Zdravím,
máme internet od NetBoxu a už nám ho 3x zablkovaly, protože z pritelkyne PC se posílají spamy. Projel jsme ho AVGckem, NODem, nekolika dalsima programa na trojany, něco to našlo, ale pořád se posílají spamy, prosím o kontrolu logu nebo o radu jak to vyřešit kromě formatu. Díky
Logfile of random's system information tool 1.08 (written by random/random)
Run by Karol at 2010-08-09 18:41:25
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (15%) free of 20 GB
Total RAM: 2038 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:42:01, on 9.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSI\DIGIVOX mini III\DIGIVOX mini III Device Utilities\AFRCtl.exe
C:\Program Files\MSI\TotalMedia 3.5\TMMonitor.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\igfxext.exe
C:\DOCUME~1\Karol\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Kaja\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\RSIT (1).exe
C:\Program Files\trend micro\Karol.exe
C:\Program Files\AVG\AVG9\avgui.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ob/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myfastwebsearch.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myfastwebsearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\IEToolbar\My Fast Web Search\tbhelper.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: TBSB07741 - {9d78be3f-575e-499e-9812-25f531816459} - C:\Program Files\IEToolbar\My Fast Web Search\tbcore3.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: My Fast Web Search - {F9C1FF30-602C-49A5-8DB2-E2510CC4BFB0} - C:\Program Files\IEToolbar\My Fast Web Search\tbcore3.dll
O3 - Toolbar: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\WINDOWS\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Remote Control.lnk = C:\Program Files\MSI\DIGIVOX mini III\DIGIVOX mini III Device Utilities\AFRCtl.exe
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\MSI\TotalMedia 3.5\TMMonitor.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MIFF9B~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIFF9B~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4384781921
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kn.vutbr.cz
O17 - HKLM\Software\..\Telephony: DomainName = kn.vutbr.cz
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = kn.vutbr.cz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = kn.vutbr.cz
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = kn.vutbr.cz
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\
--
End of file - 12071 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\Program Files\ICQToolbar\toolbaru.dll [2008-03-20 708608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-04-21 1082880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-08-08 1619296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d78be3f-575e-499e-9812-25f531816459}]
TBSB07741 Class - C:\Program Files\IEToolbar\My Fast Web Search\tbcore3.dll [2009-09-18 2758656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-07 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-07 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F9C1FF30-602C-49A5-8DB2-E2510CC4BFB0} - My Fast Web Search - C:\Program Files\IEToolbar\My Fast Web Search\tbcore3.dll [2009-09-18 2758656]
{B922D405-6D13-4A2B-AE89-08A030DA4402}
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQ Toolbar - C:\Program Files\ICQToolbar\toolbaru.dll [2008-03-20 708608]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-05-29 16132608]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-06-12 53248]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2007-10-17 858632]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-07 102400]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-04-21 142104]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-04-21 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-04-21 138008]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-07 148888]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"NotebookHardwareControl"=C:\Program Files\Notebook Hardware Control\nhc.exe [2007-05-04 2629632]
"PLFSet"=C:\WINDOWS\PLFSet.dll [2007-04-24 45056]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-10-10 203264]
"SbUsb AudCtrl"=RunDll32 sbusbdll.dll,RCMonitor []
"CTSysVol"=C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe [2003-09-17 57344]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SearchSettings"=C:\Program Files\pdfforge Toolbar\SearchSettings.exe []
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-08-08 2065760]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"RemoteCenter"=C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE [2004-06-25 147456]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Remote Control.lnk - C:\Program Files\MSI\DIGIVOX mini III\DIGIVOX mini III Device Utilities\AFRCtl.exe
TMMonitor.lnk - C:\Program Files\MSI\TotalMedia 3.5\TMMonitor.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-08-08 12536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-04-17 204800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\MSI\TotalMedia 3.5\TotalMedia.exe"="C:\Program Files\MSI\TotalMedia 3.5\TotalMedia.exe:LocalSubNet:Enabled:ArcSoft TotalMedia 3.5"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======File associations======
.js - open - %SystemRoot%\System32\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-10-18 19:50:08 ----D---- C:\Program Files\IKEA HomePlanner
2010-10-18 19:49:52 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-10-17 18:23:55 ----D---- C:\Documents and Settings\Karol\Data aplikací\ICQ Toolbar
2010-10-17 18:16:49 ----D---- C:\Program Files\Common Files\Oberon Media
2010-10-17 18:16:29 ----D---- C:\Program Files\ICQToolbar
2010-10-17 18:16:21 ----D---- C:\Program Files\Oberon Media
2010-10-17 18:16:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\Oberon Media
2010-08-09 18:32:14 ----D---- C:\rsit
2010-08-09 18:32:14 ----D---- C:\Program Files\trend micro
2010-08-08 17:07:29 ----HD---- C:\$AVG
2010-08-08 17:03:03 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-08-08 17:03:02 ----A---- C:\WINDOWS\system32\drivers\avgrkx86.sys
2010-08-08 17:03:02 ----A---- C:\WINDOWS\system32\drivers\AVGIDSxx.sys
2010-08-08 17:03:01 ----A---- C:\WINDOWS\system32\drivers\avgtdix.sys
2010-08-08 17:02:53 ----A---- C:\WINDOWS\system32\drivers\avgmfx86.sys
2010-08-08 17:02:53 ----A---- C:\WINDOWS\system32\drivers\avgldx86.sys
2010-08-08 17:02:44 ----D---- C:\WINDOWS\system32\drivers\Avg
2010-08-08 17:02:08 ----D---- C:\Program Files\AVG
2010-08-08 17:02:08 ----A---- C:\WINDOWS\system32\drivers\avgfwdx.sys
2010-08-08 17:02:08 ----A---- C:\WINDOWS\system32\avgfwdx.dll
2010-08-08 17:02:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg9
2010-08-08 16:16:10 ----D---- C:\Program Files\TrojanHunter 4.2
2010-08-07 21:31:14 ----D---- C:\WINDOWS\pss
======List of files/folders modified in the last 1 months======
2010-10-30 22:04:04 ----D---- C:\Documents and Settings\Karol\Data aplikací\Power Sound Editor Free
2010-10-18 19:49:52 ----D---- C:\Program Files\Common Files
2010-09-29 19:16:48 ----HD---- C:\Program Files\InstallShield Installation Information
2010-09-29 11:01:29 ----D---- C:\Program Files\ICQ6.5
2010-09-28 21:49:35 ----D---- C:\Program Files\Launch Manager
2010-08-09 18:41:52 ----D---- C:\WINDOWS\Prefetch
2010-08-09 18:41:49 ----D---- C:\WINDOWS\Temp
2010-08-09 18:32:14 ----RD---- C:\Program Files
2010-08-09 18:27:19 ----D---- C:\WINDOWS
2010-08-09 18:26:49 ----D---- C:\WINDOWS\system32
2010-08-09 18:25:21 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-09 16:21:19 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-08 17:04:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-08 17:03:02 ----D---- C:\WINDOWS\system32\drivers
2010-08-08 17:02:12 ----HD---- C:\WINDOWS\inf
2010-08-08 17:02:02 ----SHD---- C:\WINDOWS\Installer
2010-08-08 17:02:01 ----HD---- C:\Config.Msi
2010-08-08 17:02:00 ----D---- C:\WINDOWS\WinSxS
2010-08-08 17:02:00 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-08-08 16:40:19 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-08-08 16:35:02 ----D---- C:\Program Files\thriXXX
2010-08-08 16:16:23 ----R---- C:\WINDOWS\streamhlp.dll
2010-08-08 07:21:46 ----D---- C:\WINDOWS\Minidump
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSErHrxpx;AVG9IDSErHr; C:\WINDOWS\System32\Drivers\AVGIDSxx.sys [2010-08-08 25168]
R0 AvgRkx86;avgrkx86.sys; C:\WINDOWS\System32\Drivers\avgrkx86.sys [2010-08-08 52872]
R0 d347bus;d347bus; C:\WINDOWS\system32\DRIVERS\d347bus.sys [2004-08-22 155136]
R0 d347prt;d347prt; C:\WINDOWS\System32\Drivers\d347prt.sys [2004-08-22 5248]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-08-08 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-08-08 29584]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-08-08 243024]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-20 12672]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-08-08 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys []
R3 AVGIDSFilterxpx;AVG9IDSFilter; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys []
R3 AVGIDSShimxpx;AVG9IDSShim; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys []
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-16 160256]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-09-20 1123328]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-03-24 539072]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-03-24 37424]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-04-01 876384]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2006-01-20 17408]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-12-23 988800]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-12-23 209664]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-04-17 5760096]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-31 4424192]
R3 nhcDriverDevice;Notebook Hardware Control Driver; \??\C:\WINDOWS\system32\drivers\nhcDriver.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-14 28672]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-02-07 1729152]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-07 215904]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2007-01-25 290304]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-12-23 730112]
S1 b797f67a;b797f67a; C:\WINDOWS\System32\drivers\b797f67a.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 AF15BDA;AF9015 BDA Filter; C:\WINDOWS\system32\DRIVERS\AF15BDA.sys [2007-12-06 327296]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-08-08 30104]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-03-24 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-04-01 55352]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-24 67960]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2004-04-26 130384]
S3 esihdrv;esihdrv; \??\C:\DOCUME~1\Karol\LOCALS~1\Temp\esihdrv.sys []
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2004-04-26 178736]
S3 sbusb;Sound Blaster USB Audio Driver; C:\WINDOWS\system32\DRIVERS\sbusb.sys [2004-07-27 1643648]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-09-28 109056]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
R2 avg9emc;AVG E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-08-08 921952]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-08-08 308136]
R2 avgfws9;AVG Firewall; C:\Program Files\AVG\AVG9\avgfws9.exe [2010-08-08 2331032]
R2 AVGIDSAgent;AVG9IDSAgent; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-08-08 5897808]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256]
R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-07 152984]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); d:\_Filmy\MSSQL.1\MSSQL\Binn\sqlservr.exe [2005-10-14 28768528]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 NOD32FiXTemDono;Eset Nod32 Boot; C:\WINDOWS\system32\regedt32.exe [2008-04-14 3584]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getplushelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2005-10-14 87768]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2005-10-14 239320]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosím kontrolu logu, z PC se odesílají SPAMy
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
prosím kontrolu logu, z PC se odesílají SPAMy
Naposledy upravil(a) coura dne 09 srp 2010 17:58, celkem upraveno 1 x.
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: prosím kontrolu logu, z PC se odesílají SPAMy
Zdravím 
Odstraňte, prosím, log z "Code".
Stáhněte na plochu CKScanner http://downloads.malwareremoval.com/CKScanner.exe
Odstraňte, prosím, log z "Code". Stáhněte na plochu CKScanner http://downloads.malwareremoval.com/CKScanner.exe- Spusťte a klikněte na "Search For Files", po dokončení skenu klikněte na "Save List to File" -> "OK"
- Log s názvem ckfiles.txt bude uložený na ploše, obsah tohoto souboru sem vložte.
Re: prosím kontrolu logu, z PC se odesílají SPAMy
Díky za převzetí
Přikládám log z CKScanneru
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\leegts games\go-go gourmet\sound\firecracks.ogg
scanner sequence 3.AP.11
----- EOF -----
Přikládám log z CKScanneru
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\leegts games\go-go gourmet\sound\firecracks.ogg
scanner sequence 3.AP.11
----- EOF -----
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: prosím kontrolu logu, z PC se odesílají SPAMy
Doporučuji odinstalovat (pokud nepoužíváte) toolbary (lišty) v Přidat nebo odebrat programy. Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu
- Spusťte, poté do spodního políčka vložte následující skript.
Kód: Vybrat vše
netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT - Označte položku Pro všechny uživatele.
- Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
- Po dokončení, sem vložte logy OTL.Txt a Extras.txt
Re: prosím kontrolu logu, z PC se odesílají SPAMy
Toolbary odstraněny
OTL.txt:
OTL logfile created on: 9.8.2010 19:06:32 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Karol\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20,02 Gb Total Space | 2,88 Gb Free Space | 14,38% Space Free | Partition Type: NTFS
Drive D: | 129,02 Gb Total Space | 9,76 Gb Free Space | 7,56% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 4,63 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: A03-240B
Current User Name: Karol
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.08.09 19:05:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karol\Plocha\OTL.exe
PRC - [2010.08.08 17:02:33 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010.08.08 17:02:32 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010.08.08 17:02:32 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010.08.08 17:02:32 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010.08.08 17:02:28 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010.08.08 17:02:26 | 002,331,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010.08.08 17:02:26 | 001,054,880 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgupd.exe
PRC - [2010.08.08 17:02:25 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010.08.08 17:02:25 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010.08.08 17:02:25 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010.08.08 17:02:23 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010.08.08 17:02:22 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2009.09.28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.06.07 15:16:00 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Karol\Local Settings\Temp\RtkBtMnt.exe
PRC - [2009.02.26 10:49:18 | 000,099,328 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.14 00:39:57 | 000,081,920 | R--- | M] () -- C:\Program Files\MSI\DIGIVOX mini III\DIGIVOX mini III Device Utilities\AFRCtl.exe
PRC - [2007.12.17 18:12:40 | 000,258,048 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\MSI\TotalMedia 3.5\TMMonitor.exe
PRC - [2007.10.17 10:59:44 | 000,858,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007.05.04 02:33:22 | 002,629,632 | ---- | M] (http://www.pbus-167.com) -- C:\Program Files\Notebook Hardware Control\nhc.exe
PRC - [2007.04.21 04:57:26 | 000,166,680 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2007.04.01 09:02:38 | 000,568,176 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2005.10.14 03:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) -- d:\_Filmy\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2004.08.22 17:05:02 | 000,081,920 | ---- | M] (DAEMON'S HOME) -- C:\Program Files\D-Tools\daemon.exe
PRC - [2004.06.25 10:21:50 | 000,147,456 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
PRC - [2003.09.17 10:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
========== Modules (SafeList) ==========
MOD - [2010.08.09 19:05:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karol\Plocha\OTL.exe
MOD - [2008.04.14 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007.04.02 13:00:48 | 000,086,016 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2007.04.01 08:57:16 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
========== Win32 Services (SafeList) ==========
SRV - [2010.08.08 17:02:26 | 002,331,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010.08.08 17:02:25 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010.08.08 17:02:25 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010.08.08 17:02:22 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2009.09.28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.04.14 14:00:00 | 000,003,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono)
SRV - [2005.10.14 03:53:50 | 000,087,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005.10.14 03:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- d:\_Filmy\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2005.10.14 03:51:14 | 000,239,320 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005.10.14 03:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Karol\LOCALS~1\Temp\esihdrv.sys -- (esihdrv)
DRV - [2010.08.09 18:24:59 | 000,022,528 | ---- | M] (pBUS-167 Software - http://www.pbus-167.com) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nhcDriver.sys -- (nhcDriverDevice)
DRV - [2010.08.08 17:03:02 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010.08.08 17:03:02 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010.08.08 17:03:01 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010.08.08 17:02:53 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010.08.08 17:02:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010.08.08 17:02:24 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010.08.08 17:02:24 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010.08.08 17:02:23 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010.08.08 17:02:08 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010.08.08 17:02:08 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2009.11.28 13:35:25 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\b797f67a.sys -- (b797f67a)
DRV - [2008.04.14 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.04.14 02:24:38 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008.04.14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Ovladač zvukové karty USB (WDM)
DRV - [2007.12.06 13:41:38 | 000,327,296 | R--- | M] (AfaTech ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2007.09.20 21:26:48 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007.09.07 11:16:08 | 000,215,904 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.05.31 11:04:56 | 004,424,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.04.17 05:16:26 | 005,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007.04.01 04:02:42 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007.04.01 04:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2007.03.24 01:50:42 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007.03.24 01:50:24 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007.03.24 01:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007.03.24 01:49:54 | 000,539,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007.02.16 15:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007.02.07 18:35:10 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007.01.25 05:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006.12.23 02:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006.12.23 02:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006.12.23 02:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006.01.20 14:42:38 | 000,017,408 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2004.08.22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004.08.22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2004.07.27 11:31:34 | 001,643,648 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sbusb.sys -- (sbusb)
DRV - [2004.06.03 12:10:00 | 000,071,596 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT)
DRV - [2004.04.26 05:23:41 | 000,130,384 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004.04.26 05:23:40 | 000,178,736 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myfastwebsearch.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1123561945-1425521274-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1123561945-1425521274-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ob/
IE - HKU\S-1-5-21-1123561945-1425521274-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/ob/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... prtn=ob&q="
FF - prefs.js..network.proxy.type: 2
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010.08.08 17:02:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\mozilla firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.10.31 13:23:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\mozilla firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.08 16:35:02 | 000,000,000 | ---D | M]
[2009.09.18 23:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Mozilla\Extensions
[2010.01.22 02:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Mozilla\Firefox\Profiles\kpmiebnk.default\extensions
[2009.09.19 07:48:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Karol\Data aplikací\Mozilla\Firefox\Profiles\kpmiebnk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.10.31 13:26:26 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Karol\Data aplikací\Mozilla\Firefox\Profiles\kpmiebnk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.08.09 19:04:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.10.17 18:16:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.02.01 14:40:06 | 000,000,168 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\ICQSearchober1207953.gif
[2010.10.17 18:16:21 | 000,000,173 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\ICQSearchober1207953.src
[2009.07.31 00:15:16 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.07.31 00:15:16 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.07.31 00:15:16 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.07.31 00:15:16 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.07.31 00:15:16 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKU\S-1-5-21-1123561945-1425521274-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NotebookHardwareControl] C:\Program Files\Notebook Hardware Control\nhc.exe (http://www.pbus-167.com)
O4 - HKLM..\Run: [PLFSet] C:\WINDOWS\PLFSet.DLL ( )
O4 - HKLM..\Run: [SbUsb AudCtrl] C:\WINDOWS\System32\sbusbdll.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-1123561945-1425521274-1801674531-1003..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Remote Control.lnk = C:\Program Files\MSI\DIGIVOX mini III\DIGIVOX mini III Device Utilities\AFRCtl.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\TMMonitor.lnk = C:\Program Files\MSI\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1123561945-1425521274-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office 7\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office 7\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 4384781921 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/f ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.222 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kn.vutbr.cz
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Karol\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Karol\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.07 14:15:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.04.20 22:37:17 | 000,054,544 | R--- | M] (Electronic Arts) - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.03.27 06:03:00 | 000,000,049 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{aae98271-535d-11de-863a-c695d4d313d1}\Shell\AutoRun\command - "" = G:\DODA\BEEK\april2x4.exe -- File not found
O33 - MountPoints2\{aae98271-535d-11de-863a-c695d4d313d1}\Shell\open\command - "" = G:\DODA\BEEK\april2x4.exe -- File not found
O33 - MountPoints2\{adb5d1a2-5377-11de-b305-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{adb5d1a2-5377-11de-b305-806d6172696f}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010.04.20 22:37:17 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)
========== Files/Folders - Created Within 30 Days ==========
[2010.10.18 19:50:08 | 000,000,000 | ---D | C] -- C:\Program Files\IKEA HomePlanner
[2010.10.18 19:49:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010.10.17 18:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karol\Data aplikací\ICQ Toolbar
[2010.10.17 18:23:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karol\Saved Games
[2010.10.17 18:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karol\Local Settings\Data aplikací\Oberon Games
[2010.10.17 18:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Oberon Media
[2010.10.17 18:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\ICQToolbar
[2010.10.17 18:16:21 | 000,000,000 | ---D | C] -- C:\Program Files\Oberon Media
[2010.10.17 18:16:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Oberon Media
[2010.10.17 18:05:14 | 076,159,192 | ---- | C] (Oberon Media Inc.) -- C:\Documents and Settings\Karol\Plocha\Dream_Day_First_Home-setup.exe
[2010.10.16 19:04:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\ESET
[2010.08.09 19:05:35 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Karol\Plocha\OTL.exe
[2010.08.09 18:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.08.09 18:32:14 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.08 17:07:29 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010.08.08 17:03:03 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010.08.08 17:03:02 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010.08.08 17:03:02 | 000,025,168 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010.08.08 17:03:01 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010.08.08 17:02:53 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010.08.08 17:02:53 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010.08.08 17:02:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010.08.08 17:02:08 | 000,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010.08.08 17:02:08 | 000,030,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010.08.08 17:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010.08.08 17:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\avg9
[2010.08.08 16:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\TrojanHunter 4.2
[2010.08.08 07:21:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Karol\Recent
[2010.08.07 21:31:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009.07.12 22:12:31 | 000,059,392 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2009.06.07 16:55:30 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2009.06.07 16:55:30 | 000,045,056 | ---- | C] ( ) -- C:\WINDOWS\PLFSet.dll
[2009.06.07 16:55:29 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009.06.07 16:42:45 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2009.06.07 16:42:45 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.10.30 20:10:40 | 001,474,968 | ---- | M] () -- C:\Documents and Settings\Karol\Plocha\Untitled.mp3
[2010.10.30 20:09:32 | 035,388,890 | ---- | M] () -- C:\Documents and Settings\Karol\Plocha\Untitled.wav
[2010.10.19 19:20:50 | 000,102,236 | ---- | M] () -- C:\Documents and Settings\Karol\Plocha\ha.jpg
[2010.10.18 21:48:36 | 000,032,561 | ---- | M] () -- C:\Documents and Settings\Karol\Plocha\9330_1118608815917_1547926614_30259957_178879_n.jpg
[2010.10.18 19:51:06 | 000,002,303 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\IKEA Home Planner.lnk
[2010.10.18 19:49:16 | 020,464,128 | ---- | M] () -- C:\Documents and Settings\Karol\Plocha\IKEA_Home_Planner10.exe
[2010.10.17 18:16:51 | 000,001,825 | ---- | M] () -- C:\Documents and Settings\Karol\Plocha\Dream Day First Home.lnk
[2010.10.17 18:16:51 | 000,001,110 | ---- | M] () -- C:\Documents and Settings\Karol\Plocha\ICQ Games.lnk
[2010.10.17 18:05:43 | 076,159,192 | ---- | M] (Oberon Media Inc.) -- C:\Documents and Settings\Karol\Plocha\Dream_Day_First_Home-setup.exe
[2010.10.16 16:23:00 | 003,072,054 | ---- | M] () -- C:\Documents and Settings\Karol\Plocha\Bez názvu.bmp
[2010.10.07 18:23:20 | 000,049,364 | ---- | M] () -- C:\Documents and Settings\Karol\Plocha\E.jpg
[2010.10.01 00:21:17 | 000,010,267 | ---- | M] () -- C:\Documents and Settings\Karol\Dokumenty\F.docx
[2010.09.30 23:40:44 | 000,044,136 | ---- | M] () -- C:\Documents and Settings\Karol\Plocha\Fila.jpg
[2010.09.30 23:06:31 | 000,288,844 | ---- | M] () -- C:\Documents and Settings\Karol\Plocha\ld_jr_2010.pdf
[2010.09.29 19:22:23 | 000,000,609 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\The Sims™ 3 Povolání snů.lnk
[2010.09.28 09:19:07 | 014,998,794 | ---- | M] () -- C:\Documents and Settings\Karol\Plocha\EDDIE STOILOW - FLOATING - official video HD.mp4
[2010.08.09 19:08:52 | 000,741,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\svtfulf.sys
[2010.08.09 19:05:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karol\Plocha\OTL.exe
[2010.08.09 18:58:58 | 000,443,392 | ---- | M] () -- C:\Documents and Settings\Karol\Plocha\CKScanner.exe
[2010.08.09 18:27:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.09 18:24:59 | 000,022,528 | ---- | M] (pBUS-167 Software - http://www.pbus-167.com) -- C:\WINDOWS\System32\drivers\nhcDriver.sys
[2010.08.09 18:24:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.08.09 18:24:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.09 15:57:48 | 063,167,957 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.08.09 15:54:49 | 000,000,588 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010.08.09 15:54:49 | 000,000,588 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010.08.08 18:43:22 | 000,610,066 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010.08.08 17:06:10 | 007,077,888 | -H-- | M] () -- C:\Documents and Settings\Karol\NTUSER.DAT
[2010.08.08 17:04:22 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\Karol\ntuser.ini
[2010.08.08 17:03:03 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010.08.08 17:03:03 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\AVG 9.0.lnk
[2010.08.08 17:03:02 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010.08.08 17:03:02 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010.08.08 17:03:01 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010.08.08 17:02:53 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010.08.08 17:02:53 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010.08.08 17:02:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010.08.08 17:02:08 | 000,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010.08.08 17:02:08 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010.08.08 16:16:23 | 000,059,392 | R--- | M] () -- C:\WINDOWS\streamhlp.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.10.30 20:10:30 | 001,474,968 | ---- | C] () -- C:\Documents and Settings\Karol\Plocha\Untitled.mp3
[2010.10.30 20:09:22 | 035,388,890 | ---- | C] () -- C:\Documents and Settings\Karol\Plocha\Untitled.wav
[2010.10.19 19:20:50 | 000,102,236 | ---- | C] () -- C:\Documents and Settings\Karol\Plocha\ha.jpg
[2010.10.18 21:48:36 | 000,032,561 | ---- | C] () -- C:\Documents and Settings\Karol\Plocha\9330_1118608815917_1547926614_30259957_178879_n.jpg
[2010.10.18 19:50:18 | 000,002,303 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\IKEA Home Planner.lnk
[2010.10.18 19:48:57 | 020,464,128 | ---- | C] () -- C:\Documents and Settings\Karol\Plocha\IKEA_Home_Planner10.exe
[2010.10.17 18:16:51 | 000,001,825 | ---- | C] () -- C:\Documents and Settings\Karol\Plocha\Dream Day First Home.lnk
[2010.10.17 18:16:51 | 000,001,110 | ---- | C] () -- C:\Documents and Settings\Karol\Plocha\ICQ Games.lnk
[2010.10.16 16:22:59 | 003,072,054 | ---- | C] () -- C:\Documents and Settings\Karol\Plocha\Bez názvu.bmp
[2010.10.07 18:23:20 | 000,049,364 | ---- | C] () -- C:\Documents and Settings\Karol\Plocha\E.jpg
[2010.10.01 00:19:55 | 000,010,267 | ---- | C] () -- C:\Documents and Settings\Karol\Dokumenty\F.docx
[2010.09.30 23:40:44 | 000,044,136 | ---- | C] () -- C:\Documents and Settings\Karol\Plocha\Fila.jpg
[2010.09.30 23:06:31 | 000,288,844 | ---- | C] () -- C:\Documents and Settings\Karol\Plocha\ld_jr_2010.pdf
[2010.09.29 19:22:23 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\The Sims™ 3 Povolání snů.lnk
[2010.09.28 09:16:37 | 014,998,794 | ---- | C] () -- C:\Documents and Settings\Karol\Plocha\EDDIE STOILOW - FLOATING - official video HD.mp4
[2010.08.09 18:58:58 | 000,443,392 | ---- | C] () -- C:\Documents and Settings\Karol\Plocha\CKScanner.exe
[2010.08.08 17:03:03 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\AVG 9.0.lnk
[2010.08.08 17:02:53 | 000,610,066 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010.08.08 17:02:53 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010.08.08 17:02:44 | 063,167,957 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.04.15 00:47:07 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010.02.28 12:02:38 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\svtfulf.sys
[2010.02.13 23:11:44 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.02.13 23:11:42 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.02.13 23:11:34 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.02.13 23:11:34 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.02.13 23:11:28 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.02.13 23:11:28 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.09.23 04:29:12 | 003,190,784 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009.09.23 04:29:12 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2009.09.23 04:29:12 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009.09.23 04:29:12 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009.09.23 04:29:12 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009.09.23 04:29:12 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009.09.23 04:29:12 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009.09.23 04:29:12 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009.09.23 04:29:12 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2009.09.23 04:29:12 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009.09.23 04:29:12 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009.09.23 04:29:12 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009.09.23 04:29:12 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2009.09.23 04:29:12 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009.09.23 04:29:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009.09.23 04:29:12 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009.09.23 04:29:12 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009.09.20 21:29:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\b797f67a.sys
