Hezký den, provádím "správu" počítače u rodičů v kanceláři, tak to chci vzít z gruntu.
Logfile of random's system information tool 1.08 (written by random/random)
Run by OEM at 2010-09-10 14:58:52
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 271 GB (89%) free of 305 GB
Total RAM: 2046 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:58:58, on 10.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HotKey\hotkey.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
C:\Program Files\Anti Trojan Elite\TJEnder.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\HotKey\OSD.exe
C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\MHotkey.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\ChiFuncExt.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\OEM\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\RSIT.exe
C:\Program Files\trend micro\OEM.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HotKey] C:\Program Files\HotKey\hotkey.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LchDrvKey] LchDrvKey.exe
O4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /r
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Akcelerátor spuštění AutoCADu LT.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file:///C:/Program%20Files/AutoCAD%20LT%202002%20Cz/InstFred.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Ovládací prvek AcDcToday) - file:///C:/Program%20Files/AutoCAD%20LT%202002%20Cz/AcDcToday.ocx
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files/AutoCAD%20LT%202002%20Cz/InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file:///C:/Program%20Files/AutoCAD%20LT%202002%20Cz/AcPreview.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: crypt - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Správce zabezpečení účtů SamSsSENS (SamSsSENS) - Unknown owner - C:\WINDOWS\system32\aacliento.exe
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\
--
End of file - 8687 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18df081c-e8ad-4283-a596-fa578c2ebdc3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-09-19 16844800]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"HotKey"=C:\Program Files\HotKey\hotkey.exe [2006-11-03 81920]
"pdfFactory Pro Dispatcher v3"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe [2006-08-03 503808]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2007-12-21 1443072]
"Anti Trojan Elite"=C:\Program Files\Anti Trojan Elite\TJEnder.exe [2008-04-16 863232]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"LchDrvKey"=C:\WINDOWS\LchDrvKey.exe [2007-03-28 36864]
"gemstrmw"=C:\WINDOWS\system32\gemstrmw.exe [2003-08-29 24576]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-01 153136]
"Octoshape Streaming Services"=C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [2009-01-08 70936]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Akcelerátor spuštění AutoCADu LT.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-07-04 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Roman PC\PROGRAMY\QIP\qip.exe"="C:\Roman PC\PROGRAMY\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\userinit.exe"="C:\WINDOWS\system32\userinit.exe:*:Enabled:ENABLE"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ENABLE"
"C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe"="C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======File associations======
.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2010-09-10 14:58:53 ----D---- C:\Program Files\trend micro
2010-09-10 14:58:52 ----D---- C:\rsit
2010-09-10 14:40:54 ----D---- C:\Documents and Settings\OEM\Data aplikací\Malwarebytes
2010-09-10 14:40:49 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-09-10 14:40:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-09-10 14:40:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-09-10 14:40:48 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-09-09 09:05:18 ----D---- C:\zaloha
2010-09-09 09:04:53 ----D---- C:\Program Files\CCleaner
2010-09-09 06:43:03 ----D---- C:\spoolerlogs
2010-09-05 13:43:22 ----A---- C:\WINDOWS\system32\PSX64.dll
2010-09-05 13:43:22 ----A---- C:\WINDOWS\system32\pswin.dll
2010-09-05 13:43:22 ----A---- C:\WINDOWS\system32\psnt.dll
2010-09-05 13:43:22 ----A---- C:\WINDOWS\system32\Bot.dll
2010-09-05 13:43:22 ----A---- C:\WINDOWS\PSXLPR.INI
2010-09-05 11:44:08 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-09-01 12:52:41 ----RA---- C:\WINDOWS\system32\TSKMON.DLL
2010-09-01 12:51:19 ----D---- C:\Program Files\PrintServer Utilities
======List of files/folders modified in the last 1 months======
2010-09-10 14:58:56 ----D---- C:\WINDOWS\Prefetch
2010-09-10 14:58:53 ----RD---- C:\Program Files
2010-09-10 14:40:49 ----D---- C:\WINDOWS\system32\drivers
2010-09-10 14:40:30 ----A---- C:\WINDOWS\wincmd.ini
2010-09-10 14:38:33 ----D---- C:\programy
2010-09-10 10:28:25 ----D---- C:\WINDOWS\Temp
2010-09-10 08:30:45 ----A---- C:\WINDOWS\ccolwiz.ini
2010-09-10 08:06:24 ----D---- C:\Documents and Settings\OEM\Data aplikací\ICQ
2010-09-10 08:06:19 ----D---- C:\WINDOWS\system32
2010-09-09 19:18:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-09 12:48:11 ----D---- C:\WINDOWS
2010-09-09 11:12:10 ----D---- C:\WINDOWS\Help
2010-09-09 11:09:57 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-08 11:57:19 ----D---- C:\Roman PC
2010-09-05 13:53:05 ----D---- C:\Program Files\Mozilla Firefox
2010-09-05 13:43:22 ----HD---- C:\Program Files\InstallShield Installation Information
2010-09-01 14:57:01 ----HD---- C:\WINDOWS\inf
2010-08-19 17:19:04 ----SD---- C:\Documents and Settings\OEM\Data aplikací\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 NTGDT;NTGDT; \??\C:\WINDOWS\system32\Drivers\NTGDT.SYS []
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 39944]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-04-22 8064]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2006-09-05 20096]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ATE_PROCMON;ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-07-04 3230720]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-19 4617728]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-06-28 45824]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-06-28 20480]
R3 rockey_usb;Feitian ROCKEY4 USB Service; C:\WINDOWS\system32\DRIVERS\Rockey4USB.sys [2009-06-15 12928]
R3 rockeynt;Feitian ROCKEY4 Device Service; C:\WINDOWS\system32\DRIVERS\Rockey4.sys [2009-06-15 22016]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S1 9d08d9cc;9d08d9cc; C:\WINDOWS\System32\drivers\9d08d9cc.sys []
S1 bf9ddd11;bf9ddd11; C:\WINDOWS\System32\drivers\bf9ddd11.sys []
S2 acpi32;acpi32; \??\C:\WINDOWS\system32\drivers\acpi32.sys []
S2 amd64si;amd64si; \??\C:\WINDOWS\system32\drivers\amd64si.sys []
S2 ati64si;ati64si; \??\C:\WINDOWS\system32\drivers\ati64si.sys []
S2 fips32cup;fips32cup; \??\C:\WINDOWS\system32\drivers\fips32cup.sys []
S2 i386si;i386si; \??\C:\WINDOWS\system32\drivers\i386si.sys []
S2 ksi32sk;ksi32sk; \??\C:\WINDOWS\system32\drivers\ksi32sk.sys []
S2 netsik;netsik; \??\C:\WINDOWS\system32\drivers\netsik.sys []
S2 nicsk32;nicsk32; \??\C:\WINDOWS\system32\drivers\nicsk32.sys []
S2 port135sik;port135sik; \??\C:\WINDOWS\system32\drivers\port135sik.sys []
S2 securentm;securentm; \??\C:\WINDOWS\system32\drivers\securentm.sys []
S2 systemntmi;systemntmi; \??\C:\WINDOWS\system32\drivers\systemntmi.sys []
S2 ws2_32sik;ws2_32sik; \??\C:\WINDOWS\system32\drivers\ws2_32sik.sys []
S3 GEMPC430;GEMPC430; C:\WINDOWS\System32\Drivers\gemusb.sys [2002-09-13 53568]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 wpdusb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-07-04 561152]
R2 BcmSqlStartupSvc;Služba spouštění serveru SQL Server aplikace Business Contact Manager; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-07-03 593920]
S2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
S2 SamSsSENS;Správce zabezpečení účtů SamSsSENS; C:\WINDOWS\system32\aacliento.exe [2009-04-03 47104]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-11-06 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2007-12-21 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-02-11 655624]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Zdravím 
Doporučuji odinstalovat Anti Trojan Elite.
Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu
Doporučuji odinstalovat Anti Trojan Elite. Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu
- Spusťte, poté do spodního políčka vložte následující skript.
Kód: Vybrat vše
netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT - Označte položku Pro všechny uživatele.
- Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
- Po dokončení, sem vložte logy OTL.Txt a Extras.txt
Re: Prosím o kontrolu logu
přikládám tedy logy
otl.txt:
OTL logfile created on: 12.9.2010 11:22:39 - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\OEM\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 264,79 Gb Free Space | 88,83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ROMAN-PC
Current User Name: OEM
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.09.12 11:20:30 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OEM\Plocha\OTL.exe
PRC - [2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
PRC - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008.10.28 18:45:02 | 000,098,816 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.01.16 10:26:38 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.12.27 14:03:14 | 000,580,096 | ---- | M] () -- C:\WINDOWS\mHotkey.exe
PRC - [2007.12.21 16:57:38 | 000,057,344 | ---- | M] (Chicony) -- C:\WINDOWS\ChiFuncExt.exe
PRC - [2007.06.01 10:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.06.01 10:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006.11.21 12:00:00 | 000,389,120 | ---- | M] (WinZip Computing LP) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2006.11.03 17:13:10 | 000,081,920 | ---- | M] (KYE SYSTEMS CORP.) -- C:\Program Files\hotkey\hotkey.exe
PRC - [2006.10.13 10:39:32 | 000,036,864 | ---- | M] () -- C:\Program Files\hotkey\OSD.EXE
PRC - [2006.08.03 17:38:44 | 000,503,808 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis3a.exe
========== Modules (SafeList) ==========
MOD - [2010.09.12 11:20:30 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OEM\Plocha\OTL.exe
MOD - [2008.04.14 08:49:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009.04.03 07:50:53 | 000,047,104 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\aacliento.exe -- (SamSsSENS)
SRV - [2009.02.11 16:59:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.11.24 23:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008.11.24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008.11.06 20:46:03 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.01.16 10:26:38 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.12.21 09:22:44 | 000,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2007.12.21 09:21:16 | 000,468,224 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\ws2_32sik.sys -- (ws2_32sik)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\systemntmi.sys -- (systemntmi)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\securentm.sys -- (securentm)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\port135sik.sys -- (port135sik)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\nicsk32.sys -- (nicsk32)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\netsik.sys -- (netsik)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\ksi32sk.sys -- (ksi32sk)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\i386si.sys -- (i386si)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\fips32cup.sys -- (fips32cup)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\ati64si.sys -- (ati64si)
DRV - File not found [File_System | On_Demand | Running] -- C:\Program Files\Anti Trojan Elite\ATEPMon.sys -- (ATE_PROCMON)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\amd64si.sys -- (amd64si)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\acpi32.sys -- (acpi32)
DRV - [2010.01.05 09:31:43 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\9d08d9cc.sys -- (9d08d9cc)
DRV - [2009.06.15 07:59:26 | 000,012,928 | ---- | M] (Feitian Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rockey4USB.sys -- (rockey_usb)
DRV - [2009.06.15 07:59:25 | 000,022,016 | ---- | M] (Feitian Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rockey4.sys -- (rockeynt)
DRV - [2009.04.28 09:29:26 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\bf9ddd11.sys -- (bf9ddd11)
DRV - [2009.01.06 15:15:16 | 000,018,144 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NTGDT.SYS -- (NTGDT)
DRV - [2008.07.04 08:33:33 | 003,230,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.04.13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.12.21 09:21:56 | 000,033,800 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2007.12.21 09:20:14 | 000,030,216 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2007.12.21 09:19:54 | 000,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2007.09.19 17:16:32 | 004,617,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.07.20 19:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007.06.28 12:46:42 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007.06.28 12:46:40 | 000,045,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.09.05 15:10:12 | 000,020,096 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2006.04.22 03:44:39 | 000,008,064 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2002.09.13 03:45:40 | 000,053,568 | ---- | M] (Gemplus) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gemusb.sys -- (GEMPC430)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
IE - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://www.atlas.cz/?from=icqhp"
FF - prefs.js..extensions.enabledItems: xmlfiller@software602.cz:3.1.6
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.17 11:15:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.17 11:15:42 | 000,000,000 | ---D | M]
[2008.11.06 18:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Extensions
[2008.11.06 18:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\96gv4lpz.default\extensions
[2010.08.15 13:03:22 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\96gv4lpz.default\searchplugins\icqplugin-1.xml
[2010.08.16 11:44:41 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\96gv4lpz.default\searchplugins\icqplugin-2.xml
[2010.08.17 11:15:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\96gv4lpz.default\searchplugins\icqplugin-3.xml
[2008.11.18 14:56:02 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\96gv4lpz.default\searchplugins\icqplugin.xml
[2010.08.16 13:04:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.01.06 11:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.04 11:43:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\xmlfiller@software602.cz
[2009.12.17 15:39:34 | 000,090,112 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npfiller.dll
[2010.08.17 11:15:38 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.08.17 11:15:38 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.08.17 11:15:38 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.08.17 11:15:38 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.08.17 11:15:38 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2006.03.02 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [gemstrmw] C:\WINDOWS\System32\gemstrmw.exe (Gemplus)
O4 - HKLM..\Run: [HotKey] C:\Program Files\hotkey\hotkey.exe (KYE SYSTEMS CORP.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LchDrvKey] C:\WINDOWS\LchDrvKey.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004..\Run: [Octoshape Streaming Services] C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Akcelerátor spuštění AutoCADu LT.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} file:///C:/Program%20Files/AutoCAD%20LT%202002%20Cz/InstFred.ocx (InstaFred)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Program%20Files/AutoCAD%20LT%202002%20Cz/AcDcToday.ocx (Ovládací prvek AcDcToday)
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} file:///C:/Program%20Files/AutoCAD%20LT%202002%20Cz/InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files/AutoCAD%20LT%202002%20Cz/AcPreview.ocx (Prvek AcPreview)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.47.0.4 10.0.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\OEM\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\OEM\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\a2service.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ArcaCheck.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\arcavir.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashDisp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashEnhcd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashServ.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashUpd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\aswUpdSv.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\autoruns.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avadmin.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avcenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avcls.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avconfig.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avconsol.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avgnt.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avgrssvc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avguard.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\AvMonitor.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avp.com: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\AVP32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz_se.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz4.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\bdagent.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\bdinit.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\caav.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\caavguiscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\casecuritycenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\CCenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ccupdate.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cfp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cfpupdat.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cmdagent.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\drwadins.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\DRWEB32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\drwebupw.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ekrn.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FAMEH32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\filemon.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FPAVServer.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fpscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FPWin.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fsav32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fsgk32st.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FSMA32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\GFRing3.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardgui.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardxservice.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardxup.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\HijackThis.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KASMain.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KASTask.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAV32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVDX.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVPF.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVPFW.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVStart.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KPFW32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KPFW32X.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Navapsvc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Navapw32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\navigator.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVNT.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVSTUB.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVW32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVWNT.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\niu.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\nod32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\nod32krn.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Nvcc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\OllyDBG.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\outpost.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\preupd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\procexp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\pskdr.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\regedit.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\regmon.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\RegTool.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\scan32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\SfFnUp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Vba32arkit.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\vba32ldr.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\vsserv.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Zanda.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zapro.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Zlh.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zonealarm.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zoneband.dll: Debugger - ntsd -d (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.24 11:59:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{621fd169-8f05-11dd-ad7a-001fd082278f}\Shell\AutoRun\command - "" = I:\PStart.exe -- File not found
O33 - MountPoints2\{7b2f3cc1-2987-11dd-a64e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{7b2f3cc1-2987-11dd-a64e-806d6172696f}\Shell\AutoRun\command - "" = D:\BetaSoft\setup.exe -- File not found
O33 - MountPoints2\{cac7359e-c36b-11dd-9260-001fd082278f}\Shell - "" = AutoRun
O33 - MountPoints2\{cac7359e-c36b-11dd-9260-001fd082278f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)
========== Files/Folders - Created Within 30 Days ==========
[2010.09.12 11:20:30 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\OEM\Plocha\OTL.exe
[2010.09.10 14:59:21 | 000,000,000 | ---D | C] -- C:\logy
[2010.09.10 14:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.09.10 14:58:52 | 000,000,000 | ---D | C] -- C:\rsit
[2010.09.10 14:40:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM\Data aplikací\Malwarebytes
[2010.09.10 14:40:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.09.10 14:40:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.09.10 14:40:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.10 14:40:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.09.10 11:21:17 | 000,554,272 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\OEM\Plocha\Mats_Run.printing.exe
[2010.09.09 09:05:18 | 000,000,000 | ---D | C] -- C:\zaloha
[2010.09.09 09:04:53 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.09.09 06:43:03 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010.09.05 13:43:22 | 000,104,960 | ---- | C] (Edimax Technology Co., LTD) -- C:\WINDOWS\System32\PSX64.dll
[2010.09.05 13:43:22 | 000,092,672 | ---- | C] (Edimax Technology Co., LTD) -- C:\WINDOWS\System32\pswin.dll
[2010.09.05 13:43:22 | 000,069,120 | ---- | C] (Edimax Technology Co., LTD) -- C:\WINDOWS\System32\psnt.dll
[2010.09.05 11:44:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010.09.01 12:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM\Application Data
[2010.09.01 12:52:41 | 000,061,440 | R--- | C] (Monotype Imaging Inc.) -- C:\WINDOWS\System32\TSKMON.DLL
[2010.09.01 12:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\PrintServer Utilities
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.09.12 11:20:38 | 000,003,450 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.09.12 11:20:30 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OEM\Plocha\OTL.exe
[2010.09.12 11:19:35 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\OEM\NTUSER.DAT
[2010.09.12 11:14:33 | 000,000,202 | ---- | M] () -- C:\WINDOWS\System32\PSLOG
[2010.09.12 11:06:43 | 000,000,051 | ---- | M] () -- C:\WINDOWS\ccolwiz.ini
[2010.09.12 10:59:26 | 003,842,699 | ---- | M] () -- C:\Documents and Settings\OEM\Plocha\ComboFix.exe
[2010.09.12 10:38:07 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.12 10:38:06 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.12 10:38:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.10 18:59:23 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\OEM\ntuser.ini
[2010.09.10 11:21:37 | 000,000,222 | ---- | M] () -- C:\Documents and Settings\OEM\Plocha\MicrosoftFixit50126.msi
[2010.09.10 11:21:17 | 000,554,272 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\OEM\Plocha\Mats_Run.printing.exe
[2010.09.09 07:55:21 | 004,760,334 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šimkovi- RDS PŮDORYS 1.NP (092010)-Model.plt
[2010.09.08 18:52:16 | 003,392,685 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šimkovi- RDS PŮDORYS 2.NP (092010)-Model.plt
[2010.09.07 11:04:32 | 003,651,276 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\Sv.Čecha- zábradlí + detaily TISKOVÉ-Model.plt
[2010.09.06 18:10:51 | 004,463,422 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 082010)-TISK-Model.plt
[2010.09.02 14:07:09 | 003,936,794 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šatov-návrh pro památky-Model.plt
[2010.08.31 13:52:44 | 007,732,057 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 082010)-Model.plt
[2010.08.30 19:23:55 | 001,953,090 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šatov-stáv.stav-+POHLEDY(pro památkáře)-Model.plt
[2010.08.30 10:57:39 | 007,837,369 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 072010)-Model.plt
[2010.08.26 12:58:14 | 003,082,183 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Hauzvic-podklad pro výpočet(oprava)-Model.plt
[2010.08.21 10:21:36 | 004,322,263 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD KOLAŘÍKOVÁ-stáv.+nový stav-DOTACE-Model.plt
[2010.08.20 13:41:48 | 003,387,616 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Hauzvic-stáv.+nový stav(oprava)-Model.plt
[2010.08.19 19:14:03 | 002,441,267 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD KOLAŘÍKOVÁ-stáv.+nový stav-Model.plt
[2010.08.19 12:50:45 | 002,592,345 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\22-05-2010-Ambit-Dvorce-(k tisku)-Model.plt
[2010.08.17 16:37:25 | 009,255,114 | ---- | M] () -- C:\Documents and Settings\OEM\Plocha\OLDRISOV_SITUACE_TISKOVE.dwg
[2010.08.15 17:24:03 | 002,903,967 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Hauzvic-stáv.+nový stav-Model.plt
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.09.12 10:59:25 | 003,842,699 | ---- | C] () -- C:\Documents and Settings\OEM\Plocha\ComboFix.exe
[2010.09.10 11:21:37 | 000,000,222 | ---- | C] () -- C:\Documents and Settings\OEM\Plocha\MicrosoftFixit50126.msi
[2010.09.09 07:55:19 | 004,760,334 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šimkovi- RDS PŮDORYS 1.NP (092010)-Model.plt
[2010.09.08 18:52:15 | 003,392,685 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šimkovi- RDS PŮDORYS 2.NP (092010)-Model.plt
[2010.09.07 10:53:33 | 003,651,276 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\Sv.Čecha- zábradlí + detaily TISKOVÉ-Model.plt
[2010.09.06 07:35:16 | 004,463,422 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 082010)-TISK-Model.plt
[2010.09.05 13:43:22 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\Bot.dll
[2010.09.05 13:43:22 | 000,000,101 | ---- | C] () -- C:\WINDOWS\PSXLPR.INI
[2010.09.02 13:48:58 | 003,936,794 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šatov-návrh pro památky-Model.plt
[2010.08.31 13:52:41 | 007,732,057 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 082010)-Model.plt
[2010.08.30 19:23:54 | 001,953,090 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šatov-stáv.stav-+POHLEDY(pro památkáře)-Model.plt
[2010.08.30 10:57:37 | 007,837,369 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 072010)-Model.plt
[2010.08.26 12:58:13 | 003,082,183 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Hauzvic-podklad pro výpočet(oprava)-Model.plt
[2010.08.21 10:21:34 | 004,322,263 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD KOLAŘÍKOVÁ-stáv.+nový stav-DOTACE-Model.plt
[2010.08.20 12:59:19 | 003,387,616 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Hauzvic-stáv.+nový stav(oprava)-Model.plt
[2010.08.17 16:37:10 | 009,255,114 | ---- | C] () -- C:\Documents and Settings\OEM\Plocha\OLDRISOV_SITUACE_TISKOVE.dwg
[2010.08.17 11:11:50 | 002,441,267 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD KOLAŘÍKOVÁ-stáv.+nový stav-Model.plt
[2010.06.08 15:35:10 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\ct.ini
[2010.04.02 19:43:30 | 000,011,714 | ---- | C] () -- C:\WINDOWS\mhotkey_reg.ini
[2010.04.02 19:43:28 | 000,294,912 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2010.03.02 11:33:56 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\SecureStoreCspRes.dll
[2010.03.02 11:33:48 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SecureStorePKCS11.dll
[2010.03.02 11:33:40 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\SecureStoreCSP.dll
[2010.03.02 11:33:34 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\SecureStoreCore.dll
[2009.10.06 08:04:05 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009.06.15 07:59:26 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\Ry4CoInst.dll
[2009.06.11 08:40:16 | 000,000,071 | ---- | C] () -- C:\WINDOWS\System32\ap_i2p.ini
[2009.05.25 08:56:36 | 000,095,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\98365d1e.sys
[2009.05.03 13:16:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\9d08d9cc.sys
[2009.04.27 10:54:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\bf9ddd11.sys
[2009.04.13 14:46:45 | 000,020,480 | -HS- | C] () -- C:\WINDOWS\System32\12520437n.dll
[2009.03.30 10:32:40 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\OEM\Data aplikací\wiaserva.log
[2009.03.17 12:08:48 | 000,131,960 | ---- | C] () -- C:\WINDOWS\System32\ICAEnroll.dll
[2009.03.17 12:08:48 | 000,078,712 | ---- | C] () -- C:\WINDOWS\System32\ICARenewal.dll
[2009.01.06 15:15:16 | 000,018,144 | R--- | C] () -- C:\WINDOWS\System32\drivers\NTGDT.SYS
[2008.12.15 17:06:26 | 000,104,448 | ---- | C] () -- C:\Documents and Settings\OEM\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.15 12:07:17 | 000,000,051 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini
[2008.11.06 20:22:42 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[2008.11.06 19:44:19 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008.11.06 19:30:03 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2008.11.06 19:22:43 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.11.06 19:09:54 | 000,003,450 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008.09.30 13:45:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.09.30 11:37:43 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.08.18 11:51:28 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007.12.21 09:21:56 | 000,033,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2005.10.14 12:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 12:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 12:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 12:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 12:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2000.09.19 02:50:28 | 000,202,752 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
========== LOP Check ==========
[2008.11.06 20:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2008.11.06 20:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2008.11.06 19:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2008.09.30 12:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2008.11.06 19:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\WinZip
[2009.02.26 18:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Autodesk
[2009.06.15 08:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Chinaweal Longteng
[2010.01.19 14:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\CrashReport
[2010.09.12 10:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\ICQ
[2009.11.12 10:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Octoshape
[2008.11.06 18:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Opera
[2008.11.06 18:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Zoner
[2010.05.20 09:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\ZWCAD
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 08:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" -- [2007.06.01 10:21:08 | 000,153,136 | ---- | M] (Nero AG)
"Octoshape Streaming Services" = "C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun -- [2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS)
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2008.04.14 08:52:38 | 001,695,232 | ---- | M] (Microsoft Corporation)
"ICQ" = "C:\Program Files\ICQ6.5\ICQ.exe" silent -- [2009.11.16 17:36:19 | 000,172,792 | ---- | M] (ICQ, LLC.)
