Dobrý den
Klikl jsem na podezřelí imail ,i když mám TRIAL ESET Smart Security stejně jsem provedl kontrolu ComboFixem a našlo mi to viry (tedy jestli se nejadna o planý poplach)
ComboFix 10-12-01.01 - Uživatel 02.12.2010 13:54:18.11.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1465 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
AV: ESET Smart Security 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Ijl11.dll
c:\windows\system32\vbpng1.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-02 do 2010-12-02 )))))))))))))))))))))))))))))))
.
2010-11-27 18:46 . 2010-11-27 19:04 -------- d-----w- c:\program files\ScreenShots
2010-11-25 15:59 . 2010-11-25 15:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Blizzard Entertainment
2010-11-24 09:58 . 2010-11-24 09:58 -------- d-----w- c:\program files\ESET
2010-11-24 09:58 . 2010-11-24 09:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2010-11-24 06:30 . 2010-11-30 16:20 -------- d-----w- c:\program files\World of Warcraft
2010-11-23 17:14 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-11-23 16:25 . 2010-11-23 16:25 -------- d-----w- c:\documents and settings\Uživatel\Local Settings\Data aplikací\ESET
2010-11-23 16:25 . 2010-11-23 16:25 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\ESET
2010-11-23 16:25 . 2010-11-23 16:25 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2010-11-23 13:00 . 2010-11-23 13:01 -------- d-----w- c:\program files\CCleaner
2010-11-11 17:26 . 2010-11-11 17:26 -------- d-----w- c:\program files\Common Files\Skype
2010-11-11 17:26 . 2010-11-11 17:26 -------- d-----r- c:\program files\Skype
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 08:28 . 2010-11-06 08:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG10
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 10:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-14 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-04 14:11 . 2010-09-04 13:58 2829 ----a-w- c:\windows\War3Unin.pif
2010-09-04 14:11 . 2010-09-04 13:58 139264 ----a-w- c:\windows\War3Unin.exe
2009-01-15 17:43 . 2009-01-15 17:43 1821008 ----a-w- c:\program files\instmsiw.exe
2009-01-15 17:43 . 2009-01-15 17:43 1707856 ----a-w- c:\program files\instmsia.exe
2009-01-15 17:43 . 2009-01-15 17:43 9296384 ----a-w- c:\program files\openofficeorg30.msi
.
------- Sigcheck -------
[-] 2009-08-10 18:22 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\system32\dllcache\ctfmon.exe
[-] 2009-08-10 18:22 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\system32\ctfmon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-18 2219184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-08-10 24064]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2009-08-10 18:22 24064 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 20:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2007-02-26 08:40 249856 ----a-w- c:\program files\lg_fwupdate\fwupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-01-24 10:32 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-02-27 11:03 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 19:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 10:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-07-02 10:26 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c9faffc1c539a5"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"\\\\macek\\storage\\Instalace\\!predinstalace\\Nero CZ a Power DVD\\CDS\\Nero\\Installation\\SetupX.exe"=
"c:\\Program Files\\SEGA\\SEGA Rally\\SEGA Rally.exe"=
"c:\\Program Files\\SEGA\\SEGA Rally\\SEGA Rally_SSE1.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"1119:TCP"= 1119:TCP:Blizzard Downloader
"4000:TCP"= 4000:TCP:Blizzard Downloader
"6114:TCP"= 6114:TCP:Blizzard Downloader
"6113:TCP"= 6113:TCP:Blizzard Downloader
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.8.2009 13:19 721904]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 12:31 115008]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [18.11.2010 14:11 810144]
S2 gupdate1c9faffc1c539a5;Služba Google Update (gupdate1c9faffc1c539a5);c:\program files\Google\Update\GoogleUpdate.exe [2.7.2009 11:27 133104]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-01-24 10:30 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-02 10:27]
2010-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-02 10:27]
2010-12-01 c:\windows\Tasks\User_Feed_Synchronization-{A2061C48-FAE3-4493-BA3C-D293A9690810}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\bmnurbgq.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.crawler.com/homepage.aspx?tbid=60347
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60347&qkw=
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\program files\Crawler\Toolbar\firefox
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-02 13:58
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-12-02 13:59:43
ComboFix-quarantined-files.txt 2010-12-02 12:59
ComboFix2.txt 2010-11-23 16:14
Před spuštěním: Volných bajtů: 56 638 160 896
Po spuštění: Volných bajtů: 56 691 773 440
- - End Of File - - FC99210D664FB86E07F99BDC5A6CB0F5
Co teď ?, Na PC mám teď dost soukromé údaje . Dekuji za odpoveď.
EDIT 17:49 :
MWAV nasel toto:
Invalid Entry DllName = appmgmts.dll (in key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}). Action Taken: Deleting Registry Key {c6dc5466-785a-11d2-84d0-00c04fb169f7}.
** Scanning may fail! File Locked [SUSPICIOUS]: C:\WINDOWS\system32\Drivers\sptd.sys (????)
Objekt "Crawler Browser Plugin" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Crawler Browser Plugin" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Crawler Browser Plugin" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Crawler Browser Plugin" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Crawler Browser Plugin" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Crawler Browser Plugin" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Crawler Browser Plugin" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Crawler Browser Plugin" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Crawler Browser Plugin" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Crawler Browser Plugin" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Crawler Browser Plugin" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Crawler Browser Plugin" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Crawler Browser Plugin" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Crawler Browser Plugin" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Crawler Browser Plugin" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Crawler Browser Plugin" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Crawler Browser Plugin" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "EGroup Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Elite toolbar Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "AntivirusPro 2009 Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "AntivirusPro 2009 Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "EGroup Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Elite toolbar Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Backdoor (IRCBot) Trojans Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "AntiSpyware Pro XP Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Orifice2K.plugin Trojan" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Crawler Browser Plugin" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Crawler Browser Plugin" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Crawler Browser Plugin" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Crawler Browser Plugin" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Crawler Browser Plugin" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Crawler Browser Plugin" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Crawler Browser Plugin" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Crawler Browser Plugin" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Crawler Browser Plugin" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Crawler Browser Plugin" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Crawler Browser Plugin" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\AVG.Kernel.7" odkazuje na neplatný objekt "{41564737-3200-1071-989B-0000E87B4FB1}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\DirectAnimation.PathControl" odkazuje na neplatný objekt "{D7A7D7C3-D47F-11D0-89D3-00A0C90833E6}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\DirectAnimation.Sequence" odkazuje na neplatný objekt "{4F241DB1-EE9F-11D0-9824-006097C99E51}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\DirectAnimation.SequencerControl" odkazuje na neplatný objekt "{B0A6BAE2-AAF0-11D0-A152-00A0C908DB96}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\DirectAnimation.SpriteControl" odkazuje na neplatný objekt "{FD179533-D86E-11D0-89D6-00A0C90833E6}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\DirectAnimation.StructuredGraphicsControl" odkazuje na neplatný objekt "{369303C2-D7AC-11D0-89D5-00A0C90833E6}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\FG2CatchUrl.DownMgr" odkazuje na neplatný objekt "{ACBCF095-E8C0-420F-8769-2845D9B92E8A}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\FG2CatchUrl.DownMgr.1" odkazuje na neplatný objekt "{ACBCF095-E8C0-420F-8769-2845D9B92E8A}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\FG2CatchUrl.IECatch" odkazuje na neplatný objekt "{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\FG2CatchUrl.Netscape" odkazuje na neplatný objekt "{FB5DA724-162B-11D3-8B9B-AA70B4B0B525}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\FG2CatchUrl.Netscape.1" odkazuje na neplatný objekt "{FB5DA724-162B-11D3-8B9B-AA70B4B0B525}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\Toolbar.CT2611275" odkazuje na neplatný objekt "{03f27703-2088-4f1a-8a77-b42b1e577dba}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" odkazuje na neplatný objekt "C:\WINDOWS\Downloaded Program Files\gp.ocx". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "avast5". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "AVG8Uninstall". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "AVG9Uninstall". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "AVGAntiSpyware75". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "Avira AntiVir Desktop". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "DAEMON Tools Toolbar". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "FlashGet 2.0". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "Microsoft .NET Framework 2.0 Language Pack - CSY". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "Mozilla Firefox (3.0.11)". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "Mozilla Firefox (3.6)". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "PremiumSoft Navicat 8.2 for MySQL_is1". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "save2pc Light_is1". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "Spyware Terminator_is1". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "VertrigoServ". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{08C0729E-3E50-11DF-9D81-005056806466}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{18799355-2D9A-3BFF-A2FE-8F38351FDABA}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{1C8DFA71-4079-4F02-B8BB-47B12C1A565F}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{1EFE09D3-6C77-4E6D-876F-76CB30D2056C}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{268789C4-53E6-4DDB-8F33-8D0F9E000BEA}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{298ED0E9-EF39-3BB9-8389-2FE41DC8FC80}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{2D1AC484-E516-408C-8825-ACB1C356AC7A}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{2E6863BB-4082-3B05-BB2C-20EF16D4BD82}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{2EAF7E61-068E-11DF-953C-005056806466}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{2F3AB6ED-951C-4CE7-8AC9-8546FDCF1F5A}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{309E2514-29D4-405C-B3B1-14D7231BFA16}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{3672CD9F-3B55-3FCE-8DA5-D57C3AB10150}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{3A66FD42-50D2-3E9A-81B5-ECE3E5C3097A}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{4582C7EB-93F5-408D-9F29-5A5BE1E76845}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{492CD592-87DD-31E9-8083-8665A0256163}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{494AD45E-E071-4819-8E15-E1041FBFF073}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{5B076A14-F478-3566-BE7A-985C3C629FA4}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{724309E5-E712-426C-B94D-B6B42511C29F}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{72932C55-8C56-40E9-82C8-26CFC968EF81}_is1". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{7299052b-02a4-4627-81f2-1818da5d550d}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{81719652-18E0-47B1-9A12-F82BF075D4DB}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{86F7BB71-FE8F-3306-A325-F93EE06417B8}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{971D6F8B-E8C5-49A4-9ED3-89C010B0D8D2}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{AC76BA86-7AD7-0000-2550-7A8C40000934}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{AC76BA86-7AD7-0000-2550-7A8C40000941}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{AC76BA86-7AD7-1029-7B44-A91000000001}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{AC76BA86-7AD7-1029-7B44-A93000000001}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{AF5D3F34-843A-41BF-A0F3-2FBBA00BA9B9}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{BEEBFC3C-48B1-4A38-A3C5-81BA19DF5F40}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{C69405BB-27AF-4940-B3DA-04910B4DFD23}_is1". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{C96D1542-585F-412D-8C5A-0240BDA164B9}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{CC016F21-3970-11DE-B878-005056806466}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{CE914C4B-AC50-31E8-9DA2-15DB29D8568F}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{CF24EDF1-E236-4332-83CB-4C701A9BCBF0}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{DAC0309E-07F6-45AD-B5BF-5B0DEF71FFEE}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{DB164C6E-8E4A-4730-97C6-DE8486EB367F}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{DF76B188-11DB-43DC-A389-10422995A979}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{ECD82B28-48BE-426C-B55B-6EC022616285}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{F0B7330E-24B8-43EA-8CD6-D114428A1CEC}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{F4D03C19-DCA0-4B09-83E7-BE3B06C8D4DC}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{F7B0939E-58DF-11DF-B3A6-005056806466}". Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\System Volume Information\_restore{B8C1EFC6-E54B-4E33-9F55-F0A45A5E4978}\RP1\A0000001.msi je infikovaný virem THREAT_TYPE_ARCHBOMB (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\System Volume Information\_restore{B8C1EFC6-E54B-4E33-9F55-F0A45A5E4978}\RP4\A0001191.rbf je infikovaný virem THREAT_TYPE_ARCHBOMB (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\System Volume Information\_restore{B8C1EFC6-E54B-4E33-9F55-F0A45A5E4978}\RP5\A0001290.msi je infikovaný virem THREAT_TYPE_ARCHBOMB (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\System Volume Information\_restore{B8C1EFC6-E54B-4E33-9F55-F0A45A5E4978}\RP6\A0001304.msi je infikovaný virem THREAT_TYPE_ARCHBOMB (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\System Volume Information\_restore{B8C1EFC6-E54B-4E33-9F55-F0A45A5E4978}\RP7\A0001358.rbf je infikovaný virem THREAT_TYPE_ARCHBOMB (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\System Volume Information\_restore{B8C1EFC6-E54B-4E33-9F55-F0A45A5E4978}\RP8\A0001468.msi je infikovaný virem THREAT_TYPE_ARCHBOMB (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Večinna je asi falešná detekce a to co bylo v obnově systemu jsme smazal tim ze jsem obnovu systemu vypnul .
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
TROJAN
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: TROJAN
Caroprd111 píše:Zdravím
Můžu se zeptat, kdo Vám poradil použití ComboFixu?
No nikdo ,ale já ho večinnou použivam na kontrolu jestli v PC neni spyware . Nechodim na zadne nebezpecne stranky ,spiš se někdy překliknu ,tak předplokladam že žadneho trojana s kterym by CF vymazal hal.dll v PC nemam .-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: TROJAN
ComboFix se nedoporučuje používat bez dozoru zkušené osoby a většinou kontroly logu z jiného detekčního programu, případně spuštění CF s příslušným parametrem. Rádce ví, jak případné legitimní smazané soubory obnovit, zná příkazy, dokáže se orientovat v logu atp. Nejde jen o problém restartování PC v případě, když vir smaže knihovnu hal.dll, ale o nespočet dalších věcí, které často nelze ani předpovídat.
Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu
Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu
- Spusťte, poté do spodního políčka vložte následující skript.
Kód: Vybrat vše
netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
autochk.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT
- Označte položku Pro všechny uživatele.
- Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
- Po dokončení, sem vložte logy OTL.Txt a Extras.txt
Re: TROJAN
OTL logfile created on: 2.12.2010 18:28:56 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Uživatel\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 3070 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146,48 Gb Total Space | 53,65 Gb Free Space | 36,63% Space Free | Partition Type: NTFS
Drive D: | 319,27 Gb Total Space | 278,23 Gb Free Space | 87,15% Space Free | Partition Type: NTFS
Computer Name: PC | User Name: Uživatel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2010.12.02 18:27:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Uživatel\Plocha\OTL.exe
PRC - [2010.11.18 14:11:36 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2010.11.18 14:11:32 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2010.10.20 12:23:29 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010.12.02 18:27:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Uživatel\Plocha\OTL.exe
MOD - [2010.08.23 17:12:33 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010.11.18 14:12:06 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.11.18 14:11:36 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010.08.04 10:50:36 | 000,140,752 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010.08.03 12:28:36 | 000,055,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010.07.29 12:31:26 | 000,134,512 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010.07.29 12:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.07.29 12:31:26 | 000,032,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009.08.24 13:19:11 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.06.25 11:05:40 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2008.07.08 17:45:52 | 003,257,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.05.20 12:53:36 | 000,093,696 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008.04.14 13:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.04.14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2001.08.17 21:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1078081533-1844237615-1177238915-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
IE - HKU\S-1-5-21-1078081533-1844237615-1177238915-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Crawler Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.crawler.com/homepage.aspx?tbid=60347"
FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3
FF - prefs.js..keyword.URL: "http://www.crawler.com/search/dispatche ... 60347&qkw="
FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2010.09.05 17:56:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.04 18:33:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.20 09:26:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010.11.24 10:58:48 | 000,000,000 | ---D | M]
[2009.06.30 14:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Extensions
[2010.10.04 00:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\bmnurbgq.default\extensions
[2009.07.02 10:48:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\bmnurbgq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.24 13:25:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.09.21 11:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
[2010.04.01 17:51:34 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.04.01 17:51:34 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.04.01 17:51:34 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.04.01 17:51:34 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.04.01 17:51:34 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2010.12.02 13:58:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKU\S-1-5-21-1078081533-1844237615-1177238915-1004\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-1078081533-1844237615-1177238915-1004\..\Toolbar\WebBrowser: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [mwavscan_autoscan] File not found
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)
O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-1844237615-1177238915-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1078081533-1844237615-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1078081533-1844237615-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1078081533-1844237615-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
========== Files/Folders - Created Within 30 Days ==========
[2010.12.02 18:26:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Uživatel\Plocha\OTL.exe
[2010.12.02 14:20:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\VDLL.DLL
[2010.12.02 14:20:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\runouce.exe
[2010.12.02 14:20:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\rundll16.exe
[2010.12.02 14:20:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\RUNDL132.EXE
[2010.12.02 14:20:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo1_.exe
[2010.12.02 14:20:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo_1.exe
[2010.12.02 14:15:17 | 000,632,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2010.12.02 14:15:16 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2010.12.02 14:15:15 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010.12.02 14:15:13 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\REGEDIT.COM
[2010.12.02 14:15:13 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\R.COM
[2010.12.02 14:15:13 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TASKMGR.COM
[2010.12.02 14:15:13 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\T.COM
[2010.12.02 14:15:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MicroWorld
[2010.12.02 14:15:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
[2010.12.02 14:07:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Uživatel\Recent
[2010.12.02 14:07:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.12.02 13:52:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.12.02 13:52:57 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.12.02 13:52:57 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.12.02 13:52:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.11.28 15:16:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uživatel\Dokumenty\5
[2010.11.27 19:48:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uživatel\Dokumenty\2
[2010.11.27 19:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\ScreenShots
[2010.11.25 16:59:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Blizzard Entertainment
[2010.11.24 10:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.11.24 10:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2010.11.24 07:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2010.11.23 18:14:52 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2010.11.23 17:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\ESET
[2010.11.23 17:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uživatel\Data aplikací\ESET
[2010.11.23 17:25:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET
[2010.11.23 17:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.11.23 17:08:00 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.11.23 17:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.11.23 14:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.11.11 18:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.11.11 18:26:30 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010.11.11 18:25:28 | 020,810,120 | ---- | C] (Skype Technologies S.A.) -- C:\Documents and Settings\Uživatel\Plocha\SkypeSetupFull.exe
[2010.11.06 09:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\AVG10
[2009.01.15 18:43:58 | 001,821,008 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe
[2009.01.15 18:43:58 | 001,707,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe
========== Files - Modified Within 30 Days ==========
[2010.12.02 18:28:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.02 18:27:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Uživatel\Plocha\OTL.exe
[2010.12.02 14:43:21 | 004,902,596 | ---- | M] () -- C:\WINDOWS\REGBK00.ZIP
[2010.12.02 14:20:45 | 000,000,054 | ---- | M] () -- C:\WINDOWS\Lic.xxx
[2010.12.02 14:15:16 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2010.12.02 14:15:15 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2010.12.02 14:15:14 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010.12.02 14:14:47 | 068,866,904 | ---- | M] () -- C:\Documents and Settings\Uživatel\Plocha\mwav.exe
[2010.12.02 13:58:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.12.02 13:50:41 | 003,983,662 | R--- | M] () -- C:\Documents and Settings\Uživatel\Plocha\ComboFix.exe
