4)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"ATI Display Driver" = ATI Display Driver
"AVerMedia H788-Series PCIe TV Tuner" = AVerMedia H788-Series PCIe TV Tuner 1.3.0.44
"AVerMedia MCE Encoder x86" = AVerMedia MCE Encoder x86 3.2.1.84
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"DVDFab 7_is1" = DVDFab 7.0.3.0 (26/03/2010)
"Hard Drive Inspector" = Hard Drive Inspector Professional 3.80 build # 352
"HD Tune Pro_is1" = HD Tune Pro 4.50
"HijackThis" = HijackThis 2.0.2
"Icon Restore_is1" = Icon Restore 1.0
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"Magic Bullet Editors 2.0 Vegas" = Magic Bullet Editors 2.0 Vegas
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Tagger_is1" = Media Tagger v1.3.5
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiNODLogin" = ESET Antivirus License Finder (MiNODLogin)
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"NewBlue 3D Explosions for Windows" = NewBlue 3D Explosions for Windows
"NewBlue 3D Transformations for Windows" = NewBlue 3D Transformations for Windows
"NewBlue Art Blends for Windows" = NewBlue Art Blends for Windows
"NewBlue Art Effects for Windows" = NewBlue Art Effects for Windows
"NewBlue Film Effects for Windows" = NewBlue Film Effects for Windows
"NewBlue Motion Blends for Windows" = NewBlue Motion Blends for Windows
"NewBlue Motion Effects for Windows" = NewBlue Motion Effects for Windows
"NewBlue Paint Blends for Windows" = NewBlue Paint Blends for Windows
"NewBlue Paint Effects for Windows" = NewBlue Paint Effects for Windows
"NewBlue Sampler Pack for Windows" = NewBlue Sampler Pack for Windows
"NewBlue Video Essentials for Windows" = NewBlue Video Essentials for Windows
"NewBlue Video Essentials II for Windows" = NewBlue Video Essentials II for Windows
"NewBlue Video Essentials III for Windows" = NewBlue Video Essentials III for Windows
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PC Translator" = PC Translator
"PluginPac" = DebugMode PluginPac (remove only)
"Registrace uživatele zařízení Canon MP610 series" = Registrace uživatele zařízení Canon MP610 series
"Sonic Foundry Noise Reduction" = Sonic Foundry Noise Reduction
"SpiceMASTER 2.5 PRO for Vegas" = SpiceMASTER 2.5 PRO for Vegas
"SubtitleCreator" = SubtitleCreator
"SubtitleWorkshop" = Subtitle Workshop 2.51
"The KMPlayer" = The KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"UltraISO_is1" = UltraISO Premium V9.36
"ViceVersa - FREE!" = ViceVersa - FREE!
"VideoReDoTVSuite_is1" = VideoReDo TVSuite Version 3.1.5.565
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"Your Uninstaller!_is1" = Your Uninstaller! Version 6.3
"ZonerPhotoStudio12_CZ_is1" = Zoner Photo Studio 12
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 1.6.2010 9:14:58 | Computer Name = KRYTON | Source = Application Error | ID = 1000
Description = Chybující aplikace subtitleworkshop.exe, verze 0.0.0.0, chybující
modul avmmcevenc.ax, verze 3.2.1.84, adresa chyby 0x0002b725.
Error - 5.6.2010 9:03:19 | Computer Name = KRYTON | Source = Microsoft Office 11 | ID = 1000
Description =
Error - 25.6.2010 0:31:16 | Computer Name = KRYTON | Source = Microsoft Office 11 | ID = 2000
Description =
Error - 29.6.2010 0:38:07 | Computer Name = KRYTON | Source = Google Update | ID = 20
Description =
[ System Events ]
Error - 29.6.2010 0:30:01 | Computer Name = KRYTON | Source = Service Control Manager | ID = 7001
Description = Služba Podpora rozhraní NetBIOS nad protokolem TCP/IP závisí na službě
AFD, která neuspěla při spuštění v důsledku následující chyby: %%31
Error - 29.6.2010 0:30:01 | Computer Name = KRYTON | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: AFD AmdK8 asuskbnt ehdrv epfwtdi Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss
Tcpip
Error - 29.6.2010 0:33:11 | Computer Name = KRYTON | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\D.
