dobrý den, potřebuji zkontrolovat počítač. Něco tam mam, nejdou některé aplikace a nejde odesílat e-maily.
Logfile of random's system information tool 1.06 (written by random/random)
Run by MJ at 2010-04-05 05:11:47
Systém Microsoft Windows XP Professional Service Pack 1
System drive C: has 30 GB (79%) free of 38 GB
Total RAM: 1014 MB (80% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:11:52, on 5.4.2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\MJ\Plocha\RSIT.exe
C:\Program Files\trend micro\MJ.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0800136140
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Služba Google Update (gupdate1ca8f788138d1b4) (gupdate1ca8f788138d1b4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
--
End of file - 5080 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-30 279664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-01-30 812528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Rádio - C:\WINDOWS\System32\msdxm.ocx [2002-09-20 844828]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-30 279664]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-12-10 18789920]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-12-28 417792]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"RemoteControl"=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2005-07-08 1397760]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-12-14 39408]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2010-04-05 05:07:37 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-05 04:17:18 ----D---- C:\Program Files\trend micro
2010-04-05 04:17:17 ----D---- C:\rsit
2010-03-30 20:31:36 ----D---- C:\Program Files\Sunbelt Software
2010-03-29 22:44:53 ----SHD---- C:\RECYCLER
2010-03-29 21:55:06 ----D---- C:\WINDOWS\temp
2010-03-10 20:11:28 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-10 20:11:24 ----D---- C:\Documents and Settings\MJ\Data aplikací\CyberLink
2010-03-10 20:10:25 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\CyberLink
2010-03-10 20:06:02 ----D---- C:\Program Files\Common Files\LightScribe
2010-03-10 20:04:47 ----N---- C:\WINDOWS\System32\TwnLib4.dll
2010-03-10 20:04:47 ----A---- C:\WINDOWS\System32\TwnLib20.dll
2010-03-10 20:04:44 ----N---- C:\WINDOWS\System32\ImagXRA7.dll
2010-03-10 20:04:44 ----N---- C:\WINDOWS\System32\ImagXR7.dll
2010-03-10 20:04:43 ----N---- C:\WINDOWS\System32\ImagXpr7.dll
2010-03-10 20:04:43 ----N---- C:\WINDOWS\System32\ImagX7.dll
2010-03-10 20:04:42 ----A---- C:\WINDOWS\System32\NeroCheck.exe
2010-03-10 20:04:10 ----N---- C:\WINDOWS\NuNinst.exe
2010-03-10 20:04:07 ----D---- C:\Program Files\Common Files\Ahead
2010-03-10 20:04:04 ----D---- C:\WINDOWS\InCD
2010-03-10 20:04:04 ----D---- C:\Program Files\Ahead
2010-03-10 20:02:14 ----D---- C:\Program Files\CyberLink
2010-03-10 20:01:58 ----D---- C:\MyWorks
2010-03-10 20:01:48 ----A---- C:\Program Files\Uninstall_CDS.exe
2010-03-10 20:01:47 ----D---- C:\Program Files\CyberLink DVD Solution
======List of files/folders modified in the last 1 months======
2010-04-05 05:07:37 ----D---- C:\WINDOWS
2010-04-05 05:06:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-05 05:06:10 ----D---- C:\Documents and Settings\MJ\Data aplikací\Skype
2010-04-05 05:04:39 ----D---- C:\WINDOWS\Debug
2010-04-05 04:56:25 ----D---- C:\WINDOWS\System32\drivers
2010-04-05 04:55:47 ----D---- C:\WINDOWS\System32\CatRoot2
2010-04-05 04:41:21 ----D---- C:\WINDOWS\Prefetch
2010-04-05 04:17:18 ----RD---- C:\Program Files
2010-04-04 22:20:56 ----D---- C:\WINDOWS\system32
2010-04-01 22:30:19 ----SD---- C:\WINDOWS\Tasks
2010-04-01 07:03:49 ----D---- C:\Documents and Settings\MJ\Data aplikací\skypePM
2010-03-30 20:31:58 ----SHD---- C:\WINDOWS\Installer
2010-03-30 20:31:50 ----HD---- C:\WINDOWS\inf
2010-03-30 19:34:56 ----D---- C:\WINDOWS\Minidump
2010-03-30 19:34:03 ----D---- C:\WINDOWS\System32\Restore
2010-03-29 21:54:17 ----A---- C:\WINDOWS\system.ini
2010-03-29 21:50:40 ----D---- C:\WINDOWS\AppPatch
2010-03-29 21:50:36 ----D---- C:\Program Files\Common Files
2010-03-29 21:44:54 ----D---- C:\Documents and Settings