< c:\windows\*.* /U >
[3 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2009.01.08 13:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Adobe
[2008.05.24 12:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Ahead
[2008.08.18 12:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\ATI
[2009.02.26 18:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Autodesk
[2009.06.15 08:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Chinaweal Longteng
[2010.01.19 14:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\CrashReport
[2009.04.08 11:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Help
[2010.09.12 10:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\ICQ
[2008.05.24 12:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Identities
[2008.05.24 12:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\InstallShield
[2008.11.06 19:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Macromedia
[2010.09.10 14:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Malwarebytes
[2010.08.19 17:19:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\OEM\Data aplikací\Microsoft
[2009.11.12 09:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Mozilla
[2009.11.12 10:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Octoshape
[2008.11.06 18:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Opera
[2009.07.13 10:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Skype
[2010.07.02 15:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\U3
[2008.11.06 19:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\WinRAR
[2008.11.06 18:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Zoner
[2010.05.20 09:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\ZWCAD
< %APPDATA%\*.exe /s >
[2009.06.09 08:09:49 | 001,915,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\OEM\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\OEM\Data aplikací\U3\temp\cleanup.exe
[2007.10.23 09:22:56 | 003,350,528 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\OEM\Data aplikací\U3\temp\Launchpad Removal.exe
< MD5 for: AGP440.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: CDROM.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 00:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
< MD5 for: ISAPNP.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2008.07.04 05:25:03 | 000,421,888 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008.05.24 13:49:13 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.05.24 13:49:13 | 001,069,056 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.05.24 13:49:13 | 000,483,328 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[2008.07.04 05:25:03 | 000,421,888 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %fystemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %fystemRoot%\system32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2010.09.12 11:14:33 | 000,000,202 | ---- | M] () -- C:\WINDOWS\system32\PSLOG
[2010.09.12 10:38:06 | 000,012,598 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
========== Alternate Data Streams ==========
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:8C35AEA7
< End of report >
otl.txt:
OTL logfile created on: 12.9.2010 11:22:39 - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\OEM\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 264,79 Gb Free Space | 88,83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ROMAN-PC
Current User Name: OEM
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.09.12 11:20:30 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OEM\Plocha\OTL.exe
PRC - [2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
PRC - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008.10.28 18:45:02 | 000,098,816 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.01.16 10:26:38 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.12.27 14:03:14 | 000,580,096 | ---- | M] () -- C:\WINDOWS\mHotkey.exe
PRC - [2007.12.21 16:57:38 | 000,057,344 | ---- | M] (Chicony) -- C:\WINDOWS\ChiFuncExt.exe
PRC - [2007.06.01 10:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.06.01 10:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006.11.21 12:00:00 | 000,389,120 | ---- | M] (WinZip Computing LP) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2006.11.03 17:13:10 | 000,081,920 | ---- | M] (KYE SYSTEMS CORP.) -- C:\Program Files\hotkey\hotkey.exe
PRC - [2006.10.13 10:39:32 | 000,036,864 | ---- | M] () -- C:\Program Files\hotkey\OSD.EXE
PRC - [2006.08.03 17:38:44 | 000,503,808 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis3a.exe
========== Modules (SafeList) ==========
MOD - [2010.09.12 11:20:30 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OEM\Plocha\OTL.exe
MOD - [2008.04.14 08:49:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009.04.03 07:50:53 | 000,047,104 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\aacliento.exe -- (SamSsSENS)
SRV - [2009.02.11 16:59:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.11.24 23:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008.11.24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008.11.06 20:46:03 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.01.16 10:26:38 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.12.21 09:22:44 | 000,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2007.12.21 09:21:16 | 000,468,224 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\ws2_32sik.sys -- (ws2_32sik)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\systemntmi.sys -- (systemntmi)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\securentm.sys -- (securentm)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\port135sik.sys -- (port135sik)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\nicsk32.sys -- (nicsk32)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\netsik.sys -- (netsik)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\ksi32sk.sys -- (ksi32sk)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\i386si.sys -- (i386si)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\fips32cup.sys -- (fips32cup)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\ati64si.sys -- (ati64si)
DRV - File not found [File_System | On_Demand | Running] -- C:\Program Files\Anti Trojan Elite\ATEPMon.sys -- (ATE_PROCMON)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\amd64si.sys -- (amd64si)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\acpi32.sys -- (acpi32)
DRV - [2010.01.05 09:31:43 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\9d08d9cc.sys -- (9d08d9cc)
DRV - [2009.06.15 07:59:26 | 000,012,928 | ---- | M] (Feitian Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rockey4USB.sys -- (rockey_usb)
DRV - [2009.06.15 07:59:25 | 000,022,016 | ---- | M] (Feitian Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rockey4.sys -- (rockeynt)
DRV - [2009.04.28 09:29:26 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\bf9ddd11.sys -- (bf9ddd11)
DRV - [2009.01.06 15:15:16 | 000,018,144 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NTGDT.SYS -- (NTGDT)
DRV - [2008.07.04 08:33:33 | 003,230,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.04.13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.12.21 09:21:56 | 000,033,800 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2007.12.21 09:20:14 | 000,030,216 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2007.12.21 09:19:54 | 000,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2007.09.19 17:16:32 | 004,617,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.07.20 19:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007.06.28 12:46:42 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007.06.28 12:46:40 | 000,045,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.09.05 15:10:12 | 000,020,096 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2006.04.22 03:44:39 | 000,008,064 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2002.09.13 03:45:40 | 000,053,568 | ---- | M] (Gemplus) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gemusb.sys -- (GEMPC430)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
IE - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://www.atlas.cz/?from=icqhp"
FF - prefs.js..extensions.enabledItems: xmlfiller@software602.cz:3.1.6
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.17 11:15:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.17 11:15:42 | 000,000,000 | ---D | M]
[2008.11.06 18:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Extensions
[2008.11.06 18:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\96gv4lpz.default\extensions
[2010.08.15 13:03:22 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\96gv4lpz.default\searchplugins\icqplugin-1.xml
[2010.08.16 11:44:41 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\96gv4lpz.default\searchplugins\icqplugin-2.xml
[2010.08.17 11:15:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\96gv4lpz.default\searchplugins\icqplugin-3.xml
[2008.11.18 14:56:02 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\96gv4lpz.default\searchplugins\icqplugin.xml
[2010.08.16 13:04:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.01.06 11:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.04 11:43:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\xmlfiller@software602.cz
[2009.12.17 15:39:34 | 000,090,112 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npfiller.dll
[2010.08.17 11:15:38 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.08.17 11:15:38 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.08.17 11:15:38 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.08.17 11:15:38 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.08.17 11:15:38 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2006.03.02 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [gemstrmw] C:\WINDOWS\System32\gemstrmw.exe (Gemplus)
O4 - HKLM..\Run: [HotKey] C:\Program Files\hotkey\hotkey.exe (KYE SYSTEMS CORP.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LchDrvKey] C:\WINDOWS\LchDrvKey.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004..\Run: [Octoshape Streaming Services] C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Akcelerátor spuštění AutoCADu LT.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} file:///C:/Program%20Files/AutoCAD%20LT%202002%20Cz/InstFred.ocx (InstaFred)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Program%20Files/AutoCAD%20LT%202002%20Cz/AcDcToday.ocx (Ovládací prvek AcDcToday)
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} file:///C:/Program%20Files/AutoCAD%20LT%202002%20Cz/InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files/AutoCAD%20LT%202002%20Cz/AcPreview.ocx (Prvek AcPreview)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.47.0.4 10.0.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\OEM\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\OEM\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\a2service.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ArcaCheck.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\arcavir.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashDisp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashEnhcd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashServ.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashUpd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\aswUpdSv.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\autoruns.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avadmin.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avcenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avcls.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avconfig.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avconsol.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avgnt.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avgrssvc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avguard.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\AvMonitor.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avp.com: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\AVP32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz_se.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz4.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\bdagent.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\bdinit.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\caav.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\caavguiscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\casecuritycenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\CCenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ccupdate.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cfp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cfpupdat.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cmdagent.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\drwadins.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\DRWEB32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\drwebupw.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ekrn.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FAMEH32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\filemon.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FPAVServer.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fpscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FPWin.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fsav32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fsgk32st.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FSMA32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\GFRing3.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardgui.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardxservice.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardxup.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\HijackThis.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KASMain.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KASTask.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAV32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVDX.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVPF.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVPFW.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVStart.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KPFW32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KPFW32X.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Navapsvc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Navapw32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\navigator.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVNT.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVSTUB.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVW32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVWNT.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\niu.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\nod32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\nod32krn.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Nvcc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\OllyDBG.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\outpost.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\preupd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\procexp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\pskdr.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\regedit.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\regmon.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\RegTool.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\scan32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\SfFnUp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Vba32arkit.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\vba32ldr.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\vsserv.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Zanda.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zapro.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Zlh.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zonealarm.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zoneband.dll: Debugger - ntsd -d (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.24 11:59:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{621fd169-8f05-11dd-ad7a-001fd082278f}\Shell\AutoRun\command - "" = I:\PStart.exe -- File not found
O33 - MountPoints2\{7b2f3cc1-2987-11dd-a64e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{7b2f3cc1-2987-11dd-a64e-806d6172696f}\Shell\AutoRun\command - "" = D:\BetaSoft\setup.exe -- File not found
O33 - MountPoints2\{cac7359e-c36b-11dd-9260-001fd082278f}\Shell - "" = AutoRun
O33 - MountPoints2\{cac7359e-c36b-11dd-9260-001fd082278f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)
========== Files/Folders - Created Within 30 Days ==========
[2010.09.12 11:20:30 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\OEM\Plocha\OTL.exe
[2010.09.10 14:59:21 | 000,000,000 | ---D | C] -- C:\logy
[2010.09.10 14:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.09.10 14:58:52 | 000,000,000 | ---D | C] -- C:\rsit
[2010.09.10 14:40:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM\Data aplikací\Malwarebytes
[2010.09.10 14:40:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.09.10 14:40:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.09.10 14:40:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.10 14:40:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.09.10 11:21:17 | 000,554,272 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\OEM\Plocha\Mats_Run.printing.exe
[2010.09.09 09:05:18 | 000,000,000 | ---D | C] -- C:\zaloha
[2010.09.09 09:04:53 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.09.09 06:43:03 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010.09.05 13:43:22 | 000,104,960 | ---- | C] (Edimax Technology Co., LTD) -- C:\WINDOWS\System32\PSX64.dll
[2010.09.05 13:43:22 | 000,092,672 | ---- | C] (Edimax Technology Co., LTD) -- C:\WINDOWS\System32\pswin.dll
[2010.09.05 13:43:22 | 000,069,120 | ---- | C] (Edimax Technology Co., LTD) -- C:\WINDOWS\System32\psnt.dll
[2010.09.05 11:44:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010.09.01 12:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM\Application Data
[2010.09.01 12:52:41 | 000,061,440 | R--- | C] (Monotype Imaging Inc.) -- C:\WINDOWS\System32\TSKMON.DLL
[2010.09.01 12:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\PrintServer Utilities
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.09.12 11:20:38 | 000,003,450 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.09.12 11:20:30 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OEM\Plocha\OTL.exe
[2010.09.12 11:19:35 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\OEM\NTUSER.DAT
[2010.09.12 11:14:33 | 000,000,202 | ---- | M] () -- C:\WINDOWS\System32\PSLOG
[2010.09.12 11:06:43 | 000,000,051 | ---- | M] () -- C:\WINDOWS\ccolwiz.ini
[2010.09.12 10:59:26 | 003,842,699 | ---- | M] () -- C:\Documents and Settings\OEM\Plocha\ComboFix.exe
[2010.09.12 10:38:07 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.12 10:38:06 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.12 10:38:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.10 18:59:23 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\OEM\ntuser.ini
[2010.09.10 11:21:37 | 000,000,222 | ---- | M] () -- C:\Documents and Settings\OEM\Plocha\MicrosoftFixit50126.msi
[2010.09.10 11:21:17 | 000,554,272 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\OEM\Plocha\Mats_Run.printing.exe
[2010.09.09 07:55:21 | 004,760,334 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šimkovi- RDS PŮDORYS 1.NP (092010)-Model.plt
[2010.09.08 18:52:16 | 003,392,685 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šimkovi- RDS PŮDORYS 2.NP (092010)-Model.plt
[2010.09.07 11:04:32 | 003,651,276 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\Sv.Čecha- zábradlí + detaily TISKOVÉ-Model.plt
[2010.09.06 18:10:51 | 004,463,422 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 082010)-TISK-Model.plt
[2010.09.02 14:07:09 | 003,936,794 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šatov-návrh pro památky-Model.plt
[2010.08.31 13:52:44 | 007,732,057 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 082010)-Model.plt
[2010.08.30 19:23:55 | 001,953,090 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šatov-stáv.stav-+POHLEDY(pro památkáře)-Model.plt
[2010.08.30 10:57:39 | 007,837,369 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 072010)-Model.plt
[2010.08.26 12:58:14 | 003,082,183 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Hauzvic-podklad pro výpočet(oprava)-Model.plt
[2010.08.21 10:21:36 | 004,322,263 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD KOLAŘÍKOVÁ-stáv.+nový stav-DOTACE-Model.plt
[2010.08.20 13:41:48 | 003,387,616 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Hauzvic-stáv.+nový stav(oprava)-Model.plt
[2010.08.19 19:14:03 | 002,441,267 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD KOLAŘÍKOVÁ-stáv.+nový stav-Model.plt
[2010.08.19 12:50:45 | 002,592,345 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\22-05-2010-Ambit-Dvorce-(k tisku)-Model.plt
[2010.08.17 16:37:25 | 009,255,114 | ---- | M] () -- C:\Documents and Settings\OEM\Plocha\OLDRISOV_SITUACE_TISKOVE.dwg
[2010.08.15 17:24:03 | 002,903,967 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Hauzvic-stáv.+nový stav-Model.plt
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.09.12 10:59:25 | 003,842,699 | ---- | C] () -- C:\Documents and Settings\OEM\Plocha\ComboFix.exe
[2010.09.10 11:21:37 | 000,000,222 | ---- | C] () -- C:\Documents and Settings\OEM\Plocha\MicrosoftFixit50126.msi
[2010.09.09 07:55:19 | 004,760,334 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šimkovi- RDS PŮDORYS 1.NP (092010)-Model.plt
[2010.09.08 18:52:15 | 003,392,685 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šimkovi- RDS PŮDORYS 2.NP (092010)-Model.plt
[2010.09.07 10:53:33 | 003,651,276 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\Sv.Čecha- zábradlí + detaily TISKOVÉ-Model.plt
[2010.09.06 07:35:16 | 004,463,422 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 082010)-TISK-Model.plt
[2010.09.05 13:43:22 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\Bot.dll
[2010.09.05 13:43:22 | 000,000,101 | ---- | C] () -- C:\WINDOWS\PSXLPR.INI
[2010.09.02 13:48:58 | 003,936,794 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šatov-návrh pro památky-Model.plt
[2010.08.31 13:52:41 | 007,732,057 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 082010)-Model.plt
[2010.08.30 19:23:54 | 001,953,090 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šatov-stáv.stav-+POHLEDY(pro památkáře)-Model.plt
[2010.08.30 10:57:37 | 007,837,369 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 072010)-Model.plt
[2010.08.26 12:58:13 | 003,082,183 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Hauzvic-podklad pro výpočet(oprava)-Model.plt
[2010.08.21 10:21:34 | 004,322,263 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD KOLAŘÍKOVÁ-stáv.+nový stav-DOTACE-Model.plt
[2010.08.20 12:59:19 | 003,387,616 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Hauzvic-stáv.+nový stav(oprava)-Model.plt
[2010.08.17 16:37:10 | 009,255,114 | ---- | C] () -- C:\Documents and Settings\OEM\Plocha\OLDRISOV_SITUACE_TISKOVE.dwg
[2010.08.17 11:11:50 | 002,441,267 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD KOLAŘÍKOVÁ-stáv.+nový stav-Model.plt
[2010.06.08 15:35:10 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\ct.ini
[2010.04.02 19:43:30 | 000,011,714 | ---- | C] () -- C:\WINDOWS\mhotkey_reg.ini
[2010.04.02 19:43:28 | 000,294,912 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2010.03.02 11:33:56 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\SecureStoreCspRes.dll
[2010.03.02 11:33:48 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SecureStorePKCS11.dll
[2010.03.02 11:33:40 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\SecureStoreCSP.dll
[2010.03.02 11:33:34 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\SecureStoreCore.dll
[2009.10.06 08:04:05 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009.06.15 07:59:26 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\Ry4CoInst.dll
[2009.06.11 08:40:16 | 000,000,071 | ---- | C] () -- C:\WINDOWS\System32\ap_i2p.ini
[2009.05.25 08:56:36 | 000,095,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\98365d1e.sys
[2009.05.03 13:16:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\9d08d9cc.sys
[2009.04.27 10:54:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\bf9ddd11.sys
[2009.04.13 14:46:45 | 000,020,480 | -HS- | C] () -- C:\WINDOWS\System32\12520437n.dll
[2009.03.30 10:32:40 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\OEM\Data aplikací\wiaserva.log
[2009.03.17 12:08:48 | 000,131,960 | ---- | C] () -- C:\WINDOWS\System32\ICAEnroll.dll
[2009.03.17 12:08:48 | 000,078,712 | ---- | C] () -- C:\WINDOWS\System32\ICARenewal.dll
[2009.01.06 15:15:16 | 000,018,144 | R--- | C] () -- C:\WINDOWS\System32\drivers\NTGDT.SYS
[2008.12.15 17:06:26 | 000,104,448 | ---- | C] () -- C:\Documents and Settings\OEM\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.15 12:07:17 | 000,000,051 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini
[2008.11.06 20:22:42 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[2008.11.06 19:44:19 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008.11.06 19:30:03 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2008.11.06 19:22:43 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.11.06 19:09:54 | 000,003,450 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008.09.30 13:45:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.09.30 11:37:43 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.08.18 11:51:28 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007.12.21 09:21:56 | 000,033,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2005.10.14 12:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 12:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 12:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 12:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 12:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2000.09.19 02:50:28 | 000,202,752 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
========== LOP Check ==========
[2008.11.06 20:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2008.11.06 20:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2008.11.06 19:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2008.09.30 12:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2008.11.06 19:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\WinZip
[2009.02.26 18:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Autodesk
[2009.06.15 08:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Chinaweal Longteng
[2010.01.19 14:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\CrashReport
[2010.09.12 10:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\ICQ
[2009.11.12 10:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Octoshape
[2008.11.06 18:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Opera
[2008.11.06 18:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Zoner
[2010.05.20 09:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\ZWCAD
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 08:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" -- [2007.06.01 10:21:08 | 000,153,136 | ---- | M] (Nero AG)
"Octoshape Streaming Services" = "C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun -- [2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS)
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2008.04.14 08:52:38 | 001,695,232 | ---- | M] (Microsoft Corporation)
"ICQ" = "C:\Program Files\ICQ6.5\ICQ.exe" silent -- [2009.11.16 17:36:19 | 000,172,792 | ---- | M] (ICQ, LLC.)