Error - 29.6.2010 0:51:15 | Computer Name = KRYTON | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 29.6.2010 0:52:42 | Computer Name = KRYTON | Source = Service Control Manager | ID = 7001
Description = Služba Klient DHCP závisí na službě Rozhraní NetBios nad protokolem
TCP/IP, která neuspěla při spuštění v důsledku následující chyby: %%31
Error - 29.6.2010 0:52:42 | Computer Name = KRYTON | Source = Service Control Manager | ID = 7001
Description = Služba Klient DNS závisí na službě Ovladač protokolu TCP/IP, která
neuspěla při spuštění v důsledku následující chyby: %%31
Error - 29.6.2010 0:52:42 | Computer Name = KRYTON | Source = Service Control Manager | ID = 7001
Description = Služba Podpora rozhraní NetBIOS nad protokolem TCP/IP závisí na službě
AFD, která neuspěla při spuštění v důsledku následující chyby: %%31
Error - 29.6.2010 0:52:42 | Computer Name = KRYTON | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: AFD AmdK8 asuskbnt ehdrv epfwtdi Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss
Tcpip
Error - 29.6.2010 0:56:54 | Computer Name = KRYTON | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\D.
Error - 29.6.2010 8:25:20 | Computer Name = KRYTON | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\D.
< End of report >
Re: Prosím o kontrolu logu
Dejte soubor otestovat na http://www.virustotal.comC:\Program Files\WDICT32.EXE
C:\Program Files\USER.NET
C:\Program Files\TRNIKONY.EXE
C:\Documents and Settings\Kulhy\Data aplikací\inst.exe
C:\WINDOWS\System32\aseng.dll
C:\WINDOWS\System32\RtlCPAPI.dll
-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky
-pokud se Vás zeptá, dejte soubor otestovat znovu, tak aby to byl soubor z Vašeho počítače
Máte v pc mbam, udělejte sken, předem nic nemažte
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu logu
Mbam se po čase zasekne a musím resetovat. Zde jsou odkazy z www.virustotal.com.
http://www.virustotal.com/cs/analisis/6 ... 1277873461
http://www.virustotal.com/cs/analisis/a ... 1277872798
http://www.virustotal.com/cs/analisis/8 ... 1277872610
http://www.virustotal.com/cs/analisis/c ... 1277872918
http://www.virustotal.com/cs/analisis/b ... 1277873109
http://www.virustotal.com/cs/analisis/9 ... 1277873266
http://www.virustotal.com/cs/analisis/6 ... 1277873461
http://www.virustotal.com/cs/analisis/a ... 1277872798
http://www.virustotal.com/cs/analisis/8 ... 1277872610
http://www.virustotal.com/cs/analisis/c ... 1277872918
http://www.virustotal.com/cs/analisis/b ... 1277873109
http://www.virustotal.com/cs/analisis/9 ... 1277873266
Re: Prosím o kontrolu logu
Zkoušel jste ho spustit v nouzovém režimu?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu logu
Tak se mi konečně podařil ComboFix, problém byl v disku E:. Poté, co jsem ho přeformátoval, to funguje.
ComboFix 10-06-27.04 - Kulhy 01.07.2010 20:22:24.8.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3327.2846 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kulhy\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-01 do 2010-07-01 )))))))))))))))))))))))))))))))
.