2010-03-29 21:32:53 ----RSHDC---- C:\WINDOWS\System32\dllcache
2010-03-29 21:18:13 ----RD---- C:\WINDOWS\Offline Web Pages
2010-03-29 20:05:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-29 18:37:16 ----SHD---- C:\WINDOWS\CSC
2010-03-28 10:28:43 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI
2010-03-10 20:03:37 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-10 20:01:02 ----D---- C:\Program Files\Common Files\InstallShield
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2009-02-13 45416]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\System32\drivers\incdrm.sys [2005-07-08 28672]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2009-06-05 142336]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\System32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2002-08-29 19328]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328]
S1 avipbb;avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [2009-03-30 96104]
S1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
S1 ssmdrv;ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-12-10 6017568]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
S4 InCDfs;InCD File System; C:\WINDOWS\System32\drivers\InCDfs.sys [2005-07-08 99584]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\System32\DRIVERS\sr.sys [2002-09-20 69120]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 gupdate1ca8f788138d1b4;Služba Google Update (gupdate1ca8f788138d1b4); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-07 133104]
S2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-02-17 73728]
S2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
S2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-14 182768]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2010-02-23 79360]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
VIRUS, MALWARE
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: VIRUS, MALWARE
Zdravím 
Proč je log z nouzového režimu 
Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
Proč je log z nouzového režimu Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
- Spusťte program, poté klikněte na Prohledat
- Po dokončení, sem vložte logy OTL.Txt a Extras.txt
Re: VIRUS, MALWARE
Zdravím, taky přeju hezkej den:-)
Jinak než z nouzáku mi to neodejde.
Neodcházely mi ani e-maily.
OTL Extras logfile created on: 5.4.2010 12:18:25 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\MJ\Plocha
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1 014,00 Mb Total Physical Memory | 619,00 Mb Available Physical Memory | 61,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 30,40 Gb Free Space | 81,59% Space Free | Partition Type: NTFS
Drive D: | 3,99 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MJ-XUO0PUS6PEH1
Current User Name: MJ
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{564D0000-547B-4ED8-8070-85286CC8C9BF}" = OpenOffice.org 3.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{80000E0B-2871-4DF3-8B39-735B187AA576}" = eDrawings 2008
"{82B1150E-9B37-49FC-83EB-D52197D900D0}" = Sunbelt Personal Firewall
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A93000000001}" = Adobe Reader 9.3 - Czech
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 5.2
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D755C7A3-C03E-4460-8C00-AC6E55505FB5}" = LightScribe 1.4.74.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"FileHippo.com" = FileHippo.com Update Checker
"HijackThis" = HijackThis 2.0.2
"InCD!UninstallKey" = InCD
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Planung und Ausschreibung 2008 - KBE" = Planung und Ausschreibung 2008 - KBE
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 29.3.2010 0:47:46 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Perflib | ID = 1015
Description = Časový limit čekání na shromáždění dat výkonu funkcí PerfProc v C:\WINDOWS\System32\perfproc.dll
knihovně vypršel. Potíže jsou pravděpodobně s rozšiřitelným čítačem nebo službou,
od které shromažďuje data, nebo byl systém při obdržení volání velice zaneprázdněn.