[2010.12.02 13:28:04 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.02 11:25:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.12.01 19:55:43 | 000,000,472 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A2061C48-FAE3-4493-BA3C-D293A9690810}.job
[2010.11.30 17:20:39 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\World of Warcraft.lnk
[2010.11.29 21:06:31 | 116,907,330 | ---- | M] () -- C:\Documents and Settings\Uživatel\Dokumenty\KA162-Exotika-Pobyty-a-poznavani-2010-11.pdf
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.11.27 19:46:25 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\Uživatel\Plocha\ScreenShots.lnk
[2010.11.24 09:55:10 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.23 18:10:18 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.11.23 17:17:57 | 000,002,504 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.11.23 14:01:01 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Uživatel\Plocha\CCleaner.lnk
[2010.11.23 13:49:28 | 000,120,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.11.21 14:10:21 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2010.11.20 09:26:31 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2010.11.18 21:29:09 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.11.11 18:25:34 | 020,810,120 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\Uživatel\Plocha\SkypeSetupFull.exe
[2010.11.08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010.11.06 09:39:03 | 043,449,808 | ---- | M] () -- C:\Documents and Settings\Uživatel\Plocha\setup_av_free_cze.exe
========== Files Created - No Company Name ==========
[2010.12.02 14:42:29 | 004,902,596 | ---- | C] () -- C:\WINDOWS\REGBK00.ZIP
[2010.12.02 14:15:55 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Lic.xxx
[2010.12.02 14:14:35 | 068,866,904 | ---- | C] () -- C:\Documents and Settings\Uživatel\Plocha\mwav.exe
[2010.12.02 13:52:57 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.12.02 13:52:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.12.02 13:52:57 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.12.02 13:52:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.12.02 13:52:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.12.02 13:50:41 | 003,983,662 | R--- | C] () -- C:\Documents and Settings\Uživatel\Plocha\ComboFix.exe
[2010.11.29 21:06:13 | 116,907,330 | ---- | C] () -- C:\Documents and Settings\Uživatel\Dokumenty\KA162-Exotika-Pobyty-a-poznavani-2010-11.pdf
[2010.11.27 19:46:25 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\Uživatel\Plocha\ScreenShots.lnk
[2010.11.24 07:30:02 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\World of Warcraft.lnk
[2010.11.23 14:01:01 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Uživatel\Plocha\CCleaner.lnk
[2010.11.11 18:26:39 | 000,002,283 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2010.11.06 09:39:02 | 043,449,808 | ---- | C] () -- C:\Documents and Settings\Uživatel\Plocha\setup_av_free_cze.exe
[2010.03.13 19:03:44 | 001,589,248 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll
[2009.08.24 13:19:11 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.07.05 11:11:39 | 000,062,232 | R--- | C] () -- C:\WINDOWS\System32\GameuxInstallHelper.dll
[2009.06.25 21:27:39 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.06.25 16:09:29 | 000,079,872 | ---- | C] () -- C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.25 14:21:34 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.06.25 14:21:32 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.06.25 14:21:32 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.06.25 14:21:31 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009.06.25 14:21:29 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.06.25 13:45:20 | 000,000,265 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2009.06.25 13:39:56 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2009.06.25 13:39:55 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2009.06.25 13:39:55 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2009.06.25 13:39:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2009.06.25 13:39:54 | 000,121,329 | ---- | C] () -- C:\WINDOWS\Cmuda.ini
[2009.06.25 13:39:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2009.06.25 12:47:53 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.06.25 11:18:48 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.01.15 18:47:52 | 112,634,569 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2009.01.15 18:43:56 | 009,296,384 | ---- | C] () -- C:\Program Files\openofficeorg30.msi
[2009.01.15 18:43:56 | 000,000,336 | ---- | C] () -- C:\Program Files\setup.ini
[2006.02.09 09:53:28 | 000,043,014 | ---- | C] () -- C:\WINDOWS\php.ini
[2006.01.11 17:15:20 | 001,069,056 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll
[2001.01.12 10:49:38 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
========== LOP Check ==========
[2010.11.06 09:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.11.06 09:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVG10
[2010.10.06 14:16:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\Common Files
[2009.08.24 13:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2009.08.15 10:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Electronic Arts
[2010.11.24 10:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2009.07.05 11:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\LightScribe
[2010.11.06 09:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MFAData
[2010.12.02 14:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
[2009.10.03 10:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.10.06 14:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\AVG10
[2010.09.05 18:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\CheckPoint
[2009.08.24 13:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\DAEMON Tools Lite
[2010.11.23 17:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\ESET
[2010.10.02 13:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\gtk-2.0
[2010.09.17 20:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\ICQ
[2009.08.16 14:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Nvu
[2010.02.24 18:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\OpenOffice.org
[2010.12.01 19:55:43 | 000,000,472 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A2061C48-FAE3-4493-BA3C-D293A9690810}.job
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
< c:\windows\*.* /U >
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010.04.25 17:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Adobe
[2009.07.05 11:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Ahead
[2009.06.25 12:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\ATI
[2010.10.06 14:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\AVG10
[2010.09.05 18:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\CheckPoint
[2010.01.30 18:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\CyberLink
[2009.08.24 13:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\DAEMON Tools Lite
[2010.11.23 17:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\ESET
[2009.07.02 11:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Google
[2010.10.02 13:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\gtk-2.0
[2010.09.17 20:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\ICQ
[2009.06.25 10:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Identities
[2009.06.25 16:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Macromedia
[2010.08.27 13:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Malwarebytes
[2010.12.02 14:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Media Player Classic
[2010.09.05 17:13:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Microsoft
[2009.06.30 14:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Mozilla
[2009.08.16 14:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Nvu
[2010.02.24 18:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\OpenOffice.org
[2010.11.25 15:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Skype
[2010.11.25 15:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\skypePM
[2009.09.12 13:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\WinRAR
< %APPDATA%\*.exe /s >
[2009.06.25 11:19:06 | 000,009,158 | R--- | M] () -- C:\Documents and Settings\Uživatel\Data aplikací\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
[2009.07.06 16:51:42 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Uživatel\Data aplikací\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
< MD5 for: AGP440.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2008.04.14 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\dllcache\autochk.exe
< MD5 for: CDROM.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 13:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2008.04.14 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 13:00:00 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
< MD5 for: ISAPNP.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 06:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2008.04.14 06:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 13:00:00 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\isapnp.sys
< MD5 for: LSASS.EXE >
[2008.04.14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.14 13:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.14 13:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 13:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 14:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.04.14 13:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: VIAMRAID.SYS >
[2004.03.29 15:45:36 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\WINDOWS\OemDir\viamraid.sys
[2004.03.29 15:45:36 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\viamraid.sys
[2009.06.25 11:05:41 | 000,104,064 | ---- | M] (VIA Technologies inc,.ltd) MD5=85E9421C8A99D1291B43B9B59A669AC3 -- C:\WINDOWS\system32\drivers\viamraid.sys
< MD5 for: WINLOGON.EXE >
[2008.04.14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2008.04.14 13:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 13:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 13:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009.03.08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.08.24 13:19:11 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
< %systemroot%\System32\config\*.sav >
[2009.06.25 12:41:12 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.06.25 12:41:12 | 001,069,056 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.06.25 12:41:12 | 000,479,232 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009.03.08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0\0
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2010.12.02 14:15:14 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\WINDOWS\system32\eEmpty.exe
[2010.12.02 14:15:15 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp80.dll
[2010.12.02 14:15:16 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr80.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:8CE646EE
< End of report >
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Uživatel\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 3070 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146,48 Gb Total Space | 53,65 Gb Free Space | 36,63% Space Free | Partition Type: NTFS
Drive D: | 319,27 Gb Total Space | 278,23 Gb Free Space | 87,15% Space Free | Partition Type: NTFS
Computer Name: PC | User Name: Uživatel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2010.12.02 18:27:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Uživatel\Plocha\OTL.exe
PRC - [2010.11.18 14:11:36 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2010.11.18 14:11:32 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2010.10.20 12:23:29 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010.12.02 18:27:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Uživatel\Plocha\OTL.exe
MOD - [2010.08.23 17:12:33 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010.11.18 14:12:06 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.11.18 14:11:36 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010.08.04 10:50:36 | 000,140,752 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010.08.03 12:28:36 | 000,055,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010.07.29 12:31:26 | 000,134,512 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010.07.29 12:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.07.29 12:31:26 | 000,032,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009.08.24 13:19:11 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.06.25 11:05:40 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2008.07.08 17:45:52 | 003,257,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.05.20 12:53:36 | 000,093,696 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008.04.14 13:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.04.14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2001.08.17 21:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1078081533-1844237615-1177238915-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