2010-07-01 14:19 . 2010-07-01 14:19 1390730 ----a-w- c:\windows\system32\AutoPartNt.exe
2010-06-29 12:10 . 2010-06-29 12:10 17074 ----a-w- C:\Qoobox.zip
2010-06-27 11:06 . 2010-06-28 09:28 -------- d-----w- c:\program files\trend micro
2010-06-27 11:06 . 2010-06-27 11:06 -------- d-----w- C:\rsit
2010-06-27 10:26 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-27 10:26 . 2010-06-27 10:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-27 10:26 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-26 13:32 . 2010-06-26 13:41 -------- d-----w- c:\program files\Translat
2010-06-26 13:32 . 2010-06-26 13:32 1173504 ----a-w- c:\program files\WDICT32.EXE
2010-06-26 13:32 . 2010-06-26 13:32 243712 ----a-w- c:\program files\TRNIKONY.EXE
2010-06-25 04:45 . 2010-06-25 04:45 -------- d-----w- c:\windows\Performance
2010-06-02 12:59 . 2010-06-27 09:57 -------- d-----w- c:\program files\HD Tune Pro
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-26 20:59 . 2010-05-08 05:04 -------- d-----w- c:\program files\CCleaner
2010-06-26 13:32 . 2010-06-26 13:32 4 ----a-w- c:\program files\USER.NET
2010-06-24 08:43 . 2010-05-06 15:03 196608 ----a-w- c:\windows\system32\drivers\aStandard.bin
2010-06-23 20:17 . 2006-03-02 12:00 79062 ----a-w- c:\windows\system32\perfc005.dat
2010-06-23 20:17 . 2006-03-02 12:00 432004 ----a-w- c:\windows\system32\perfh005.dat
2010-06-18 09:47 . 2010-05-26 17:27 -------- d-----w- c:\program files\FreeRapid-0.83u1
2010-06-03 17:31 . 2010-05-09 03:59 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-06-02 07:56 . 2010-05-06 19:20 -------- d-----w- c:\program files\Common Files\Acronis
2010-06-02 07:56 . 2010-05-08 04:27 -------- d-----w- c:\program files\Acronis
2010-06-01 13:02 . 2010-05-21 20:09 -------- d-----w- c:\program files\URUSoft
2010-05-30 21:42 . 2010-05-30 21:34 -------- d-----w- c:\program files\Hard Drive Inspector
2010-05-30 21:34 . 2010-05-28 17:44 -------- d-----w- c:\program files\Common Files\AltrixSoft
2010-05-30 18:26 . 2010-05-30 18:26 -------- d-----w- c:\program files\Common Files\EZB Systems
2010-05-30 18:26 . 2010-05-30 18:26 -------- d-----w- c:\program files\UltraISO
2010-05-27 15:37 . 2010-05-27 15:35 -------- d-----w- c:\program files\ESET
2010-05-27 15:31 . 2010-05-27 15:31 -------- d-----w- c:\program files\Common Files\Panda Security
2010-05-26 17:39 . 2010-05-26 17:39 -------- d-----w- c:\program files\Panda Security
2010-05-21 20:09 . 2010-05-21 20:09 -------- d-----w- c:\program files\SubtitleCreator
2010-05-10 21:16 . 2010-05-10 21:16 -------- d-----w- c:\program files\SyncToy 2.1
2010-05-10 21:16 . 2010-05-10 21:16 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-05-10 20:44 . 2010-05-10 20:42 -------- d-----w- c:\program files\totalcmd
2010-05-10 18:26 . 2010-05-10 18:21 -------- d-----w- c:\program files\Google
2010-05-10 18:11 . 2010-05-07 12:26 -------- d-----w- c:\program files\DORIS
2010-05-10 16:11 . 2010-05-10 16:10 -------- d-----w- c:\program files\Media Tagger
2010-05-09 14:21 . 2010-05-09 14:21 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-05-09 14:21 . 2010-05-09 14:21 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-05-09 14:21 . 2010-05-09 14:21 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-05-09 14:21 . 2010-05-09 14:21 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-05-09 14:13 . 2010-05-09 14:13 -------- d-----w- c:\program files\DIFX
2010-05-09 14:13 . 2010-05-09 14:13 -------- d-----w- c:\program files\Common Files\PCSuite
2010-05-09 14:13 . 2010-05-09 14:13 -------- d-----w- c:\program files\Common Files\Nokia
2010-05-09 14:13 . 2010-05-09 14:12 -------- d-----w- c:\program files\Nokia
2010-05-09 14:12 . 2010-05-09 14:12 -------- d-----w- c:\program files\PC Connectivity Solution
2010-05-09 13:35 . 2010-05-09 13:35 -------- d-----w- c:\program files\QuickTime