< c:\windows\*.* /U >
[3 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2009.01.08 13:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Adobe
[2008.05.24 12:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Ahead
[2008.08.18 12:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\ATI
[2009.02.26 18:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Autodesk
[2009.06.15 08:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Chinaweal Longteng
[2010.01.19 14:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\CrashReport
[2009.04.08 11:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Help
[2010.09.12 10:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\ICQ
[2008.05.24 12:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Identities
[2008.05.24 12:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\InstallShield
[2008.11.06 19:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Macromedia
[2010.09.10 14:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Malwarebytes
[2010.08.19 17:19:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\OEM\Data aplikací\Microsoft
[2009.11.12 09:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Mozilla
[2009.11.12 10:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Octoshape
[2008.11.06 18:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Opera
[2009.07.13 10:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Skype
[2010.07.02 15:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\U3
[2008.11.06 19:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\WinRAR
[2008.11.06 18:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Zoner
[2010.05.20 09:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\ZWCAD
< %APPDATA%\*.exe /s >
[2009.06.09 08:09:49 | 001,915,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\OEM\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\OEM\Data aplikací\U3\temp\cleanup.exe
[2007.10.23 09:22:56 | 003,350,528 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\OEM\Data aplikací\U3\temp\Launchpad Removal.exe
< MD5 for: AGP440.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: CDROM.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 00:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
< MD5 for: ISAPNP.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2008.07.04 05:25:03 | 000,421,888 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008.05.24 13:49:13 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.05.24 13:49:13 | 001,069,056 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.05.24 13:49:13 | 000,483,328 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[2008.07.04 05:25:03 | 000,421,888 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %fystemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %fystemRoot%\system32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2010.09.12 11:14:33 | 000,000,202 | ---- | M] () -- C:\WINDOWS\system32\PSLOG
[2010.09.12 10:38:06 | 000,012,598 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
========== Alternate Data Streams ==========
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:8C35AEA7
< End of report >
Re: Prosím o kontrolu logu
a extras.txt:
OTL Extras logfile created on: 12.9.2010 11:22:39 - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\OEM\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 264,79 Gb Free Space | 88,83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ROMAN-PC
Current User Name: OEM
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-2934858514-3775439591-2112138417-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"13364:UDP" = 13364:UDP:*:Enabled:Print Server Utility
"13621:UDP" = 13621:UDP:*:Enabled:MFP Bot Utility
"13107:UDP" = 13107:UDP:*:Enabled:Print Server Utility
"69:UDP" = 69:UDP:*:Enabled:Print Server Utility
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"13364:UDP" = 13364:UDP:*:Enabled:Print Server Utility
"13621:UDP" = 13621:UDP:*:Enabled:MFP Bot Utility
"13107:UDP" = 13107:UDP:*:Enabled:Print Server Utility
"69:UDP" = 69:UDP:*:Enabled:Print Server Utility
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Roman PC\PROGRAMY\QIP\qip.exe" = C:\Roman PC\PROGRAMY\QIP\qip.exe:*:Enabled:Quiet Internet Pager -- (The Author of QIP)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:ENABLE -- (Microsoft Corporation)
"C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0004D4C8-7F6C-BA20-32B2-5C861FA340CB}" = Catalyst Control Center Graphics Full Existing
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{10053F59-0765-163D-F759-155E6DA35AB6}" = CCC Help English
"{101E4225-8983-7850-3E8C-00C5E0A13B40}" = ccc-core-static
"{10944289-8401-4B95-8E2A-61B0024C8C3A}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{1727cd47-a408-11d2-afad-00c04f72fb3e}" = VBA (2720)
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F555374-449A-0734-73EA-5FF6207FA30F}" = Skins
"{432282b5-d708-431a-9ada-abbbbac3f205}" = Business Contact Manager pro aplikaci Outlook 2007 SP1
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5141D667-6FE0-DFD6-FDC8-C981DC06520C}" = Catalyst Control Center Graphics Full New
"{51C9B6D6-BF0F-3BA5-1EA4-17C6190DBE07}" = ccc-core-preinstall
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-0109-0405-0000-0060B0CE6BBA}" = AutoCAD LT 2002
"{5783F2D7-4009-0405-0002-0060B0CE6BBA}" = AutoCAD LT 2006 - Český
"{59d1195a-7e64-4120-bb37-f053d9fd45fb}" = ODF Add-in for Microsoft Office
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{66EBD70F-A42C-475F-AEDF-277378151029}" = Nero 7 Essentials
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F947BFE-C2DF-4779-9909-5BEE746BD0C4}" = Microsoft .NET Framework 2.0 Language Pack - CSY
"{86F68693-A637-1F4D-5D4F-4D58486A4601}" = ccc-utility
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000ff1ce}" = Compatibility Pack for the 2007 Office system
"{90A40405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{A053F79A-9618-46F2-AD41-C33C3FB3B6D8}" = PrintServer Utilities
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Součásti připojení sady Microsoft Office Small Business
"{ac76ba86-7ad7-1033-7b44-a91000000001}" = Adobe Reader 9.1
"{AE888E0F-6727-0045-A966-CFB975AC15BA}" = Catalyst Control Center Graphics Previews Common
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C2157D30-298B-11D7-BF3B-00079500A37A}" = Genius SlimStar 310/311 Hotkey driver
"{C952BD03-9AC6-F898-B17F-9352638EC93C}" = Catalyst Control Center Core Implementation
"{CADF1911-C4FB-8651-36E0-FF06DAA75F28}" = Catalyst Control Center Graphics Light
"{D9226EB1-C528-48AC-B423-BD9240E1F60B}" = Opera 9.62
"{DA4A7657-605C-4367-AF27-76C72DE4648C}" = ESET NOD32 Antivirus
"{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}" = 602XML Filler
"{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}" = KB-320e
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"7-zip" = 7-Zip 4.57
"adobe flash player activex" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"advanced pdf to image converter_is1" = Advanced PDF to IMAGE converter 1.9.9.34
"All ATI Software" = ATI - Software Uninstall Utility
"AnyDVD" = AnyDVD
"ATI Display Driver" = ATI Display Driver
"BSPlayer1" = BSPlayer
"Business Contact Manager" = Business Contact Manager pro aplikaci Outlook 2007 SP1
"Capture-A-ScreenShot_is1" = Capture-A-ScreenShot
"CCleaner" = CCleaner
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Corel Applications" = Corel Applications
"Gemplus Smart Card Reader Tools" = Gemplus Smart Card Reader Tools
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Image To PDF_is1" = Image To PDF v3.3.0
"img2cad_is1" = Img2CAD 1.0
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 2.0 Language Pack - CSY" = Microsoft .NET Framework 2.0 Language Pack - CSY
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NOD32 v3.x FiX 1.1 by TemDono_is1" = NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
"NVIDIA Drivers" = NVIDIA Drivers
"pdfFactory Pro" = pdfFactory Pro
"SecureStore I.CA" = SecureStore I.CA 2.11
"Totalcmd" = Total Commander (Remove or Repair)
"Volo View Express" = Volo View Express
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zoner Photo Studio 9_is1" = Zoner Photo Studio 9
"ZWCAD 2008i Professional CZ" = ZWCAD 2008i Professional CZ
"zwcad 2009 csy" = ZWCAD 2009 Csy
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2934858514-3775439591-2112138417-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"octoshape streaming services" = Octoshape Streaming Services
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.3.2010 13:36:20 | Computer Name = ROMAN-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace aclt.exe, verze 22.2.54.10, chybující modul aclt.exe,
verze 22.2.54.10, adresa chyby 0x005e95b6.
Error - 25.3.2010 6:43:38 | Computer Name = ROMAN-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace aclt.exe, verze 22.2.54.10, chybující modul aclt.exe,
verze 22.2.54.10, adresa chyby 0x005e95b6.
Error - 29.3.2010 12:52:39 | Computer Name = ROMAN-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace aclt.exe, verze 22.2.54.10, chybující modul acdb16.dll,
verze 16.2.54.0, adresa chyby 0x000f7600.
Error - 30.3.2010 8:29:48 | Computer Name = ROMAN-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace aclt.exe, verze 22.2.54.10, chybující modul aclt.exe,
verze 22.2.54.10, adresa chyby 0x005e95b6.
Error - 31.3.2010 10:27:26 | Computer Name = ROMAN-PC | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace aclt.exe, verze 22.2.54.10, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 3.4.2010 11:51:08 | Computer Name = ROMAN-PC | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace opera.exe, verze 9.62.10467.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 5.4.2010 11:28:10 | Computer Name = ROMAN-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace aclt.exe, verze 22.2.54.10, chybující modul aclt.exe,
verze 22.2.54.10, adresa chyby 0x005e95b6.
Error - 5.4.2010 13:30:12 | Computer Name = ROMAN-PC | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace opera.exe, verze 9.62.10467.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 6.4.2010 7:34:43 | Computer Name = ROMAN-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace aclt.exe, verze 22.2.54.10, chybující modul aclt.exe,
verze 22.2.54.10, adresa chyby 0x005e95b6.
Error - 8.4.2010 8:50:21 | Computer Name = ROMAN-PC | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace opera.exe, verze 9.62.10467.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
[ System Events ]
Error - 10.9.2010 12:03:08 | Computer Name = ROMAN-PC | Source = Service Control Manager | ID = 7000
Description = Služba Automatické aktualizace neuspěla při spuštění v důsledku následující
chyby: %%2
Error - 10.9.2010 12:09:52 | Computer Name = ROMAN-PC | Source = Print | ID = 6161
Description = Tisk dokumentu C:\Roman PC\Dwg\DWG 2010\BO Bohumín-výměna oken\BO-výměna
oken(k tisku)\BO OKRUŽNÍ1059, 1060, 1061, 1062 a ČSA 1063(k tisku).dwg Model (1)
(vlastník: OEM) na tiskárně HP DesignJet 450C (D/A1) by HP se nezdařil. Datový typ:
NT EMF 1.008 Velikost zařazeného souboru (bajty): 2340476 Počet vytištěných bajtů:
0 Celkový počet stran v dokumentu: 1 Počet vytištěných stran: 0 Klientský počítač: \\ROMAN-PC
Kód
chyby Win32, vrácený tiskovým procesorem: 87 (0x57)
Error - 10.9.2010 12:19:16 | Computer Name = ROMAN-PC | Source = Service Control Manager | ID = 7031
Description = Služba Zařazování tisku byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.
Error - 12.9.2010 4:38:21 | Computer Name = ROMAN-PC | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
Eset Service.
Error - 12.9.2010 4:38:21 | Computer Name = ROMAN-PC | Source = Service Control Manager | ID = 7000
Description = Služba Eset Service neuspěla při spuštění v důsledku následující chyby:
%%1053
Error - 12.9.2010 4:38:21 | Computer Name = ROMAN-PC | Source = Service Control Manager | ID = 7000
Description = Služba Automatické aktualizace neuspěla při spuštění v důsledku následující
chyby: %%2
Error - 12.9.2010 5:01:20 | Computer Name = ROMAN-PC | Source = Print | ID = 6161
Description = Tisk dokumentu C:\Roman PC\Dwg\DWG 2010\BO Bohumín-výměna oken\BO-výměna
oken(k tisku)\BO OKRUŽNÍ1059, 1060, 1061, 1062 a ČSA 1063(k tisku).dwg Model (1)
(vlastník: OEM) na tiskárně HP DesignJet 450C (D/A1) by HP se nezdařil. Datový typ:
NT EMF 1.008 Velikost zařazeného souboru (bajty): 3211264 Počet vytištěných bajtů:
0 Celkový počet stran v dokumentu: 1 Počet vytištěných stran: 0 Klientský počítač: \\ROMAN-PC
Kód
chyby Win32, vrácený tiskovým procesorem: 87 (0x57)
Error - 12.9.2010 5:09:26 | Computer Name = ROMAN-PC | Source = Service Control Manager | ID = 7031
Description = Služba Zařazování tisku byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.
Error - 12.9.2010 5:11:33 | Computer Name = ROMAN-PC | Source = Service Control Manager | ID = 7031
Description = Služba Zařazování tisku byla nečekaně ukončena. Stalo se to 2 krát.
Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.
Error - 12.9.2010 5:14:35 | Computer Name = ROMAN-PC | Source = Service Control Manager | ID = 7034
Description = Služba Zařazování tisku byla neočekávaně ukončena. Tento stav nastal
již 3krát.