[2009.07.27 23:13:52 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2009.07.27 23:12:58 | 000,009,953 | ---- | C] () -- C:\WINDOWS\System32\SBUSB.INI
[2009.07.10 07:20:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\KA.ini
[2009.06.28 20:00:36 | 000,001,297 | ---- | C] () -- C:\WINDOWS\TVAfaDrv.ini
[2009.06.28 20:00:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009.06.26 12:40:55 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo.dll
[2009.06.07 17:40:44 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.06.07 16:55:30 | 001,729,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009.06.07 14:46:06 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\Desktop_.ini
[2009.06.07 14:44:26 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2009.06.07 14:44:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2007.04.01 09:00:28 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007.04.01 08:41:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005.09.06 00:17:40 | 000,258,560 | ---- | C] () -- C:\WINDOWS\System32\MusicTagsAX.dll
[2005.02.17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005.02.17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004.08.22 17:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2003.08.07 21:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.12.05 17:51:00 | 000,059,392 | R--- | C] () -- C:\WINDOWS\streamhlp.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== LOP Check ==========
[2010.08.08 17:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avg9
[2009.06.07 14:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Broadcom
[2009.06.07 18:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Electronic Arts
[2009.06.07 14:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2009.12.15 01:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\FarmFrenzy3
[2010.04.11 00:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\FreshGames
[2009.11.09 16:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Fugazo
[2009.06.17 19:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Go Go Gourmet
[2009.06.19 19:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\NevoSoft Games
[2010.04.05 22:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Oberon Games
[2010.10.17 18:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Oberon Media
[2010.01.15 17:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PlayFirst
[2009.10.31 00:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Sandlot Games
[2010.08.08 16:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.08.09 19:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Toolbar4
[2010.04.03 22:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Valusoft
[2009.06.07 15:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kaja\Data aplikací\Opera
[2009.11.15 23:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\BeachPartyCraze
[2009.11.01 17:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Desktopicon
[2009.06.07 14:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\ESET
[2009.06.19 18:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Gaijin Ent
[2009.06.17 18:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Gamelab
[2009.06.28 21:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Home Sweet Home 2
[2009.12.25 23:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Home Sweet Home Christmas
[2009.12.29 00:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\ICQ
[2010.10.17 18:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\ICQ Toolbar
[2009.11.12 00:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\OpenOffice.org
[2009.06.07 15:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Opera
[2010.01.15 17:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\PlayFirst
[2009.11.09 15:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Pogo Games
[2010.10.30 22:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Power Sound Editor Free
[2010.04.03 22:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Valusoft
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)
"RemoteCenter" = C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE -- [2004.06.25 10:21:50 | 000,147,456 | ---- | M] (Creative Technology Ltd)
< c:\windows\*.* /U >
[3 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
[2009.06.16 14:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2005.09.22 00:41:53 | 002,280,195 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\setup_aa-mp3.exe
[2005.09.22 00:41:06 | 000,692,224 | ---- | M] (Mystik Media) -- C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline\IFYTMEAUOAHMP3IIAA3XTAEDFFFFFF0\AA-MP3.exe
< %APPDATA%\*. >
[2010.02.23 15:34:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Adobe
[2009.06.10 19:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\AdobeUM
[2009.07.10 23:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Apple Computer
[2009.06.28 22:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\ArcSoft
[2009.11.15 23:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\BeachPartyCraze
[2009.07.27 23:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Creative
[2009.11.01 17:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Desktopicon
[2010.02.13 22:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\dvdcss
[2009.06.07 14:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\ESET
[2009.06.19 18:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Gaijin Ent
[2009.06.17 18:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Gamelab
[2009.06.07 15:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\GRETECH
[2009.12.25 23:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Help
[2009.06.28 21:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Home Sweet Home 2
[2009.12.25 23:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Home Sweet Home Christmas
[2009.06.24 14:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\HP
[2009.12.29 00:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\ICQ
[2010.10.17 18:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\ICQ Toolbar
[2009.06.07 14:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Identities
[2009.06.07 14:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\InstallShield
[2009.06.07 18:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Macromedia
[2010.02.13 23:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Media Player Classic
[2010.03.29 18:27:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Karol\Data aplikací\Microsoft
[2009.09.18 23:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Mozilla
[2009.11.12 00:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\OpenOffice.org
[2009.06.07 15:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Opera
[2010.01.15 17:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\PlayFirst
[2009.11.09 15:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Pogo Games
[2010.10.30 22:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Power Sound Editor Free
[2010.03.15 23:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Skype
[2010.03.15 21:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\skypePM
[2009.06.07 15:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Sun
[2010.04.03 22:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Valusoft
[2009.06.07 15:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\vlc
< %APPDATA%\*.exe /s >
[2007.03.22 12:46:40 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\Karol\Data aplikací\GRETECH\GomPlayer\GrLauncher.exe
[2010.11.02 13:01:11 | 000,040,960 | ---- | M] (Gretech Corporation) -- C:\Documents and Settings\Karol\Data aplikací\GRETECH\GomPlayer\GrLauncherTempSetup.exe
[2009.06.07 17:58:47 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Karol\Data aplikací\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2009.09.23 17:37:30 | 000,022,352 | ---- | M] (NOS Microsystems Ltd.) -- C:\Documents and Settings\Karol\Data aplikací\Mozilla\Firefox\Profiles\kpmiebnk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
[2009.09.23 17:37:30 | 000,034,112 | ---- | M] (NOS Microsystems Ltd.) -- C:\Documents and Settings\Karol\Data aplikací\Mozilla\Firefox\Profiles\kpmiebnk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
< MD5 for: AGP440.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
OTL.txt:
OTL logfile created on: 9.8.2010 19:06:32 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Karol\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20,02 Gb Total Space | 2,88 Gb Free Space | 14,38% Space Free | Partition Type: NTFS
Drive D: | 129,02 Gb Total Space | 9,76 Gb Free Space | 7,56% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 4,63 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: A03-240B
Current User Name: Karol
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.08.09 19:05:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karol\Plocha\OTL.exe
PRC - [2010.08.08 17:02:33 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010.08.08 17:02:32 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010.08.08 17:02:32 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010.08.08 17:02:32 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010.08.08 17:02:28 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010.08.08 17:02:26 | 002,331,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010.08.08 17:02:26 | 001,054,880 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgupd.exe
PRC - [2010.08.08 17:02:25 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010.08.08 17:02:25 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010.08.08 17:02:25 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010.08.08 17:02:23 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010.08.08 17:02:22 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2009.09.28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.06.07 15:16:00 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Karol\Local Settings\Temp\RtkBtMnt.exe
PRC - [2009.02.26 10:49:18 | 000,099,328 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.14 00:39:57 | 000,081,920 | R--- | M] () -- C:\Program Files\MSI\DIGIVOX mini III\DIGIVOX mini III Device Utilities\AFRCtl.exe
PRC - [2007.12.17 18:12:40 | 000,258,048 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\MSI\TotalMedia 3.5\TMMonitor.exe
PRC - [2007.10.17 10:59:44 | 000,858,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007.05.04 02:33:22 | 002,629,632 | ---- | M] (http://www.pbus-167.com) -- C:\Program Files\Notebook Hardware Control\nhc.exe
PRC - [2007.04.21 04:57:26 | 000,166,680 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2007.04.01 09:02:38 | 000,568,176 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2005.10.14 03:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) -- d:\_Filmy\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2004.08.22 17:05:02 | 000,081,920 | ---- | M] (DAEMON'S HOME) -- C:\Program Files\D-Tools\daemon.exe
PRC - [2004.06.25 10:21:50 | 000,147,456 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
PRC - [2003.09.17 10:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
========== Modules (SafeList) ==========
MOD - [2010.08.09 19:05:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karol\Plocha\OTL.exe
MOD - [2008.04.14 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007.04.02 13:00:48 | 000,086,016 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2007.04.01 08:57:16 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
========== Win32 Services (SafeList) ==========
SRV - [2010.08.08 17:02:26 | 002,331,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010.08.08 17:02:25 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010.08.08 17:02:25 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010.08.08 17:02:22 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2009.09.28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.04.14 14:00:00 | 000,003,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono)
SRV - [2005.10.14 03:53:50 | 000,087,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005.10.14 03:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- d:\_Filmy\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2005.10.14 03:51:14 | 000,239,320 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005.10.14 03:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Karol\LOCALS~1\Temp\esihdrv.sys -- (esihdrv)
DRV - [2010.08.09 18:24:59 | 000,022,528 | ---- | M] (pBUS-167 Software - http://www.pbus-167.com) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nhcDriver.sys -- (nhcDriverDevice)
DRV - [2010.08.08 17:03:02 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010.08.08 17:03:02 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010.08.08 17:03:01 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010.08.08 17:02:53 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010.08.08 17:02:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010.08.08 17:02:24 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010.08.08 17:02:24 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010.08.08 17:02:23 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010.08.08 17:02:08 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010.08.08 17:02:08 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2009.11.28 13:35:25 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\b797f67a.sys -- (b797f67a)
DRV - [2008.04.14 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.04.14 02:24:38 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008.04.14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Ovladač zvukové karty USB (WDM)
DRV - [2007.12.06 13:41:38 | 000,327,296 | R--- | M] (AfaTech ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2007.09.20 21:26:48 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007.09.07 11:16:08 | 000,215,904 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.05.31 11:04:56 | 004,424,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.04.17 05:16:26 | 005,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007.04.01 04:02:42 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007.04.01 04:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2007.03.24 01:50:42 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007.03.24 01:50:24 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007.03.24 01:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007.03.24 01:49:54 | 000,539,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007.02.16 15:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007.02.07 18:35:10 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007.01.25 05:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006.12.23 02:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006.12.23 02:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006.12.23 02:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006.01.20 14:42:38 | 000,017,408 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2004.08.22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004.08.22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2004.07.27 11:31:34 | 001,643,648 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sbusb.sys -- (sbusb)
DRV - [2004.06.03 12:10:00 | 000,071,596 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT)
DRV - [2004.04.26 05:23:41 | 000,130,384 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004.04.26 05:23:40 | 000,178,736 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myfastwebsearch.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1123561945-1425521274-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1123561945-1425521274-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ob/
IE - HKU\S-1-5-21-1123561945-1425521274-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/ob/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... prtn=ob&q="
FF - prefs.js..network.proxy.type: 2
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010.08.08 17:02:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\mozilla firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.10.31 13:23:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\mozilla firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.08 16:35:02 | 000,000,000 | ---D | M]
[2009.09.18 23:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Mozilla\Extensions
[2010.01.22 02:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Mozilla\Firefox\Profiles\kpmiebnk.default\extensions
[2009.09.19 07:48:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Karol\Data aplikací\Mozilla\Firefox\Profiles\kpmiebnk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.10.31 13:26:26 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Karol\Data aplikací\Mozilla\Firefox\Profiles\kpmiebnk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.08.09 19:04:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.10.17 18:16:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.02.01 14:40:06 | 000,000,168 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\ICQSearchober1207953.gif
[2010.10.17 18:16:21 | 000,000,173 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\ICQSearchober1207953.src
[2009.07.31 00:15:16 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.07.31 00:15:16 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.07.31 00:15:16 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.07.31 00:15:16 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.07.31 00:15:16 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKU\S-1-5-21-1123561945-1425521274-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NotebookHardwareControl] C:\Program Files\Notebook Hardware Control\nhc.exe (http://www.pbus-167.com)
O4 - HKLM..\Run: [PLFSet] C:\WINDOWS\PLFSet.DLL ( )
O4 - HKLM..\Run: [SbUsb AudCtrl] C:\WINDOWS\System32\sbusbdll.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-1123561945-1425521274-1801674531-1003..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Remote Control.lnk = C:\Program Files\MSI\DIGIVOX mini III\DIGIVOX mini III Device Utilities\AFRCtl.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\TMMonitor.lnk = C:\Program Files\MSI\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1123561945-1425521274-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office 7\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office 7\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 4384781921 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/f ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.222 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kn.vutbr.cz
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Karol\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Karol\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.07 14:15:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.04.20 22:37:17 | 000,054,544 | R--- | M] (Electronic Arts) - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.03.27 06:03:00 | 000,000,049 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{aae98271-535d-11de-863a-c695d4d313d1}\Shell\AutoRun\command - "" = G:\DODA\BEEK\april2x4.exe -- File not found
O33 - MountPoints2\{aae98271-535d-11de-863a-c695d4d313d1}\Shell\open\command - "" = G:\DODA\BEEK\april2x4.exe -- File not found
O33 - MountPoints2\{adb5d1a2-5377-11de-b305-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{adb5d1a2-5377-11de-b305-806d6172696f}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010.04.20 22:37:17 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)
========== Files/Folders - Created Within 30 Days ==========
[2010.10.18 19:50:08 | 000,000,000 | ---D | C] -- C:\Program Files\IKEA HomePlanner
[2010.10.18 19:49:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010.10.17 18:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karol\Data aplikací\ICQ Toolbar
[2010.10.17 18:23:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karol\Saved Games
[2010.10.17 18:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karol\Local Settings\Data aplikací\Oberon Games
[2010.10.17 18:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Oberon Media
[2010.10.17 18:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\ICQToolbar
[2010.10.17 18:16:21 | 000,000,000 | ---D | C] -- C:\Program Files\Oberon Media
[2010.10.17 18:16:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Oberon Media
[2010.10.17 18:05:14 | 076,159,192 | ---- | C] (Oberon Media Inc.) -- C:\Documents and Settings\Karol\Plocha\Dream_Day_First_Home-setup.exe
[2010.10.16 19:04:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\ESET
[2010.08.09 19:05:35 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Karol\Plocha\OTL.exe
[2010.08.09 18:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.08.09 18:32:14 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.08 17:07:29 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010.08.08 17:03:03 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010.08.08 17:03:02 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010.08.08 17:03:02 | 000,025,168 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010.08.08 17:03:01 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010.08.08 17:02:53 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010.08.08 17:02:53 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010.08.08 17:02:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010.08.08 17:02:08 | 000,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010.08.08 17:02:08 | 000,030,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010.08.08 17:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010.08.08 17:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\avg9
[2010.08.08 16:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\TrojanHunter 4.2
[2010.08.08 07:21:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Karol\Recent