2010-05-09 13:34 . 2010-05-09 13:34 -------- d-----w- c:\program files\Apple Software Update
2010-05-09 04:08 . 2010-05-09 04:08 -------- d-----w- c:\program files\ViceVersa
2010-05-09 04:07 . 2010-05-09 04:06 -------- d-----w- c:\program files\Everest
2010-05-09 04:03 . 2010-05-09 04:02 -------- d-----w- c:\program files\DVDFab 7
2010-05-09 03:59 . 2010-05-09 03:59 88 --sh--r- c:\windows\system32\BCFAD72D12.sys
2010-05-09 03:58 . 2010-05-09 03:58 -------- d-----w- c:\program files\Common Files\Corel
2010-05-09 03:58 . 2010-05-09 03:58 -------- d-----w- c:\program files\Corel
2010-05-08 13:45 . 2010-05-08 13:45 -------- d-----w- c:\program files\Pixelan
2010-05-08 13:44 . 2010-05-08 13:44 -------- d-----w- c:\program files\Sonic Foundry
2010-05-08 13:41 . 2010-05-08 13:24 -------- d-----w- c:\program files\NewBlue
2010-05-08 13:26 . 2010-05-08 13:26 -------- d-----w- c:\program files\Common Files\eSellerate
2010-05-08 13:23 . 2010-05-08 13:23 -------- d-----w- c:\program files\Magic Bullet Editors 2.0 Vegas
2010-05-08 13:04 . 2010-05-08 12:45 -------- d-----w- c:\program files\Sony
2010-05-08 12:54 . 2010-05-08 12:54 -------- d-----w- c:\program files\Sony Setup
2010-05-08 12:46 . 2010-05-08 12:46 -------- d-----w- c:\program files\Vstplugins
2010-05-08 05:21 . 2010-05-06 19:21 -------- d-----w- c:\program files\The KMPlayer
2010-05-08 05:09 . 2010-05-08 05:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-08 04:28 . 2010-05-06 19:20 971552 ----a-w- c:\windows\system32\drivers\tdrpm174.sys
2010-05-08 04:28 . 2010-05-06 19:20 44704 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2010-05-08 04:28 . 2010-05-06 19:20 540000 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-05-08 04:28 . 2010-05-08 04:28 134272 ----a-w- c:\windows\system32\drivers\snman380.sys
2010-05-07 13:35 . 2010-05-07 13:35 -------- d-----w- c:\program files\NeroInstall.bak
2010-05-07 13:34 . 2010-05-07 13:32 -------- d-----w- c:\program files\Common Files\Nero
2010-05-07 13:32 . 2010-05-07 13:32 -------- d-----w- c:\program files\Nero
2010-05-07 13:25 . 2010-05-07 13:24 -------- d-----w- c:\program files\VideoReDoTVSuite
2010-05-07 13:20 . 2010-05-07 13:20 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-05-07 13:20 . 2010-05-07 13:20 -------- d-----w- c:\program files\VSO
2010-05-07 12:39 . 2010-05-07 12:39 -------- d-----w- c:\program files\Zoner
2010-05-07 12:39 . 2010-05-07 12:39 655 ----a-w- c:\windows\unins000.dat
2010-05-07 12:39 . 2002-02-09 23:00 72748 ----a-w- c:\windows\unins000.exe
2010-05-07 12:34 . 2010-05-07 12:33 -------- d-----w- c:\program files\Your Uninstaller
2010-05-07 12:22 . 2010-05-07 12:22 -------- d-----w- c:\program files\MSXML 4.0
2010-05-06 20:11 . 2010-05-06 20:11 -------- d-----w- c:\program files\MozBackup
2010-05-06 19:58 . 2010-05-06 19:58 -------- d-----w- c:\program files\IObit
2010-05-06 19:54 . 2010-05-06 19:54 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-05-06 19:54 . 2010-05-06 11:12 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-06 19:54 . 2010-05-06 19:54 -------- d-----w- c:\program files\ScanSoft
2010-05-06 19:49 . 2010-05-06 19:38 -------- d-----w- c:\program files\Canon
2010-05-06 19:39 . 2010-05-06 19:39 -------- d--h--w- c:\program files\CanonBJ
2010-05-06 19:23 . 2010-05-06 19:23 -------- d-----w- c:\program files\Microsoft.NET
2010-05-06 19:03 . 2010-05-06 11:00 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-06 19:03 . 2010-05-06 11:00 2684 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-05-06 19:02 . 2010-05-06 11:01 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-05-06 18:39 . 2010-05-06 18:39 0 ----a-w- c:\windows\nsreg.dat
2010-05-06 16:27 . 2010-05-06 16:27 -------- d-----w- c:\program files\MSBuild
2010-05-06 16:27 . 2010-05-06 16:27 -------- d-----w- c:\program files\Reference Assemblies
2010-05-06 16:25 . 2010-05-06 16:25 -------- d-----w- c:\program files\MSXML 6.0