< End of report >
OTL Extras logfile created on: 12.9.2010 11:22:39 - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\OEM\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 264,79 Gb Free Space | 88,83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ROMAN-PC
Current User Name: OEM
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-2934858514-3775439591-2112138417-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"13364:UDP" = 13364:UDP:*:Enabled:Print Server Utility
"13621:UDP" = 13621:UDP:*:Enabled:MFP Bot Utility
"13107:UDP" = 13107:UDP:*:Enabled:Print Server Utility
"69:UDP" = 69:UDP:*:Enabled:Print Server Utility
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"13364:UDP" = 13364:UDP:*:Enabled:Print Server Utility
"13621:UDP" = 13621:UDP:*:Enabled:MFP Bot Utility
"13107:UDP" = 13107:UDP:*:Enabled:Print Server Utility
"69:UDP" = 69:UDP:*:Enabled:Print Server Utility
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Roman PC\PROGRAMY\QIP\qip.exe" = C:\Roman PC\PROGRAMY\QIP\qip.exe:*:Enabled:Quiet Internet Pager -- (The Author of QIP)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:ENABLE -- (Microsoft Corporation)
"C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0004D4C8-7F6C-BA20-32B2-5C861FA340CB}" = Catalyst Control Center Graphics Full Existing
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{10053F59-0765-163D-F759-155E6DA35AB6}" = CCC Help English
"{101E4225-8983-7850-3E8C-00C5E0A13B40}" = ccc-core-static
"{10944289-8401-4B95-8E2A-61B0024C8C3A}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{1727cd47-a408-11d2-afad-00c04f72fb3e}" = VBA (2720)
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F555374-449A-0734-73EA-5FF6207FA30F}" = Skins
"{432282b5-d708-431a-9ada-abbbbac3f205}" = Business Contact Manager pro aplikaci Outlook 2007 SP1
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5141D667-6FE0-DFD6-FDC8-C981DC06520C}" = Catalyst Control Center Graphics Full New
"{51C9B6D6-BF0F-3BA5-1EA4-17C6190DBE07}" = ccc-core-preinstall
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-0109-0405-0000-0060B0CE6BBA}" = AutoCAD LT 2002
"{5783F2D7-4009-0405-0002-0060B0CE6BBA}" = AutoCAD LT 2006 - Český
"{59d1195a-7e64-4120-bb37-f053d9fd45fb}" = ODF Add-in for Microsoft Office
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{66EBD70F-A42C-475F-AEDF-277378151029}" = Nero 7 Essentials
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F947BFE-C2DF-4779-9909-5BEE746BD0C4}" = Microsoft .NET Framework 2.0 Language Pack - CSY
"{86F68693-A637-1F4D-5D4F-4D58486A4601}" = ccc-utility
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000ff1ce}" = Compatibility Pack for the 2007 Office system
"{90A40405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{A053F79A-9618-46F2-AD41-C33C3FB3B6D8}" = PrintServer Utilities
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Součásti připojení sady Microsoft Office Small Business
"{ac76ba86-7ad7-1033-7b44-a91000000001}" = Adobe Reader 9.1
"{AE888E0F-6727-0045-A966-CFB975AC15BA}" = Catalyst Control Center Graphics Previews Common
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C2157D30-298B-11D7-BF3B-00079500A37A}" = Genius SlimStar 310/311 Hotkey driver
"{C952BD03-9AC6-F898-B17F-9352638EC93C}" = Catalyst Control Center Core Implementation
"{CADF1911-C4FB-8651-36E0-FF06DAA75F28}" = Catalyst Control Center Graphics Light
"{D9226EB1-C528-48AC-B423-BD9240E1F60B}" = Opera 9.62
"{DA4A7657-605C-4367-AF27-76C72DE4648C}" = ESET NOD32 Antivirus
"{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}" = 602XML Filler
"{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}" = KB-320e
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"7-zip" = 7-Zip 4.57
"adobe flash player activex" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"advanced pdf to image converter_is1" = Advanced PDF to IMAGE converter 1.9.9.34
"All ATI Software" = ATI - Software Uninstall Utility
"AnyDVD" = AnyDVD
"ATI Display Driver" = ATI Display Driver
"BSPlayer1" = BSPlayer
"Business Contact Manager" = Business Contact Manager pro aplikaci Outlook 2007 SP1
"Capture-A-ScreenShot_is1" = Capture-A-ScreenShot
"CCleaner" = CCleaner
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Corel Applications" = Corel Applications
"Gemplus Smart Card Reader Tools" = Gemplus Smart Card Reader Tools
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Image To PDF_is1" = Image To PDF v3.3.0
"img2cad_is1" = Img2CAD 1.0
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 2.0 Language Pack - CSY" = Microsoft .NET Framework 2.0 Language Pack - CSY
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NOD32 v3.x FiX 1.1 by TemDono_is1" = NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
"NVIDIA Drivers" = NVIDIA Drivers
"pdfFactory Pro" = pdfFactory Pro
"SecureStore I.CA" = SecureStore I.CA 2.11
"Totalcmd" = Total Commander (Remove or Repair)
"Volo View Express" = Volo View Express
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zoner Photo Studio 9_is1" = Zoner Photo Studio 9
"ZWCAD 2008i Professional CZ" = ZWCAD 2008i Professional CZ
"zwcad 2009 csy" = ZWCAD 2009 Csy
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2934858514-3775439591-2112138417-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"octoshape streaming services" = Octoshape Streaming Services
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.3.2010 13:36:20 | Computer Name = ROMAN-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace aclt.exe, verze 22.2.54.10, chybující modul aclt.exe,
verze 22.2.54.10, adresa chyby 0x005e95b6.
Error - 25.3.2010 6:43:38 | Computer Name = ROMAN-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace aclt.exe, verze 22.2.54.10, chybující modul aclt.exe,
verze 22.2.54.10, adresa chyby 0x005e95b6.
Error - 29.3.2010 12:52:39 | Computer Name = ROMAN-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace aclt.exe, verze 22.2.54.10, chybující modul acdb16.dll,
verze 16.2.54.0, adresa chyby 0x000f7600.
Error - 30.3.2010 8:29:48 | Computer Name = ROMAN-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace aclt.exe, verze 22.2.54.10, chybující modul aclt.exe,
verze 22.2.54.10, adresa chyby 0x005e95b6.
Error - 31.3.2010 10:27:26 | Computer Name = ROMAN-PC | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace aclt.exe, verze 22.2.54.10, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 3.4.2010 11:51:08 | Computer Name = ROMAN-PC | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace opera.exe, verze 9.62.10467.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 5.4.2010 11:28:10 | Computer Name = ROMAN-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace aclt.exe, verze 22.2.54.10, chybující modul aclt.exe,
verze 22.2.54.10, adresa chyby 0x005e95b6.
Error - 5.4.2010 13:30:12 | Computer Name = ROMAN-PC | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace opera.exe, verze 9.62.10467.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 6.4.2010 7:34:43 | Computer Name = ROMAN-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace aclt.exe, verze 22.2.54.10, chybující modul aclt.exe,
verze 22.2.54.10, adresa chyby 0x005e95b6.
Error - 8.4.2010 8:50:21 | Computer Name = ROMAN-PC | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace opera.exe, verze 9.62.10467.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
[ System Events ]
Error - 10.9.2010 12:03:08 | Computer Name = ROMAN-PC | Source = Service Control Manager | ID = 7000
Description = Služba Automatické aktualizace neuspěla při spuštění v důsledku následující
chyby: %%2
Error - 10.9.2010 12:09:52 | Computer Name = ROMAN-PC | Source = Print | ID = 6161
Description = Tisk dokumentu C:\Roman PC\Dwg\DWG 2010\BO Bohumín-výměna oken\BO-výměna
oken(k tisku)\BO OKRUŽNÍ1059, 1060, 1061, 1062 a ČSA 1063(k tisku).dwg Model (1)
(vlastník: OEM) na tiskárně HP DesignJet 450C (D/A1) by HP se nezdařil. Datový typ:
NT EMF 1.008 Velikost zařazeného souboru (bajty): 2340476 Počet vytištěných bajtů:
0 Celkový počet stran v dokumentu: 1 Počet vytištěných stran: 0 Klientský počítač: \\ROMAN-PC
Kód
chyby Win32, vrácený tiskovým procesorem: 87 (0x57)
Error - 10.9.2010 12:19:16 | Computer Name = ROMAN-PC | Source = Service Control Manager | ID = 7031
Description = Služba Zařazování tisku byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.
Error - 12.9.2010 4:38:21 | Computer Name = ROMAN-PC | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
Eset Service.
Error - 12.9.2010 4:38:21 | Computer Name = ROMAN-PC | Source = Service Control Manager | ID = 7000
Description = Služba Eset Service neuspěla při spuštění v důsledku následující chyby:
%%1053
Error - 12.9.2010 4:38:21 | Computer Name = ROMAN-PC | Source = Service Control Manager | ID = 7000
Description = Služba Automatické aktualizace neuspěla při spuštění v důsledku následující
chyby: %%2
Error - 12.9.2010 5:01:20 | Computer Name = ROMAN-PC | Source = Print | ID = 6161
Description = Tisk dokumentu C:\Roman PC\Dwg\DWG 2010\BO Bohumín-výměna oken\BO-výměna
oken(k tisku)\BO OKRUŽNÍ1059, 1060, 1061, 1062 a ČSA 1063(k tisku).dwg Model (1)
(vlastník: OEM) na tiskárně HP DesignJet 450C (D/A1) by HP se nezdařil. Datový typ:
NT EMF 1.008 Velikost zařazeného souboru (bajty): 3211264 Počet vytištěných bajtů:
0 Celkový počet stran v dokumentu: 1 Počet vytištěných stran: 0 Klientský počítač: \\ROMAN-PC
Kód
chyby Win32, vrácený tiskovým procesorem: 87 (0x57)
Error - 12.9.2010 5:09:26 | Computer Name = ROMAN-PC | Source = Service Control Manager | ID = 7031
Description = Služba Zařazování tisku byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.
Error - 12.9.2010 5:11:33 | Computer Name = ROMAN-PC | Source = Service Control Manager | ID = 7031
Description = Služba Zařazování tisku byla nečekaně ukončena. Stalo se to 2 krát.
Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.
Error - 12.9.2010 5:14:35 | Computer Name = ROMAN-PC | Source = Service Control Manager | ID = 7034
Description = Služba Zařazování tisku byla neočekávaně ukončena. Tento stav nastal
již 3krát.
< End of report >
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Spusťte OTL a do spodního okna vložte následující skript.
Kód: Vybrat vše
:Commands
[EMPTYTEMP]
[EMPTYFLASH]
:OTL
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\ws2_32sik.sys -- (ws2_32sik)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\systemntmi.sys -- (systemntmi)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\securentm.sys -- (securentm)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\port135sik.sys -- (port135sik)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\nicsk32.sys -- (nicsk32)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\netsik.sys -- (netsik)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\ksi32sk.sys -- (ksi32sk)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\i386si.sys -- (i386si)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\fips32cup.sys -- (fips32cup)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\ati64si.sys -- (ati64si)
DRV - File not found [File_System | On_Demand | Running] -- C:\Program Files\Anti Trojan Elite\ATEPMon.sys -- (ATE_PROCMON)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\amd64si.sys -- (amd64si)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\acpi32.sys -- (acpi32)
DRV - [2010.01.05 09:31:43 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\9d08d9cc.sys -- (9d08d9cc)
DRV - [2009.04.28 09:29:26 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\bf9ddd11.sys -- (bf9ddd11)
IE - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\..\URLSearchHook: - Reg Error: Key error. File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [UserFaultCheck] File not found
O20 - Winlogon\Notify\crypt: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O27 - HKLM IFEO\a2service.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ArcaCheck.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\arcavir.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashDisp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashEnhcd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashServ.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashUpd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\aswUpdSv.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\autoruns.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avadmin.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avcenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avcls.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avconfig.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avconsol.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avgnt.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avgrssvc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avguard.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\AvMonitor.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avp.com: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\AVP32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz_se.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz4.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\bdagent.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\bdinit.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\caav.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\caavguiscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\casecuritycenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\CCenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ccupdate.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cfp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cfpupdat.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cmdagent.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\drwadins.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\DRWEB32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\drwebupw.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ekrn.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FAMEH32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\filemon.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FPAVServer.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fpscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FPWin.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fsav32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fsgk32st.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FSMA32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\GFRing3.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardgui.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardxservice.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardxup.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\HijackThis.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KASMain.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KASTask.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAV32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVDX.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVPF.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVPFW.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVStart.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KPFW32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KPFW32X.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Navapsvc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Navapw32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\navigator.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVNT.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVSTUB.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVW32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVWNT.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\niu.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\nod32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\nod32krn.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Nvcc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\OllyDBG.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\outpost.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\preupd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\procexp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\pskdr.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\regedit.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\regmon.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\RegTool.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\scan32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\SfFnUp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Vba32arkit.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\vba32ldr.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\vsserv.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Zanda.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zapro.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Zlh.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zonealarm.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zoneband.dll: Debugger - ntsd -d (Microsoft Corporation)
O33 - MountPoints2\{7b2f3cc1-2987-11dd-a64e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{cac7359e-c36b-11dd-9260-001fd082278f}\Shell - "" = AutoRun
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2010.09.12 10:59:25 | 003,842,699 | ---- | C] () -- C:\Documents and Settings\OEM\Plocha\ComboFix.exe
[2009.05.25 08:56:36 | 000,095,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\98365d1e.sys
[2009.04.13 14:46:45 | 000,020,480 | -HS- | C] () -- C:\WINDOWS\System32\12520437n.dll
[2008.09.30 12:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:8C35AEA7
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS]
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6D,00,\
72,00,6F,00,6F,00,74,00,25,00,5C,00,73,00,79,00,73,00,74,00,65,00,6D,00,\
33,00,32,00,5C,00,73,00,76,00,63,00,68,00,6F,00,73,00,74,00,2E,00,65,00,\
78,00,65,00,20,00,2D,00,6B,00,20,00,6E,00,65,00,74,00,73,00,76,00,63,00,\
73,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv]
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6D,00,\
72,00,6F,00,6F,00,74,00,25,00,5C,00,73,00,79,00,73,00,74,00,65,00,6D,00,\
33,00,32,00,5C,00,73,00,76,00,63,00,68,00,6F,00,73,00,74,00,2E,00,65,00,\
78,00,65,00,20,00,2D,00,6B,00,20,00,6E,00,65,00,74,00,73,00,76,00,63,00,\
73,00,00,00
Re: Prosím o kontrolu logu
provedeno podle návodu, po restartu to vyplivlo jen:
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
V tom případě znovu spusťte OTL s prvním skriptem a vložte sem výsledný log OTL.txt
Re: Prosím o kontrolu logu
otl.txt:
OTL logfile created on: 12.9.2010 12:17:38 - Run 2
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\OEM\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 272,62 Gb Free Space | 91,46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ROMAN-PC
Current User Name: OEM
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.09.12 11:20:30 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OEM\Plocha\OTL.exe
PRC - [2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
PRC - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.01.16 10:26:38 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.12.27 14:03:14 | 000,580,096 | ---- | M] () -- C:\WINDOWS\mHotkey.exe
PRC - [2007.12.21 16:57:38 | 000,057,344 | ---- | M] (Chicony) -- C:\WINDOWS\ChiFuncExt.exe
PRC - [2007.06.01 10:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.06.01 10:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006.11.21 12:00:00 | 000,389,120 | ---- | M] (WinZip Computing LP) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2006.11.03 17:13:10 | 000,081,920 | ---- | M] (KYE SYSTEMS CORP.) -- C:\Program Files\hotkey\hotkey.exe
PRC - [2006.10.13 10:39:32 | 000,036,864 | ---- | M] () -- C:\Program Files\hotkey\OSD.EXE
PRC - [2006.08.03 17:38:44 | 000,503,808 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis3a.exe
========== Modules (SafeList) ==========
MOD - [2010.09.12 11:20:30 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OEM\Plocha\OTL.exe
MOD - [2008.04.14 08:49:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009.04.03 07:50:53 | 000,047,104 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\aacliento.exe -- (SamSsSENS)
SRV - [2009.02.11 16:59:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.11.24 23:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008.11.24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008.11.06 20:46:03 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.01.16 10:26:38 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.12.21 09:22:44 | 000,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2007.12.21 09:21:16 | 000,468,224 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
========== Driver Services (SafeList) ==========
DRV - [2009.06.15 07:59:26 | 000,012,928 | ---- | M] (Feitian Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rockey4USB.sys -- (rockey_usb)
DRV - [2009.06.15 07:59:25 | 000,022,016 | ---- | M] (Feitian Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rockey4.sys -- (rockeynt)
DRV - [2009.04.28 09:29:26 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\bf9ddd11.sys -- (bf9ddd11)
DRV - [2009.01.06 15:15:16 | 000,018,144 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NTGDT.SYS -- (NTGDT)
DRV - [2008.07.04 08:33:33 | 003,230,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.04.13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.12.21 09:21:56 | 000,033,800 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2007.12.21 09:20:14 | 000,030,216 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2007.12.21 09:19:54 | 000,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2007.09.19 17:16:32 | 004,617,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.07.20 19:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007.06.28 12:46:42 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007.06.28 12:46:40 | 000,045,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.09.05 15:10:12 | 000,020,096 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2006.04.22 03:44:39 | 000,008,064 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2002.09.13 03:45:40 | 000,053,568 | ---- | M] (Gemplus) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gemusb.sys -- (GEMPC430)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
IE - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://www.atlas.cz/?from=icqhp"
FF - prefs.js..extensions.enabledItems: xmlfiller@software602.cz:3.1.6
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.17 11:15:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.17 11:15:42 | 000,000,000 | ---D | M]
[2008.11.06 18:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Extensions
[2008.11.06 18:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\96gv4lpz.default\extensions
[2010.08.15 13:03:22 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\96gv4lpz.default\searchplugins\icqplugin-1.xml
[2010.08.16 11:44:41 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\96gv4lpz.default\searchplugins\icqplugin-2.xml
[2010.08.17 11:15:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\96gv4lpz.default\searchplugins\icqplugin-3.xml
[2008.11.18 14:56:02 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\96gv4lpz.default\searchplugins\icqplugin.xml
[2010.08.16 13:04:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.01.06 11:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.04 11:43:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\xmlfiller@software602.cz
[2009.12.17 15:39:34 | 000,090,112 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npfiller.dll
[2010.08.17 11:15:38 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.08.17 11:15:38 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.08.17 11:15:38 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.08.17 11:15:38 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.08.17 11:15:38 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2006.03.02 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [gemstrmw] C:\WINDOWS\System32\gemstrmw.exe (Gemplus)
O4 - HKLM..\Run: [HotKey] C:\Program Files\hotkey\hotkey.exe (KYE SYSTEMS CORP.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LchDrvKey] C:\WINDOWS\LchDrvKey.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004..\Run: [Octoshape Streaming Services] C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Akcelerátor spuštění AutoCADu LT.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} file:///C:/Program%20Files/AutoCAD%20LT%202002%20Cz/InstFred.ocx (InstaFred)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Program%20Files/AutoCAD%20LT%202002%20Cz/AcDcToday.ocx (Ovládací prvek AcDcToday)
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} file:///C:/Program%20Files/AutoCAD%20LT%202002%20Cz/InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files/AutoCAD%20LT%202002%20Cz/AcPreview.ocx (Prvek AcPreview)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.47.0.4 10.0.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\OEM\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\OEM\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\a2service.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ArcaCheck.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\arcavir.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashDisp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashEnhcd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashServ.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashUpd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\aswUpdSv.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\autoruns.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avadmin.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avcenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avcls.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avconfig.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avconsol.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avgnt.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avgrssvc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avguard.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\AvMonitor.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avp.com: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\AVP32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz_se.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz4.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\bdagent.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\bdinit.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\caav.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\caavguiscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\casecuritycenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\CCenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ccupdate.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cfp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cfpupdat.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cmdagent.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\drwadins.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\DRWEB32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\drwebupw.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ekrn.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FAMEH32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\filemon.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FPAVServer.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fpscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FPWin.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fsav32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fsgk32st.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FSMA32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\GFRing3.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardgui.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardxservice.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardxup.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\HijackThis.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KASMain.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KASTask.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAV32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVDX.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVPF.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVPFW.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVStart.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KPFW32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KPFW32X.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Navapsvc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Navapw32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\navigator.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVNT.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVSTUB.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVW32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVWNT.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\niu.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\nod32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\nod32krn.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Nvcc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\OllyDBG.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\outpost.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\preupd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\procexp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\pskdr.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\regedit.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\regmon.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\RegTool.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\scan32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\SfFnUp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Vba32arkit.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\vba32ldr.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\vsserv.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Zanda.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zapro.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Zlh.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zonealarm.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zoneband.dll: Debugger - ntsd -d (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.24 11:59:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{621fd169-8f05-11dd-ad7a-001fd082278f}\Shell\AutoRun\command - "" = I:\PStart.exe -- File not found