Error - 29.3.2010 0:51:52 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2800.1106, chybující modul
ntdll.dll, verze 5.1.2600.1106, adresa chyby 0x00028b15.
Error - 29.3.2010 0:52:25 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace IEXPLORE.EXE, verze 6.0.2800.1106, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 29.3.2010 11:55:37 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Application Error | ID = 1000
Description = Chybující aplikace explorer.exe, verze 6.0.2800.1106, chybující modul
wininet.dll, verze 6.0.2800.1106, adresa chyby 0x0001f63d.
Error - 29.3.2010 11:56:12 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Perflib | ID = 1015
Description = Časový limit čekání na shromáždění dat výkonu funkcí PerfProc v C:\WINDOWS\System32\perfproc.dll
knihovně vypršel. Potíže jsou pravděpodobně s rozšiřitelným čítačem nebo službou,
od které shromažďuje data, nebo byl systém při obdržení volání velice zaneprázdněn.
Error - 29.3.2010 11:56:38 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Perflib | ID = 1015
Description = Časový limit čekání na shromáždění dat výkonu funkcí PerfProc v C:\WINDOWS\System32\perfproc.dll
knihovně vypršel. Potíže jsou pravděpodobně s rozšiřitelným čítačem nebo službou,
od které shromažďuje data, nebo byl systém při obdržení volání velice zaneprázdněn.
Error - 29.3.2010 12:35:53 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2800.1106, chybující modul
ntdll.dll, verze 5.1.2600.1106, adresa chyby 0x00028b15.
Error - 29.3.2010 12:37:34 | Computer Name = MJ-XUO0PUS6PEH1 | Source = EventSystem | ID = 4609
Description = Systém událostí modelu COM+ zjistil při vnitřním zpracovávání chybný
návratový kód. Hodnota HRESULT byla 8007043C z řádku 44 v d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.Obraťte
se na služby odborné pomoci společnosti Microsoft a informujte je o této chyb
Error - 29.3.2010 12:37:34 | Computer Name = MJ-XUO0PUS6PEH1 | Source = VSS | ID = 8193
Description = Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance
došlo k neočekávané chybě. hr= 0x80040206.
Error - 29.3.2010 12:46:26 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Application Error | ID = 1000
Description = Chybující aplikace explorer.exe, verze 6.0.2800.1106, chybující modul
unknown, verze 0.0.0.0, adresa chyby 0x00a2760d.
[ System Events ]
Error - 2.4.2010 0:44:40 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Service Control Manager | ID = 7000
Description = Služba wscsvc neuspěla při spuštění v důsledku následující chyby:
%%1083
Error - 3.4.2010 1:25:22 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Service Control Manager | ID = 7000
Description = Služba wscsvc neuspěla při spuštění v důsledku následující chyby:
%%1083
Error - 4.4.2010 3:46:24 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Service Control Manager | ID = 7000
Description = Služba wscsvc neuspěla při spuštění v důsledku následující chyby:
%%1083
Error - 4.4.2010 22:06:33 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Service Control Manager | ID = 7000
Description = Služba wscsvc neuspěla při spuštění v důsledku následující chyby:
%%1083
Error - 4.4.2010 23:06:04 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Service Control Manager | ID = 7000
Description = Služba wscsvc neuspěla při spuštění v důsledku následující chyby:
%%1083
Error - 4.4.2010 23:07:59 | Computer Name = MJ-XUO0PUS6PEH1 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 4.4.2010 23:08:09 | Computer Name = MJ-XUO0PUS6PEH1 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 4.4.2010 23:09:31 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: avipbb Fips Processor sbhips ssmdrv
Error - 5.4.2010 2:33:58 | Computer Name = MJ-XUO0PUS6PEH1 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 5.4.2010 2:36:33 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Service Control Manager | ID = 7000
Description = Služba wscsvc neuspěla při spuštění v důsledku následující chyby:
%%1083
< End of report >
Jinak než z nouzáku mi to neodejde.