2010-05-06 15:54 . 2010-05-06 15:54 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-06 15:53 . 2010-05-06 15:50 -------- d-----w- c:\program files\AVerMedia
2010-05-06 15:51 . 2010-05-06 15:50 -------- d-----w- c:\program files\Common Files\AVerMedia
2010-05-06 15:03 . 2010-05-06 15:03 -------- d-----w- c:\program files\My Company Name
2010-05-06 15:03 . 2010-05-06 11:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-06 15:01 . 2010-05-06 14:55 -------- d-----w- c:\program files\ATI Technologies
2010-05-06 15:01 . 2010-05-06 15:01 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-05-06 14:54 . 2010-05-06 11:28 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-06 11:28 . 2010-05-06 11:28 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-06 11:28 . 2010-05-06 11:28 -------- d-----w- c:\program files\Java
2010-05-06 11:27 . 2010-05-06 11:27 -------- d-----w- c:\program files\Common Files\Java
2010-05-06 11:16 . 2010-05-06 11:16 -------- d-----w- c:\program files\Realtek
2010-05-06 11:09 . 2010-05-06 11:09 -------- d-----w- c:\program files\7-Zip
2010-05-06 11:01 . 2010-05-06 11:01 -------- d-----w- c:\program files\microsoft frontpage
2010-05-06 10:58 . 2010-05-06 10:58 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-05-02 08:09 . 2006-03-02 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:32 . 2006-03-02 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:08 . 2006-03-02 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:08 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2008-12-16 13:03 165144 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2008-12-16 13:14 962128 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 15:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 14:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-02-28 07:59 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2008-12-16 12:25 4375032 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [27.5.2010 17:36 107256]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [6.5.2010 17:50 356352]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [6.5.2010 17:50 401408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.5.2009 15:47 731840]
R3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\drivers\AVerBDA716x.sys [6.5.2010 17:53 934272]
R4 atidgllk;atidgllk;c:\windows\atidgllk.sys [6.5.2010 17:03 5376]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10.5.2010 20:21 136176]
.
Obsah adresáře 'Naplánované úlohy'
2010-07-01 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-05-06 12:11]
2010-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 18:21]
2010-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 18:21]
2010-05-08 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-05-08 13:31]
2010-05-29 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2010-05-08 13:31]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
FF - ProfilePath - c:\documents and settings\Kulhy\Data aplikací\Mozilla\Firefox\Profiles\fufhg1bn.default\
FF - prefs.js: browser.startup.homepage - www.centrum.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 600000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-PC Translator - c:\docume~1\Kulhy\LOCALS~1\Temp\UN32.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-01 20:25
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3600)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-07-01 20:27:11
ComboFix-quarantined-files.txt 2010-07-01 18:27
Před spuštěním: Volných bajtů: 16 817 065 984
Po spuštění: Volných bajtů: 16 768 540 672
- - End Of File - - 3093190BCA83F6537091C1763E87B9A8
ComboFix 10-06-27.04 - Kulhy 01.07.2010 20:22:24.8.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3327.2846 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kulhy\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-01 do 2010-07-01 )))))))))))))))))))))))))))))))
.