O33 - MountPoints2\{7b2f3cc1-2987-11dd-a64e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{7b2f3cc1-2987-11dd-a64e-806d6172696f}\Shell\AutoRun\command - "" = D:\BetaSoft\setup.exe -- File not found
O33 - MountPoints2\{cac7359e-c36b-11dd-9260-001fd082278f}\Shell - "" = AutoRun
O33 - MountPoints2\{cac7359e-c36b-11dd-9260-001fd082278f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)
========== Files/Folders - Created Within 30 Days ==========
[2010.09.12 11:58:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.09.12 11:20:30 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\OEM\Plocha\OTL.exe
[2010.09.10 14:59:21 | 000,000,000 | ---D | C] -- C:\logy
[2010.09.10 14:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.09.10 14:58:52 | 000,000,000 | ---D | C] -- C:\rsit
[2010.09.10 14:40:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM\Data aplikací\Malwarebytes
[2010.09.10 14:40:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.09.10 14:40:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.09.10 14:40:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.10 14:40:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.09.10 11:21:17 | 000,554,272 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\OEM\Plocha\Mats_Run.printing.exe
[2010.09.09 09:05:18 | 000,000,000 | ---D | C] -- C:\zaloha
[2010.09.09 09:04:53 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.09.09 06:43:03 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010.09.05 13:43:22 | 000,104,960 | ---- | C] (Edimax Technology Co., LTD) -- C:\WINDOWS\System32\PSX64.dll
[2010.09.05 13:43:22 | 000,092,672 | ---- | C] (Edimax Technology Co., LTD) -- C:\WINDOWS\System32\pswin.dll
[2010.09.05 13:43:22 | 000,069,120 | ---- | C] (Edimax Technology Co., LTD) -- C:\WINDOWS\System32\psnt.dll
[2010.09.05 11:44:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010.09.01 12:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM\Application Data
[2010.09.01 12:52:41 | 000,061,440 | R--- | C] (Monotype Imaging Inc.) -- C:\WINDOWS\System32\TSKMON.DLL
[2010.09.01 12:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\PrintServer Utilities
========== Files - Modified Within 30 Days ==========
[2010.09.12 12:16:24 | 000,000,092 | ---- | M] () -- C:\Documents and Settings\OEM\Plocha\VYMAZAT-TISKOVE-ULOHY.cmd
[2010.09.12 12:12:15 | 000,003,261 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.09.12 12:04:01 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\OEM\NTUSER.DAT
[2010.09.12 12:01:14 | 000,000,202 | ---- | M] () -- C:\WINDOWS\System32\PSLOG
[2010.09.12 12:01:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.12 12:01:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.12 11:20:30 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OEM\Plocha\OTL.exe
[2010.09.12 11:06:43 | 000,000,051 | ---- | M] () -- C:\WINDOWS\ccolwiz.ini
[2010.09.12 10:59:26 | 003,842,699 | ---- | M] () -- C:\Documents and Settings\OEM\Plocha\ComboFix.exe
[2010.09.12 10:38:06 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.10 18:59:23 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\OEM\ntuser.ini
[2010.09.10 11:21:37 | 000,000,222 | ---- | M] () -- C:\Documents and Settings\OEM\Plocha\MicrosoftFixit50126.msi
[2010.09.10 11:21:17 | 000,554,272 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\OEM\Plocha\Mats_Run.printing.exe
[2010.09.09 07:55:21 | 004,760,334 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šimkovi- RDS PŮDORYS 1.NP (092010)-Model.plt
[2010.09.08 18:52:16 | 003,392,685 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šimkovi- RDS PŮDORYS 2.NP (092010)-Model.plt
[2010.09.07 11:04:32 | 003,651,276 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\Sv.Čecha- zábradlí + detaily TISKOVÉ-Model.plt
[2010.09.06 18:10:51 | 004,463,422 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 082010)-TISK-Model.plt
[2010.09.02 14:07:09 | 003,936,794 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šatov-návrh pro památky-Model.plt
[2010.08.31 13:52:44 | 007,732,057 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 082010)-Model.plt
[2010.08.30 19:23:55 | 001,953,090 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šatov-stáv.stav-+POHLEDY(pro památkáře)-Model.plt
[2010.08.30 10:57:39 | 007,837,369 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 072010)-Model.plt
[2010.08.26 12:58:14 | 003,082,183 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Hauzvic-podklad pro výpočet(oprava)-Model.plt
[2010.08.21 10:21:36 | 004,322,263 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD KOLAŘÍKOVÁ-stáv.+nový stav-DOTACE-Model.plt
[2010.08.20 13:41:48 | 003,387,616 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Hauzvic-stáv.+nový stav(oprava)-Model.plt
[2010.08.19 19:14:03 | 002,441,267 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD KOLAŘÍKOVÁ-stáv.+nový stav-Model.plt
[2010.08.19 12:50:45 | 002,592,345 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\22-05-2010-Ambit-Dvorce-(k tisku)-Model.plt
[2010.08.17 16:37:25 | 009,255,114 | ---- | M] () -- C:\Documents and Settings\OEM\Plocha\OLDRISOV_SITUACE_TISKOVE.dwg
[2010.08.15 17:24:03 | 002,903,967 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Hauzvic-stáv.+nový stav-Model.plt
========== Files Created - No Company Name ==========
[2010.09.12 12:16:24 | 000,000,092 | ---- | C] () -- C:\Documents and Settings\OEM\Plocha\VYMAZAT-TISKOVE-ULOHY.cmd
[2010.09.12 10:59:25 | 003,842,699 | ---- | C] () -- C:\Documents and Settings\OEM\Plocha\ComboFix.exe
[2010.09.10 11:21:37 | 000,000,222 | ---- | C] () -- C:\Documents and Settings\OEM\Plocha\MicrosoftFixit50126.msi
[2010.09.09 07:55:19 | 004,760,334 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šimkovi- RDS PŮDORYS 1.NP (092010)-Model.plt
[2010.09.08 18:52:15 | 003,392,685 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šimkovi- RDS PŮDORYS 2.NP (092010)-Model.plt
[2010.09.07 10:53:33 | 003,651,276 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\Sv.Čecha- zábradlí + detaily TISKOVÉ-Model.plt
[2010.09.06 07:35:16 | 004,463,422 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 082010)-TISK-Model.plt
[2010.09.05 13:43:22 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\Bot.dll
[2010.09.05 13:43:22 | 000,000,101 | ---- | C] () -- C:\WINDOWS\PSXLPR.INI
[2010.09.02 13:48:58 | 003,936,794 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šatov-návrh pro památky-Model.plt
[2010.08.31 13:52:41 | 007,732,057 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 082010)-Model.plt
[2010.08.30 19:23:54 | 001,953,090 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šatov-stáv.stav-+POHLEDY(pro památkáře)-Model.plt
[2010.08.30 10:57:37 | 007,837,369 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 072010)-Model.plt
[2010.08.26 12:58:13 | 003,082,183 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Hauzvic-podklad pro výpočet(oprava)-Model.plt
[2010.08.21 10:21:34 | 004,322,263 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD KOLAŘÍKOVÁ-stáv.+nový stav-DOTACE-Model.plt
[2010.08.20 12:59:19 | 003,387,616 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Hauzvic-stáv.+nový stav(oprava)-Model.plt
[2010.08.17 16:37:10 | 009,255,114 | ---- | C] () -- C:\Documents and Settings\OEM\Plocha\OLDRISOV_SITUACE_TISKOVE.dwg
[2010.08.17 11:11:50 | 002,441,267 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD KOLAŘÍKOVÁ-stáv.+nový stav-Model.plt
[2010.06.08 15:35:10 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\ct.ini
[2010.04.02 19:43:30 | 000,011,714 | ---- | C] () -- C:\WINDOWS\mhotkey_reg.ini
[2010.04.02 19:43:28 | 000,294,912 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2010.03.02 11:33:56 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\SecureStoreCspRes.dll
[2010.03.02 11:33:48 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SecureStorePKCS11.dll
[2010.03.02 11:33:40 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\SecureStoreCSP.dll
[2010.03.02 11:33:34 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\SecureStoreCore.dll
[2009.10.06 08:04:05 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009.06.15 07:59:26 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\Ry4CoInst.dll
[2009.06.11 08:40:16 | 000,000,071 | ---- | C] () -- C:\WINDOWS\System32\ap_i2p.ini
[2009.05.25 08:56:36 | 000,095,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\98365d1e.sys
[2009.04.27 10:54:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\bf9ddd11.sys
[2009.04.13 14:46:45 | 000,020,480 | -HS- | C] () -- C:\WINDOWS\System32\12520437n.dll
[2009.03.30 10:32:40 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\OEM\Data aplikací\wiaserva.log
[2009.03.17 12:08:48 | 000,131,960 | ---- | C] () -- C:\WINDOWS\System32\ICAEnroll.dll
[2009.03.17 12:08:48 | 000,078,712 | ---- | C] () -- C:\WINDOWS\System32\ICARenewal.dll
[2009.01.06 15:15:16 | 000,018,144 | R--- | C] () -- C:\WINDOWS\System32\drivers\NTGDT.SYS
[2008.12.15 17:06:26 | 000,104,448 | ---- | C] () -- C:\Documents and Settings\OEM\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.15 12:07:17 | 000,000,051 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini
[2008.11.06 20:22:42 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[2008.11.06 19:44:19 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008.11.06 19:30:03 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2008.11.06 19:22:43 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.11.06 19:09:54 | 000,003,261 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008.09.30 13:45:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.09.30 11:37:43 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.08.18 11:51:28 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007.12.21 09:21:56 | 000,033,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2005.10.14 12:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 12:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 12:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 12:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 12:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2000.09.19 02:50:28 | 000,202,752 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
========== LOP Check ==========
[2008.11.06 20:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2008.11.06 20:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2008.11.06 19:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2008.09.30 12:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2008.11.06 19:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\WinZip
[2009.02.26 18:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Autodesk
[2009.06.15 08:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Chinaweal Longteng
[2010.01.19 14:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\CrashReport
[2010.09.12 10:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\ICQ
[2009.11.12 10:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Octoshape
[2008.11.06 18:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Opera
[2008.11.06 18:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Zoner
[2010.05.20 09:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\ZWCAD
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 08:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" -- [2007.06.01 10:21:08 | 000,153,136 | ---- | M] (Nero AG)
"Octoshape Streaming Services" = "C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun -- [2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS)
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2008.04.14 08:52:38 | 001,695,232 | ---- | M] (Microsoft Corporation)
"ICQ" = "C:\Program Files\ICQ6.5\ICQ.exe" silent -- [2009.11.16 17:36:19 | 000,172,792 | ---- | M] (ICQ, LLC.)
< c:\windows\*.* /U >
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2009.01.08 13:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Adobe
[2008.05.24 12:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Ahead
[2008.08.18 12:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\ATI
[2009.02.26 18:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Autodesk
[2009.06.15 08:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Chinaweal Longteng
[2010.01.19 14:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\CrashReport
[2009.04.08 11:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Help
[2010.09.12 10:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\ICQ
[2008.05.24 12:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Identities
[2008.05.24 12:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\InstallShield
[2008.11.06 19:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Macromedia
[2010.09.10 14:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Malwarebytes
[2010.08.19 17:19:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\OEM\Data aplikací\Microsoft
[2009.11.12 09:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Mozilla
[2009.11.12 10:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Octoshape
[2008.11.06 18:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Opera
[2009.07.13 10:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Skype
[2010.07.02 15:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\U3
[2008.11.06 19:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\WinRAR
[2008.11.06 18:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Zoner
[2010.05.20 09:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\ZWCAD
< %APPDATA%\*.exe /s >
[2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\OEM\Data aplikací\U3\temp\cleanup.exe
[2007.10.23 09:22:56 | 003,350,528 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\OEM\Data aplikací\U3\temp\Launchpad Removal.exe
< MD5 for: AGP440.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: CDROM.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 00:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
< MD5 for: ISAPNP.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2008.07.04 05:25:03 | 000,421,888 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008.05.24 13:49:13 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.05.24 13:49:13 | 001,069,056 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.05.24 13:49:13 | 000,483,328 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[2008.07.04 05:25:03 | 000,421,888 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %fystemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %fystemRoot%\system32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2010.09.12 12:01:14 | 000,000,202 | ---- | M] () -- C:\WINDOWS\system32\PSLOG
[2010.09.12 10:38:06 | 000,012,598 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
========== Alternate Data Streams ==========
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:8C35AEA7
< End of report >
OTL logfile created on: 12.9.2010 12:17:38 - Run 2
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\OEM\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 272,62 Gb Free Space | 91,46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ROMAN-PC
Current User Name: OEM
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.09.12 11:20:30 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OEM\Plocha\OTL.exe
PRC - [2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
PRC - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.01.16 10:26:38 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.12.27 14:03:14 | 000,580,096 | ---- | M] () -- C:\WINDOWS\mHotkey.exe
PRC - [2007.12.21 16:57:38 | 000,057,344 | ---- | M] (Chicony) -- C:\WINDOWS\ChiFuncExt.exe
PRC - [2007.06.01 10:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.06.01 10:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006.11.21 12:00:00 | 000,389,120 | ---- | M] (WinZip Computing LP) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2006.11.03 17:13:10 | 000,081,920 | ---- | M] (KYE SYSTEMS CORP.) -- C:\Program Files\hotkey\hotkey.exe
PRC - [2006.10.13 10:39:32 | 000,036,864 | ---- | M] () -- C:\Program Files\hotkey\OSD.EXE
PRC - [2006.08.03 17:38:44 | 000,503,808 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis3a.exe
========== Modules (SafeList) ==========
MOD - [2010.09.12 11:20:30 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OEM\Plocha\OTL.exe
MOD - [2008.04.14 08:49:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009.04.03 07:50:53 | 000,047,104 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\aacliento.exe -- (SamSsSENS)
SRV - [2009.02.11 16:59:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.11.24 23:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008.11.24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008.11.06 20:46:03 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.01.16 10:26:38 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.12.21 09:22:44 | 000,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2007.12.21 09:21:16 | 000,468,224 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
========== Driver Services (SafeList) ==========
DRV - [2009.06.15 07:59:26 | 000,012,928 | ---- | M] (Feitian Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rockey4USB.sys -- (rockey_usb)
DRV - [2009.06.15 07:59:25 | 000,022,016 | ---- | M] (Feitian Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rockey4.sys -- (rockeynt)
DRV - [2009.04.28 09:29:26 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\bf9ddd11.sys -- (bf9ddd11)
DRV - [2009.01.06 15:15:16 | 000,018,144 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NTGDT.SYS -- (NTGDT)
DRV - [2008.07.04 08:33:33 | 003,230,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.04.13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.12.21 09:21:56 | 000,033,800 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2007.12.21 09:20:14 | 000,030,216 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2007.12.21 09:19:54 | 000,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2007.09.19 17:16:32 | 004,617,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.07.20 19:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007.06.28 12:46:42 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007.06.28 12:46:40 | 000,045,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.09.05 15:10:12 | 000,020,096 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2006.04.22 03:44:39 | 000,008,064 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2002.09.13 03:45:40 | 000,053,568 | ---- | M] (Gemplus) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gemusb.sys -- (GEMPC430)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
IE - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://www.atlas.cz/?from=icqhp"
FF - prefs.js..extensions.enabledItems: xmlfiller@software602.cz:3.1.6
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.17 11:15:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.17 11:15:42 | 000,000,000 | ---D | M]
[2008.11.06 18:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Extensions
[2008.11.06 18:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\96gv4lpz.default\extensions
[2010.08.15 13:03:22 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\96gv4lpz.default\searchplugins\icqplugin-1.xml
[2010.08.16 11:44:41 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\96gv4lpz.default\searchplugins\icqplugin-2.xml
[2010.08.17 11:15:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\96gv4lpz.default\searchplugins\icqplugin-3.xml
[2008.11.18 14:56:02 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\96gv4lpz.default\searchplugins\icqplugin.xml
[2010.08.16 13:04:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.01.06 11:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.04 11:43:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\xmlfiller@software602.cz
[2009.12.17 15:39:34 | 000,090,112 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npfiller.dll
[2010.08.17 11:15:38 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.08.17 11:15:38 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.08.17 11:15:38 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.08.17 11:15:38 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.08.17 11:15:38 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2006.03.02 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [gemstrmw] C:\WINDOWS\System32\gemstrmw.exe (Gemplus)
O4 - HKLM..\Run: [HotKey] C:\Program Files\hotkey\hotkey.exe (KYE SYSTEMS CORP.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LchDrvKey] C:\WINDOWS\LchDrvKey.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004..\Run: [Octoshape Streaming Services] C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Akcelerátor spuštění AutoCADu LT.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} file:///C:/Program%20Files/AutoCAD%20LT%202002%20Cz/InstFred.ocx (InstaFred)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Program%20Files/AutoCAD%20LT%202002%20Cz/AcDcToday.ocx (Ovládací prvek AcDcToday)
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} file:///C:/Program%20Files/AutoCAD%20LT%202002%20Cz/InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files/AutoCAD%20LT%202002%20Cz/AcPreview.ocx (Prvek AcPreview)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.47.0.4 10.0.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\OEM\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\OEM\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\a2service.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ArcaCheck.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\arcavir.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashDisp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashEnhcd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashServ.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashUpd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\aswUpdSv.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\autoruns.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avadmin.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avcenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avcls.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avconfig.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avconsol.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avgnt.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avgrssvc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avguard.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\AvMonitor.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avp.com: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\AVP32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz_se.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz4.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\bdagent.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\bdinit.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\caav.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\caavguiscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\casecuritycenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\CCenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ccupdate.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cfp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cfpupdat.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cmdagent.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\drwadins.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\DRWEB32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\drwebupw.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ekrn.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FAMEH32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\filemon.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FPAVServer.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fpscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FPWin.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fsav32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fsgk32st.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FSMA32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\GFRing3.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardgui.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardxservice.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardxup.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\HijackThis.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KASMain.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KASTask.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAV32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVDX.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVPF.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVPFW.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVStart.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KPFW32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KPFW32X.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Navapsvc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Navapw32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\navigator.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVNT.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVSTUB.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVW32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVWNT.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\niu.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\nod32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\nod32krn.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Nvcc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\OllyDBG.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\outpost.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\preupd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\procexp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\pskdr.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\regedit.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\regmon.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\RegTool.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\scan32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\SfFnUp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Vba32arkit.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\vba32ldr.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\vsserv.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Zanda.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zapro.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Zlh.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zonealarm.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zoneband.dll: Debugger - ntsd -d (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.24 11:59:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{621fd169-8f05-11dd-ad7a-001fd082278f}\Shell\AutoRun\command - "" = I:\PStart.exe -- File not found
O33 - MountPoints2\{7b2f3cc1-2987-11dd-a64e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{7b2f3cc1-2987-11dd-a64e-806d6172696f}\Shell\AutoRun\command - "" = D:\BetaSoft\setup.exe -- File not found