IE - HKU\S-1-5-21-1078081533-1844237615-1177238915-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Crawler Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.crawler.com/homepage.aspx?tbid=60347"
FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3
FF - prefs.js..keyword.URL: "http://www.crawler.com/search/dispatche ... 60347&qkw="
FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2010.09.05 17:56:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.04 18:33:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.20 09:26:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010.11.24 10:58:48 | 000,000,000 | ---D | M]
[2009.06.30 14:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Extensions
[2010.10.04 00:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\bmnurbgq.default\extensions
[2009.07.02 10:48:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\bmnurbgq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.24 13:25:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.09.21 11:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
[2010.04.01 17:51:34 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.04.01 17:51:34 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.04.01 17:51:34 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.04.01 17:51:34 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.04.01 17:51:34 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2010.12.02 13:58:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKU\S-1-5-21-1078081533-1844237615-1177238915-1004\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-1078081533-1844237615-1177238915-1004\..\Toolbar\WebBrowser: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [mwavscan_autoscan] File not found
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)
O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-1844237615-1177238915-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1078081533-1844237615-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1078081533-1844237615-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1078081533-1844237615-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
========== Files/Folders - Created Within 30 Days ==========
[2010.12.02 18:26:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Uživatel\Plocha\OTL.exe
[2010.12.02 14:20:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\VDLL.DLL
[2010.12.02 14:20:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\runouce.exe
[2010.12.02 14:20:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\rundll16.exe
[2010.12.02 14:20:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\RUNDL132.EXE
[2010.12.02 14:20:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo1_.exe
[2010.12.02 14:20:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo_1.exe
[2010.12.02 14:15:17 | 000,632,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2010.12.02 14:15:16 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2010.12.02 14:15:15 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010.12.02 14:15:13 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\REGEDIT.COM
[2010.12.02 14:15:13 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\R.COM
[2010.12.02 14:15:13 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TASKMGR.COM
[2010.12.02 14:15:13 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\T.COM
[2010.12.02 14:15:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MicroWorld
[2010.12.02 14:15:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
[2010.12.02 14:07:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Uživatel\Recent
[2010.12.02 14:07:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.12.02 13:52:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.12.02 13:52:57 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.12.02 13:52:57 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.12.02 13:52:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.11.28 15:16:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uživatel\Dokumenty\5
[2010.11.27 19:48:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uživatel\Dokumenty\2
[2010.11.27 19:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\ScreenShots
[2010.11.25 16:59:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Blizzard Entertainment
[2010.11.24 10:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.11.24 10:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2010.11.24 07:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2010.11.23 18:14:52 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2010.11.23 17:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\ESET
[2010.11.23 17:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uživatel\Data aplikací\ESET
[2010.11.23 17:25:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET
[2010.11.23 17:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.11.23 17:08:00 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.11.23 17:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.11.23 14:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.11.11 18:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.11.11 18:26:30 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010.11.11 18:25:28 | 020,810,120 | ---- | C] (Skype Technologies S.A.) -- C:\Documents and Settings\Uživatel\Plocha\SkypeSetupFull.exe
[2010.11.06 09:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\AVG10
[2009.01.15 18:43:58 | 001,821,008 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe
[2009.01.15 18:43:58 | 001,707,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe
========== Files - Modified Within 30 Days ==========
[2010.12.02 18:28:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.02 18:27:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Uživatel\Plocha\OTL.exe
[2010.12.02 14:43:21 | 004,902,596 | ---- | M] () -- C:\WINDOWS\REGBK00.ZIP
[2010.12.02 14:20:45 | 000,000,054 | ---- | M] () -- C:\WINDOWS\Lic.xxx
[2010.12.02 14:15:16 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2010.12.02 14:15:15 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2010.12.02 14:15:14 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010.12.02 14:14:47 | 068,866,904 | ---- | M] () -- C:\Documents and Settings\Uživatel\Plocha\mwav.exe
[2010.12.02 13:58:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.12.02 13:50:41 | 003,983,662 | R--- | M] () -- C:\Documents and Settings\Uživatel\Plocha\ComboFix.exe
[2010.12.02 13:28:04 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.02 11:25:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.12.01 19:55:43 | 000,000,472 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A2061C48-FAE3-4493-BA3C-D293A9690810}.job
[2010.11.30 17:20:39 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\World of Warcraft.lnk
[2010.11.29 21:06:31 | 116,907,330 | ---- | M] () -- C:\Documents and Settings\Uživatel\Dokumenty\KA162-Exotika-Pobyty-a-poznavani-2010-11.pdf
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.11.27 19:46:25 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\Uživatel\Plocha\ScreenShots.lnk
[2010.11.24 09:55:10 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.23 18:10:18 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.11.23 17:17:57 | 000,002,504 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.11.23 14:01:01 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Uživatel\Plocha\CCleaner.lnk
[2010.11.23 13:49:28 | 000,120,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.11.21 14:10:21 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2010.11.20 09:26:31 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2010.11.18 21:29:09 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.11.11 18:25:34 | 020,810,120 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\Uživatel\Plocha\SkypeSetupFull.exe
[2010.11.08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010.11.06 09:39:03 | 043,449,808 | ---- | M] () -- C:\Documents and Settings\Uživatel\Plocha\setup_av_free_cze.exe
========== Files Created - No Company Name ==========
[2010.12.02 14:42:29 | 004,902,596 | ---- | C] () -- C:\WINDOWS\REGBK00.ZIP
[2010.12.02 14:15:55 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Lic.xxx
[2010.12.02 14:14:35 | 068,866,904 | ---- | C] () -- C:\Documents and Settings\Uživatel\Plocha\mwav.exe
[2010.12.02 13:52:57 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.12.02 13:52:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.12.02 13:52:57 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.12.02 13:52:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.12.02 13:52:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.12.02 13:50:41 | 003,983,662 | R--- | C] () -- C:\Documents and Settings\Uživatel\Plocha\ComboFix.exe
[2010.11.29 21:06:13 | 116,907,330 | ---- | C] () -- C:\Documents and Settings\Uživatel\Dokumenty\KA162-Exotika-Pobyty-a-poznavani-2010-11.pdf
[2010.11.27 19:46:25 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\Uživatel\Plocha\ScreenShots.lnk
[2010.11.24 07:30:02 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\World of Warcraft.lnk
[2010.11.23 14:01:01 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Uživatel\Plocha\CCleaner.lnk
[2010.11.11 18:26:39 | 000,002,283 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2010.11.06 09:39:02 | 043,449,808 | ---- | C] () -- C:\Documents and Settings\Uživatel\Plocha\setup_av_free_cze.exe
[2010.03.13 19:03:44 | 001,589,248 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll
[2009.08.24 13:19:11 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.07.05 11:11:39 | 000,062,232 | R--- | C] () -- C:\WINDOWS\System32\GameuxInstallHelper.dll
[2009.06.25 21:27:39 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.06.25 16:09:29 | 000,079,872 | ---- | C] () -- C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.25 14:21:34 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.06.25 14:21:32 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.06.25 14:21:32 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.06.25 14:21:31 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009.06.25 14:21:29 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.06.25 13:45:20 | 000,000,265 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2009.06.25 13:39:56 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2009.06.25 13:39:55 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2009.06.25 13:39:55 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2009.06.25 13:39:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2009.06.25 13:39:54 | 000,121,329 | ---- | C] () -- C:\WINDOWS\Cmuda.ini
[2009.06.25 13:39:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2009.06.25 12:47:53 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.06.25 11:18:48 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.01.15 18:47:52 | 112,634,569 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2009.01.15 18:43:56 | 009,296,384 | ---- | C] () -- C:\Program Files\openofficeorg30.msi
[2009.01.15 18:43:56 | 000,000,336 | ---- | C] () -- C:\Program Files\setup.ini
[2006.02.09 09:53:28 | 000,043,014 | ---- | C] () -- C:\WINDOWS\php.ini
[2006.01.11 17:15:20 | 001,069,056 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll
[2001.01.12 10:49:38 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
========== LOP Check ==========
[2010.11.06 09:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.11.06 09:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVG10
[2010.10.06 14:16:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\Common Files
[2009.08.24 13:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2009.08.15 10:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Electronic Arts
[2010.11.24 10:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2009.07.05 11:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\LightScribe
[2010.11.06 09:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MFAData
[2010.12.02 14:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
[2009.10.03 10:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.10.06 14:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\AVG10
[2010.09.05 18:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\CheckPoint
[2009.08.24 13:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\DAEMON Tools Lite
[2010.11.23 17:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\ESET
[2010.10.02 13:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\gtk-2.0
[2010.09.17 20:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\ICQ
[2009.08.16 14:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Nvu
[2010.02.24 18:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\OpenOffice.org
[2010.12.01 19:55:43 | 000,000,472 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A2061C48-FAE3-4493-BA3C-D293A9690810}.job
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