[2010.08.07 21:31:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009.07.12 22:12:31 | 000,059,392 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2009.06.07 16:55:30 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2009.06.07 16:55:30 | 000,045,056 | ---- | C] ( ) -- C:\WINDOWS\PLFSet.dll
[2009.06.07 16:55:29 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009.06.07 16:42:45 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2009.06.07 16:42:45 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.10.30 20:10:40 | 001,474,968 | ---- | M] () -- C:\Documents and Settings\Karol\Plocha\Untitled.mp3
[2010.10.30 20:09:32 | 035,388,890 | ---- | M] () -- C:\Documents and Settings\Karol\Plocha\Untitled.wav
[2010.10.19 19:20:50 | 000,102,236 | ---- | M] () -- C:\Documents and Settings\Karol\Plocha\ha.jpg
[2010.10.18 21:48:36 | 000,032,561 | ---- | M] () -- C:\Documents and Settings\Karol\Plocha\9330_1118608815917_1547926614_30259957_178879_n.jpg
[2010.10.18 19:51:06 | 000,002,303 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\IKEA Home Planner.lnk
[2010.10.18 19:49:16 | 020,464,128 | ---- | M] () -- C:\Documents and Settings\Karol\Plocha\IKEA_Home_Planner10.exe
[2010.10.17 18:16:51 | 000,001,825 | ---- | M] () -- C:\Documents and Settings\Karol\Plocha\Dream Day First Home.lnk
[2010.10.17 18:16:51 | 000,001,110 | ---- | M] () -- C:\Documents and Settings\Karol\Plocha\ICQ Games.lnk
[2010.10.17 18:05:43 | 076,159,192 | ---- | M] (Oberon Media Inc.) -- C:\Documents and Settings\Karol\Plocha\Dream_Day_First_Home-setup.exe
[2010.10.16 16:23:00 | 003,072,054 | ---- | M] () -- C:\Documents and Settings\Karol\Plocha\Bez názvu.bmp
[2010.10.07 18:23:20 | 000,049,364 | ---- | M] () -- C:\Documents and Settings\Karol\Plocha\E.jpg
[2010.10.01 00:21:17 | 000,010,267 | ---- | M] () -- C:\Documents and Settings\Karol\Dokumenty\F.docx
[2010.09.30 23:40:44 | 000,044,136 | ---- | M] () -- C:\Documents and Settings\Karol\Plocha\Fila.jpg
[2010.09.30 23:06:31 | 000,288,844 | ---- | M] () -- C:\Documents and Settings\Karol\Plocha\ld_jr_2010.pdf
[2010.09.29 19:22:23 | 000,000,609 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\The Sims™ 3 Povolání snů.lnk
[2010.09.28 09:19:07 | 014,998,794 | ---- | M] () -- C:\Documents and Settings\Karol\Plocha\EDDIE STOILOW - FLOATING - official video HD.mp4
[2010.08.09 19:08:52 | 000,741,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\svtfulf.sys
[2010.08.09 19:05:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karol\Plocha\OTL.exe
[2010.08.09 18:58:58 | 000,443,392 | ---- | M] () -- C:\Documents and Settings\Karol\Plocha\CKScanner.exe
[2010.08.09 18:27:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.09 18:24:59 | 000,022,528 | ---- | M] (pBUS-167 Software - http://www.pbus-167.com) -- C:\WINDOWS\System32\drivers\nhcDriver.sys
[2010.08.09 18:24:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.08.09 18:24:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.09 15:57:48 | 063,167,957 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.08.09 15:54:49 | 000,000,588 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010.08.09 15:54:49 | 000,000,588 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010.08.08 18:43:22 | 000,610,066 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010.08.08 17:06:10 | 007,077,888 | -H-- | M] () -- C:\Documents and Settings\Karol\NTUSER.DAT
[2010.08.08 17:04:22 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\Karol\ntuser.ini
[2010.08.08 17:03:03 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010.08.08 17:03:03 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\AVG 9.0.lnk
[2010.08.08 17:03:02 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010.08.08 17:03:02 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010.08.08 17:03:01 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010.08.08 17:02:53 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010.08.08 17:02:53 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010.08.08 17:02:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010.08.08 17:02:08 | 000,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010.08.08 17:02:08 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010.08.08 16:16:23 | 000,059,392 | R--- | M] () -- C:\WINDOWS\streamhlp.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.10.30 20:10:30 | 001,474,968 | ---- | C] () -- C:\Documents and Settings\Karol\Plocha\Untitled.mp3
[2010.10.30 20:09:22 | 035,388,890 | ---- | C] () -- C:\Documents and Settings\Karol\Plocha\Untitled.wav
[2010.10.19 19:20:50 | 000,102,236 | ---- | C] () -- C:\Documents and Settings\Karol\Plocha\ha.jpg
[2010.10.18 21:48:36 | 000,032,561 | ---- | C] () -- C:\Documents and Settings\Karol\Plocha\9330_1118608815917_1547926614_30259957_178879_n.jpg
[2010.10.18 19:50:18 | 000,002,303 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\IKEA Home Planner.lnk
[2010.10.18 19:48:57 | 020,464,128 | ---- | C] () -- C:\Documents and Settings\Karol\Plocha\IKEA_Home_Planner10.exe
[2010.10.17 18:16:51 | 000,001,825 | ---- | C] () -- C:\Documents and Settings\Karol\Plocha\Dream Day First Home.lnk
[2010.10.17 18:16:51 | 000,001,110 | ---- | C] () -- C:\Documents and Settings\Karol\Plocha\ICQ Games.lnk
[2010.10.16 16:22:59 | 003,072,054 | ---- | C] () -- C:\Documents and Settings\Karol\Plocha\Bez názvu.bmp
[2010.10.07 18:23:20 | 000,049,364 | ---- | C] () -- C:\Documents and Settings\Karol\Plocha\E.jpg
[2010.10.01 00:19:55 | 000,010,267 | ---- | C] () -- C:\Documents and Settings\Karol\Dokumenty\F.docx
[2010.09.30 23:40:44 | 000,044,136 | ---- | C] () -- C:\Documents and Settings\Karol\Plocha\Fila.jpg
[2010.09.30 23:06:31 | 000,288,844 | ---- | C] () -- C:\Documents and Settings\Karol\Plocha\ld_jr_2010.pdf
[2010.09.29 19:22:23 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\The Sims™ 3 Povolání snů.lnk
[2010.09.28 09:16:37 | 014,998,794 | ---- | C] () -- C:\Documents and Settings\Karol\Plocha\EDDIE STOILOW - FLOATING - official video HD.mp4
[2010.08.09 18:58:58 | 000,443,392 | ---- | C] () -- C:\Documents and Settings\Karol\Plocha\CKScanner.exe
[2010.08.08 17:03:03 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\AVG 9.0.lnk
[2010.08.08 17:02:53 | 000,610,066 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010.08.08 17:02:53 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010.08.08 17:02:44 | 063,167,957 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.04.15 00:47:07 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010.02.28 12:02:38 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\svtfulf.sys
[2010.02.13 23:11:44 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.02.13 23:11:42 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.02.13 23:11:34 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.02.13 23:11:34 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.02.13 23:11:28 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.02.13 23:11:28 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.09.23 04:29:12 | 003,190,784 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009.09.23 04:29:12 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2009.09.23 04:29:12 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009.09.23 04:29:12 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009.09.23 04:29:12 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009.09.23 04:29:12 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009.09.23 04:29:12 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009.09.23 04:29:12 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009.09.23 04:29:12 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2009.09.23 04:29:12 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009.09.23 04:29:12 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009.09.23 04:29:12 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009.09.23 04:29:12 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2009.09.23 04:29:12 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009.09.23 04:29:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009.09.23 04:29:12 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009.09.23 04:29:12 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009.09.20 21:29:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\b797f67a.sys
[2009.07.27 23:13:52 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2009.07.27 23:12:58 | 000,009,953 | ---- | C] () -- C:\WINDOWS\System32\SBUSB.INI
[2009.07.10 07:20:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\KA.ini
[2009.06.28 20:00:36 | 000,001,297 | ---- | C] () -- C:\WINDOWS\TVAfaDrv.ini
[2009.06.28 20:00:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009.06.26 12:40:55 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo.dll
[2009.06.07 17:40:44 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.06.07 16:55:30 | 001,729,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009.06.07 14:46:06 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\Desktop_.ini
[2009.06.07 14:44:26 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2009.06.07 14:44:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2007.04.01 09:00:28 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007.04.01 08:41:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005.09.06 00:17:40 | 000,258,560 | ---- | C] () -- C:\WINDOWS\System32\MusicTagsAX.dll
[2005.02.17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005.02.17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004.08.22 17:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2003.08.07 21:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.12.05 17:51:00 | 000,059,392 | R--- | C] () -- C:\WINDOWS\streamhlp.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== LOP Check ==========
[2010.08.08 17:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avg9
[2009.06.07 14:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Broadcom
[2009.06.07 18:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Electronic Arts
[2009.06.07 14:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2009.12.15 01:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\FarmFrenzy3
[2010.04.11 00:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\FreshGames
[2009.11.09 16:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Fugazo
[2009.06.17 19:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Go Go Gourmet
[2009.06.19 19:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\NevoSoft Games
[2010.04.05 22:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Oberon Games
[2010.10.17 18:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Oberon Media
[2010.01.15 17:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PlayFirst
[2009.10.31 00:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Sandlot Games
[2010.08.08 16:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.08.09 19:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Toolbar4
[2010.04.03 22:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Valusoft
[2009.06.07 15:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kaja\Data aplikací\Opera
[2009.11.15 23:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\BeachPartyCraze
[2009.11.01 17:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Desktopicon
[2009.06.07 14:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\ESET
[2009.06.19 18:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Gaijin Ent
[2009.06.17 18:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Gamelab
[2009.06.28 21:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Home Sweet Home 2
[2009.12.25 23:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Home Sweet Home Christmas
[2009.12.29 00:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\ICQ
[2010.10.17 18:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\ICQ Toolbar
[2009.11.12 00:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\OpenOffice.org
[2009.06.07 15:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Opera
[2010.01.15 17:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\PlayFirst
[2009.11.09 15:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Pogo Games
[2010.10.30 22:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Power Sound Editor Free
[2010.04.03 22:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Valusoft
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)
"RemoteCenter" = C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE -- [2004.06.25 10:21:50 | 000,147,456 | ---- | M] (Creative Technology Ltd)
< c:\windows\*.* /U >
[3 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
[2009.06.16 14:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2005.09.22 00:41:53 | 002,280,195 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\setup_aa-mp3.exe
[2005.09.22 00:41:06 | 000,692,224 | ---- | M] (Mystik Media) -- C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline\IFYTMEAUOAHMP3IIAA3XTAEDFFFFFF0\AA-MP3.exe
< %APPDATA%\*. >
[2010.02.23 15:34:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Adobe
[2009.06.10 19:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\AdobeUM
[2009.07.10 23:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Apple Computer
[2009.06.28 22:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\ArcSoft
[2009.11.15 23:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\BeachPartyCraze
[2009.07.27 23:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Creative
[2009.11.01 17:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Desktopicon
[2010.02.13 22:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\dvdcss
[2009.06.07 14:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\ESET
[2009.06.19 18:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Gaijin Ent
[2009.06.17 18:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Gamelab
[2009.06.07 15:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\GRETECH
[2009.12.25 23:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Help
[2009.06.28 21:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Home Sweet Home 2
[2009.12.25 23:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Home Sweet Home Christmas
[2009.06.24 14:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\HP
[2009.12.29 00:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\ICQ
[2010.10.17 18:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\ICQ Toolbar
[2009.06.07 14:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Identities
[2009.06.07 14:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\InstallShield
[2009.06.07 18:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Macromedia
[2010.02.13 23:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Media Player Classic
[2010.03.29 18:27:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Karol\Data aplikací\Microsoft
[2009.09.18 23:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Mozilla
[2009.11.12 00:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\OpenOffice.org
[2009.06.07 15:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Opera
[2010.01.15 17:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\PlayFirst
[2009.11.09 15:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Pogo Games
[2010.10.30 22:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Power Sound Editor Free
[2010.03.15 23:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Skype
[2010.03.15 21:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\skypePM
[2009.06.07 15:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Sun
[2010.04.03 22:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\Valusoft
[2009.06.07 15:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Data aplikací\vlc
< %APPDATA%\*.exe /s >
[2007.03.22 12:46:40 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\Karol\Data aplikací\GRETECH\GomPlayer\GrLauncher.exe
[2010.11.02 13:01:11 | 000,040,960 | ---- | M] (Gretech Corporation) -- C:\Documents and Settings\Karol\Data aplikací\GRETECH\GomPlayer\GrLauncherTempSetup.exe
[2009.06.07 17:58:47 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Karol\Data aplikací\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2009.09.23 17:37:30 | 000,022,352 | ---- | M] (NOS Microsystems Ltd.) -- C:\Documents and Settings\Karol\Data aplikací\Mozilla\Firefox\Profiles\kpmiebnk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
[2009.09.23 17:37:30 | 000,034,112 | ---- | M] (NOS Microsystems Ltd.) -- C:\Documents and Settings\Karol\Data aplikací\Mozilla\Firefox\Profiles\kpmiebnk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
< MD5 for: AGP440.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
Re: prosím kontrolu logu, z PC se odesílají SPAMy
< MD5 for: CDROM.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 14:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
< MD5 for: ISAPNP.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 14:00:00 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\isapnp.sys
< MD5 for: LSASS.EXE >
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2008.04.14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.04.14 14:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.08.09 19:11:33 | 000,741,376 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\svtfulf.sys
< %systemroot%\System32\config\*.sav >
[2009.06.07 15:55:30 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.06.07 15:55:30 | 001,093,632 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.06.07 15:55:30 | 000,503,808 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %fystemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %fystemRoot%\system32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
[2010.08.08 17:02:08 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgfwdx.sys
[2010.08.08 17:03:02 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\system32\drivers\AVGIDSxx.sys
[2010.08.08 17:02:53 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010.08.08 17:02:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010.08.08 17:03:02 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgrkx86.sys
[2010.08.08 17:03:01 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2010.08.09 18:24:59 | 000,022,528 | ---- | M] (pBUS-167 Software - http://www.pbus-167.com) -- C:\WINDOWS\system32\drivers\nhcDriver.sys
[2010.08.09 19:11:58 | 000,741,376 | ---- | M] () -- C:\WINDOWS\system32\drivers\svtfulf.sys
< %systemroot%\system32\*.* /3 >
[2010.08.08 17:02:08 | 000,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgfwdx.dll
[2010.08.08 17:03:03 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll
[2010.08.09 15:54:49 | 000,000,588 | ---- | M] () -- C:\WINDOWS\system32\settings.sfm
[2010.08.09 15:54:49 | 000,000,588 | ---- | M] () -- C:\WINDOWS\system32\settingsbkup.sfm
[2010.08.09 18:27:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
========== Alternate Data Streams ==========
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:5D7D48CA
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:75EC4D20
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:9CF56DF4
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:E4FCDFD9
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D117B72F
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:4D066AD2
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:CB0AACC9
< End of report >
Extras.txt:
OTL Extras logfile created on: 9.8.2010 19:06:32 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Karol\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20,02 Gb Total Space | 2,88 Gb Free Space | 14,38% Space Free | Partition Type: NTFS
Drive D: | 129,02 Gb Total Space | 9,76 Gb Free Space | 7,56% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 4,63 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: A03-240B
Current User Name: Karol
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.js [@ = JSFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1123561945-1425521274-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office 7\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office 7\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Program Files\MSI\TotalMedia 3.5\TotalMedia.exe" = C:\Program Files\MSI\TotalMedia 3.5\TotalMedia.exe:LocalSubNet:Enabled:ArcSoft TotalMedia 3.5 -- (ArcSoft, Inc.)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{153F839F-0A63-41D8-890F-7324C0E13743}" = Broadcom Driver v4.170.25.12_Foxconn Installation Program
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1CBE3804-20DF-48DA-B048-895C206E80A5}" = Microsoft SQL Server VSS Writer
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{23F3E8E6-0912-41F4-ACDC-63805753D82C}" = Farm Frenzy 3
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{268CF0B8-CA38-4E20-9E99-514A07F7C1F1}" = ArcSoft TotalMedia 3.5
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{3f4f83ef-7571-490b-a064-115ca216afb8}" = Kitchen Brigade
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5C0054EB-24A5-46A8-80E3-62AAA930DEFA}" = Sound Blaster Live! 24-Bit External
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A8A3B60-52B4-437F-9281-D63930B42535}" = AudioAlchemy MP3 Edition
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{706BB40A-4102-4c89-8107-DC68C4EBD19B}" = HP Deskjet All-In-One Software 9.0
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Povolání snů
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FD0CA9-884F-4525-97B8-0AE6179302E6}" = F2100
"{A4512736-8D63-4298-9271-5329931FA46B}" = Microsoft SQL Server Management Studio Express
"{A9C365A3-06C0-43b4-A2DB-EDF0A6079AA9}" = DJ_AIO_Software
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1029-7B44-A70500000002}" = Adobe Reader 7.0.5 - Czech
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B4B1F18B-5CED-4f8f-8A8F-1BD0503C222E}" = DJ_AIO_ProductContext
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BF251EAF-8697-4E89-BF09-C998F97BBC40}" = Microsoft SQL Server Native Client
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDC7BEC8-D631-4e36-81D7-FC3689209AA6}" = F2100_Help
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1230F57-1E3C-42C2-8F38-F25A922AF81E}" = Wedding Dash - Ready, Aim, Love!