O33 - MountPoints2\{cac7359e-c36b-11dd-9260-001fd082278f}\Shell - "" = AutoRun
O33 - MountPoints2\{cac7359e-c36b-11dd-9260-001fd082278f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)
========== Files/Folders - Created Within 30 Days ==========
[2010.09.12 11:58:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.09.12 11:20:30 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\OEM\Plocha\OTL.exe
[2010.09.10 14:59:21 | 000,000,000 | ---D | C] -- C:\logy
[2010.09.10 14:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.09.10 14:58:52 | 000,000,000 | ---D | C] -- C:\rsit
[2010.09.10 14:40:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM\Data aplikací\Malwarebytes
[2010.09.10 14:40:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.09.10 14:40:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.09.10 14:40:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.10 14:40:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.09.10 11:21:17 | 000,554,272 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\OEM\Plocha\Mats_Run.printing.exe
[2010.09.09 09:05:18 | 000,000,000 | ---D | C] -- C:\zaloha
[2010.09.09 09:04:53 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.09.09 06:43:03 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010.09.05 13:43:22 | 000,104,960 | ---- | C] (Edimax Technology Co., LTD) -- C:\WINDOWS\System32\PSX64.dll
[2010.09.05 13:43:22 | 000,092,672 | ---- | C] (Edimax Technology Co., LTD) -- C:\WINDOWS\System32\pswin.dll
[2010.09.05 13:43:22 | 000,069,120 | ---- | C] (Edimax Technology Co., LTD) -- C:\WINDOWS\System32\psnt.dll
[2010.09.05 11:44:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010.09.01 12:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM\Application Data
[2010.09.01 12:52:41 | 000,061,440 | R--- | C] (Monotype Imaging Inc.) -- C:\WINDOWS\System32\TSKMON.DLL
[2010.09.01 12:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\PrintServer Utilities
========== Files - Modified Within 30 Days ==========
[2010.09.12 12:16:24 | 000,000,092 | ---- | M] () -- C:\Documents and Settings\OEM\Plocha\VYMAZAT-TISKOVE-ULOHY.cmd
[2010.09.12 12:12:15 | 000,003,261 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.09.12 12:04:01 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\OEM\NTUSER.DAT
[2010.09.12 12:01:14 | 000,000,202 | ---- | M] () -- C:\WINDOWS\System32\PSLOG
[2010.09.12 12:01:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.12 12:01:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.12 11:20:30 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OEM\Plocha\OTL.exe
[2010.09.12 11:06:43 | 000,000,051 | ---- | M] () -- C:\WINDOWS\ccolwiz.ini
[2010.09.12 10:59:26 | 003,842,699 | ---- | M] () -- C:\Documents and Settings\OEM\Plocha\ComboFix.exe
[2010.09.12 10:38:06 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.10 18:59:23 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\OEM\ntuser.ini
[2010.09.10 11:21:37 | 000,000,222 | ---- | M] () -- C:\Documents and Settings\OEM\Plocha\MicrosoftFixit50126.msi
[2010.09.10 11:21:17 | 000,554,272 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\OEM\Plocha\Mats_Run.printing.exe
[2010.09.09 07:55:21 | 004,760,334 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šimkovi- RDS PŮDORYS 1.NP (092010)-Model.plt
[2010.09.08 18:52:16 | 003,392,685 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šimkovi- RDS PŮDORYS 2.NP (092010)-Model.plt
[2010.09.07 11:04:32 | 003,651,276 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\Sv.Čecha- zábradlí + detaily TISKOVÉ-Model.plt
[2010.09.06 18:10:51 | 004,463,422 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 082010)-TISK-Model.plt
[2010.09.02 14:07:09 | 003,936,794 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šatov-návrh pro památky-Model.plt
[2010.08.31 13:52:44 | 007,732,057 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 082010)-Model.plt
[2010.08.30 19:23:55 | 001,953,090 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šatov-stáv.stav-+POHLEDY(pro památkáře)-Model.plt
[2010.08.30 10:57:39 | 007,837,369 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 072010)-Model.plt
[2010.08.26 12:58:14 | 003,082,183 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Hauzvic-podklad pro výpočet(oprava)-Model.plt
[2010.08.21 10:21:36 | 004,322,263 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD KOLAŘÍKOVÁ-stáv.+nový stav-DOTACE-Model.plt
[2010.08.20 13:41:48 | 003,387,616 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Hauzvic-stáv.+nový stav(oprava)-Model.plt
[2010.08.19 19:14:03 | 002,441,267 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD KOLAŘÍKOVÁ-stáv.+nový stav-Model.plt
[2010.08.19 12:50:45 | 002,592,345 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\22-05-2010-Ambit-Dvorce-(k tisku)-Model.plt
[2010.08.17 16:37:25 | 009,255,114 | ---- | M] () -- C:\Documents and Settings\OEM\Plocha\OLDRISOV_SITUACE_TISKOVE.dwg
[2010.08.15 17:24:03 | 002,903,967 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Hauzvic-stáv.+nový stav-Model.plt
========== Files Created - No Company Name ==========
[2010.09.12 12:16:24 | 000,000,092 | ---- | C] () -- C:\Documents and Settings\OEM\Plocha\VYMAZAT-TISKOVE-ULOHY.cmd
[2010.09.12 10:59:25 | 003,842,699 | ---- | C] () -- C:\Documents and Settings\OEM\Plocha\ComboFix.exe
[2010.09.10 11:21:37 | 000,000,222 | ---- | C] () -- C:\Documents and Settings\OEM\Plocha\MicrosoftFixit50126.msi
[2010.09.09 07:55:19 | 004,760,334 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šimkovi- RDS PŮDORYS 1.NP (092010)-Model.plt
[2010.09.08 18:52:15 | 003,392,685 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šimkovi- RDS PŮDORYS 2.NP (092010)-Model.plt
[2010.09.07 10:53:33 | 003,651,276 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\Sv.Čecha- zábradlí + detaily TISKOVÉ-Model.plt
[2010.09.06 07:35:16 | 004,463,422 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 082010)-TISK-Model.plt
[2010.09.05 13:43:22 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\Bot.dll
[2010.09.05 13:43:22 | 000,000,101 | ---- | C] () -- C:\WINDOWS\PSXLPR.INI
[2010.09.02 13:48:58 | 003,936,794 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šatov-návrh pro památky-Model.plt
[2010.08.31 13:52:41 | 007,732,057 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 082010)-Model.plt
[2010.08.30 19:23:54 | 001,953,090 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šatov-stáv.stav-+POHLEDY(pro památkáře)-Model.plt
[2010.08.30 10:57:37 | 007,837,369 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 072010)-Model.plt
[2010.08.26 12:58:13 | 003,082,183 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Hauzvic-podklad pro výpočet(oprava)-Model.plt
[2010.08.21 10:21:34 | 004,322,263 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD KOLAŘÍKOVÁ-stáv.+nový stav-DOTACE-Model.plt
[2010.08.20 12:59:19 | 003,387,616 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Hauzvic-stáv.+nový stav(oprava)-Model.plt
[2010.08.17 16:37:10 | 009,255,114 | ---- | C] () -- C:\Documents and Settings\OEM\Plocha\OLDRISOV_SITUACE_TISKOVE.dwg
[2010.08.17 11:11:50 | 002,441,267 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD KOLAŘÍKOVÁ-stáv.+nový stav-Model.plt
[2010.06.08 15:35:10 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\ct.ini
[2010.04.02 19:43:30 | 000,011,714 | ---- | C] () -- C:\WINDOWS\mhotkey_reg.ini
[2010.04.02 19:43:28 | 000,294,912 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2010.03.02 11:33:56 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\SecureStoreCspRes.dll
[2010.03.02 11:33:48 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SecureStorePKCS11.dll
[2010.03.02 11:33:40 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\SecureStoreCSP.dll
[2010.03.02 11:33:34 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\SecureStoreCore.dll
[2009.10.06 08:04:05 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009.06.15 07:59:26 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\Ry4CoInst.dll
[2009.06.11 08:40:16 | 000,000,071 | ---- | C] () -- C:\WINDOWS\System32\ap_i2p.ini
[2009.05.25 08:56:36 | 000,095,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\98365d1e.sys
[2009.04.27 10:54:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\bf9ddd11.sys
[2009.04.13 14:46:45 | 000,020,480 | -HS- | C] () -- C:\WINDOWS\System32\12520437n.dll
[2009.03.30 10:32:40 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\OEM\Data aplikací\wiaserva.log
[2009.03.17 12:08:48 | 000,131,960 | ---- | C] () -- C:\WINDOWS\System32\ICAEnroll.dll
[2009.03.17 12:08:48 | 000,078,712 | ---- | C] () -- C:\WINDOWS\System32\ICARenewal.dll
[2009.01.06 15:15:16 | 000,018,144 | R--- | C] () -- C:\WINDOWS\System32\drivers\NTGDT.SYS
[2008.12.15 17:06:26 | 000,104,448 | ---- | C] () -- C:\Documents and Settings\OEM\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.15 12:07:17 | 000,000,051 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini
[2008.11.06 20:22:42 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[2008.11.06 19:44:19 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008.11.06 19:30:03 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2008.11.06 19:22:43 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.11.06 19:09:54 | 000,003,261 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008.09.30 13:45:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.09.30 11:37:43 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.08.18 11:51:28 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007.12.21 09:21:56 | 000,033,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2005.10.14 12:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 12:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 12:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 12:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 12:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2000.09.19 02:50:28 | 000,202,752 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
========== LOP Check ==========
[2008.11.06 20:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2008.11.06 20:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2008.11.06 19:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2008.09.30 12:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2008.11.06 19:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\WinZip
[2009.02.26 18:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Autodesk
[2009.06.15 08:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Chinaweal Longteng
[2010.01.19 14:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\CrashReport
[2010.09.12 10:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\ICQ
[2009.11.12 10:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Octoshape
[2008.11.06 18:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Opera
[2008.11.06 18:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Zoner
[2010.05.20 09:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\ZWCAD
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 08:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" -- [2007.06.01 10:21:08 | 000,153,136 | ---- | M] (Nero AG)
"Octoshape Streaming Services" = "C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun -- [2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS)
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2008.04.14 08:52:38 | 001,695,232 | ---- | M] (Microsoft Corporation)
"ICQ" = "C:\Program Files\ICQ6.5\ICQ.exe" silent -- [2009.11.16 17:36:19 | 000,172,792 | ---- | M] (ICQ, LLC.)
< c:\windows\*.* /U >
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2009.01.08 13:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Adobe
[2008.05.24 12:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Ahead
[2008.08.18 12:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\ATI
[2009.02.26 18:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Autodesk
[2009.06.15 08:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Chinaweal Longteng
[2010.01.19 14:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\CrashReport
[2009.04.08 11:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Help
[2010.09.12 10:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\ICQ
[2008.05.24 12:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Identities
[2008.05.24 12:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\InstallShield
[2008.11.06 19:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Macromedia
[2010.09.10 14:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Malwarebytes
[2010.08.19 17:19:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\OEM\Data aplikací\Microsoft
[2009.11.12 09:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Mozilla
[2009.11.12 10:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Octoshape
[2008.11.06 18:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Opera
[2009.07.13 10:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Skype
[2010.07.02 15:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\U3
[2008.11.06 19:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\WinRAR
[2008.11.06 18:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Zoner
[2010.05.20 09:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\ZWCAD
< %APPDATA%\*.exe /s >
[2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\OEM\Data aplikací\U3\temp\cleanup.exe
[2007.10.23 09:22:56 | 003,350,528 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\OEM\Data aplikací\U3\temp\Launchpad Removal.exe
< MD5 for: AGP440.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: CDROM.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 00:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
< MD5 for: ISAPNP.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2008.07.04 05:25:03 | 000,421,888 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008.05.24 13:49:13 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.05.24 13:49:13 | 001,069,056 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.05.24 13:49:13 | 000,483,328 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[2008.07.04 05:25:03 | 000,421,888 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %fystemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %fystemRoot%\system32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2010.09.12 12:01:14 | 000,000,202 | ---- | M] () -- C:\WINDOWS\system32\PSLOG
[2010.09.12 10:38:06 | 000,012,598 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
========== Alternate Data Streams ==========
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:8C35AEA7
< End of report >
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Proveďte následující úkony v nouzovém režimu.
Caroprd111 píše:Klikněte na Opravit, PC se restartuje, log vložte sem.Kód: Vybrat vše
:Commands [EMPTYTEMP] [EMPTYFLASH] :OTL DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\ws2_32sik.sys -- (ws2_32sik) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\systemntmi.sys -- (systemntmi) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\securentm.sys -- (securentm) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\port135sik.sys -- (port135sik) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\nicsk32.sys -- (nicsk32) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\netsik.sys -- (netsik) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\ksi32sk.sys -- (ksi32sk) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\i386si.sys -- (i386si) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\fips32cup.sys -- (fips32cup) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\ati64si.sys -- (ati64si) DRV - File not found [File_System | On_Demand | Running] -- C:\Program Files\Anti Trojan Elite\ATEPMon.sys -- (ATE_PROCMON) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\amd64si.sys -- (amd64si) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\acpi32.sys -- (acpi32) DRV - [2010.01.05 09:31:43 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\9d08d9cc.sys -- (9d08d9cc) DRV - [2009.04.28 09:29:26 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\bf9ddd11.sys -- (bf9ddd11) IE - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\..\URLSearchHook: - Reg Error: Key error. File not found O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [UserFaultCheck] File not found O20 - Winlogon\Notify\crypt: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O27 - HKLM IFEO\a2service.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\ArcaCheck.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\arcavir.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\ashDisp.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\ashEnhcd.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\ashServ.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\ashUpd.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\aswUpdSv.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\autoruns.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\avadmin.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\avcenter.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\avcls.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\avconfig.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\avconsol.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\avgnt.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\avgrssvc.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\avguard.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\AvMonitor.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\avp.com: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\avp.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\AVP32.EXE: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\avscan.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\avz.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\avz_se.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\avz4.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\bdagent.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\bdinit.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\caav.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\caavguiscan.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\casecuritycenter.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\CCenter.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\ccupdate.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\cfp.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\cfpupdat.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\cmdagent.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\drwadins.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\DRWEB32.EXE: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\drwebupw.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\ekrn.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\FAMEH32.EXE: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\filemon.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\FPAVServer.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\fpscan.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\FPWin.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\fsav32.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\fsgk32st.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\FSMA32.EXE: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\GFRing3.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\guardgui.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\guardxservice.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\guardxup.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\HijackThis.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\KASMain.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\KASTask.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\KAV32.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\KAVDX.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\KAVPF.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\KAVPFW.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\KAVStart.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\KPFW32.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\KPFW32X.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\Navapsvc.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\Navapw32.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\navigator.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\NAVNT.EXE: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\NAVSTUB.EXE: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\NAVW32.EXE: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\NAVWNT.EXE: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\niu.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\nod32.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\nod32krn.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\Nvcc.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\OllyDBG.EXE: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\outpost.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\preupd.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\procexp.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\pskdr.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\regedit.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\regmon.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\RegTool.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\scan32.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\SfFnUp.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\Vba32arkit.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\vba32ldr.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\vsserv.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\Zanda.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\zapro.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\Zlh.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\zonealarm.exe: Debugger - ntsd -d (Microsoft Corporation) O27 - HKLM IFEO\zoneband.dll: Debugger - ntsd -d (Microsoft Corporation) O33 - MountPoints2\{7b2f3cc1-2987-11dd-a64e-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{cac7359e-c36b-11dd-9260-001fd082278f}\Shell - "" = AutoRun [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2010.09.12 10:59:25 | 003,842,699 | ---- | C] () -- C:\Documents and Settings\OEM\Plocha\ComboFix.exe [2009.05.25 08:56:36 | 000,095,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\98365d1e.sys [2009.04.13 14:46:45 | 000,020,480 | -HS- | C] () -- C:\WINDOWS\System32\12520437n.dll [2008.09.30 12:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP @Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:8C35AEA7 :Reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS] "ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6D,00,\ 72,00,6F,00,6F,00,74,00,25,00,5C,00,73,00,79,00,73,00,74,00,65,00,6D,00,\ 33,00,32,00,5C,00,73,00,76,00,63,00,68,00,6F,00,73,00,74,00,2E,00,65,00,\ 78,00,65,00,20,00,2D,00,6B,00,20,00,6E,00,65,00,74,00,73,00,76,00,63,00,\ 73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv] "ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6D,00,\ 72,00,6F,00,6F,00,74,00,25,00,5C,00,73,00,79,00,73,00,74,00,65,00,6D,00,\ 33,00,32,00,5C,00,73,00,76,00,63,00,68,00,6F,00,73,00,74,00,2E,00,65,00,\ 78,00,65,00,20,00,2D,00,6B,00,20,00,6E,00,65,00,74,00,73,00,76,00,63,00,\ 73,00,00,00
Re: Prosím o kontrolu logu
bohužel se mi nedaří dostat (přes F8) do nouzového režimu...
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
pokračujte podle návodu http://www.bleepingcomputer.com/combofi ... t-combofix
Re: Prosím o kontrolu logu
log z ComboFixu:
ComboFix 10-09-11.03 - OEM 12.09.2010 13:25:30.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1599 [GMT 2:00]
Spuštěný z: c:\documents and settings\OEM\Plocha\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\OEM\Data aplikací\wiaserva.log
c:\windows\system\oeminfo.ini
c:\windows\system32\3963665497.dat
c:\windows\system32\aacliento.exe
c:\windows\system32\Drivers\NTGDT.SYS
c:\windows\system32\wbem\grpconv.exe
c:\windows\system32\grpconv.exe . . . chybí !!
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SAMSSSENS
-------\Service_SamSsSENS
-------\Legacy_NTGDT
-------\Service_NTGDT
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-12 do 2010-09-12 )))))))))))))))))))))))))))))))
.
2010-09-12 09:58 . 2010-09-12 09:58 -------- d-----w- C:\_OTL
2010-09-10 12:59 . 2010-09-12 10:23 -------- d-----w- C:\logy
2010-09-10 12:58 . 2010-09-10 12:58 -------- d-----w- c:\program files\trend micro
2010-09-10 12:58 . 2010-09-10 12:58 -------- d-----w- C:\rsit
2010-09-10 12:40 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-10 12:40 . 2010-09-10 12:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-10 12:40 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-09 07:05 . 2010-09-09 07:05 -------- d-----w- C:\zaloha
2010-09-09 07:04 . 2010-09-09 07:04 -------- d-----w- c:\program files\CCleaner
2010-09-09 04:43 . 2010-09-09 04:43 -------- d-----w- C:\spoolerlogs
2010-09-05 11:43 . 2006-07-28 06:16 92672 ----a-w- c:\windows\system32\pswin.dll
2010-09-05 11:43 . 2006-07-27 17:05 69120 ----a-w- c:\windows\system32\psnt.dll
2010-09-05 11:43 . 2006-06-26 11:57 212992 ----a-w- c:\windows\system32\Bot.dll
2010-09-05 11:43 . 2006-05-09 09:30 104960 ----a-w- c:\windows\system32\PSX64.dll
2010-09-01 10:52 . 2007-06-28 06:12 28672 ----a-r- c:\windows\system32\Spool\prtprocs\w32x86\TSKppr.dll
2010-09-01 10:52 . 2007-01-16 05:30 61440 ----a-r- c:\windows\system32\TSKMON.DLL
2010-09-01 10:51 . 2010-09-05 11:43 -------- d-----w- c:\program files\PrintServer Utilities
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 11:43 . 2008-05-24 10:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-13 12:46 . 2009-04-13 12:46 20480 --sha-w- c:\windows\system32\12520437n.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"Octoshape Streaming Services"="c:\documents and settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"pdfFactory Pro Dispatcher v3"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2006-08-03 503808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"LchDrvKey"="LchDrvKey.exe" [2007-03-28 36864]
"gemstrmw"="c:\windows\system32\gemstrmw.exe" [2003-08-29 24576]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Akceler tor spuçtŘnˇ AutoCADu LT.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-11-6 389120]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Roman PC\\PROGRAMY\\QIP\\qip.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\OEM\\Data aplikací\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13364:UDP"= 13364:UDP:Print Server Utility
"13621:UDP"= 13621:UDP:MFP Bot Utility
"13107:UDP"= 13107:UDP:Print Server Utility
"69:UDP"= 69:UDP:Print Server Utility
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [6.11.2008 19:09 222456]
R3 rockey_usb;Feitian ROCKEY4 USB Service;c:\windows\system32\drivers\Rockey4USB.sys [15.6.2009 7:59 12928]
S1 bf9ddd11;bf9ddd11;c:\windows\system32\drivers\bf9ddd11.sys [27.4.2009 10:54 0]
S3 GEMPC430;GEMPC430;c:\windows\system32\drivers\gemusb.sys [8.6.2010 15:35 53568]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} - file:///C:/Program%20Files/AutoCAD%20LT%202002%20Cz/InstFred.ocx
DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} - file:///C:/Program%20Files/AutoCAD%20LT%202002%20Cz/InstBanr.ocx
FF - ProfilePath - c:\documents and settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\96gv4lpz.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.atlas.cz/?from=icqhp
FF - plugin: c:\program files\Mozilla Firefox\plugins\npfiller.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
.scr=AutoCADLTScriptFile
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-12 13:29
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2236)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\windows\RTHDCPL.EXE
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\MHotkey.exe
c:\windows\ChiFuncExt.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-09-12 13:32:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-12 11:32
Před spuštěním: Volných bajtů: 294 070 329 344
Po spuštění: Volných bajtů: 294 068 707 328
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - D3B749E5A4308A9631F1FE8D5DA8FBC9
ComboFix 10-09-11.03 - OEM 12.09.2010 13:25:30.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1599 [GMT 2:00]
Spuštěný z: c:\documents and settings\OEM\Plocha\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\OEM\Data aplikací\wiaserva.log
c:\windows\system\oeminfo.ini
c:\windows\system32\3963665497.dat
c:\windows\system32\aacliento.exe
c:\windows\system32\Drivers\NTGDT.SYS
c:\windows\system32\wbem\grpconv.exe
c:\windows\system32\grpconv.exe . . . chybí !!