Neodcházely mi ani e-maily.
OTL Extras logfile created on: 5.4.2010 12:18:25 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\MJ\Plocha
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1 014,00 Mb Total Physical Memory | 619,00 Mb Available Physical Memory | 61,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 30,40 Gb Free Space | 81,59% Space Free | Partition Type: NTFS
Drive D: | 3,99 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MJ-XUO0PUS6PEH1
Current User Name: MJ
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{564D0000-547B-4ED8-8070-85286CC8C9BF}" = OpenOffice.org 3.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{80000E0B-2871-4DF3-8B39-735B187AA576}" = eDrawings 2008
"{82B1150E-9B37-49FC-83EB-D52197D900D0}" = Sunbelt Personal Firewall
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A93000000001}" = Adobe Reader 9.3 - Czech
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 5.2
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D755C7A3-C03E-4460-8C00-AC6E55505FB5}" = LightScribe 1.4.74.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"FileHippo.com" = FileHippo.com Update Checker
"HijackThis" = HijackThis 2.0.2
"InCD!UninstallKey" = InCD
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Planung und Ausschreibung 2008 - KBE" = Planung und Ausschreibung 2008 - KBE
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 29.3.2010 0:47:46 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Perflib | ID = 1015
Description = Časový limit čekání na shromáždění dat výkonu funkcí PerfProc v C:\WINDOWS\System32\perfproc.dll
knihovně vypršel. Potíže jsou pravděpodobně s rozšiřitelným čítačem nebo službou,
od které shromažďuje data, nebo byl systém při obdržení volání velice zaneprázdněn.
Error - 29.3.2010 0:51:52 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2800.1106, chybující modul
ntdll.dll, verze 5.1.2600.1106, adresa chyby 0x00028b15.
Error - 29.3.2010 0:52:25 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace IEXPLORE.EXE, verze 6.0.2800.1106, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 29.3.2010 11:55:37 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Application Error | ID = 1000
Description = Chybující aplikace explorer.exe, verze 6.0.2800.1106, chybující modul
wininet.dll, verze 6.0.2800.1106, adresa chyby 0x0001f63d.
Error - 29.3.2010 11:56:12 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Perflib | ID = 1015
Description = Časový limit čekání na shromáždění dat výkonu funkcí PerfProc v C:\WINDOWS\System32\perfproc.dll
knihovně vypršel. Potíže jsou pravděpodobně s rozšiřitelným čítačem nebo službou,
od které shromažďuje data, nebo byl systém při obdržení volání velice zaneprázdněn.
Error - 29.3.2010 11:56:38 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Perflib | ID = 1015
Description = Časový limit čekání na shromáždění dat výkonu funkcí PerfProc v C:\WINDOWS\System32\perfproc.dll
knihovně vypršel. Potíže jsou pravděpodobně s rozšiřitelným čítačem nebo službou,
od které shromažďuje data, nebo byl systém při obdržení volání velice zaneprázdněn.
Error - 29.3.2010 12:35:53 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2800.1106, chybující modul
ntdll.dll, verze 5.1.2600.1106, adresa chyby 0x00028b15.
Error - 29.3.2010 12:37:34 | Computer Name = MJ-XUO0PUS6PEH1 | Source = EventSystem | ID = 4609
Description = Systém událostí modelu COM+ zjistil při vnitřním zpracovávání chybný
návratový kód. Hodnota HRESULT byla 8007043C z řádku 44 v d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.Obraťte
se na služby odborné pomoci společnosti Microsoft a informujte je o této chyb
Error - 29.3.2010 12:37:34 | Computer Name = MJ-XUO0PUS6PEH1 | Source = VSS | ID = 8193
Description = Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance
došlo k neočekávané chybě. hr= 0x80040206.