2010-07-01 14:19 . 2010-07-01 14:19 1390730 ----a-w- c:\windows\system32\AutoPartNt.exe
2010-06-29 12:10 . 2010-06-29 12:10 17074 ----a-w- C:\Qoobox.zip
2010-06-27 11:06 . 2010-06-28 09:28 -------- d-----w- c:\program files\trend micro
2010-06-27 11:06 . 2010-06-27 11:06 -------- d-----w- C:\rsit
2010-06-27 10:26 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-27 10:26 . 2010-06-27 10:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-27 10:26 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-26 13:32 . 2010-06-26 13:41 -------- d-----w- c:\program files\Translat
2010-06-26 13:32 . 2010-06-26 13:32 1173504 ----a-w- c:\program files\WDICT32.EXE
2010-06-26 13:32 . 2010-06-26 13:32 243712 ----a-w- c:\program files\TRNIKONY.EXE
2010-06-25 04:45 . 2010-06-25 04:45 -------- d-----w- c:\windows\Performance
2010-06-02 12:59 . 2010-06-27 09:57 -------- d-----w- c:\program files\HD Tune Pro
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-26 20:59 . 2010-05-08 05:04 -------- d-----w- c:\program files\CCleaner
2010-06-26 13:32 . 2010-06-26 13:32 4 ----a-w- c:\program files\USER.NET
2010-06-24 08:43 . 2010-05-06 15:03 196608 ----a-w- c:\windows\system32\drivers\aStandard.bin
2010-06-23 20:17 . 2006-03-02 12:00 79062 ----a-w- c:\windows\system32\perfc005.dat
2010-06-23 20:17 . 2006-03-02 12:00 432004 ----a-w- c:\windows\system32\perfh005.dat
2010-06-18 09:47 . 2010-05-26 17:27 -------- d-----w- c:\program files\FreeRapid-0.83u1
2010-06-03 17:31 . 2010-05-09 03:59 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-06-02 07:56 . 2010-05-06 19:20 -------- d-----w- c:\program files\Common Files\Acronis
2010-06-02 07:56 . 2010-05-08 04:27 -------- d-----w- c:\program files\Acronis
2010-06-01 13:02 . 2010-05-21 20:09 -------- d-----w- c:\program files\URUSoft
2010-05-30 21:42 . 2010-05-30 21:34 -------- d-----w- c:\program files\Hard Drive Inspector
2010-05-30 21:34 . 2010-05-28 17:44 -------- d-----w- c:\program files\Common Files\AltrixSoft
2010-05-30 18:26 . 2010-05-30 18:26 -------- d-----w- c:\program files\Common Files\EZB Systems
2010-05-30 18:26 . 2010-05-30 18:26 -------- d-----w- c:\program files\UltraISO
2010-05-27 15:37 . 2010-05-27 15:35 -------- d-----w- c:\program files\ESET
2010-05-27 15:31 . 2010-05-27 15:31 -------- d-----w- c:\program files\Common Files\Panda Security
2010-05-26 17:39 . 2010-05-26 17:39 -------- d-----w- c:\program files\Panda Security
2010-05-21 20:09 . 2010-05-21 20:09 -------- d-----w- c:\program files\SubtitleCreator
2010-05-10 21:16 . 2010-05-10 21:16 -------- d-----w- c:\program files\SyncToy 2.1
2010-05-10 21:16 . 2010-05-10 21:16 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-05-10 20:44 . 2010-05-10 20:42 -------- d-----w- c:\program files\totalcmd
2010-05-10 18:26 . 2010-05-10 18:21 -------- d-----w- c:\program files\Google
2010-05-10 18:11 . 2010-05-07 12:26 -------- d-----w- c:\program files\DORIS
2010-05-10 16:11 . 2010-05-10 16:10 -------- d-----w- c:\program files\Media Tagger
2010-05-09 14:21 . 2010-05-09 14:21 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-05-09 14:21 . 2010-05-09 14:21 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-05-09 14:21 . 2010-05-09 14:21 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-05-09 14:21 . 2010-05-09 14:21 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-05-09 14:13 . 2010-05-09 14:13 -------- d-----w- c:\program files\DIFX
2010-05-09 14:13 . 2010-05-09 14:13 -------- d-----w- c:\program files\Common Files\PCSuite
2010-05-09 14:13 . 2010-05-09 14:13 -------- d-----w- c:\program files\Common Files\Nokia
2010-05-09 14:13 . 2010-05-09 14:12 -------- d-----w- c:\program files\Nokia
2010-05-09 14:12 . 2010-05-09 14:12 -------- d-----w- c:\program files\PC Connectivity Solution
2010-05-09 13:35 . 2010-05-09 13:35 -------- d-----w- c:\program files\QuickTime