< c:\windows\*.* /U >
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010.04.25 17:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Adobe
[2009.07.05 11:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Ahead
[2009.06.25 12:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\ATI
[2010.10.06 14:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\AVG10
[2010.09.05 18:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\CheckPoint
[2010.01.30 18:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\CyberLink
[2009.08.24 13:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\DAEMON Tools Lite
[2010.11.23 17:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\ESET
[2009.07.02 11:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Google
[2010.10.02 13:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\gtk-2.0
[2010.09.17 20:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\ICQ
[2009.06.25 10:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Identities
[2009.06.25 16:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Macromedia
[2010.08.27 13:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Malwarebytes
[2010.12.02 14:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Media Player Classic
[2010.09.05 17:13:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Microsoft
[2009.06.30 14:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Mozilla
[2009.08.16 14:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Nvu
[2010.02.24 18:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\OpenOffice.org
[2010.11.25 15:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Skype
[2010.11.25 15:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\skypePM
[2009.09.12 13:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\WinRAR
< %APPDATA%\*.exe /s >
[2009.06.25 11:19:06 | 000,009,158 | R--- | M] () -- C:\Documents and Settings\Uživatel\Data aplikací\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
[2009.07.06 16:51:42 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Uživatel\Data aplikací\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
< MD5 for: AGP440.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2008.04.14 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\dllcache\autochk.exe
< MD5 for: CDROM.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 13:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2008.04.14 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 13:00:00 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
< MD5 for: ISAPNP.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 06:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2008.04.14 06:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 13:00:00 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\isapnp.sys
< MD5 for: LSASS.EXE >
[2008.04.14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.14 13:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.14 13:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 13:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 14:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.04.14 13:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: VIAMRAID.SYS >
[2004.03.29 15:45:36 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\WINDOWS\OemDir\viamraid.sys
[2004.03.29 15:45:36 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\viamraid.sys
[2009.06.25 11:05:41 | 000,104,064 | ---- | M] (VIA Technologies inc,.ltd) MD5=85E9421C8A99D1291B43B9B59A669AC3 -- C:\WINDOWS\system32\drivers\viamraid.sys
< MD5 for: WINLOGON.EXE >
[2008.04.14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2008.04.14 13:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 13:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 13:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009.03.08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.08.24 13:19:11 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
< %systemroot%\System32\config\*.sav >
[2009.06.25 12:41:12 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.06.25 12:41:12 | 001,069,056 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.06.25 12:41:12 | 000,479,232 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009.03.08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0\0
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2010.12.02 14:15:14 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\WINDOWS\system32\eEmpty.exe
[2010.12.02 14:15:15 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp80.dll
[2010.12.02 14:15:16 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr80.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:8CE646EE
< End of report >
Re: TROJAN
OTL Extras logfile created on: 2.12.2010 18:28:56 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Uživatel\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 3070 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146,48 Gb Total Space | 53,65 Gb Free Space | 36,63% Space Free | Partition Type: NTFS
Drive D: | 319,27 Gb Total Space | 278,23 Gb Free Space | 87,15% Space Free | Partition Type: NTFS
Computer Name: PC | User Name: Uživatel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-1078081533-1844237615-1177238915-1004\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader
"1119:TCP" = 1119:TCP:*:Enabled:Blizzard Downloader
"4000:TCP" = 4000:TCP:*:Enabled:Blizzard Downloader
"6114:TCP" = 6114:TCP:*:Enabled:Blizzard Downloader
"6113:TCP" = 6113:TCP:*:Enabled:Blizzard Downloader
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"\\macek\storage\Instalace\!predinstalace\Nero CZ a Power DVD\CDS\Nero\Installation\SetupX.exe" = \\macek\storage\Instalace\!predinstalace\Nero CZ a Power DVD\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup
"C:\Program Files\SEGA\SEGA Rally\SEGA Rally.exe" = C:\Program Files\SEGA\SEGA Rally\SEGA Rally.exe:*:Enabled:SEGA Rally -- (SEGA Publishing Europe LTD)
"C:\Program Files\SEGA\SEGA Rally\SEGA Rally_SSE1.exe" = C:\Program Files\SEGA\SEGA Rally\SEGA Rally_SSE1.exe:*:Enabled:SEGA Rally -- (SEGA Publishing Europe LTD)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Program Files\Counter-Strike Source\hl2.exe" = C:\Program Files\Counter-Strike Source\hl2.exe:*:Disabled:hl2 -- ()
"C:\Program Files\Garena\Garena.exe" = C:\Program Files\Garena\Garena.exe:*:Disabled:Garena -- (Garena Online PTE LTD)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02D02558-42FB-5867-5AED-CE770F86BEF0}" = Catalyst Control Center Graphics Full New
"{0323CB96-221A-4042-84A3-93EDE47099FC}" = AVG 2011
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{09057AE5-C7C8-CFC7-52B8-1D3A64738D24}" = Catalyst Control Center Localization Japanese
"{1098AD6B-32E4-1E6E-56A8-E82049916198}" = CCC Help English
"{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver
"{1496266C-F036-6443-84C7-23F6B2B5A604}" = CCC Help Danish
"{17592322-8F07-3162-5D2D-51AFE459A3B5}" = Skins
"{1AD473D7-7A47-5AEC-B45D-9B87414E7175}" = Digital Video Converter v1.5.0.20
"{1CB2E1B0-342E-9AED-077D-29DE893903F0}" = Catalyst Control Center Localization Finnish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24547818-3B68-4B52-D187-9B3F2514906D}" = CCC Help Turkish
"{2E13A790-CE6E-FF70-3387-2EBA2636FA3A}" = CCC Help Chinese Traditional
"{2FA8CDDC-8C8A-7D2E-5853-B7A98536F0DE}" = CCC Help German
"{321DC8B7-9761-5128-62AB-4A7EA02172F8}" = Catalyst Control Center Localization Hungarian
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36EB58E0-9AAC-4ED4-7AF2-11F144001FF4}" = CCC Help French
"{37A32EE0-C283-0B85-4EC2-6AB385B6B20C}" = CCC Help Swedish
"{3CFC66CD-1B76-3ACE-2562-C2E375E93EBE}" = Catalyst Control Center Localization Norwegian
"{3D6B4A04-8AFA-AD66-E4DA-E25F555DF6F8}" = CCC Help Korean
"{3ED2807E-2EA7-D5D9-460C-2C575A8ADB8C}" = ccc-core-preinstall
"{41C6D48A-D786-FB59-3D7E-1359225958B2}" = Catalyst Control Center Localization Swedish
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4893A35F-0A23-48EC-8E74-24969244D6F2}" = Catalyst Control Center - Branding
"{4A05FF52-4AA8-4681-BC06-5EE7F812A441}" = SEGA Rally
"{4DF082C3-3756-88DF-D339-51054146B99D}" = CCC Help Thai
"{4E7E869B-0306-C17A-06F6-6EF452F6AE6A}" = Catalyst Control Center Localization Russian
"{5202E541-7DC0-B5B3-5971-51A45A02351F}" = CCC Help Norwegian
"{53445FB4-97C5-829C-13D8-D5C05D2AC053}" = CCC Help Spanish
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{553B20C6-59CD-4C2F-BE37-16ABF32064BF}" = aTube Catcher 1.0
"{559525A4-5A88-32D3-E96D-E1EFA4B51470}" = CCC Help Chinese Standard
"{564D0000-547B-4ED8-8070-85286CC8C9BF}" = OpenOffice.org 3.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5779A709-BF65-4C42-A0C6-07980120B903}" = ESET Smart Security
"{5A6E66FB-DC7D-3664-ACBC-F9C714843D3B}" = Catalyst Control Center Localization French
"{5E8874AC-37E6-EEB4-5D7F-A549424FBEAD}" = CCC Help Greek
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{61536EB5-D185-2AAD-1C6A-97B0A5CF613D}" = CCC Help Dutch
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{64890BCC-15C8-F6CB-BC01-6BF252498E57}" = Catalyst Control Center Localization Chinese Traditional
"{64B08B1F-4D3D-CB45-9482-FDC1251940B8}" = ccc-utility
"{650825DA-8938-6695-978D-FE5F982339AE}" = CCC Help Japanese
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68A4AD7E-F2EA-0A98-3B0C-931E5216838B}" = Catalyst Control Center Localization Turkish
"{6EA35E01-493E-2419-D516-1F4AF13EA8E9}" = Catalyst Control Center Core Implementation
"{714ACFF3-B8A3-4AD6-937B-13C833D71029}" = Nero 7 Essentials
"{72D1CC28-17FB-C2D6-055B-0384F1524E99}" = CCC Help Hungarian
"{73ED8B7B-C58F-8750-3076-D5D6D9E9A717}" = Catalyst Control Center Localization Dutch
"{74133C77-0189-B9E0-CF6E-920A7B749791}" = CCC Help Russian
"{7B6A1B2E-ED88-39CC-82C9-D596E9220292}" = Catalyst Control Center Localization Italian
"{7C2BF5B2-40A5-9F36-286F-77225FDD37AD}" = Catalyst Control Center Localization Greek
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{946CBC1C-DA39-4575-2770-27FE85DB8B33}" = Catalyst Control Center Localization Korean
"{96F4E1FF-7E49-E81D-128C-322395C8A187}" = CCC Help Czech
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{9F0F5015-EE82-FCD9-8EC3-81816B34BA44}" = Catalyst Control Center Localization Portuguese
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.1 - Czech
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC9DC52E-D7F1-3912-122B-9A08333A81FB}" = Catalyst Control Center Graphics Light
"{B257B453-905B-2657-346A-4AEA01331059}" = Catalyst Control Center Localization Chinese Standard
"{B4CEDD55-FAEF-2E93-D766-AE63DC99D2A3}" = Catalyst Control Center Localization German
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B84167BE-BD2C-4932-A249-65520C5E8B21}" = World of Warcraft Model Viewer
"{BB840616-B72C-1208-7CEE-4F9899F2B441}" = CCC Help Italian
"{BD240450-D4C3-19A8-23C3-73B3EE550BE8}" = CCC Help Finnish
"{BD6CCED1-CFFC-9192-AE39-B78F8560F77F}" = ccc-core-static
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C44D53E7-3D08-87BA-B8EC-492EA17DFF5D}" = Catalyst Control Center Graphics Full Existing
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE1DC67-E0C4-42F0-B93E-9E316C91AE1B}" = Catalyst Control Center Localization Danish
"{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}" = LightScribe System Software 1.12.29.2
"{D3C3CCB1-1379-75C5-A423-950AE0BD2E97}" = Catalyst Control Center Localization Czech
"{D6564A7C-5507-18E4-8CC8-A419D64ACB10}" = Catalyst Control Center Localization Spanish
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{DFA6C4C3-1072-9193-6999-828924387535}" = CCC Help Polish
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4B4646B-DAF1-DC1B-3CCA-37D926CA262A}" = Catalyst Control Center Localization Thai
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F146D563-CAFF-9FF7-FBF5-D0A452C2062F}" = Catalyst Control Center Localization Polish
"{FB834266-4A30-55F6-5D36-ADFB4AEECB87}" = CCC Help Portuguese
"7-Zip" = 7-Zip 4.65
"Acala 3GP Movies Free_is1" = Acala 3GP Movies Free 2.4.4
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"AoA Audio Extractor_is1" = AoA Audio Extractor 1.0
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"C-Media Audio" = C-Media 3D Audio
"CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard
"EADM" = EA Download Manager
"FormatFactory" = FormatFactory 2.20
"Fraps" = Fraps
"Garena" = Garena 2010
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Ovladače zařízení
"InstallShield_{4A05FF52-4AA8-4681-BC06-5EE7F812A441}" = SEGA Rally
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Moorhuhn Winter-Edition" = Moorhuhn Winter-Edition
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Nvu" = Nvu 1.0
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinGimp-2.0_is1" = GIMP 2.6.9
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1078081533-1844237615-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23.11.2010 16:25:16 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Chybující aplikace explorer.exe, verze 6.0.2900.5512, chybující modul
unknown, verze 0.0.0.0, adresa chyby 0x97502214.