Error - 29.3.2010 12:46:26 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Application Error | ID = 1000
Description = Chybující aplikace explorer.exe, verze 6.0.2800.1106, chybující modul
unknown, verze 0.0.0.0, adresa chyby 0x00a2760d.
[ System Events ]
Error - 2.4.2010 0:44:40 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Service Control Manager | ID = 7000
Description = Služba wscsvc neuspěla při spuštění v důsledku následující chyby:
%%1083
Error - 3.4.2010 1:25:22 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Service Control Manager | ID = 7000
Description = Služba wscsvc neuspěla při spuštění v důsledku následující chyby:
%%1083
Error - 4.4.2010 3:46:24 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Service Control Manager | ID = 7000
Description = Služba wscsvc neuspěla při spuštění v důsledku následující chyby:
%%1083
Error - 4.4.2010 22:06:33 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Service Control Manager | ID = 7000
Description = Služba wscsvc neuspěla při spuštění v důsledku následující chyby:
%%1083
Error - 4.4.2010 23:06:04 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Service Control Manager | ID = 7000
Description = Služba wscsvc neuspěla při spuštění v důsledku následující chyby:
%%1083
Error - 4.4.2010 23:07:59 | Computer Name = MJ-XUO0PUS6PEH1 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 4.4.2010 23:08:09 | Computer Name = MJ-XUO0PUS6PEH1 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 4.4.2010 23:09:31 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: avipbb Fips Processor sbhips ssmdrv
Error - 5.4.2010 2:33:58 | Computer Name = MJ-XUO0PUS6PEH1 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 5.4.2010 2:36:33 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Service Control Manager | ID = 7000
Description = Služba wscsvc neuspěla při spuštění v důsledku následující chyby:
%%1083
< End of report >
Re: VIRUS, MALWARE
OTL logfile created on: 5.4.2010 12:18:25 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\MJ\Plocha
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1 014,00 Mb Total Physical Memory | 619,00 Mb Available Physical Memory | 61,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 30,40 Gb Free Space | 81,59% Space Free | Partition Type: NTFS
Drive D: | 3,99 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MJ-XUO0PUS6PEH1
Current User Name: MJ
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.04.05 12:18:08 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MJ\Plocha\OTL.exe
PRC - [2009.12.14 22:47:03 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009.07.21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.10.31 07:24:28 | 001,365,288 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
PRC - [2008.10.31 07:24:28 | 000,095,528 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
PRC - [2008.10.31 07:24:26 | 001,705,256 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
PRC - [2005.07.08 18:24:46 | 000,871,424 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2005.07.08 17:25:10 | 001,397,760 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2004.11.02 21:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PRC - [2002.09.20 18:05:24 | 001,004,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010.04.05 12:18:08 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MJ\Plocha\OTL.exe
MOD - [2002.09.20 18:03:32 | 000,921,600 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2010.02.23 20:08:46 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009.07.21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.10.31 07:24:28 | 001,365,288 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe -- (SPF4)
SRV - [2008.10.31 07:24:28 | 000,095,528 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe -- (SbPF.Launcher)
SRV - [2005.07.08 18:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
========== Driver Services (SafeList) ==========
DRV - [2009.12.10 18:23:36 | 006,017,568 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.11.18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.06.05 16:16:32 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009.05.11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:29:11 | 000,022,360 | ---- | M] (Avira GmbH) [File_System | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntmgr.sys -- (avgntmgr)
DRV - [2009.02.13 12:17:49 | 000,045,416 | ---- | M] (Avira GmbH) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgntdd.sys -- (avgntdd)
DRV - [2008.10.31 07:09:06 | 000,270,888 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2008.06.21 04:54:54 | 000,066,600 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2008.06.21 04:54:54 | 000,065,576 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2005.07.08 18:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005.07.08 18:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005.07.08 17:17:31 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDrm.sys -- (incdrm)
DRV - [2005.01.07 18:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - Reg Error: Key error. File not found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