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SAMSSSENS
-------\Service_SamSsSENS
-------\Legacy_NTGDT
-------\Service_NTGDT
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-12 do 2010-09-12 )))))))))))))))))))))))))))))))
.
2010-09-12 09:58 . 2010-09-12 09:58 -------- d-----w- C:\_OTL
2010-09-10 12:59 . 2010-09-12 10:23 -------- d-----w- C:\logy
2010-09-10 12:58 . 2010-09-10 12:58 -------- d-----w- c:\program files\trend micro
2010-09-10 12:58 . 2010-09-10 12:58 -------- d-----w- C:\rsit
2010-09-10 12:40 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-10 12:40 . 2010-09-10 12:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-10 12:40 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-09 07:05 . 2010-09-09 07:05 -------- d-----w- C:\zaloha
2010-09-09 07:04 . 2010-09-09 07:04 -------- d-----w- c:\program files\CCleaner
2010-09-09 04:43 . 2010-09-09 04:43 -------- d-----w- C:\spoolerlogs
2010-09-05 11:43 . 2006-07-28 06:16 92672 ----a-w- c:\windows\system32\pswin.dll
2010-09-05 11:43 . 2006-07-27 17:05 69120 ----a-w- c:\windows\system32\psnt.dll
2010-09-05 11:43 . 2006-06-26 11:57 212992 ----a-w- c:\windows\system32\Bot.dll
2010-09-05 11:43 . 2006-05-09 09:30 104960 ----a-w- c:\windows\system32\PSX64.dll
2010-09-01 10:52 . 2007-06-28 06:12 28672 ----a-r- c:\windows\system32\Spool\prtprocs\w32x86\TSKppr.dll
2010-09-01 10:52 . 2007-01-16 05:30 61440 ----a-r- c:\windows\system32\TSKMON.DLL
2010-09-01 10:51 . 2010-09-05 11:43 -------- d-----w- c:\program files\PrintServer Utilities
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 11:43 . 2008-05-24 10:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-13 12:46 . 2009-04-13 12:46 20480 --sha-w- c:\windows\system32\12520437n.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"Octoshape Streaming Services"="c:\documents and settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"pdfFactory Pro Dispatcher v3"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2006-08-03 503808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"LchDrvKey"="LchDrvKey.exe" [2007-03-28 36864]
"gemstrmw"="c:\windows\system32\gemstrmw.exe" [2003-08-29 24576]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Akceler tor spuçtŘnˇ AutoCADu LT.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-11-6 389120]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Roman PC\\PROGRAMY\\QIP\\qip.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\OEM\\Data aplikací\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13364:UDP"= 13364:UDP:Print Server Utility
"13621:UDP"= 13621:UDP:MFP Bot Utility
"13107:UDP"= 13107:UDP:Print Server Utility
"69:UDP"= 69:UDP:Print Server Utility
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [6.11.2008 19:09 222456]
R3 rockey_usb;Feitian ROCKEY4 USB Service;c:\windows\system32\drivers\Rockey4USB.sys [15.6.2009 7:59 12928]
S1 bf9ddd11;bf9ddd11;c:\windows\system32\drivers\bf9ddd11.sys [27.4.2009 10:54 0]
S3 GEMPC430;GEMPC430;c:\windows\system32\drivers\gemusb.sys [8.6.2010 15:35 53568]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} - file:///C:/Program%20Files/AutoCAD%20LT%202002%20Cz/InstFred.ocx
DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} - file:///C:/Program%20Files/AutoCAD%20LT%202002%20Cz/InstBanr.ocx
FF - ProfilePath - c:\documents and settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\96gv4lpz.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.atlas.cz/?from=icqhp
FF - plugin: c:\program files\Mozilla Firefox\plugins\npfiller.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
.scr=AutoCADLTScriptFile
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-12 13:29
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2236)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\windows\RTHDCPL.EXE
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\MHotkey.exe
c:\windows\ChiFuncExt.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-09-12 13:32:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-12 11:32
Před spuštěním: Volných bajtů: 294 070 329 344
Po spuštění: Volných bajtů: 294 068 707 328
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - D3B749E5A4308A9631F1FE8D5DA8FBC9
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
- Spusťte OTL, poté do spodního políčka vložte následující skript.
Kód: Vybrat vše
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
autochk.exe
grpconv.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT
- Označte položku Pro všechny uživatele.
- Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
- Po dokončení, sem vložte logy OTL.Txt
Re: Prosím o kontrolu logu
otl.txt:
OTL logfile created on: 12.9.2010 13:46:29 - Run 3
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\OEM\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 273,61 Gb Free Space | 91,79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ROMAN-PC
Current User Name: OEM
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.09.12 11:20:30 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OEM\Plocha\OTL.exe
PRC - [2009.11.16 17:36:19 | 000,172,792 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ6.5\ICQ.exe
PRC - [2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
PRC - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008.10.28 18:45:02 | 000,098,816 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.01.16 10:26:38 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.12.27 14:03:14 | 000,580,096 | ---- | M] () -- C:\WINDOWS\mHotkey.exe
PRC - [2007.12.21 16:57:38 | 000,057,344 | ---- | M] (Chicony) -- C:\WINDOWS\ChiFuncExt.exe
PRC - [2007.06.01 10:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.06.01 10:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006.11.21 12:00:00 | 000,389,120 | ---- | M] (WinZip Computing LP) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2006.08.03 17:38:44 | 000,503,808 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis3a.exe
========== Modules (SafeList) ==========
MOD - [2010.09.12 11:20:30 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OEM\Plocha\OTL.exe
MOD - [2008.04.14 08:49:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009.02.11 16:59:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.11.24 23:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008.11.24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008.11.06 20:46:03 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.01.16 10:26:38 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2009.06.15 07:59:26 | 000,012,928 | ---- | M] (Feitian Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rockey4USB.sys -- (rockey_usb)
DRV - [2009.06.15 07:59:25 | 000,022,016 | ---- | M] (Feitian Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rockey4.sys -- (rockeynt)
DRV - [2009.04.28 09:29:26 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\bf9ddd11.sys -- (bf9ddd11)
DRV - [2008.07.04 08:33:33 | 003,230,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.04.13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.09.19 17:16:32 | 004,617,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.07.20 19:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007.06.28 12:46:42 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007.06.28 12:46:40 | 000,045,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.09.05 15:10:12 | 000,020,096 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2006.04.22 03:44:39 | 000,008,064 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2002.09.13 03:45:40 | 000,053,568 | ---- | M] (Gemplus) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gemusb.sys -- (GEMPC430)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
IE - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://www.atlas.cz/?from=icqhp"
FF - prefs.js..extensions.enabledItems: xmlfiller@software602.cz:3.1.6
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.17 11:15:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.17 11:15:42 | 000,000,000 | ---D | M]
[2008.11.06 18:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Extensions
[2008.11.06 18:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\96gv4lpz.default\extensions
[2010.08.15 13:03:22 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\96gv4lpz.default\searchplugins\icqplugin-1.xml
[2010.08.16 11:44:41 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\96gv4lpz.default\searchplugins\icqplugin-2.xml
[2010.08.17 11:15:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\96gv4lpz.default\searchplugins\icqplugin-3.xml
[2008.11.18 14:56:02 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\96gv4lpz.default\searchplugins\icqplugin.xml
[2010.08.16 13:04:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.01.06 11:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.04 11:43:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\xmlfiller@software602.cz
[2009.12.17 15:39:34 | 000,090,112 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npfiller.dll
[2010.08.17 11:15:38 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.08.17 11:15:38 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.08.17 11:15:38 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.08.17 11:15:38 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.08.17 11:15:38 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2010.09.12 13:28:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [gemstrmw] C:\WINDOWS\System32\gemstrmw.exe (Gemplus)
O4 - HKLM..\Run: [LchDrvKey] C:\WINDOWS\LchDrvKey.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004..\Run: [Octoshape Streaming Services] C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Akcelerátor spuštění AutoCADu LT.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} file:///C:/Program%20Files/AutoCAD%20LT%202002%20Cz/InstFred.ocx (InstaFred)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Program%20Files/AutoCAD%20LT%202002%20Cz/AcDcToday.ocx (Ovládací prvek AcDcToday)
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} file:///C:/Program%20Files/AutoCAD%20LT%202002%20Cz/InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files/AutoCAD%20LT%202002%20Cz/AcPreview.ocx (Prvek AcPreview)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.47.0.4 10.0.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\OEM\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\OEM\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.24 11:59:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)
========== Files/Folders - Created Within 30 Days ==========
[2010.09.12 13:32:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.09.12 13:31:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010.09.12 13:24:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.09.12 13:23:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.09.12 13:23:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.09.12 13:23:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.09.12 13:23:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.09.12 13:23:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.09.12 13:23:01 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.09.12 13:22:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.09.12 13:18:59 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010.09.12 12:59:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.09.12 11:58:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.09.12 11:20:30 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\OEM\Plocha\OTL.exe
[2010.09.10 14:59:21 | 000,000,000 | ---D | C] -- C:\logy
[2010.09.10 14:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.09.10 14:58:52 | 000,000,000 | ---D | C] -- C:\rsit
[2010.09.10 14:40:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM\Data aplikací\Malwarebytes
[2010.09.10 14:40:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.09.10 14:40:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.09.10 14:40:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.10 14:40:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.09.10 11:21:17 | 000,554,272 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\OEM\Plocha\Mats_Run.printing.exe
[2010.09.09 09:05:18 | 000,000,000 | ---D | C] -- C:\zaloha
[2010.09.09 09:04:53 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.09.09 06:43:03 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010.09.05 13:43:22 | 000,104,960 | ---- | C] (Edimax Technology Co., LTD) -- C:\WINDOWS\System32\PSX64.dll
[2010.09.05 13:43:22 | 000,092,672 | ---- | C] (Edimax Technology Co., LTD) -- C:\WINDOWS\System32\pswin.dll
[2010.09.05 13:43:22 | 000,069,120 | ---- | C] (Edimax Technology Co., LTD) -- C:\WINDOWS\System32\psnt.dll
[2010.09.05 11:44:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010.09.01 12:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM\Application Data
[2010.09.01 12:52:41 | 000,061,440 | R--- | C] (Monotype Imaging Inc.) -- C:\WINDOWS\System32\TSKMON.DLL
[2010.09.01 12:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\PrintServer Utilities
========== Files - Modified Within 30 Days ==========
[2010.09.12 13:29:07 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.09.12 13:28:58 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.09.12 13:28:53 | 000,000,202 | ---- | M] () -- C:\WINDOWS\System32\PSLOG
[2010.09.12 13:28:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.12 13:28:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.12 13:28:06 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\OEM\NTUSER.DAT
[2010.09.12 13:27:58 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\OEM\ntuser.ini
[2010.09.12 13:24:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010.09.12 13:07:28 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.12 13:06:34 | 000,000,542 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.09.12 13:06:34 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010.09.12 12:46:49 | 000,003,347 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.09.12 12:40:29 | 000,000,051 | ---- | M] () -- C:\WINDOWS\ccolwiz.ini
[2010.09.12 12:16:24 | 000,000,092 | ---- | M] () -- C:\Documents and Settings\OEM\Plocha\VYMAZAT-TISKOVE-ULOHY.cmd
[2010.09.12 11:20:30 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OEM\Plocha\OTL.exe
[2010.09.12 10:59:26 | 003,842,699 | R--- | M] () -- C:\Documents and Settings\OEM\Plocha\ComboFix.exe
[2010.09.10 11:21:37 | 000,000,222 | ---- | M] () -- C:\Documents and Settings\OEM\Plocha\MicrosoftFixit50126.msi
[2010.09.10 11:21:17 | 000,554,272 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\OEM\Plocha\Mats_Run.printing.exe
[2010.09.09 07:55:21 | 004,760,334 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šimkovi- RDS PŮDORYS 1.NP (092010)-Model.plt
[2010.09.08 18:52:16 | 003,392,685 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šimkovi- RDS PŮDORYS 2.NP (092010)-Model.plt
[2010.09.07 11:04:32 | 003,651,276 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\Sv.Čecha- zábradlí + detaily TISKOVÉ-Model.plt
[2010.09.06 18:10:51 | 004,463,422 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 082010)-TISK-Model.plt
[2010.09.02 14:07:09 | 003,936,794 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šatov-návrh pro památky-Model.plt
[2010.08.31 13:52:44 | 007,732,057 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 082010)-Model.plt
[2010.08.30 19:23:55 | 001,953,090 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šatov-stáv.stav-+POHLEDY(pro památkáře)-Model.plt
[2010.08.30 10:57:39 | 007,837,369 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 072010)-Model.plt
[2010.08.26 12:58:14 | 003,082,183 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Hauzvic-podklad pro výpočet(oprava)-Model.plt
[2010.08.21 10:21:36 | 004,322,263 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD KOLAŘÍKOVÁ-stáv.+nový stav-DOTACE-Model.plt
[2010.08.20 13:41:48 | 003,387,616 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Hauzvic-stáv.+nový stav(oprava)-Model.plt
[2010.08.19 19:14:03 | 002,441,267 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD KOLAŘÍKOVÁ-stáv.+nový stav-Model.plt
[2010.08.19 12:50:45 | 002,592,345 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\22-05-2010-Ambit-Dvorce-(k tisku)-Model.plt
[2010.08.17 16:37:25 | 009,255,114 | ---- | M] () -- C:\Documents and Settings\OEM\Plocha\OLDRISOV_SITUACE_TISKOVE.dwg
[2010.08.15 17:24:03 | 002,903,967 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Hauzvic-stáv.+nový stav-Model.plt
========== Files Created - No Company Name ==========
[2010.09.12 13:24:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.09.12 13:24:22 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2010.09.12 13:23:07 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.09.12 13:23:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.09.12 13:23:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.09.12 13:23:07 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.09.12 13:23:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.09.12 12:16:24 | 000,000,092 | ---- | C] () -- C:\Documents and Settings\OEM\Plocha\VYMAZAT-TISKOVE-ULOHY.cmd
[2010.09.12 10:59:25 | 003,842,699 | R--- | C] () -- C:\Documents and Settings\OEM\Plocha\ComboFix.exe
[2010.09.10 11:21:37 | 000,000,222 | ---- | C] () -- C:\Documents and Settings\OEM\Plocha\MicrosoftFixit50126.msi
[2010.09.09 07:55:19 | 004,760,334 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šimkovi- RDS PŮDORYS 1.NP (092010)-Model.plt
[2010.09.08 18:52:15 | 003,392,685 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šimkovi- RDS PŮDORYS 2.NP (092010)-Model.plt
[2010.09.07 10:53:33 | 003,651,276 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\Sv.Čecha- zábradlí + detaily TISKOVÉ-Model.plt
[2010.09.06 07:35:16 | 004,463,422 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 082010)-TISK-Model.plt
[2010.09.05 13:43:22 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\Bot.dll
[2010.09.05 13:43:22 | 000,000,101 | ---- | C] () -- C:\WINDOWS\PSXLPR.INI
[2010.09.02 13:48:58 | 003,936,794 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šatov-návrh pro památky-Model.plt
[2010.08.31 13:52:41 | 007,732,057 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 082010)-Model.plt
[2010.08.30 19:23:54 | 001,953,090 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šatov-stáv.stav-+POHLEDY(pro památkáře)-Model.plt
[2010.08.30 10:57:37 | 007,837,369 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 072010)-Model.plt
[2010.08.26 12:58:13 | 003,082,183 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Hauzvic-podklad pro výpočet(oprava)-Model.plt
[2010.08.21 10:21:34 | 004,322,263 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD KOLAŘÍKOVÁ-stáv.+nový stav-DOTACE-Model.plt
[2010.08.20 12:59:19 | 003,387,616 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Hauzvic-stáv.+nový stav(oprava)-Model.plt
[2010.08.17 16:37:10 | 009,255,114 | ---- | C] () -- C:\Documents and Settings\OEM\Plocha\OLDRISOV_SITUACE_TISKOVE.dwg
[2010.08.17 11:11:50 | 002,441,267 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD KOLAŘÍKOVÁ-stáv.+nový stav-Model.plt
[2010.06.08 15:35:10 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\ct.ini
[2010.04.02 19:43:30 | 000,011,714 | ---- | C] () -- C:\WINDOWS\mhotkey_reg.ini
[2010.04.02 19:43:28 | 000,294,912 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2010.03.02 11:33:56 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\SecureStoreCspRes.dll
[2010.03.02 11:33:48 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SecureStorePKCS11.dll
[2010.03.02 11:33:40 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\SecureStoreCSP.dll
[2010.03.02 11:33:34 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\SecureStoreCore.dll
[2009.10.06 08:04:05 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009.06.15 07:59:26 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\Ry4CoInst.dll
[2009.06.11 08:40:16 | 000,000,071 | ---- | C] () -- C:\WINDOWS\System32\ap_i2p.ini
[2009.05.25 08:56:36 | 000,095,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\98365d1e.sys
[2009.04.27 10:54:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\bf9ddd11.sys
[2009.04.13 14:46:45 | 000,020,480 | -HS- | C] () -- C:\WINDOWS\System32\12520437n.dll
[2009.03.17 12:08:48 | 000,131,960 | ---- | C] () -- C:\WINDOWS\System32\ICAEnroll.dll
[2009.03.17 12:08:48 | 000,078,712 | ---- | C] () -- C:\WINDOWS\System32\ICARenewal.dll
[2008.12.15 17:06:26 | 000,104,448 | ---- | C] () -- C:\Documents and Settings\OEM\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.15 12:07:17 | 000,000,051 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini
[2008.11.06 20:22:42 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[2008.11.06 19:44:19 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008.11.06 19:30:03 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2008.11.06 19:22:43 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.11.06 19:09:54 | 000,003,347 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008.09.30 13:45:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.09.30 11:37:43 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.08.18 11:51:28 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005.10.14 12:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 12:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 12:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 12:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 12:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2000.09.19 02:50:28 | 000,202,752 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
========== LOP Check ==========
[2008.11.06 20:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2008.11.06 20:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2008.11.06 19:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2008.09.30 12:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2008.11.06 19:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\WinZip
[2009.02.26 18:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Autodesk
[2009.06.15 08:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Chinaweal Longteng
[2010.01.19 14:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\CrashReport
[2010.09.12 13:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\ICQ
[2009.11.12 10:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Octoshape
[2008.11.06 18:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Opera
[2008.11.06 18:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Zoner
[2010.05.20 09:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\ZWCAD
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" -- [2007.06.01 10:21:08 | 000,153,136 | ---- | M] (Nero AG)
"Octoshape Streaming Services" = "C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun -- [2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS)
"ICQ" = "C:\Program Files\ICQ6.5\ICQ.exe" silent -- [2009.11.16 17:36:19 | 000,172,792 | ---- | M] (ICQ, LLC.)