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{DA60AB6B-6C9C-4B5F-BC61-3B0D9BCBD50B}" = MSI DIGIVOX mini III Device Utilities
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DF67E8C2-1D4C-44E1-93DC-7E26E2D74D00}" = MSXML 6.0 SDK
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA400604-10A2-4DCC-85E6-9DDC948C86A7}" = Go-Go Gourmet
"{EB48851B-96A4-489f-9F95-29F3731E9764}" = F2100_doccd
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F56D6F46-1D62-4734-BF12-6457A1ED17BD}" = DJ_AIO_Software_min
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AudioAlchemy MP3 Edition" = AudioAlchemy MP3 Edition
"AVG9Uninstall" = AVG 9.0
"BFGC" = Big Fish Games Client
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"ENTERPRISE" = Microsoft Office Enterprise 2007
"flv audio extractor_is1" = Flv Audio Extractor 1.04
"formatfactory" = FormatFactory 2.15
"GOM Player" = GOM Player
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.7.0 (Full)
"Konvertor" = Konvertor
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"mozilla firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Notebook Hardware Control" = Notebook Hardware Control 2.0 Pre-Release-06
"Power Sound Editor Free_is1" = Power Sound Editor Free v5.7
"Ranch Rush1.0" = Ranch Rush
"Stand O'Food" = Stand O'Food
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative System Information
"TC PowerPack" = TC PowerPack 1.7
"TVAfaDrv" = MSI DIGIVOX mini III BDA Driver
"VLC media player" = VLC media player 0.9.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 7.8.2010 12:25:17 | Computer Name = A03-240B | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil
Error - 8.8.2010 1:14:49 | Computer Name = A03-240B | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil
Error - 8.8.2010 10:40:17 | Computer Name = A03-240B | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil
Error - 8.8.2010 10:44:20 | Computer Name = A03-240B | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil
Error - 8.8.2010 10:54:56 | Computer Name = A03-240B | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil
Error - 8.8.2010 11:07:40 | Computer Name = A03-240B | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: The server name or address could not be resolved
Error - 9.8.2010 9:54:10 | Computer Name = A03-240B | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil
Error - 9.8.2010 12:27:11 | Computer Name = A03-240B | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil
Error - 9.8.2010 12:32:33 | Computer Name = A03-240B | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace RSIT.exe, verze 3.3.2.0, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.
Error - 9.8.2010 12:41:01 | Computer Name = A03-240B | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace RSIT (1).exe, verze 3.3.2.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
[ Application Events ]
Error - 7.8.2010 12:25:17 | Computer Name = A03-240B | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil
Error - 8.8.2010 1:14:49 | Computer Name = A03-240B | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil
Error - 8.8.2010 10:40:17 | Computer Name = A03-240B | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil
Error - 8.8.2010 10:44:20 | Computer Name = A03-240B | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil
Error - 8.8.2010 10:54:56 | Computer Name = A03-240B | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil
Error - 8.8.2010 11:07:40 | Computer Name = A03-240B | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: The server name or address could not be resolved
Error - 9.8.2010 9:54:10 | Computer Name = A03-240B | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil
Error - 9.8.2010 12:27:11 | Computer Name = A03-240B | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil
Error - 9.8.2010 12:32:33 | Computer Name = A03-240B | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace RSIT.exe, verze 3.3.2.0, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.
Error - 9.8.2010 12:41:01 | Computer Name = A03-240B | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace RSIT (1).exe, verze 3.3.2.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
[ OSession Events ]
Error - 23.1.2010 7:32:08 | Computer Name = A03-240B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 10264 seconds with 4440 seconds of active time. This session ended with
a crash.
Error - 25.1.2010 6:15:59 | Computer Name = A03-240B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 156054 seconds with 1740 seconds of active time. This session ended with
a crash.
Error - 11.4.2010 1:48:08 | Computer Name = A03-240B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 208831
seconds with 180 seconds of active time. This session ended with a crash.
Error - 14.4.2010 2:06:20 | Computer Name = A03-240B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 86189
seconds with 4320 seconds of active time. This session ended with a crash.
Error - 21.4.2010 16:55:42 | Computer Name = A03-240B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 82907
seconds with 60 seconds of active time. This session ended with a crash.
Error - 10.5.2010 8:33:08 | Computer Name = A03-240B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 100622
seconds with 1080 seconds of active time. This session ended with a crash.
Error - 18.5.2010 4:04:27 | Computer Name = A03-240B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 132320
seconds with 480 seconds of active time. This session ended with a crash.
Error - 20.5.2010 5:30:30 | Computer Name = A03-240B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 243602
seconds with 6900 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 8.8.2010 10:54:49 | Computer Name = A03-240B | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
Eset Nod32 Boot.
Error - 8.8.2010 10:54:49 | Computer Name = A03-240B | Source = Service Control Manager | ID = 7000
Description = Služba Eset Nod32 Boot neuspěla při spuštění v důsledku následující
chyby: %%1053
Error - 8.8.2010 10:54:49 | Computer Name = A03-240B | Source = Service Control Manager | ID = 7000
Description = Služba Automatické aktualizace neuspěla při spuštění v důsledku následující
chyby: %%2
Error - 8.8.2010 10:54:56 | Computer Name = A03-240B | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1055 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 8.8.2010 10:54:56 | Computer Name = A03-240B | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1055 při pokusu o spuštění služby hpqcxs08
s argumenty za účelem spuštění serveru: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
Error - 8.8.2010 10:54:56 | Computer Name = A03-240B | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1055 při pokusu o spuštění služby netman
s argumenty za účelem spuštění serveru: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 8.8.2010 10:54:56 | Computer Name = A03-240B | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1055 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 8.8.2010 11:07:37 | Computer Name = A03-240B | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
Eset Nod32 Boot.
Error - 8.8.2010 11:07:37 | Computer Name = A03-240B | Source = Service Control Manager | ID = 7000
Description = Služba Eset Nod32 Boot neuspěla při spuštění v důsledku následující
chyby: %%1053
Error - 8.8.2010 11:07:37 | Computer Name = A03-240B | Source = Service Control Manager | ID = 7000
Description = Služba Automatické aktualizace neuspěla při spuštění v důsledku následující
chyby: %%2
< End of report >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 14:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
< MD5 for: ISAPNP.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 14:00:00 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\isapnp.sys
< MD5 for: LSASS.EXE >
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2008.04.14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.04.14 14:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.08.09 19:11:33 | 000,741,376 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\svtfulf.sys
< %systemroot%\System32\config\*.sav >
[2009.06.07 15:55:30 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.06.07 15:55:30 | 001,093,632 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.06.07 15:55:30 | 000,503,808 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %fystemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %fystemRoot%\system32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
[2010.08.08 17:02:08 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgfwdx.sys
[2010.08.08 17:03:02 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\system32\drivers\AVGIDSxx.sys
[2010.08.08 17:02:53 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010.08.08 17:02:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010.08.08 17:03:02 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgrkx86.sys
[2010.08.08 17:03:01 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2010.08.09 18:24:59 | 000,022,528 | ---- | M] (pBUS-167 Software - http://www.pbus-167.com) -- C:\WINDOWS\system32\drivers\nhcDriver.sys
[2010.08.09 19:11:58 | 000,741,376 | ---- | M] () -- C:\WINDOWS\system32\drivers\svtfulf.sys
< %systemroot%\system32\*.* /3 >
[2010.08.08 17:02:08 | 000,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgfwdx.dll
[2010.08.08 17:03:03 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll
[2010.08.09 15:54:49 | 000,000,588 | ---- | M] () -- C:\WINDOWS\system32\settings.sfm
[2010.08.09 15:54:49 | 000,000,588 | ---- | M] () -- C:\WINDOWS\system32\settingsbkup.sfm
[2010.08.09 18:27:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
========== Alternate Data Streams ==========
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:5D7D48CA
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:75EC4D20
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:9CF56DF4
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:E4FCDFD9
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D117B72F
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:4D066AD2
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:CB0AACC9
< End of report >
Extras.txt:
OTL Extras logfile created on: 9.8.2010 19:06:32 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Karol\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20,02 Gb Total Space | 2,88 Gb Free Space | 14,38% Space Free | Partition Type: NTFS
Drive D: | 129,02 Gb Total Space | 9,76 Gb Free Space | 7,56% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 4,63 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: A03-240B
Current User Name: Karol
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.js [@ = JSFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1123561945-1425521274-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office 7\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office 7\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Program Files\MSI\TotalMedia 3.5\TotalMedia.exe" = C:\Program Files\MSI\TotalMedia 3.5\TotalMedia.exe:LocalSubNet:Enabled:ArcSoft TotalMedia 3.5 -- (ArcSoft, Inc.)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{153F839F-0A63-41D8-890F-7324C0E13743}" = Broadcom Driver v4.170.25.12_Foxconn Installation Program
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1CBE3804-20DF-48DA-B048-895C206E80A5}" = Microsoft SQL Server VSS Writer
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{23F3E8E6-0912-41F4-ACDC-63805753D82C}" = Farm Frenzy 3
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{268CF0B8-CA38-4E20-9E99-514A07F7C1F1}" = ArcSoft TotalMedia 3.5
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{3f4f83ef-7571-490b-a064-115ca216afb8}" = Kitchen Brigade
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5C0054EB-24A5-46A8-80E3-62AAA930DEFA}" = Sound Blaster Live! 24-Bit External
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A8A3B60-52B4-437F-9281-D63930B42535}" = AudioAlchemy MP3 Edition
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{706BB40A-4102-4c89-8107-DC68C4EBD19B}" = HP Deskjet All-In-One Software 9.0
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Povolání snů
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FD0CA9-884F-4525-97B8-0AE6179302E6}" = F2100
"{A4512736-8D63-4298-9271-5329931FA46B}" = Microsoft SQL Server Management Studio Express
"{A9C365A3-06C0-43b4-A2DB-EDF0A6079AA9}" = DJ_AIO_Software
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1029-7B44-A70500000002}" = Adobe Reader 7.0.5 - Czech
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B4B1F18B-5CED-4f8f-8A8F-1BD0503C222E}" = DJ_AIO_ProductContext
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BF251EAF-8697-4E89-BF09-C998F97BBC40}" = Microsoft SQL Server Native Client
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDC7BEC8-D631-4e36-81D7-FC3689209AA6}" = F2100_Help
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1230F57-1E3C-42C2-8F38-F25A922AF81E}" = Wedding Dash - Ready, Aim, Love!
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{DA60AB6B-6C9C-4B5F-BC61-3B0D9BCBD50B}" = MSI DIGIVOX mini III Device Utilities
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DF67E8C2-1D4C-44E1-93DC-7E26E2D74D00}" = MSXML 6.0 SDK
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA400604-10A2-4DCC-85E6-9DDC948C86A7}" = Go-Go Gourmet
"{EB48851B-96A4-489f-9F95-29F3731E9764}" = F2100_doccd
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F56D6F46-1D62-4734-BF12-6457A1ED17BD}" = DJ_AIO_Software_min
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AudioAlchemy MP3 Edition" = AudioAlchemy MP3 Edition
"AVG9Uninstall" = AVG 9.0
"BFGC" = Big Fish Games Client
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"ENTERPRISE" = Microsoft Office Enterprise 2007
"flv audio extractor_is1" = Flv Audio Extractor 1.04
"formatfactory" = FormatFactory 2.15
"GOM Player" = GOM Player
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.7.0 (Full)
"Konvertor" = Konvertor
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"mozilla firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Notebook Hardware Control" = Notebook Hardware Control 2.0 Pre-Release-06
"Power Sound Editor Free_is1" = Power Sound Editor Free v5.7
"Ranch Rush1.0" = Ranch Rush
"Stand O'Food" = Stand O'Food
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative System Information
"TC PowerPack" = TC PowerPack 1.7
"TVAfaDrv" = MSI DIGIVOX mini III BDA Driver
"VLC media player" = VLC media player 0.9.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 7.8.2010 12:25:17 | Computer Name = A03-240B | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil
Error - 8.8.2010 1:14:49 | Computer Name = A03-240B | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil
Error - 8.8.2010 10:40:17 | Computer Name = A03-240B | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil
Error - 8.8.2010 10:44:20 | Computer Name = A03-240B | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil
Error - 8.8.2010 10:54:56 | Computer Name = A03-240B | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil
Error - 8.8.2010 11:07:40 | Computer Name = A03-240B | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: The server name or address could not be resolved
Error - 9.8.2010 9:54:10 | Computer Name = A03-240B | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil
Error - 9.8.2010 12:27:11 | Computer Name = A03-240B | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil
Error - 9.8.2010 12:32:33 | Computer Name = A03-240B | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace RSIT.exe, verze 3.3.2.0, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.