O1 HOSTS File: ([2010.03.29 21:24:00 | 000,000,698 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Rádio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: WikiKomentáře Google... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O15 - HKCU\..Trusted Domains: ([]msn in Tento počítač)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Důvěryhodné servery)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Důvěryhodné servery)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Důvěryhodné servery)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 0800136140 (WUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/L ... nstall.cab (WebSDev Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.04.05 12:18:06 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MJ\Plocha\OTL.exe
[2010.04.05 05:34:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\MJ\Recent
[2010.04.05 04:31:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\nabídky, MJ OKNA, DVEŘE, soukromí investoři
[2010.04.05 04:17:18 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.04.05 04:17:17 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.01 22:26:32 | 017,013,088 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\MJ\Plocha\IE8-WindowsXP-x86-CSY.exe
[2010.03.30 20:31:45 | 000,270,888 | R--- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFw.sys
[2010.03.30 20:31:45 | 000,065,576 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFwIm.sys
[2010.03.30 20:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2010.03.30 20:27:14 | 006,000,608 | ---- | C] (Sunbelt Software ) -- C:\Documents and Settings\MJ\Plocha\sunbelt-personal-firewall.exe
[2010.03.30 20:02:03 | 322,523,176 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\MJ\Plocha\WindowsXP-KB936929-SP3-x86-CSY.exe
[2010.03.29 23:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\zelená úsporám - směrnice
[2010.03.29 23:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\winamp
[2010.03.29 23:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\vgp, horní počernice
[2010.03.29 23:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\trocal
[2010.03.29 23:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\trigema
[2010.03.29 23:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\Tomáš Korecký
[2010.03.29 23:42:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\Realtek_LAN_PCIE_MB
[2010.03.29 23:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\pacienti
[2010.03.29 23:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\OpenOffice.org 3.0 (cs) Installation Files
[2010.03.29 23:42:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\nůž
[2010.03.29 23:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\Marek Jiroš, REALITNÍ SLUŽBY
[2010.03.29 23:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\Marek Jiroš, OKNA, DVEŘE
[2010.03.29 23:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\Marek Jiroš, CV
[2010.03.29 23:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\kovosystem
[2010.03.29 23:41:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\koef. tep. prost U
[2010.03.29 23:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\kbe select
[2010.03.29 23:41:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\avira antivir
[2010.03.29 22:44:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.03.29 21:55:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.03.29 21:32:48 | 000,047,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2010.03.29 20:04:37 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\MJ\Plocha\mbam-setup.exe
[2010.03.10 20:14:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\LightScribe
[2010.03.10 20:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Data aplikací\CyberLink
[2010.03.10 20:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Dokumenty\CyberLink
[2010.03.10 20:10:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\CyberLink
[2010.03.10 20:06:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2010.03.10 20:04:47 | 000,364,544 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\TwnLib4.dll
[2010.03.10 20:04:47 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2010.03.10 20:04:44 | 000,471,040 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXRA7.dll
[2010.03.10 20:04:44 | 000,262,144 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXR7.dll
[2010.03.10 20:04:43 | 001,568,768 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagX7.dll
[2010.03.10 20:04:43 | 000,476,320 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXpr7.dll
[2010.03.10 20:04:42 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2010.03.10 20:04:10 | 002,973,696 | ---- | C] (Nero AG) -- C:\WINDOWS\NuNinst.exe
[2010.03.10 20:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2010.03.10 20:04:06 | 000,099,584 | ---- | C] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDfs.sys
[2010.03.10 20:04:06 | 000,029,696 | ---- | C] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDpass.sys