Error - 23.11.2010 16:25:24 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Chybující aplikace installer.exe, verze 4.1.0.1312, chybující modul
unknown, verze 0.0.0.0, adresa chyby 0xb753171d.
Error - 24.11.2010 5:20:21 | Computer Name = PC | Source = MsiInstaller | ID = 10005
Description = Produkt: ESET Smart Security -- Chyba 5001. Produkt není možné nainstalovat,
protože počítač nebyl restartován po předcházející odinstalaci. Zrestartujte počítač
a znovu spusťte instalaci.
Error - 24.11.2010 5:33:47 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Chybující aplikace egui.exe, verze 4.2.67.13, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x003b04ff.
Error - 27.11.2010 2:52:34 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 8.0.6001.18702, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 30.11.2010 14:34:18 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Chybující aplikace egui.exe, verze 4.2.67.13, chybující modul egui.exe,
verze 4.2.67.13, adresa chyby 0x000aa4fe.
Error - 2.12.2010 8:36:43 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 8.0.6001.18702, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 2.12.2010 12:50:36 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace notepad.exe, verze 5.1.2600.5512, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 2.12.2010 13:02:54 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace notepad.exe, verze 5.1.2600.5512, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 2.12.2010 13:02:54 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace notepad.exe, verze 5.1.2600.5512, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
[ System Events ]
Error - 23.11.2010 8:48:15 | Computer Name = PC | Source = Service Control Manager | ID = 7034
Description = Služba LightScribeService Direct Disc Labeling Service byla neočekávaně
ukončena. Tento stav nastal již 1krát.
Error - 23.11.2010 8:48:15 | Computer Name = PC | Source = Service Control Manager | ID = 7034
Description = Služba Cyberlink RichVideo Service(CRVS) byla neočekávaně ukončena.
Tento stav nastal již 1krát.
Error - 23.11.2010 8:48:15 | Computer Name = PC | Source = Service Control Manager | ID = 7034
Description = Služba Spyware Terminator Realtime Shield Service byla neočekávaně
ukončena. Tento stav nastal již 1krát.
Error - 24.11.2010 6:28:08 | Computer Name = PC | Source = ipnathlp | ID = 32003
Description = Služba NAT (Network Address Translator) nemohla požádat o operaci překládacího
modulu režimu jádra. To může znamenat špatnou konfiguraci, nedostatek prostředků
nebo vnitřní chybu. Uvedený údaj je kód chyby.
Error - 25.11.2010 12:33:54 | Computer Name = PC | Source = ipnathlp | ID = 32003
Description = Služba NAT (Network Address Translator) nemohla požádat o operaci překládacího
modulu režimu jádra. To může znamenat špatnou konfiguraci, nedostatek prostředků
nebo vnitřní chybu. Uvedený údaj je kód chyby.
Error - 28.11.2010 8:42:04 | Computer Name = PC | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 10.0.0.1 pro síťovou kartu s adresou 00E04CCB3DB0
byla serverem DHCP 10.0.0.138 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).
Error - 30.11.2010 12:15:41 | Computer Name = PC | Source = Service Control Manager | ID = 7038
Description = Přihlášení služby SSDPSRV jako uživatel NT AUTHORITY\LocalService
se se současně nakonfigurovaným heslem nezdařilo. Došlo k následující chybě: %%5 Zkontrolujte
konfiguraci služby pomocí modulu snap-in Služby v konzole Microsoft Management Console
(MMC).
Error - 30.11.2010 12:15:41 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = Služba Služba rozpoznávání pomocí protokolu SSDP neuspěla při spuštění
v důsledku následující chyby: %%1069
Error - 1.12.2010 14:37:30 | Computer Name = PC | Source = Service Control Manager | ID = 7038
Description = Přihlášení služby SSDPSRV jako uživatel NT AUTHORITY\LocalService
se se současně nakonfigurovaným heslem nezdařilo. Došlo k následující chybě: %%5 Zkontrolujte
konfiguraci služby pomocí modulu snap-in Služby v konzole Microsoft Management Console
(MMC).
Error - 1.12.2010 14:37:30 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = Služba Služba rozpoznávání pomocí protokolu SSDP neuspěla při spuštění
v důsledku následující chyby: %%1069
< End of report >
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Uživatel\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 3070 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146,48 Gb Total Space | 53,65 Gb Free Space | 36,63% Space Free | Partition Type: NTFS
Drive D: | 319,27 Gb Total Space | 278,23 Gb Free Space | 87,15% Space Free | Partition Type: NTFS
Computer Name: PC | User Name: Uživatel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-1078081533-1844237615-1177238915-1004\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader
"1119:TCP" = 1119:TCP:*:Enabled:Blizzard Downloader
"4000:TCP" = 4000:TCP:*:Enabled:Blizzard Downloader
"6114:TCP" = 6114:TCP:*:Enabled:Blizzard Downloader
"6113:TCP" = 6113:TCP:*:Enabled:Blizzard Downloader
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"\\macek\storage\Instalace\!predinstalace\Nero CZ a Power DVD\CDS\Nero\Installation\SetupX.exe" = \\macek\storage\Instalace\!predinstalace\Nero CZ a Power DVD\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup
"C:\Program Files\SEGA\SEGA Rally\SEGA Rally.exe" = C:\Program Files\SEGA\SEGA Rally\SEGA Rally.exe:*:Enabled:SEGA Rally -- (SEGA Publishing Europe LTD)
"C:\Program Files\SEGA\SEGA Rally\SEGA Rally_SSE1.exe" = C:\Program Files\SEGA\SEGA Rally\SEGA Rally_SSE1.exe:*:Enabled:SEGA Rally -- (SEGA Publishing Europe LTD)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Program Files\Counter-Strike Source\hl2.exe" = C:\Program Files\Counter-Strike Source\hl2.exe:*:Disabled:hl2 -- ()
"C:\Program Files\Garena\Garena.exe" = C:\Program Files\Garena\Garena.exe:*:Disabled:Garena -- (Garena Online PTE LTD)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02D02558-42FB-5867-5AED-CE770F86BEF0}" = Catalyst Control Center Graphics Full New
"{0323CB96-221A-4042-84A3-93EDE47099FC}" = AVG 2011
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{09057AE5-C7C8-CFC7-52B8-1D3A64738D24}" = Catalyst Control Center Localization Japanese
"{1098AD6B-32E4-1E6E-56A8-E82049916198}" = CCC Help English
"{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver
"{1496266C-F036-6443-84C7-23F6B2B5A604}" = CCC Help Danish
"{17592322-8F07-3162-5D2D-51AFE459A3B5}" = Skins
"{1AD473D7-7A47-5AEC-B45D-9B87414E7175}" = Digital Video Converter v1.5.0.20
"{1CB2E1B0-342E-9AED-077D-29DE893903F0}" = Catalyst Control Center Localization Finnish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24547818-3B68-4B52-D187-9B3F2514906D}" = CCC Help Turkish
"{2E13A790-CE6E-FF70-3387-2EBA2636FA3A}" = CCC Help Chinese Traditional
"{2FA8CDDC-8C8A-7D2E-5853-B7A98536F0DE}" = CCC Help German
"{321DC8B7-9761-5128-62AB-4A7EA02172F8}" = Catalyst Control Center Localization Hungarian
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36EB58E0-9AAC-4ED4-7AF2-11F144001FF4}" = CCC Help French
"{37A32EE0-C283-0B85-4EC2-6AB385B6B20C}" = CCC Help Swedish
"{3CFC66CD-1B76-3ACE-2562-C2E375E93EBE}" = Catalyst Control Center Localization Norwegian
"{3D6B4A04-8AFA-AD66-E4DA-E25F555DF6F8}" = CCC Help Korean
"{3ED2807E-2EA7-D5D9-460C-2C575A8ADB8C}" = ccc-core-preinstall
"{41C6D48A-D786-FB59-3D7E-1359225958B2}" = Catalyst Control Center Localization Swedish
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4893A35F-0A23-48EC-8E74-24969244D6F2}" = Catalyst Control Center - Branding
"{4A05FF52-4AA8-4681-BC06-5EE7F812A441}" = SEGA Rally
"{4DF082C3-3756-88DF-D339-51054146B99D}" = CCC Help Thai
"{4E7E869B-0306-C17A-06F6-6EF452F6AE6A}" = Catalyst Control Center Localization Russian