< c:\windows\*.* /U >
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2009.01.08 13:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Adobe
[2008.05.24 12:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Ahead
[2008.08.18 12:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\ATI
[2009.02.26 18:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Autodesk
[2009.06.15 08:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Chinaweal Longteng
[2010.01.19 14:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\CrashReport
[2009.04.08 11:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Help
[2010.09.12 13:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\ICQ
[2008.05.24 12:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Identities
[2008.05.24 12:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\InstallShield
[2008.11.06 19:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Macromedia
[2010.09.10 14:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Malwarebytes
[2010.08.19 17:19:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\OEM\Data aplikací\Microsoft
[2009.11.12 09:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Mozilla
[2009.11.12 10:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Octoshape
[2008.11.06 18:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Opera
[2009.07.13 10:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Skype
[2010.07.02 15:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\U3
[2008.11.06 19:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\WinRAR
[2008.11.06 18:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Zoner
[2010.05.20 09:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\ZWCAD
< %APPDATA%\*.exe /s >
[2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\OEM\Data aplikací\U3\temp\cleanup.exe
[2007.10.23 09:22:56 | 003,350,528 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\OEM\Data aplikací\U3\temp\Launchpad Removal.exe
< MD5 for: AGP440.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\dllcache\autochk.exe
< MD5 for: CDROM.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 00:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
< MD5 for: ISAPNP.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2008.07.04 05:25:03 | 000,421,888 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[2008.05.09 12:56:13 | 000,430,080 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\vbscript.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008.05.24 13:49:13 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.05.24 13:49:13 | 001,069,056 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.05.24 13:49:13 | 000,483,328 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[2008.07.04 05:25:03 | 000,421,888 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[2008.05.09 12:56:13 | 000,430,080 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\vbscript.dll
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0\0
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2010.09.12 13:28:53 | 000,000,202 | ---- | M] () -- C:\WINDOWS\system32\PSLOG
[2010.09.12 13:07:28 | 000,012,598 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
========== Alternate Data Streams ==========
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:8C35AEA7
< End of report >
OTL logfile created on: 12.9.2010 13:46:29 - Run 3
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\OEM\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 273,61 Gb Free Space | 91,79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ROMAN-PC
Current User Name: OEM
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.09.12 11:20:30 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OEM\Plocha\OTL.exe
PRC - [2009.11.16 17:36:19 | 000,172,792 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ6.5\ICQ.exe
PRC - [2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
PRC - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008.10.28 18:45:02 | 000,098,816 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.01.16 10:26:38 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.12.27 14:03:14 | 000,580,096 | ---- | M] () -- C:\WINDOWS\mHotkey.exe
PRC - [2007.12.21 16:57:38 | 000,057,344 | ---- | M] (Chicony) -- C:\WINDOWS\ChiFuncExt.exe
PRC - [2007.06.01 10:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.06.01 10:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006.11.21 12:00:00 | 000,389,120 | ---- | M] (WinZip Computing LP) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2006.08.03 17:38:44 | 000,503,808 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis3a.exe
========== Modules (SafeList) ==========
MOD - [2010.09.12 11:20:30 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OEM\Plocha\OTL.exe
MOD - [2008.04.14 08:49:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009.02.11 16:59:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.11.24 23:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008.11.24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008.11.06 20:46:03 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.01.16 10:26:38 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2009.06.15 07:59:26 | 000,012,928 | ---- | M] (Feitian Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rockey4USB.sys -- (rockey_usb)
DRV - [2009.06.15 07:59:25 | 000,022,016 | ---- | M] (Feitian Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rockey4.sys -- (rockeynt)
DRV - [2009.04.28 09:29:26 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\bf9ddd11.sys -- (bf9ddd11)
DRV - [2008.07.04 08:33:33 | 003,230,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.04.13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.09.19 17:16:32 | 004,617,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.07.20 19:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007.06.28 12:46:42 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007.06.28 12:46:40 | 000,045,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.09.05 15:10:12 | 000,020,096 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2006.04.22 03:44:39 | 000,008,064 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2002.09.13 03:45:40 | 000,053,568 | ---- | M] (Gemplus) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gemusb.sys -- (GEMPC430)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
IE - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://www.atlas.cz/?from=icqhp"
FF - prefs.js..extensions.enabledItems: xmlfiller@software602.cz:3.1.6
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.17 11:15:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.17 11:15:42 | 000,000,000 | ---D | M]
[2008.11.06 18:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Extensions
[2008.11.06 18:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\96gv4lpz.default\extensions
[2010.08.15 13:03:22 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\96gv4lpz.default\searchplugins\icqplugin-1.xml
[2010.08.16 11:44:41 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\96gv4lpz.default\searchplugins\icqplugin-2.xml
[2010.08.17 11:15:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\96gv4lpz.default\searchplugins\icqplugin-3.xml
[2008.11.18 14:56:02 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\96gv4lpz.default\searchplugins\icqplugin.xml
[2010.08.16 13:04:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.01.06 11:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.04 11:43:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\xmlfiller@software602.cz
[2009.12.17 15:39:34 | 000,090,112 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npfiller.dll
[2010.08.17 11:15:38 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.08.17 11:15:38 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.08.17 11:15:38 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.08.17 11:15:38 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.08.17 11:15:38 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2010.09.12 13:28:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [gemstrmw] C:\WINDOWS\System32\gemstrmw.exe (Gemplus)
O4 - HKLM..\Run: [LchDrvKey] C:\WINDOWS\LchDrvKey.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004..\Run: [Octoshape Streaming Services] C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Akcelerátor spuštění AutoCADu LT.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} file:///C:/Program%20Files/AutoCAD%20LT%202002%20Cz/InstFred.ocx (InstaFred)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Program%20Files/AutoCAD%20LT%202002%20Cz/AcDcToday.ocx (Ovládací prvek AcDcToday)
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} file:///C:/Program%20Files/AutoCAD%20LT%202002%20Cz/InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files/AutoCAD%20LT%202002%20Cz/AcPreview.ocx (Prvek AcPreview)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.47.0.4 10.0.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\OEM\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\OEM\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.24 11:59:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)
========== Files/Folders - Created Within 30 Days ==========
[2010.09.12 13:32:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.09.12 13:31:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010.09.12 13:24:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.09.12 13:23:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.09.12 13:23:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.09.12 13:23:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.09.12 13:23:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.09.12 13:23:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.09.12 13:23:01 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.09.12 13:22:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.09.12 13:18:59 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010.09.12 12:59:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.09.12 11:58:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.09.12 11:20:30 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\OEM\Plocha\OTL.exe
[2010.09.10 14:59:21 | 000,000,000 | ---D | C] -- C:\logy
[2010.09.10 14:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.09.10 14:58:52 | 000,000,000 | ---D | C] -- C:\rsit
[2010.09.10 14:40:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM\Data aplikací\Malwarebytes
[2010.09.10 14:40:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.09.10 14:40:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.09.10 14:40:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.10 14:40:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.09.10 11:21:17 | 000,554,272 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\OEM\Plocha\Mats_Run.printing.exe
[2010.09.09 09:05:18 | 000,000,000 | ---D | C] -- C:\zaloha
[2010.09.09 09:04:53 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.09.09 06:43:03 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010.09.05 13:43:22 | 000,104,960 | ---- | C] (Edimax Technology Co., LTD) -- C:\WINDOWS\System32\PSX64.dll
[2010.09.05 13:43:22 | 000,092,672 | ---- | C] (Edimax Technology Co., LTD) -- C:\WINDOWS\System32\pswin.dll
[2010.09.05 13:43:22 | 000,069,120 | ---- | C] (Edimax Technology Co., LTD) -- C:\WINDOWS\System32\psnt.dll
[2010.09.05 11:44:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010.09.01 12:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM\Application Data
[2010.09.01 12:52:41 | 000,061,440 | R--- | C] (Monotype Imaging Inc.) -- C:\WINDOWS\System32\TSKMON.DLL
[2010.09.01 12:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\PrintServer Utilities
========== Files - Modified Within 30 Days ==========
[2010.09.12 13:29:07 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.09.12 13:28:58 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.09.12 13:28:53 | 000,000,202 | ---- | M] () -- C:\WINDOWS\System32\PSLOG
[2010.09.12 13:28:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.12 13:28:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.12 13:28:06 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\OEM\NTUSER.DAT
[2010.09.12 13:27:58 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\OEM\ntuser.ini
[2010.09.12 13:24:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010.09.12 13:07:28 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.12 13:06:34 | 000,000,542 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.09.12 13:06:34 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010.09.12 12:46:49 | 000,003,347 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.09.12 12:40:29 | 000,000,051 | ---- | M] () -- C:\WINDOWS\ccolwiz.ini
[2010.09.12 12:16:24 | 000,000,092 | ---- | M] () -- C:\Documents and Settings\OEM\Plocha\VYMAZAT-TISKOVE-ULOHY.cmd
[2010.09.12 11:20:30 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OEM\Plocha\OTL.exe
[2010.09.12 10:59:26 | 003,842,699 | R--- | M] () -- C:\Documents and Settings\OEM\Plocha\ComboFix.exe
[2010.09.10 11:21:37 | 000,000,222 | ---- | M] () -- C:\Documents and Settings\OEM\Plocha\MicrosoftFixit50126.msi
[2010.09.10 11:21:17 | 000,554,272 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\OEM\Plocha\Mats_Run.printing.exe
[2010.09.09 07:55:21 | 004,760,334 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šimkovi- RDS PŮDORYS 1.NP (092010)-Model.plt
[2010.09.08 18:52:16 | 003,392,685 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šimkovi- RDS PŮDORYS 2.NP (092010)-Model.plt
[2010.09.07 11:04:32 | 003,651,276 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\Sv.Čecha- zábradlí + detaily TISKOVÉ-Model.plt
[2010.09.06 18:10:51 | 004,463,422 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 082010)-TISK-Model.plt
[2010.09.02 14:07:09 | 003,936,794 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šatov-návrh pro památky-Model.plt
[2010.08.31 13:52:44 | 007,732,057 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 082010)-Model.plt
[2010.08.30 19:23:55 | 001,953,090 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šatov-stáv.stav-+POHLEDY(pro památkáře)-Model.plt
[2010.08.30 10:57:39 | 007,837,369 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 072010)-Model.plt
[2010.08.26 12:58:14 | 003,082,183 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Hauzvic-podklad pro výpočet(oprava)-Model.plt
[2010.08.21 10:21:36 | 004,322,263 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD KOLAŘÍKOVÁ-stáv.+nový stav-DOTACE-Model.plt
[2010.08.20 13:41:48 | 003,387,616 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Hauzvic-stáv.+nový stav(oprava)-Model.plt
[2010.08.19 19:14:03 | 002,441,267 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD KOLAŘÍKOVÁ-stáv.+nový stav-Model.plt
[2010.08.19 12:50:45 | 002,592,345 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\22-05-2010-Ambit-Dvorce-(k tisku)-Model.plt
[2010.08.17 16:37:25 | 009,255,114 | ---- | M] () -- C:\Documents and Settings\OEM\Plocha\OLDRISOV_SITUACE_TISKOVE.dwg
[2010.08.15 17:24:03 | 002,903,967 | ---- | M] () -- C:\Documents and Settings\OEM\Dokumenty\RD Hauzvic-stáv.+nový stav-Model.plt
========== Files Created - No Company Name ==========
[2010.09.12 13:24:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.09.12 13:24:22 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2010.09.12 13:23:07 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.09.12 13:23:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.09.12 13:23:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.09.12 13:23:07 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.09.12 13:23:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.09.12 12:16:24 | 000,000,092 | ---- | C] () -- C:\Documents and Settings\OEM\Plocha\VYMAZAT-TISKOVE-ULOHY.cmd
[2010.09.12 10:59:25 | 003,842,699 | R--- | C] () -- C:\Documents and Settings\OEM\Plocha\ComboFix.exe
[2010.09.10 11:21:37 | 000,000,222 | ---- | C] () -- C:\Documents and Settings\OEM\Plocha\MicrosoftFixit50126.msi
[2010.09.09 07:55:19 | 004,760,334 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šimkovi- RDS PŮDORYS 1.NP (092010)-Model.plt
[2010.09.08 18:52:15 | 003,392,685 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šimkovi- RDS PŮDORYS 2.NP (092010)-Model.plt
[2010.09.07 10:53:33 | 003,651,276 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\Sv.Čecha- zábradlí + detaily TISKOVÉ-Model.plt
[2010.09.06 07:35:16 | 004,463,422 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 082010)-TISK-Model.plt
[2010.09.05 13:43:22 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\Bot.dll
[2010.09.05 13:43:22 | 000,000,101 | ---- | C] () -- C:\WINDOWS\PSXLPR.INI
[2010.09.02 13:48:58 | 003,936,794 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šatov-návrh pro památky-Model.plt
[2010.08.31 13:52:41 | 007,732,057 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 082010)-Model.plt
[2010.08.30 19:23:54 | 001,953,090 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Šatov-stáv.stav-+POHLEDY(pro památkáře)-Model.plt
[2010.08.30 10:57:37 | 007,837,369 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\BO Sv.Čecha 1093 (nový stav OPRAVA 072010)-Model.plt
[2010.08.26 12:58:13 | 003,082,183 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Hauzvic-podklad pro výpočet(oprava)-Model.plt
[2010.08.21 10:21:34 | 004,322,263 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD KOLAŘÍKOVÁ-stáv.+nový stav-DOTACE-Model.plt
[2010.08.20 12:59:19 | 003,387,616 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD Hauzvic-stáv.+nový stav(oprava)-Model.plt
[2010.08.17 16:37:10 | 009,255,114 | ---- | C] () -- C:\Documents and Settings\OEM\Plocha\OLDRISOV_SITUACE_TISKOVE.dwg
[2010.08.17 11:11:50 | 002,441,267 | ---- | C] () -- C:\Documents and Settings\OEM\Dokumenty\RD KOLAŘÍKOVÁ-stáv.+nový stav-Model.plt
[2010.06.08 15:35:10 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\ct.ini
[2010.04.02 19:43:30 | 000,011,714 | ---- | C] () -- C:\WINDOWS\mhotkey_reg.ini
[2010.04.02 19:43:28 | 000,294,912 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2010.03.02 11:33:56 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\SecureStoreCspRes.dll
[2010.03.02 11:33:48 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SecureStorePKCS11.dll
[2010.03.02 11:33:40 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\SecureStoreCSP.dll
[2010.03.02 11:33:34 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\SecureStoreCore.dll
[2009.10.06 08:04:05 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009.06.15 07:59:26 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\Ry4CoInst.dll
[2009.06.11 08:40:16 | 000,000,071 | ---- | C] () -- C:\WINDOWS\System32\ap_i2p.ini
[2009.05.25 08:56:36 | 000,095,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\98365d1e.sys
[2009.04.27 10:54:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\bf9ddd11.sys
[2009.04.13 14:46:45 | 000,020,480 | -HS- | C] () -- C:\WINDOWS\System32\12520437n.dll
[2009.03.17 12:08:48 | 000,131,960 | ---- | C] () -- C:\WINDOWS\System32\ICAEnroll.dll
[2009.03.17 12:08:48 | 000,078,712 | ---- | C] () -- C:\WINDOWS\System32\ICARenewal.dll
[2008.12.15 17:06:26 | 000,104,448 | ---- | C] () -- C:\Documents and Settings\OEM\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.15 12:07:17 | 000,000,051 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini
[2008.11.06 20:22:42 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[2008.11.06 19:44:19 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008.11.06 19:30:03 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2008.11.06 19:22:43 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.11.06 19:09:54 | 000,003,347 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008.09.30 13:45:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.09.30 11:37:43 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.08.18 11:51:28 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005.10.14 12:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 12:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 12:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 12:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 12:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2000.09.19 02:50:28 | 000,202,752 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
========== LOP Check ==========
[2008.11.06 20:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2008.11.06 20:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2008.11.06 19:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2008.09.30 12:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2008.11.06 19:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\WinZip
[2009.02.26 18:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Autodesk
[2009.06.15 08:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Chinaweal Longteng
[2010.01.19 14:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\CrashReport
[2010.09.12 13:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\ICQ
[2009.11.12 10:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Octoshape
[2008.11.06 18:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Opera
[2008.11.06 18:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Zoner
[2010.05.20 09:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\ZWCAD
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" -- [2007.06.01 10:21:08 | 000,153,136 | ---- | M] (Nero AG)
"Octoshape Streaming Services" = "C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun -- [2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS)
"ICQ" = "C:\Program Files\ICQ6.5\ICQ.exe" silent -- [2009.11.16 17:36:19 | 000,172,792 | ---- | M] (ICQ, LLC.)
< c:\windows\*.* /U >
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2009.01.08 13:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Adobe
[2008.05.24 12:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Ahead
[2008.08.18 12:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\ATI
[2009.02.26 18:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Autodesk
[2009.06.15 08:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Chinaweal Longteng
[2010.01.19 14:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\CrashReport
[2009.04.08 11:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Help
[2010.09.12 13:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\ICQ
[2008.05.24 12:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Identities
[2008.05.24 12:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\InstallShield
[2008.11.06 19:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Macromedia
[2010.09.10 14:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Malwarebytes
[2010.08.19 17:19:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\OEM\Data aplikací\Microsoft
[2009.11.12 09:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Mozilla
[2009.11.12 10:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Octoshape
[2008.11.06 18:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Opera
[2009.07.13 10:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Skype
[2010.07.02 15:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\U3
[2008.11.06 19:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\WinRAR
[2008.11.06 18:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\Zoner
[2010.05.20 09:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM\Data aplikací\ZWCAD
< %APPDATA%\*.exe /s >
[2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\OEM\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\OEM\Data aplikací\U3\temp\cleanup.exe
[2007.10.23 09:22:56 | 003,350,528 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\OEM\Data aplikací\U3\temp\Launchpad Removal.exe
< MD5 for: AGP440.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\dllcache\autochk.exe
< MD5 for: CDROM.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 00:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
< MD5 for: ISAPNP.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2008.07.04 05:25:03 | 000,421,888 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[2008.05.09 12:56:13 | 000,430,080 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\vbscript.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008.05.24 13:49:13 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.05.24 13:49:13 | 001,069,056 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.05.24 13:49:13 | 000,483,328 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[2008.07.04 05:25:03 | 000,421,888 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[2008.05.09 12:56:13 | 000,430,080 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\vbscript.dll
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0\0
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2010.09.12 13:28:53 | 000,000,202 | ---- | M] () -- C:\WINDOWS\system32\PSLOG
[2010.09.12 13:07:28 | 000,012,598 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
========== Alternate Data Streams ==========
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:8C35AEA7
< End of report >
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Následující kroky proveďte přesně v pořadí jak jsou.
Stáhněte a rozbalte soubor z přílohy na disk c:\ (Cesta souboru bude c:\grpconv.exe, nesmí to být archív 
)
Spusťte OTL a do spodního okna vložte následující skript.
Klikněte na Opravit, PC se restartuje, log vložte sem.
Stáhněte a rozbalte soubor z přílohy na disk c:\ (Cesta souboru bude c:\grpconv.exe, nesmí to být archív )
Spusťte OTL a do spodního okna vložte následující skript.
Kód: Vybrat vše
:Commands
[EMPTYTEMP]
[EMPTYFLASH]
:Files
c:\windows\system32\grpconv.exe|c:\grpconv.exe /replace
:OTL
[2008.09.30 12:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:8C35AEA7
[2009.05.25 08:56:36 | 000,095,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\98365d1e.sys
[2009.04.13 14:46:45 | 000,020,480 | -HS- | C] () -- C:\WINDOWS\System32\12520437n.dll
IE - HKU\S-1-5-21-2934858514-3775439591-2112138417-1004\..\URLSearchHook: - Reg Error: Key error. File not found
DRV - [2009.04.28 09:29:26 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\bf9ddd11.sys -- (bf9ddd11)
Přispějete na provoz fóra?