2010-05-09 13:34 . 2010-05-09 13:34 -------- d-----w- c:\program files\Apple Software Update
2010-05-09 04:08 . 2010-05-09 04:08 -------- d-----w- c:\program files\ViceVersa
2010-05-09 04:07 . 2010-05-09 04:06 -------- d-----w- c:\program files\Everest
2010-05-09 04:03 . 2010-05-09 04:02 -------- d-----w- c:\program files\DVDFab 7
2010-05-09 03:59 . 2010-05-09 03:59 88 --sh--r- c:\windows\system32\BCFAD72D12.sys
2010-05-09 03:58 . 2010-05-09 03:58 -------- d-----w- c:\program files\Common Files\Corel
2010-05-09 03:58 . 2010-05-09 03:58 -------- d-----w- c:\program files\Corel
2010-05-08 13:45 . 2010-05-08 13:45 -------- d-----w- c:\program files\Pixelan
2010-05-08 13:44 . 2010-05-08 13:44 -------- d-----w- c:\program files\Sonic Foundry
2010-05-08 13:41 . 2010-05-08 13:24 -------- d-----w- c:\program files\NewBlue
2010-05-08 13:26 . 2010-05-08 13:26 -------- d-----w- c:\program files\Common Files\eSellerate
2010-05-08 13:23 . 2010-05-08 13:23 -------- d-----w- c:\program files\Magic Bullet Editors 2.0 Vegas
2010-05-08 13:04 . 2010-05-08 12:45 -------- d-----w- c:\program files\Sony
2010-05-08 12:54 . 2010-05-08 12:54 -------- d-----w- c:\program files\Sony Setup
2010-05-08 12:46 . 2010-05-08 12:46 -------- d-----w- c:\program files\Vstplugins
2010-05-08 05:21 . 2010-05-06 19:21 -------- d-----w- c:\program files\The KMPlayer
2010-05-08 05:09 . 2010-05-08 05:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-08 04:28 . 2010-05-06 19:20 971552 ----a-w- c:\windows\system32\drivers\tdrpm174.sys
2010-05-08 04:28 . 2010-05-06 19:20 44704 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2010-05-08 04:28 . 2010-05-06 19:20 540000 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-05-08 04:28 . 2010-05-08 04:28 134272 ----a-w- c:\windows\system32\drivers\snman380.sys
2010-05-07 13:35 . 2010-05-07 13:35 -------- d-----w- c:\program files\NeroInstall.bak
2010-05-07 13:34 . 2010-05-07 13:32 -------- d-----w- c:\program files\Common Files\Nero
2010-05-07 13:32 . 2010-05-07 13:32 -------- d-----w- c:\program files\Nero
2010-05-07 13:25 . 2010-05-07 13:24 -------- d-----w- c:\program files\VideoReDoTVSuite
2010-05-07 13:20 . 2010-05-07 13:20 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-05-07 13:20 . 2010-05-07 13:20 -------- d-----w- c:\program files\VSO
2010-05-07 12:39 . 2010-05-07 12:39 -------- d-----w- c:\program files\Zoner
2010-05-07 12:39 . 2010-05-07 12:39 655 ----a-w- c:\windows\unins000.dat
2010-05-07 12:39 . 2002-02-09 23:00 72748 ----a-w- c:\windows\unins000.exe
2010-05-07 12:34 . 2010-05-07 12:33 -------- d-----w- c:\program files\Your Uninstaller
2010-05-07 12:22 . 2010-05-07 12:22 -------- d-----w- c:\program files\MSXML 4.0
2010-05-06 20:11 . 2010-05-06 20:11 -------- d-----w- c:\program files\MozBackup
2010-05-06 19:58 . 2010-05-06 19:58 -------- d-----w- c:\program files\IObit
2010-05-06 19:54 . 2010-05-06 19:54 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-05-06 19:54 . 2010-05-06 11:12 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-06 19:54 . 2010-05-06 19:54 -------- d-----w- c:\program files\ScanSoft
2010-05-06 19:49 . 2010-05-06 19:38 -------- d-----w- c:\program files\Canon
2010-05-06 19:39 . 2010-05-06 19:39 -------- d--h--w- c:\program files\CanonBJ
2010-05-06 19:23 . 2010-05-06 19:23 -------- d-----w- c:\program files\Microsoft.NET
2010-05-06 19:03 . 2010-05-06 11:00 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-06 19:03 . 2010-05-06 11:00 2684 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-05-06 19:02 . 2010-05-06 11:01 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-05-06 18:39 . 2010-05-06 18:39 0 ----a-w- c:\windows\nsreg.dat
2010-05-06 16:27 . 2010-05-06 16:27 -------- d-----w- c:\program files\MSBuild
2010-05-06 16:27 . 2010-05-06 16:27 -------- d-----w- c:\program files\Reference Assemblies