"{5202E541-7DC0-B5B3-5971-51A45A02351F}" = CCC Help Norwegian
"{53445FB4-97C5-829C-13D8-D5C05D2AC053}" = CCC Help Spanish
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{553B20C6-59CD-4C2F-BE37-16ABF32064BF}" = aTube Catcher 1.0
"{559525A4-5A88-32D3-E96D-E1EFA4B51470}" = CCC Help Chinese Standard
"{564D0000-547B-4ED8-8070-85286CC8C9BF}" = OpenOffice.org 3.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5779A709-BF65-4C42-A0C6-07980120B903}" = ESET Smart Security
"{5A6E66FB-DC7D-3664-ACBC-F9C714843D3B}" = Catalyst Control Center Localization French
"{5E8874AC-37E6-EEB4-5D7F-A549424FBEAD}" = CCC Help Greek
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{61536EB5-D185-2AAD-1C6A-97B0A5CF613D}" = CCC Help Dutch
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{64890BCC-15C8-F6CB-BC01-6BF252498E57}" = Catalyst Control Center Localization Chinese Traditional
"{64B08B1F-4D3D-CB45-9482-FDC1251940B8}" = ccc-utility
"{650825DA-8938-6695-978D-FE5F982339AE}" = CCC Help Japanese
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68A4AD7E-F2EA-0A98-3B0C-931E5216838B}" = Catalyst Control Center Localization Turkish
"{6EA35E01-493E-2419-D516-1F4AF13EA8E9}" = Catalyst Control Center Core Implementation
"{714ACFF3-B8A3-4AD6-937B-13C833D71029}" = Nero 7 Essentials
"{72D1CC28-17FB-C2D6-055B-0384F1524E99}" = CCC Help Hungarian
"{73ED8B7B-C58F-8750-3076-D5D6D9E9A717}" = Catalyst Control Center Localization Dutch
"{74133C77-0189-B9E0-CF6E-920A7B749791}" = CCC Help Russian
"{7B6A1B2E-ED88-39CC-82C9-D596E9220292}" = Catalyst Control Center Localization Italian
"{7C2BF5B2-40A5-9F36-286F-77225FDD37AD}" = Catalyst Control Center Localization Greek
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{946CBC1C-DA39-4575-2770-27FE85DB8B33}" = Catalyst Control Center Localization Korean
"{96F4E1FF-7E49-E81D-128C-322395C8A187}" = CCC Help Czech
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{9F0F5015-EE82-FCD9-8EC3-81816B34BA44}" = Catalyst Control Center Localization Portuguese
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.1 - Czech
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC9DC52E-D7F1-3912-122B-9A08333A81FB}" = Catalyst Control Center Graphics Light
"{B257B453-905B-2657-346A-4AEA01331059}" = Catalyst Control Center Localization Chinese Standard
"{B4CEDD55-FAEF-2E93-D766-AE63DC99D2A3}" = Catalyst Control Center Localization German
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B84167BE-BD2C-4932-A249-65520C5E8B21}" = World of Warcraft Model Viewer
"{BB840616-B72C-1208-7CEE-4F9899F2B441}" = CCC Help Italian
"{BD240450-D4C3-19A8-23C3-73B3EE550BE8}" = CCC Help Finnish
"{BD6CCED1-CFFC-9192-AE39-B78F8560F77F}" = ccc-core-static
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C44D53E7-3D08-87BA-B8EC-492EA17DFF5D}" = Catalyst Control Center Graphics Full Existing
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE1DC67-E0C4-42F0-B93E-9E316C91AE1B}" = Catalyst Control Center Localization Danish
"{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}" = LightScribe System Software 1.12.29.2
"{D3C3CCB1-1379-75C5-A423-950AE0BD2E97}" = Catalyst Control Center Localization Czech
"{D6564A7C-5507-18E4-8CC8-A419D64ACB10}" = Catalyst Control Center Localization Spanish
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{DFA6C4C3-1072-9193-6999-828924387535}" = CCC Help Polish
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4B4646B-DAF1-DC1B-3CCA-37D926CA262A}" = Catalyst Control Center Localization Thai
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F146D563-CAFF-9FF7-FBF5-D0A452C2062F}" = Catalyst Control Center Localization Polish
"{FB834266-4A30-55F6-5D36-ADFB4AEECB87}" = CCC Help Portuguese
"7-Zip" = 7-Zip 4.65
"Acala 3GP Movies Free_is1" = Acala 3GP Movies Free 2.4.4
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"AoA Audio Extractor_is1" = AoA Audio Extractor 1.0
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"C-Media Audio" = C-Media 3D Audio
"CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard
"EADM" = EA Download Manager
"FormatFactory" = FormatFactory 2.20
"Fraps" = Fraps
"Garena" = Garena 2010
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Ovladače zařízení
"InstallShield_{4A05FF52-4AA8-4681-BC06-5EE7F812A441}" = SEGA Rally
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Moorhuhn Winter-Edition" = Moorhuhn Winter-Edition
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Nvu" = Nvu 1.0
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinGimp-2.0_is1" = GIMP 2.6.9
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1078081533-1844237615-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23.11.2010 16:25:16 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Chybující aplikace explorer.exe, verze 6.0.2900.5512, chybující modul
unknown, verze 0.0.0.0, adresa chyby 0x97502214.
Error - 23.11.2010 16:25:24 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Chybující aplikace installer.exe, verze 4.1.0.1312, chybující modul
unknown, verze 0.0.0.0, adresa chyby 0xb753171d.
Error - 24.11.2010 5:20:21 | Computer Name = PC | Source = MsiInstaller | ID = 10005
Description = Produkt: ESET Smart Security -- Chyba 5001. Produkt není možné nainstalovat,
protože počítač nebyl restartován po předcházející odinstalaci. Zrestartujte počítač
a znovu spusťte instalaci.
Error - 24.11.2010 5:33:47 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Chybující aplikace egui.exe, verze 4.2.67.13, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x003b04ff.
Error - 27.11.2010 2:52:34 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 8.0.6001.18702, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 30.11.2010 14:34:18 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Chybující aplikace egui.exe, verze 4.2.67.13, chybující modul egui.exe,
verze 4.2.67.13, adresa chyby 0x000aa4fe.
Error - 2.12.2010 8:36:43 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 8.0.6001.18702, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 2.12.2010 12:50:36 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace notepad.exe, verze 5.1.2600.5512, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 2.12.2010 13:02:54 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace notepad.exe, verze 5.1.2600.5512, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 2.12.2010 13:02:54 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace notepad.exe, verze 5.1.2600.5512, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
[ System Events ]
Error - 23.11.2010 8:48:15 | Computer Name = PC | Source = Service Control Manager | ID = 7034
Description = Služba LightScribeService Direct Disc Labeling Service byla neočekávaně
ukončena. Tento stav nastal již 1krát.
Error - 23.11.2010 8:48:15 | Computer Name = PC | Source = Service Control Manager | ID = 7034
Description = Služba Cyberlink RichVideo Service(CRVS) byla neočekávaně ukončena.
Tento stav nastal již 1krát.
Error - 23.11.2010 8:48:15 | Computer Name = PC | Source = Service Control Manager | ID = 7034
Description = Služba Spyware Terminator Realtime Shield Service byla neočekávaně
ukončena. Tento stav nastal již 1krát.
Error - 24.11.2010 6:28:08 | Computer Name = PC | Source = ipnathlp | ID = 32003
Description = Služba NAT (Network Address Translator) nemohla požádat o operaci překládacího
modulu režimu jádra. To může znamenat špatnou konfiguraci, nedostatek prostředků
nebo vnitřní chybu. Uvedený údaj je kód chyby.
Error - 25.11.2010 12:33:54 | Computer Name = PC | Source = ipnathlp | ID = 32003
Description = Služba NAT (Network Address Translator) nemohla požádat o operaci překládacího
modulu režimu jádra. To může znamenat špatnou konfiguraci, nedostatek prostředků
nebo vnitřní chybu. Uvedený údaj je kód chyby.