Error - 9.8.2010 12:41:01 | Computer Name = A03-240B | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace RSIT (1).exe, verze 3.3.2.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
[ Application Events ]
Error - 7.8.2010 12:25:17 | Computer Name = A03-240B | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil
Error - 8.8.2010 1:14:49 | Computer Name = A03-240B | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil
Error - 8.8.2010 10:40:17 | Computer Name = A03-240B | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil
Error - 8.8.2010 10:44:20 | Computer Name = A03-240B | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil
Error - 8.8.2010 10:54:56 | Computer Name = A03-240B | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil
Error - 8.8.2010 11:07:40 | Computer Name = A03-240B | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: The server name or address could not be resolved
Error - 9.8.2010 9:54:10 | Computer Name = A03-240B | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil
Error - 9.8.2010 12:27:11 | Computer Name = A03-240B | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil
Error - 9.8.2010 12:32:33 | Computer Name = A03-240B | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace RSIT.exe, verze 3.3.2.0, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.
Error - 9.8.2010 12:41:01 | Computer Name = A03-240B | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace RSIT (1).exe, verze 3.3.2.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
[ OSession Events ]
Error - 23.1.2010 7:32:08 | Computer Name = A03-240B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 10264 seconds with 4440 seconds of active time. This session ended with
a crash.
Error - 25.1.2010 6:15:59 | Computer Name = A03-240B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 156054 seconds with 1740 seconds of active time. This session ended with
a crash.
Error - 11.4.2010 1:48:08 | Computer Name = A03-240B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 208831
seconds with 180 seconds of active time. This session ended with a crash.
Error - 14.4.2010 2:06:20 | Computer Name = A03-240B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 86189
seconds with 4320 seconds of active time. This session ended with a crash.
Error - 21.4.2010 16:55:42 | Computer Name = A03-240B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 82907
seconds with 60 seconds of active time. This session ended with a crash.
Error - 10.5.2010 8:33:08 | Computer Name = A03-240B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 100622
seconds with 1080 seconds of active time. This session ended with a crash.
Error - 18.5.2010 4:04:27 | Computer Name = A03-240B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 132320
seconds with 480 seconds of active time. This session ended with a crash.
Error - 20.5.2010 5:30:30 | Computer Name = A03-240B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 243602
seconds with 6900 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 8.8.2010 10:54:49 | Computer Name = A03-240B | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
Eset Nod32 Boot.
Error - 8.8.2010 10:54:49 | Computer Name = A03-240B | Source = Service Control Manager | ID = 7000
Description = Služba Eset Nod32 Boot neuspěla při spuštění v důsledku následující
chyby: %%1053
Error - 8.8.2010 10:54:49 | Computer Name = A03-240B | Source = Service Control Manager | ID = 7000
Description = Služba Automatické aktualizace neuspěla při spuštění v důsledku následující
chyby: %%2
Error - 8.8.2010 10:54:56 | Computer Name = A03-240B | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1055 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 8.8.2010 10:54:56 | Computer Name = A03-240B | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1055 při pokusu o spuštění služby hpqcxs08
s argumenty za účelem spuštění serveru: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
Error - 8.8.2010 10:54:56 | Computer Name = A03-240B | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1055 při pokusu o spuštění služby netman
s argumenty za účelem spuštění serveru: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 8.8.2010 10:54:56 | Computer Name = A03-240B | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1055 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 8.8.2010 11:07:37 | Computer Name = A03-240B | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
Eset Nod32 Boot.
Error - 8.8.2010 11:07:37 | Computer Name = A03-240B | Source = Service Control Manager | ID = 7000
Description = Služba Eset Nod32 Boot neuspěla při spuštění v důsledku následující
chyby: %%1053
Error - 8.8.2010 11:07:37 | Computer Name = A03-240B | Source = Service Control Manager | ID = 7000
Description = Služba Automatické aktualizace neuspěla při spuštění v důsledku následující
chyby: %%2
< End of report >
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: prosím kontrolu logu, z PC se odesílají SPAMy
Spusťte OTL a do spodního okna vložte následující skript.
Kód: Vybrat vše
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Karol\LOCALS~1\Temp\esihdrv.sys -- (esihdrv)
DRV - [2009.11.28 13:35:25 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\b797f67a.sys -- (b797f67a)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myfastwebsearch.com/
O3 - HKU\S-1-5-21-1123561945-1425521274-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O33 - MountPoints2\{aae98271-535d-11de-863a-c695d4d313d1}\Shell\AutoRun\command - "" = G:\DODA\BEEK\april2x4.exe -- File not found
O33 - MountPoints2\{aae98271-535d-11de-863a-c695d4d313d1}\Shell\open\command - "" = G:\DODA\BEEK\april2x4.exe -- File not found
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2010.08.09 19:08:52 | 000,741,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\svtfulf.sys
[2009.06.16 14:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}
[2010.08.09 15:54:49 | 000,000,588 | ---- | M] () -- C:\WINDOWS\system32\settings.sfm
[2010.08.09 15:54:49 | 000,000,588 | ---- | M] () -- C:\WINDOWS\system32\settingsbkup.sfm
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:5D7D48CA
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:75EC4D20
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:9CF56DF4
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:E4FCDFD9
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D117B72F
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:4D066AD2
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:CB0AACC9
:Services
NOD32FiXTemDono
Application Updater
svtfulf
:Files
C:\WINDOWS\system32\regedt32.exe
C:\Program Files\Application Updater
:Commands
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
Re: prosím kontrolu logu, z PC se odesílají SPAMy
All processes killed
========== OTL ==========
Service UIUSys stopped successfully!
Service UIUSys deleted successfully!
File C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS not found.
Service esihdrv stopped successfully!
Service esihdrv deleted successfully!
File C:\DOCUME~1\Karol\LOCALS~1\Temp\esihdrv.sys not found.
Service b797f67a stopped successfully!
Service b797f67a deleted successfully!
C:\WINDOWS\system32\drivers\b797f67a.sys moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1123561945-1425521274-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aae98271-535d-11de-863a-c695d4d313d1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aae98271-535d-11de-863a-c695d4d313d1}\ not found.
File G:\DODA\BEEK\april2x4.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aae98271-535d-11de-863a-c695d4d313d1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aae98271-535d-11de-863a-c695d4d313d1}\ not found.
File G:\DODA\BEEK\april2x4.exe not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET11C7.tmp deleted successfully.
C:\WINDOWS\System32\SET11C8.tmp deleted successfully.
C:\WINDOWS\System32\SET3A8.tmp deleted successfully.
C:\WINDOWS\System32\SET3AC.tmp deleted successfully.
C:\WINDOWS\System32\SET3B4.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
File move failed. C:\WINDOWS\system32\drivers\svtfulf.sys scheduled to be moved on reboot.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline\IFYTMEIAYSIKEDADLFARETIRFFFTFF0 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline\IFYTMEAUOAHMP3IIHETAETREFFFFFF0 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline\IFYTMEAUOAHMP3IIAA3XTAEDFFFFFF0 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline\IFMIOLFIREAITCTAFLBFAOLLGEFFFF0 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline\IFIDSSSTM3MSOMTLCXWISYDIFFFFFF0 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline\IFIDSSSTM3MSCR0DLFINYSIRFFFFFF0 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline\IFIDSSSTM3CODL32CXWISYDIFFFFFF0 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline\IFGMGCVEUIAGCIXMITSALFNSDRFFFF0 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline\IFGMGCVECAIOUIRESLEEDLINSIFFFF0 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline\IFGMGCEEDOLMI0RITCM3DFWSSRFFTF0 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline\IFGMGCECIOIRSNUOATIS3LWSYIFFFF0 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline\IFGMGCECIOIRSNAUOORE3LWIYDFFFF0 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline\IFGMGCECIOIRSNAUOIWMDLINSIFFTF0 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline\IFGMGCECIOIRESNWMRFESXWSYIFFFF0 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline\IFGMGCECIOIRESNAUOI3DFIYSRFFTF0 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A} folder moved successfully.
C:\WINDOWS\system32\settings.sfm moved successfully.
C:\WINDOWS\system32\settingsbkup.sfm moved successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:5D7D48CA deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:75EC4D20 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:9CF56DF4 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:E4FCDFD9 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:D117B72F deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:4D066AD2 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:CB0AACC9 deleted successfully.
========== SERVICES/DRIVERS ==========
Service NOD32FiXTemDono stopped successfully!
Service NOD32FiXTemDono deleted successfully!
Error: No service named Application Updater was found to stop!
Service\Driver key Application Updater not found.
Error: No service named svtfulf was found to stop!
Service\Driver key svtfulf not found.
========== FILES ==========
C:\WINDOWS\system32\regedt32.exe moved successfully.
C:\Program Files\Application Updater folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Kaja
->Opera cache emptied: 636662334 bytes
User: Karol
->Temp folder emptied: 1074653037 bytes
->Temporary Internet Files folder emptied: 1200767 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44294338 bytes
->Opera cache emptied: 175019 bytes
->Flash cache emptied: 3806 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 606208 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 274672859 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13494318 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1 951,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: Kaja
User: Karol
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
Restore points cleared and new OTL Restore Point set!
OTL by OldTimer - Version 3.2.9.1 log created on 08092010_193042
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\system32\drivers\svtfulf.sys scheduled to be moved on reboot.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_cf8.dat not found!
Registry entries deleted on Reboot...
========== OTL ==========
Service UIUSys stopped successfully!
Service UIUSys deleted successfully!
File C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS not found.
Service esihdrv stopped successfully!
Service esihdrv deleted successfully!
File C:\DOCUME~1\Karol\LOCALS~1\Temp\esihdrv.sys not found.
Service b797f67a stopped successfully!
Service b797f67a deleted successfully!
C:\WINDOWS\system32\drivers\b797f67a.sys moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1123561945-1425521274-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aae98271-535d-11de-863a-c695d4d313d1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aae98271-535d-11de-863a-c695d4d313d1}\ not found.
File G:\DODA\BEEK\april2x4.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aae98271-535d-11de-863a-c695d4d313d1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aae98271-535d-11de-863a-c695d4d313d1}\ not found.
File G:\DODA\BEEK\april2x4.exe not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET11C7.tmp deleted successfully.
C:\WINDOWS\System32\SET11C8.tmp deleted successfully.
C:\WINDOWS\System32\SET3A8.tmp deleted successfully.
C:\WINDOWS\System32\SET3AC.tmp deleted successfully.
C:\WINDOWS\System32\SET3B4.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
File move failed. C:\WINDOWS\system32\drivers\svtfulf.sys scheduled to be moved on reboot.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline\IFYTMEIAYSIKEDADLFARETIRFFFTFF0 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline\IFYTMEAUOAHMP3IIHETAETREFFFFFF0 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline\IFYTMEAUOAHMP3IIAA3XTAEDFFFFFF0 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline\IFMIOLFIREAITCTAFLBFAOLLGEFFFF0 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline\IFIDSSSTM3MSOMTLCXWISYDIFFFFFF0 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline\IFIDSSSTM3MSCR0DLFINYSIRFFFFFF0 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline\IFIDSSSTM3CODL32CXWISYDIFFFFFF0 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline\IFGMGCVEUIAGCIXMITSALFNSDRFFFF0 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline\IFGMGCVECAIOUIRESLEEDLINSIFFFF0 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline\IFGMGCEEDOLMI0RITCM3DFWSSRFFTF0 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline\IFGMGCECIOIRSNUOATIS3LWSYIFFFF0 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline\IFGMGCECIOIRSNAUOORE3LWIYDFFFF0 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline\IFGMGCECIOIRSNAUOIWMDLINSIFFTF0 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline\IFGMGCECIOIRESNWMRFESXWSYIFFFF0 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline\IFGMGCECIOIRESNAUOI3DFIYSRFFTF0 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\offline folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A} folder moved successfully.
C:\WINDOWS\system32\settings.sfm moved successfully.
C:\WINDOWS\system32\settingsbkup.sfm moved successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:5D7D48CA deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:75EC4D20 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:9CF56DF4 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:E4FCDFD9 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:D117B72F deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:4D066AD2 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:CB0AACC9 deleted successfully.
========== SERVICES/DRIVERS ==========
Service NOD32FiXTemDono stopped successfully!
Service NOD32FiXTemDono deleted successfully!
Error: No service named Application Updater was found to stop!
Service\Driver key Application Updater not found.
Error: No service named svtfulf was found to stop!
Service\Driver key svtfulf not found.
========== FILES ==========
C:\WINDOWS\system32\regedt32.exe moved successfully.
C:\Program Files\Application Updater folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Kaja
->Opera cache emptied: 636662334 bytes
User: Karol
->Temp folder emptied: 1074653037 bytes
->Temporary Internet Files folder emptied: 1200767 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44294338 bytes
->Opera cache emptied: 175019 bytes
->Flash cache emptied: 3806 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 606208 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 274672859 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13494318 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1 951,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: Kaja
User: Karol
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
Restore points cleared and new OTL Restore Point set!
OTL by OldTimer - Version 3.2.9.1 log created on 08092010_193042
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\system32\drivers\svtfulf.sys scheduled to be moved on reboot.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_cf8.dat not found!
Registry entries deleted on Reboot...
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: prosím kontrolu logu, z PC se odesílají SPAMy
Stáhněte a uložte http://download.bleepingcomputer.com/sUBs/ComboFix.exe na plochu.- Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
- Vložte do PC všechny flash disky, které používáte.
- Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano".
- Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
- Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
- Během skenování může být počítač restartován.
Re: prosím kontrolu logu, z PC se odesílají SPAMy
za boha to nemuzu zprovoznit... poprvi to nabehlo, skocil cmd, nechal jsem to 4 hodiny, ale nevyresilo se to... Ted uz jenom nabehne ten prvni progrtess bar, ale po zmizeni uz nic nenabehne... Mam to nejak spustit v prikazovem radku? nebo v nouzovem rezimu?
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: prosím kontrolu logu, z PC se odesílají SPAMy
Zkuste ComboFix přejmenovat na cokoliv.com a spustit v nouzovém režimu.
Re: prosím kontrolu logu, z PC se odesílají SPAMy
Tak konecne
ComboFix 10-08-09.03 - Karol 10.08.2010 16:15:22.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1525 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\cokoliv.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikací\Toolbar4
c:\program files\IEToolbar
c:\windows\daemon.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\Data
c:\windows\system32\Desktop_.ini
c:\windows\system32\drivers\ntfs.sys . . . je infikován!!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-10 do 2010-08-10 )))))))))))))))))))))))))))))))
.
2010-10-18 17:50 . 2010-10-18 17:50 -------- d-----w- c:\program files\IKEA HomePlanner
2010-10-18 17:49 . 2010-10-18 17:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-10-17 16:23 . 2010-10-17 16:23 -------- d-----w- c:\documents and settings\Karol\Saved Games
2010-10-17 16:16 . 2010-10-17 16:16 -------- d-----w- c:\program files\Common Files\Oberon Media
2010-10-17 16:16 . 2010-08-09 17:03 -------- d-----w- c:\program files\ICQToolbar
2010-10-17 16:16 . 2010-10-17 16:16 -------- d-----w- c:\program files\Oberon Media
2010-08-10 14:08 . 2010-08-10 14:08 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-08-09 17:30 . 2010-08-09 17:30 -------- d-----w- C:\_OTL
2010-08-09 16:32 . 2010-08-09 16:42 -------- d-----w- C:\rsit
2010-08-09 16:32 . 2010-08-09 16:42 -------- d-----w- c:\program files\trend micro
2010-08-08 15:07 . 2010-08-08 15:07 -------- d-----w- C:\$AVG
2010-08-08 15:03 . 2010-08-08 15:03 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-08 15:03 . 2010-08-08 15:03 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-08-08 15:03 . 2010-08-08 15:03 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-08-08 15:03 . 2010-08-08 15:03 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-08 15:02 . 2010-08-08 15:02 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-08 15:02 . 2010-08-08 15:02 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-08 15:02 . 2010-08-09 13:58 -------- d-----w- c:\windows\system32\drivers\Avg
2010-08-08 15:02 . 2010-08-08 15:02 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-08-08 15:02 . 2010-08-08 15:02 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-08-08 15:02 . 2010-08-08 15:02 -------- d-----w- c:\program files\AVG
2010-08-08 14:16 . 2010-08-08 14:38 -------- d-----w- c:\program files\TrojanHunter 4.2
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 09:01 . 2009-06-13 21:26 -------- d-----w- c:\program files\ICQ6.5
2010-09-28 19:49 . 2009-06-07 12:41 -------- d-----w- c:\program files\Launch Manager
2010-08-10 14:25 . 2010-02-28 10:02 741376 ----a-w- c:\windows\system32\drivers\svtfulf.sys
2010-08-10 14:22 . 2009-06-07 14:45 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2010-08-10 14:18 . 2008-04-14 12:00 96902 ----a-w- c:\windows\system32\perfc005.dat
2010-08-10 14:18 . 2008-04-14 12:00 478950 ----a-w- c:\windows\system32\perfh005.dat
2010-08-09 21:22 . 2009-06-07 12:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-08 14:35 . 2010-02-23 14:04 -------- d-----w- c:\program files\thriXXX
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2004-06-25 147456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-29 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 858632]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-21 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-21 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-21 138008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-07 148888]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"SbUsb AudCtrl"="sbusbdll.dll" [2004-07-09 119296]
"CTSysVol"="c:\program files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-08 2065760]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Remote Control.lnk - c:\program files\MSI\DIGIVOX mini III\DIGIVOX mini III Device Utilities\AFRCtl.exe [2009-6-28 81920]
TMMonitor.lnk - c:\program files\MSI\TotalMedia 3.5\TMMonitor.exe [2009-6-28 258048]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-08-08 15:03 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGIDSAgent"=3 (0x3)
"avgfws9"=2 (0x2)
"avg9wd"=2 (0x2)
"avg9emc"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [8.8.2010 17:03 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [8.8.2010 17:03 52872]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [7.6.2009 16:42 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [7.6.2009 16:42 5248]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8.8.2010 17:02 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8.8.2010 17:03 243024]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [8.8.2010 17:02 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [8.8.2010 17:02 30104]
S3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [8.8.2010 17:02 122448]
S3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [8.8.2010 17:02 30288]
S3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [8.8.2010 17:02 26192]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [12.7.2009 22:12 1643648]
S4 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [8.8.2010 17:02 921952]
S4 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [8.8.2010 17:02 308136]
S4 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [8.8.2010 17:02 2331032]
S4 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [8.8.2010 17:02 5897808]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - svtfulf
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/ob/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MIFF9B~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Karol\Data aplikací\Mozilla\Firefox\Profiles\kpmiebnk.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/ob/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&prtn=ob&q=
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-AudioAlchemy MP3 Edition - c:\documents and settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\setup_aa-mp3.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-10 16:23
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A23C378]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f59cb8
\Driver\atapi -> 0x8a23c378
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 SendCompleteHandler -> NDIS.sys @ 0xb9cf4bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d01a21
SendHandler -> NDIS.sys @ 0xb9cdf87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\svtfulf]
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(1172)
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\system32\RunDll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxext.exe
c:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
c:\docume~1\Karol\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
d:\_filmy\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
.
**************************************************************************
.
Celkový čas: 2010-08-10 16:26:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-10 14:26
Před spuštěním: 5 599 023 104
Po spuštění: 5 536 595 968
- - End Of File - - C9599B5050256EABE101056B61662193
ComboFix 10-08-09.03 - Karol 10.08.2010 16:15:22.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1525 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\cokoliv.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikací\Toolbar4
c:\program files\IEToolbar
c:\windows\daemon.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\Data
c:\windows\system32\Desktop_.ini
c:\windows\system32\drivers\ntfs.sys . . . je infikován!!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-10 do 2010-08-10 )))))))))))))))))))))))))))))))
.
2010-10-18 17:50 . 2010-10-18 17:50 -------- d-----w- c:\program files\IKEA HomePlanner
2010-10-18 17:49 . 2010-10-18 17:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-10-17 16:23 . 2010-10-17 16:23 -------- d-----w- c:\documents and settings\Karol\Saved Games
2010-10-17 16:16 . 2010-10-17 16:16 -------- d-----w- c:\program files\Common Files\Oberon Media
2010-10-17 16:16 . 2010-08-09 17:03 -------- d-----w- c:\program files\ICQToolbar
2010-10-17 16:16 . 2010-10-17 16:16 -------- d-----w- c:\program files\Oberon Media
2010-08-10 14:08 . 2010-08-10 14:08 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-08-09 17:30 . 2010-08-09 17:30 -------- d-----w- C:\_OTL
2010-08-09 16:32 . 2010-08-09 16:42 -------- d-----w- C:\rsit
2010-08-09 16:32 . 2010-08-09 16:42 -------- d-----w- c:\program files\trend micro
2010-08-08 15:07 . 2010-08-08 15:07 -------- d-----w- C:\$AVG
2010-08-08 15:03 . 2010-08-08 15:03 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-08 15:03 . 2010-08-08 15:03 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-08-08 15:03 . 2010-08-08 15:03 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-08-08 15:03 . 2010-08-08 15:03 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-08 15:02 . 2010-08-08 15:02 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-08 15:02 . 2010-08-08 15:02 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-08 15:02 . 2010-08-09 13:58 -------- d-----w- c:\windows\system32\drivers\Avg
2010-08-08 15:02 . 2010-08-08 15:02 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-08-08 15:02 . 2010-08-08 15:02 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-08-08 15:02 . 2010-08-08 15:02 -------- d-----w- c:\program files\AVG
2010-08-08 14:16 . 2010-08-08 14:38 -------- d-----w- c:\program files\TrojanHunter 4.2
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 09:01 . 2009-06-13 21:26 -------- d-----w- c:\program files\ICQ6.5
2010-09-28 19:49 . 2009-06-07 12:41 -------- d-----w- c:\program files\Launch Manager
2010-08-10 14:25 . 2010-02-28 10:02 741376 ----a-w- c:\windows\system32\drivers\svtfulf.sys
2010-08-10 14:22 . 2009-06-07 14:45 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2010-08-10 14:18 . 2008-04-14 12:00 96902 ----a-w- c:\windows\system32\perfc005.dat
2010-08-10 14:18 . 2008-04-14 12:00 478950 ----a-w- c:\windows\system32\perfh005.dat
2010-08-09 21:22 . 2009-06-07 12:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-08 14:35 . 2010-02-23 14:04 -------- d-----w- c:\program files\thriXXX
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2004-06-25 147456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-29 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 858632]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-21 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-21 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-21 138008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-07 148888]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"SbUsb AudCtrl"="sbusbdll.dll" [2004-07-09 119296]
"CTSysVol"="c:\program files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-08 2065760]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Remote Control.lnk - c:\program files\MSI\DIGIVOX mini III\DIGIVOX mini III Device Utilities\AFRCtl.exe [2009-6-28 81920]
TMMonitor.lnk - c:\program files\MSI\TotalMedia 3.5\TMMonitor.exe [2009-6-28 258048]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-08-08 15:03 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGIDSAgent"=3 (0x3)
"avgfws9"=2 (0x2)
"avg9wd"=2 (0x2)
"avg9emc"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [8.8.2010 17:03 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [8.8.2010 17:03 52872]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [7.6.2009 16:42 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [7.6.2009 16:42 5248]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8.8.2010 17:02 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8.8.2010 17:03 243024]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [8.8.2010 17:02 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [8.8.2010 17:02 30104]
S3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [8.8.2010 17:02 122448]
S3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [8.8.2010 17:02 30288]
S3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [8.8.2010 17:02 26192]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [12.7.2009 22:12 1643648]
S4 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [8.8.2010 17:02 921952]
S4 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [8.8.2010 17:02 308136]
S4 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [8.8.2010 17:02 2331032]
S4 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [8.8.2010 17:02 5897808]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - svtfulf
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/ob/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MIFF9B~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Karol\Data aplikací\Mozilla\Firefox\Profiles\kpmiebnk.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/ob/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&prtn=ob&q=
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-AudioAlchemy MP3 Edition - c:\documents and settings\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\setup_aa-mp3.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-10 16:23
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A23C378]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f59cb8
\Driver\atapi -> 0x8a23c378
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 SendCompleteHandler -> NDIS.sys @ 0xb9cf4bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d01a21
SendHandler -> NDIS.sys @ 0xb9cdf87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\svtfulf]
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(1172)
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\system32\RunDll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxext.exe
c:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
c:\docume~1\Karol\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
d:\_filmy\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
.
**************************************************************************
.
Celkový čas: 2010-08-10 16:26:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-10 14:26
Před spuštěním: 5 599 023 104
Po spuštění: 5 536 595 968
- - End Of File - - C9599B5050256EABE101056B61662193
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: prosím kontrolu logu, z PC se odesílají SPAMy
Následující kroky proveďte přesně v pořadí, jak jsou.
Stáhněte a rozbalte soubor z přílohy na disk c:\ (cesta bude c:\ntfs.sys, nesmí to být archív ).
Pokud nemáte, přesuňte Combofix na plochu
Stáhněte a rozbalte soubor z přílohy na disk c:\ (cesta bude c:\ntfs.sys, nesmí to být archív ).
Pokud nemáte, přesuňte Combofix na plochu
- Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.
Kód: Vybrat vše
File::
c:\windows\system32\drivers\svtfulf.sys
Driver::
svtfulf
FMove::
C:\ntfs.sys | c:\windows\system32\drivers\ntfs.sys
- Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
- Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
- Po aplikaci na Vás vypadne další log,vložte ho sem
Re: prosím kontrolu logu, z PC se odesílají SPAMy
ComboFix 10-08-09.03 - Administrator 10.08.2010 18:37:38.2.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1742 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\cokoliv.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt.txt
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FILE ::
"c:\windows\system32\drivers\svtfulf.sys"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\svtfulf.sys
.
--------------- FMove ---------------
c:\ntfs.sys --> c:\windows\system32\drivers\ntfs.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SVTFULF
-------\Service_svtfulf
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-10 do 2010-08-10 )))))))))))))))))))))))))))))))
.
2010-10-18 17:50 . 2010-10-18 17:50 -------- d-----w- c:\program files\IKEA HomePlanner
2010-10-18 17:49 . 2010-10-18 17:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-10-17 16:23 . 2010-10-17 16:23 -------- d-----w- c:\documents and settings\Karol\Saved Games
2010-10-17 16:16 . 2010-10-17 16:16 -------- d-----w- c:\program files\Common Files\Oberon Media
2010-10-17 16:16 . 2010-08-09 17:03 -------- d-----w- c:\program files\ICQToolbar
2010-10-17 16:16 . 2010-10-17 16:16 -------- d-----w- c:\program files\Oberon Media
2010-08-10 14:24 . 2010-08-10 14:24 -------- d-----w- c:\windows\LastGood.Tmp
2010-08-10 14:08 . 2010-08-10 14:08 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-08-09 17:30 . 2010-08-09 17:30 -------- d-----w- C:\_OTL
2010-08-09 16:32 . 2010-08-09 16:42 -------- d-----w- C:\rsit
2010-08-09 16:32 . 2010-08-09 16:42 -------- d-----w- c:\program files\trend micro
2010-08-08 15:07 . 2010-08-08 15:07 -------- d-----w- C:\$AVG
2010-08-08 15:03 . 2010-08-08 15:03 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-08 15:03 . 2010-08-08 15:03 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-08-08 15:03 . 2010-08-08 15:03 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-08-08 15:03 . 2010-08-08 15:03 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-08 15:02 . 2010-08-08 15:02 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-08 15:02 . 2010-08-08 15:02 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-08 15:02 . 2010-08-09 13:58 -------- d-----w- c:\windows\system32\drivers\Avg
2010-08-08 15:02 . 2010-08-08 15:02 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-08-08 15:02 . 2010-08-08 15:02 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-08-08 15:02 . 2010-08-08 15:02 -------- d-----w- c:\program files\AVG
2010-08-08 14:16 . 2010-08-08 14:38 -------- d-----w- c:\program files\TrojanHunter 4.2
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 09:01 . 2009-06-13 21:26 -------- d-----w- c:\program files\ICQ6.5
2010-09-28 19:49 . 2009-06-07 12:41 -------- d-----w- c:\program files\Launch Manager
2010-08-10 16:44 . 2008-04-14 12:00 96902 ----a-w- c:\windows\system32\perfc005.dat
2010-08-10 16:44 . 2008-04-14 12:00 478950 ----a-w- c:\windows\system32\perfh005.dat
2010-08-10 16:42 . 2009-06-07 14:45 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2010-08-10 14:42 . 2009-06-07 13:04 -------- d-----w- c:\program files\Opera
2010-08-09 21:22 . 2009-06-07 12:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-08 14:35 . 2010-02-23 14:04 -------- d-----w- c:\program files\thriXXX
.