2010-05-06 16:25 . 2010-05-06 16:25 -------- d-----w- c:\program files\MSXML 6.0
2010-05-06 15:54 . 2010-05-06 15:54 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-06 15:53 . 2010-05-06 15:50 -------- d-----w- c:\program files\AVerMedia
2010-05-06 15:51 . 2010-05-06 15:50 -------- d-----w- c:\program files\Common Files\AVerMedia
2010-05-06 15:03 . 2010-05-06 15:03 -------- d-----w- c:\program files\My Company Name
2010-05-06 15:03 . 2010-05-06 11:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-06 15:01 . 2010-05-06 14:55 -------- d-----w- c:\program files\ATI Technologies
2010-05-06 15:01 . 2010-05-06 15:01 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-05-06 14:54 . 2010-05-06 11:28 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-06 11:28 . 2010-05-06 11:28 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-06 11:28 . 2010-05-06 11:28 -------- d-----w- c:\program files\Java
2010-05-06 11:27 . 2010-05-06 11:27 -------- d-----w- c:\program files\Common Files\Java
2010-05-06 11:16 . 2010-05-06 11:16 -------- d-----w- c:\program files\Realtek
2010-05-06 11:09 . 2010-05-06 11:09 -------- d-----w- c:\program files\7-Zip
2010-05-06 11:01 . 2010-05-06 11:01 -------- d-----w- c:\program files\microsoft frontpage
2010-05-06 10:58 . 2010-05-06 10:58 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-05-02 08:09 . 2006-03-02 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:32 . 2006-03-02 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:08 . 2006-03-02 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:08 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2008-12-16 13:03 165144 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2008-12-16 13:14 962128 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 15:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 14:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-02-28 07:59 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2008-12-16 12:25 4375032 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [27.5.2010 17:36 107256]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [6.5.2010 17:50 356352]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [6.5.2010 17:50 401408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.5.2009 15:47 731840]
R3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\drivers\AVerBDA716x.sys [6.5.2010 17:53 934272]
R4 atidgllk;atidgllk;c:\windows\atidgllk.sys [6.5.2010 17:03 5376]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10.5.2010 20:21 136176]
.
Obsah adresáře 'Naplánované úlohy'
2010-07-01 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-05-06 12:11]
2010-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 18:21]
2010-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 18:21]
2010-05-08 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-05-08 13:31]
2010-05-29 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2010-05-08 13:31]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
FF - ProfilePath - c:\documents and settings\Kulhy\Data aplikací\Mozilla\Firefox\Profiles\fufhg1bn.default\
FF - prefs.js: browser.startup.homepage - www.centrum.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 600000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-PC Translator - c:\docume~1\Kulhy\LOCALS~1\Temp\UN32.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-01 20:25
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3600)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-07-01 20:27:11
ComboFix-quarantined-files.txt 2010-07-01 18:27
Před spuštěním: Volných bajtů: 16 817 065 984
Po spuštění: Volných bajtů: 16 768 540 672
- - End Of File - - 3093190BCA83F6537091C1763E87B9A8
Re: Prosím o kontrolu logu
Teď to s počítačem vypadá jak?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?