Error - 28.11.2010 8:42:04 | Computer Name = PC | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 10.0.0.1 pro síťovou kartu s adresou 00E04CCB3DB0
byla serverem DHCP 10.0.0.138 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).
Error - 30.11.2010 12:15:41 | Computer Name = PC | Source = Service Control Manager | ID = 7038
Description = Přihlášení služby SSDPSRV jako uživatel NT AUTHORITY\LocalService
se se současně nakonfigurovaným heslem nezdařilo. Došlo k následující chybě: %%5 Zkontrolujte
konfiguraci služby pomocí modulu snap-in Služby v konzole Microsoft Management Console
(MMC).
Error - 30.11.2010 12:15:41 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = Služba Služba rozpoznávání pomocí protokolu SSDP neuspěla při spuštění
v důsledku následující chyby: %%1069
Error - 1.12.2010 14:37:30 | Computer Name = PC | Source = Service Control Manager | ID = 7038
Description = Přihlášení služby SSDPSRV jako uživatel NT AUTHORITY\LocalService
se se současně nakonfigurovaným heslem nezdařilo. Došlo k následující chybě: %%5 Zkontrolujte
konfiguraci služby pomocí modulu snap-in Služby v konzole Microsoft Management Console
(MMC).
Error - 1.12.2010 14:37:30 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = Služba Služba rozpoznávání pomocí protokolu SSDP neuspěla při spuštění
v důsledku následující chyby: %%1069
< End of report >
Re: TROJAN
PS: Když testoval MWAV tak jako by testoval i ESET (rezidenční štít) + jsem udělal i rychlou kontrolu MBAM a ESET tedka dela každodenní hloubkovou kontrolu .
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: TROJAN
Spusťte OTL a do spodního okna vložte následující skript.
Kód: Vybrat vše
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\catchme.sys -- (catchme)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [mwavscan_autoscan] File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:8CE646EE
:Commands
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]Re: TROJAN
All processes killed
========== OTL ==========
Service GGSAFERDriver stopped successfully!
Service GGSAFERDriver deleted successfully!
File C:\Program Files\Garena\safedrv.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\catchme.sys not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mwavscan_autoscan deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}\ not found.
File {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found not found.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:8CE646EE deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Uživatel
->Temp folder emptied: 366339671 bytes
->Temporary Internet Files folder emptied: 7825341 bytes
->FireFox cache emptied: 3485312 bytes
->Flash cache emptied: 3473 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 241315217 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 224 bytes
Total Files Cleaned = 590,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: LocalService
User: NetworkService
User: Uživatel
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
Restore points cleared and new OTL Restore Point set!
OTL by OldTimer - Version 3.2.17.3 log created on 12022010_184902
Files\Folders moved on Reboot...
C:\Documents and Settings\Uživatel\Local Settings\Temporary Internet Files\Content.IE5\OZJAQT2S\1[1].htm moved successfully.
C:\Documents and Settings\Uživatel\Local Settings\Temporary Internet Files\Content.IE5\OZJAQT2S\451410[1].htm moved successfully.
C:\Documents and Settings\Uživatel\Local Settings\Temporary Internet Files\Content.IE5\OZJAQT2S\iframes_api_loader[1].html moved successfully.
C:\Documents and Settings\Uživatel\Local Settings\Temporary Internet Files\Content.IE5\OZJAQT2S\index[1].htm moved successfully.
C:\Documents and Settings\Uživatel\Local Settings\Temporary Internet Files\Content.IE5\NHOJWWZ3\ads[2].htm moved successfully.
C:\Documents and Settings\Uživatel\Local Settings\Temporary Internet Files\Content.IE5\NHOJWWZ3\afr[1].htm moved successfully.
C:\Documents and Settings\Uživatel\Local Settings\Temporary Internet Files\Content.IE5\4BXTGXDH\11-bart-na-volne-noze-2[1].htm moved successfully.
C:\Documents and Settings\Uživatel\Local Settings\Temporary Internet Files\Content.IE5\4BXTGXDH\like[1].htm moved successfully.
Registry entries deleted on Reboot...
Mužu se zeptat co tam je/bylo ?? A jakto že to nezjistil ESET Smart Security ?
========== OTL ==========
Service GGSAFERDriver stopped successfully!
Service GGSAFERDriver deleted successfully!
File C:\Program Files\Garena\safedrv.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\catchme.sys not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mwavscan_autoscan deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}\ not found.
File {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found not found.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:8CE646EE deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Uživatel
->Temp folder emptied: 366339671 bytes
->Temporary Internet Files folder emptied: 7825341 bytes
->FireFox cache emptied: 3485312 bytes
->Flash cache emptied: 3473 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 241315217 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 224 bytes
Total Files Cleaned = 590,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: LocalService
User: NetworkService
User: Uživatel
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
Restore points cleared and new OTL Restore Point set!
OTL by OldTimer - Version 3.2.17.3 log created on 12022010_184902
Files\Folders moved on Reboot...
C:\Documents and Settings\Uživatel\Local Settings\Temporary Internet Files\Content.IE5\OZJAQT2S\1[1].htm moved successfully.
C:\Documents and Settings\Uživatel\Local Settings\Temporary Internet Files\Content.IE5\OZJAQT2S\451410[1].htm moved successfully.
C:\Documents and Settings\Uživatel\Local Settings\Temporary Internet Files\Content.IE5\OZJAQT2S\iframes_api_loader[1].html moved successfully.
C:\Documents and Settings\Uživatel\Local Settings\Temporary Internet Files\Content.IE5\OZJAQT2S\index[1].htm moved successfully.
C:\Documents and Settings\Uživatel\Local Settings\Temporary Internet Files\Content.IE5\NHOJWWZ3\ads[2].htm moved successfully.
C:\Documents and Settings\Uživatel\Local Settings\Temporary Internet Files\Content.IE5\NHOJWWZ3\afr[1].htm moved successfully.
C:\Documents and Settings\Uživatel\Local Settings\Temporary Internet Files\Content.IE5\4BXTGXDH\11-bart-na-volne-noze-2[1].htm moved successfully.
C:\Documents and Settings\Uživatel\Local Settings\Temporary Internet Files\Content.IE5\4BXTGXDH\like[1].htm moved successfully.
Registry entries deleted on Reboot...
Mužu se zeptat co tam je/bylo ?? A jakto že to nezjistil ESET Smart Security ?
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: TROJAN
Normalně . Možna něco jde rychleji . Jednalo se o Spyware??Caroprd111 píše:Spíše drobnosti. Žádný antivir nepodá stoprocentní ochranu.
Jak se chová PC
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: TROJAN
Ano, jednalo.
Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:
ComboFix /Uninstall
stiskněte Enter
Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe
Stáhněte TFC http://oldtimer.geekstogo.com/TFC.exe
Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe
Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478
Dejte log z RSIT.
Odinstalujte ComboFix přes:Start >> Spustit, zkopírujte do okénka:
ComboFix /Uninstall
stiskněte Enter
Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe
- Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
- Po použití program vymažte. Pozor, antiviry ho mohou falešně označit za vir.
Stáhněte TFC http://oldtimer.geekstogo.com/TFC.exe
- Spusťte.
- Klikněte na "Start". Potvrďte hlášku kliknutím na "Ok" (Bude následovat restart)
Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe
- Spusťte.
- Klikněte na "CleanUp!". Potvrďte hlášky kliknutím na "Yes" (Bude následovat restart)
Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478
- Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.
Záložka Čistič - Dejte analyzovat, po dokončení dejte Spustit Ccleaner.
Záložka Registry - Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
OK Zavřít
Dejte log z RSIT.Re: TROJAN
O.K. Hotovo
PS: MWAV zustal a ESET nezaznamenal T-Cleaner jako vir (podivny,u ostatnich antiviru to bylo normalni)
Jinak dekuji za pomoc .
Nevite jak se lepe branit proti Spyware a vstupum na nebezpečné stránky i kdyz mam ESET ??
PS: MWAV zustal a ESET nezaznamenal T-Cleaner jako vir (podivny,u ostatnich antiviru to bylo normalni)
Jinak dekuji za pomoc .
Nevite jak se lepe branit proti Spyware a vstupum na nebezpečné stránky i kdyz mam ESET ??
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: TROJAN
T-Cleaner je v pořádku, je to falešná detekce. Nejlepší ochrana je hlava v kombinaci s bezpečnostním balíkem. Ani sebelepší antivir Vám nepomůže, pokud budete klikat na vše, co vidíte.
Re: TROJAN
To je divne ,ja na zadne nebezpecne strance nebyl . Mozna ten mail ale to byl obycejny spam . Existuje nejaky kvalitnejsi Antispywere ?? Treba i kupovany (ze bych si stahl trial) ,ale takovy abych ho mohl provozovat s ESETEm (jestli by to slo ) .Thrall píše:O.K. Hotovo
PS: MWAV zustal a ESET nezaznamenal T-Cleaner jako vir (podivny,u ostatnich antiviru to bylo normalni)
Jinak dekuji za pomoc .
Nevite jak se lepe branit proti Spyware a vstupum na nebezpečné stránky i kdyz mam ESET ??
Přispějete na provoz fóra?