((((((((((((((((((((((((((((( SnapShot@2010-08-10_14.22.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\LastGood.Tmp\system32\wuweb.dll
+ 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\LastGood.Tmp\system32\wups2.dll
+ 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\LastGood.Tmp\system32\wups.dll
+ 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\LastGood.Tmp\system32\wucltui.dll
+ 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\LastGood.Tmp\system32\wuaueng.dll
+ 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\LastGood.Tmp\system32\wuauclt.exe
+ 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\LastGood.Tmp\system32\wuapi.dll
+ 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\LastGood.Tmp\system32\cdm.dll
+ 2010-08-10 16:42 . 2010-08-10 16:42 16384 c:\windows\temp\Perflib_Perfdata_314.dat
+ 2009-06-07 14:26 . 2009-08-06 17:24 44768 c:\windows\system32\wups2.dll
+ 2009-06-07 12:13 . 2009-08-06 17:24 35552 c:\windows\system32\wups.dll
+ 2009-06-07 12:13 . 2009-08-06 17:24 53472 c:\windows\system32\wuauclt.exe
+ 2010-08-10 14:24 . 2009-08-06 17:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-08-10 14:24 . 2009-08-06 17:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
- 2008-04-14 12:00 . 2010-08-10 14:18 85996 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2010-08-10 16:43 85996 c:\windows\system32\perfc009.dat
+ 2009-06-07 12:13 . 2009-08-06 17:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2009-06-07 12:13 . 2009-08-06 17:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2008-04-14 12:00 . 2009-08-06 17:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2008-04-14 12:00 . 2009-08-06 17:24 96480 c:\windows\system32\cdm.dll
+ 2009-06-07 12:13 . 2009-08-06 17:24 209632 c:\windows\system32\wuweb.dll
+ 2009-06-07 12:13 . 2009-08-06 17:24 327896 c:\windows\system32\wucltui.dll
+ 2009-06-07 12:13 . 2009-08-06 17:23 575704 c:\windows\system32\wuapi.dll
+ 2008-04-14 12:00 . 2010-08-10 16:43 482166 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2010-08-10 14:18 482166 c:\windows\system32\perfh009.dat
+ 2009-06-07 12:13 . 2009-08-06 17:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2009-06-07 12:13 . 2009-08-06 17:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2009-06-07 12:13 . 2009-08-06 17:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2009-06-07 12:13 . 2009-08-06 17:23 1929952 c:\windows\system32\wuaueng.dll
+ 2009-06-07 12:13 . 2009-08-06 17:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2010-08-10 14:42 . 2010-08-10 14:42 2648064 c:\windows\Installer\12bab6.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2004-06-25 147456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-29 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 858632]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-21 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-21 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-21 138008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-07 148888]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"SbUsb AudCtrl"="sbusbdll.dll" [2004-07-09 119296]
"CTSysVol"="c:\program files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-08 2065760]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Remote Control.lnk - c:\program files\MSI\DIGIVOX mini III\DIGIVOX mini III Device Utilities\AFRCtl.exe [2009-6-28 81920]
TMMonitor.lnk - c:\program files\MSI\TotalMedia 3.5\TMMonitor.exe [2009-6-28 258048]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-08-08 15:03 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [8.8.2010 17:03 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [8.8.2010 17:03 52872]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [7.6.2009 16:42 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [7.6.2009 16:42 5248]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8.8.2010 17:02 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8.8.2010 17:03 243024]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [8.8.2010 17:02 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [8.8.2010 17:02 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [8.8.2010 17:02 2331032]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [8.8.2010 17:02 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [8.8.2010 17:02 30104]
S3 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [8.8.2010 17:02 5897808]
S3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [8.8.2010 17:02 122448]
S3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [8.8.2010 17:02 30288]
S3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [8.8.2010 17:02 26192]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [12.7.2009 22:12 1643648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/ob/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MIFF9B~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-10 18:43
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A483E98]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f59cb8
\Driver\atapi -> 0x8a483e98
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 SendCompleteHandler -> NDIS.sys @ 0xb9cf4bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d01a21
SendHandler -> NDIS.sys @ 0xb9cdf87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(5160)
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
c:\progra~1\MICROS~3\OFFICE11\MCPS.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\system32\RunDll32.exe
c:\windows\system32\rundll32.exe
c:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
c:\windows\system32\igfxext.exe
c:\docume~1\Karol\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
d:\_filmy\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\AVG\AVG9\avgupd.exe
c:\program files\Opera\opera.exe
c:\program files\AVG\AVG9\avgui.exe
.
**************************************************************************
.
Celkový čas: 2010-08-10 18:46:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-10 16:45
ComboFix2.txt 2010-08-10 14:26
Před spuštěním: 5 093 158 912
Po spuštění: 4 881 272 832
- - End Of File - - B597CDDD08177CD3BF8EE21CAE194F8E
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1742 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\cokoliv.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt.txt
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FILE ::
"c:\windows\system32\drivers\svtfulf.sys"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\svtfulf.sys
.
--------------- FMove ---------------
c:\ntfs.sys --> c:\windows\system32\drivers\ntfs.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SVTFULF
-------\Service_svtfulf
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-10 do 2010-08-10 )))))))))))))))))))))))))))))))
.
2010-10-18 17:50 . 2010-10-18 17:50 -------- d-----w- c:\program files\IKEA HomePlanner
2010-10-18 17:49 . 2010-10-18 17:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-10-17 16:23 . 2010-10-17 16:23 -------- d-----w- c:\documents and settings\Karol\Saved Games
2010-10-17 16:16 . 2010-10-17 16:16 -------- d-----w- c:\program files\Common Files\Oberon Media
2010-10-17 16:16 . 2010-08-09 17:03 -------- d-----w- c:\program files\ICQToolbar
2010-10-17 16:16 . 2010-10-17 16:16 -------- d-----w- c:\program files\Oberon Media
2010-08-10 14:24 . 2010-08-10 14:24 -------- d-----w- c:\windows\LastGood.Tmp
2010-08-10 14:08 . 2010-08-10 14:08 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-08-09 17:30 . 2010-08-09 17:30 -------- d-----w- C:\_OTL
2010-08-09 16:32 . 2010-08-09 16:42 -------- d-----w- C:\rsit
2010-08-09 16:32 . 2010-08-09 16:42 -------- d-----w- c:\program files\trend micro
2010-08-08 15:07 . 2010-08-08 15:07 -------- d-----w- C:\$AVG
2010-08-08 15:03 . 2010-08-08 15:03 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-08 15:03 . 2010-08-08 15:03 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-08-08 15:03 . 2010-08-08 15:03 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-08-08 15:03 . 2010-08-08 15:03 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-08 15:02 . 2010-08-08 15:02 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-08 15:02 . 2010-08-08 15:02 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-08 15:02 . 2010-08-09 13:58 -------- d-----w- c:\windows\system32\drivers\Avg
2010-08-08 15:02 . 2010-08-08 15:02 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-08-08 15:02 . 2010-08-08 15:02 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-08-08 15:02 . 2010-08-08 15:02 -------- d-----w- c:\program files\AVG
2010-08-08 14:16 . 2010-08-08 14:38 -------- d-----w- c:\program files\TrojanHunter 4.2
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 09:01 . 2009-06-13 21:26 -------- d-----w- c:\program files\ICQ6.5
2010-09-28 19:49 . 2009-06-07 12:41 -------- d-----w- c:\program files\Launch Manager
2010-08-10 16:44 . 2008-04-14 12:00 96902 ----a-w- c:\windows\system32\perfc005.dat
2010-08-10 16:44 . 2008-04-14 12:00 478950 ----a-w- c:\windows\system32\perfh005.dat
2010-08-10 16:42 . 2009-06-07 14:45 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2010-08-10 14:42 . 2009-06-07 13:04 -------- d-----w- c:\program files\Opera
2010-08-09 21:22 . 2009-06-07 12:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-08 14:35 . 2010-02-23 14:04 -------- d-----w- c:\program files\thriXXX
.
((((((((((((((((((((((((((((( SnapShot@2010-08-10_14.22.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\LastGood.Tmp\system32\wuweb.dll
+ 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\LastGood.Tmp\system32\wups2.dll
+ 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\LastGood.Tmp\system32\wups.dll
+ 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\LastGood.Tmp\system32\wucltui.dll
+ 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\LastGood.Tmp\system32\wuaueng.dll
+ 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\LastGood.Tmp\system32\wuauclt.exe
+ 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\LastGood.Tmp\system32\wuapi.dll
+ 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\LastGood.Tmp\system32\cdm.dll
+ 2010-08-10 16:42 . 2010-08-10 16:42 16384 c:\windows\temp\Perflib_Perfdata_314.dat
+ 2009-06-07 14:26 . 2009-08-06 17:24 44768 c:\windows\system32\wups2.dll
+ 2009-06-07 12:13 . 2009-08-06 17:24 35552 c:\windows\system32\wups.dll
+ 2009-06-07 12:13 . 2009-08-06 17:24 53472 c:\windows\system32\wuauclt.exe
+ 2010-08-10 14:24 . 2009-08-06 17:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-08-10 14:24 . 2009-08-06 17:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
- 2008-04-14 12:00 . 2010-08-10 14:18 85996 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2010-08-10 16:43 85996 c:\windows\system32\perfc009.dat
+ 2009-06-07 12:13 . 2009-08-06 17:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2009-06-07 12:13 . 2009-08-06 17:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2008-04-14 12:00 . 2009-08-06 17:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2008-04-14 12:00 . 2009-08-06 17:24 96480 c:\windows\system32\cdm.dll
+ 2009-06-07 12:13 . 2009-08-06 17:24 209632 c:\windows\system32\wuweb.dll
+ 2009-06-07 12:13 . 2009-08-06 17:24 327896 c:\windows\system32\wucltui.dll
+ 2009-06-07 12:13 . 2009-08-06 17:23 575704 c:\windows\system32\wuapi.dll
+ 2008-04-14 12:00 . 2010-08-10 16:43 482166 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2010-08-10 14:18 482166 c:\windows\system32\perfh009.dat
+ 2009-06-07 12:13 . 2009-08-06 17:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2009-06-07 12:13 . 2009-08-06 17:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2009-06-07 12:13 . 2009-08-06 17:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2009-06-07 12:13 . 2009-08-06 17:23 1929952 c:\windows\system32\wuaueng.dll
+ 2009-06-07 12:13 . 2009-08-06 17:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2010-08-10 14:42 . 2010-08-10 14:42 2648064 c:\windows\Installer\12bab6.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2004-06-25 147456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-29 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 858632]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-21 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-21 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-21 138008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-07 148888]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"SbUsb AudCtrl"="sbusbdll.dll" [2004-07-09 119296]
"CTSysVol"="c:\program files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-08 2065760]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Remote Control.lnk - c:\program files\MSI\DIGIVOX mini III\DIGIVOX mini III Device Utilities\AFRCtl.exe [2009-6-28 81920]
TMMonitor.lnk - c:\program files\MSI\TotalMedia 3.5\TMMonitor.exe [2009-6-28 258048]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-08-08 15:03 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [8.8.2010 17:03 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [8.8.2010 17:03 52872]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [7.6.2009 16:42 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [7.6.2009 16:42 5248]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8.8.2010 17:02 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8.8.2010 17:03 243024]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [8.8.2010 17:02 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [8.8.2010 17:02 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [8.8.2010 17:02 2331032]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [8.8.2010 17:02 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [8.8.2010 17:02 30104]
S3 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [8.8.2010 17:02 5897808]
S3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [8.8.2010 17:02 122448]
S3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [8.8.2010 17:02 30288]
S3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [8.8.2010 17:02 26192]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [12.7.2009 22:12 1643648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/ob/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MIFF9B~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-10 18:43
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A483E98]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f59cb8
\Driver\atapi -> 0x8a483e98
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 SendCompleteHandler -> NDIS.sys @ 0xb9cf4bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d01a21
SendHandler -> NDIS.sys @ 0xb9cdf87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(5160)
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
c:\progra~1\MICROS~3\OFFICE11\MCPS.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\system32\RunDll32.exe
c:\windows\system32\rundll32.exe
c:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
c:\windows\system32\igfxext.exe
c:\docume~1\Karol\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
d:\_filmy\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\AVG\AVG9\avgupd.exe
c:\program files\Opera\opera.exe
c:\program files\AVG\AVG9\avgui.exe
.
**************************************************************************
.
Celkový čas: 2010-08-10 18:46:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-10 16:45
ComboFix2.txt 2010-08-10 14:26
Před spuštěním: 5 093 158 912
Po spuštění: 4 881 272 832
- - End Of File - - B597CDDD08177CD3BF8EE21CAE194F8E
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: prosím kontrolu logu, z PC se odesílají SPAMy
Odinstalujte všechny emulátory virtuálních mechanik. Stáhněte SPTD http://www.duplexsecure.com/en/downloads
- Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
- zvolte možnost Uninstall a restartujte PC.
Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe
- Klikněte na "Disable" a restartujte PC.
Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe Start > Spustit (Win + R)- Vyskočí okénko, zkopírujte do něj:
Kód: Vybrat vše
"%userprofile%\plocha\mbr" -t- Klikněte na OK
- Vytvoří se log s názvem mbr.log, vložte ho sem.
Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
Přispějete na provoz fóra?