[2010.03.10 20:04:06 | 000,028,672 | ---- | C] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDrm.sys
[2010.03.10 20:04:06 | 000,008,704 | ---- | C] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDrec.sys
[2010.03.10 20:04:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\InCD
[2010.03.10 20:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2010.03.10 20:02:14 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2010.03.10 20:01:58 | 000,000,000 | ---D | C] -- C:\MyWorks
[2010.03.10 20:01:47 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink DVD Solution
[2009.12.11 22:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2009.12.11 22:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2009.12.11 22:47:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2009.12.11 22:47:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.04.05 12:18:08 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MJ\Plocha\OTL.exe
[2010.04.05 11:20:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.05 08:34:58 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.05 08:34:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.05 08:34:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.05 08:34:01 | 000,000,180 | -HS- | M] () -- C:\Documents and Settings\MJ\ntuser.ini
[2010.04.05 08:34:00 | 005,242,880 | -H-- | M] () -- C:\Documents and Settings\MJ\NTUSER.DAT
[2010.04.05 08:33:57 | 003,712,656 | -H-- | M] () -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\IconCache.db
[2010.04.05 05:28:43 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.04.05 05:24:43 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.05 04:34:58 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\MJ, MASÉRSKÉ, REKONDIČNÍ A REGENERAČNÍ SLUŽBY.doc
[2010.04.04 10:02:36 | 000,047,246 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\poranění měkkého kolena.rtf
[2010.04.04 09:44:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.04 00:45:33 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\základy fyziatrické léčby, capko.doc
[2010.04.02 00:22:49 | 000,942,592 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\HSS.doc
[2010.04.02 00:13:57 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\MJ\Plocha\~$vý objekt - Microsoft Word Document.doc
[2010.04.01 22:27:24 | 016,999,990 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\IE8-WindowsXP-x86-CSY.rar
[2010.04.01 22:26:32 | 017,013,088 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\MJ\Plocha\IE8-WindowsXP-x86-CSY.exe
[2010.03.30 20:27:14 | 006,000,608 | ---- | M] (Sunbelt Software ) -- C:\Documents and Settings\MJ\Plocha\sunbelt-personal-firewall.exe
[2010.03.30 20:02:03 | 322,523,176 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\MJ\Plocha\WindowsXP-KB936929-SP3-x86-CSY.exe
[2010.03.30 19:42:56 | 000,209,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.03.30 18:10:38 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Skype.lnk
[2010.03.29 21:54:17 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.03.28 15:41:58 | 090,552,374 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Marek Jiroš, OKNA, DVEŘE.rar
[2010.03.28 15:05:10 | 030,897,573 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\avira antivir.rar
[2010.03.28 10:28:43 | 000,920,954 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.03.28 10:28:43 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.03.28 10:28:43 | 000,389,664 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.03.28 10:28:43 | 000,068,736 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.03.28 10:28:43 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.03.27 22:35:55 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.27 00:05:38 | 000,312,832 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\MJ OKNA DVEŘE, mailing.doc
[2010.03.26 12:50:26 | 000,021,726 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Image (2).tif
[2010.03.26 12:50:22 | 000,020,434 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Image.tif
[2010.03.24 20:27:34 | 000,000,038 | ---- | M] () -- C:\{ec81ab65-9ded-4c70-bc7d-a4d9e14e361d}
[2010.03.23 22:06:32 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\OKNA, DVEŘE, vzory textu.doc
[2010.03.17 08:47:54 | 000,517,120 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\poštovní schránky.doc
[2010.03.10 20:14:17 | 000,000,932 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Plocha\Nero Online Upgrade.lnk
[2010.03.10 20:06:06 | 000,001,317 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Plocha\Nero StartSmart.lnk
[2010.03.10 20:06:03 | 000,001,774 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Plocha\LightScribe.lnk
[2010.03.10 20:01:51 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Plocha\CyberLink Multimedia Launcher.lnk
[2010.03.10 18:07:08 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Oznámení Intos.doc
[2010.03.10 17:57:28 | 000,065,682 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Schnell_Inform_090925.pdf
[2010.03.10 17:57:18 | 000,535,759 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Schnell_Inform_090929.pdf
[2010.03.10 17:53:04 | 000,036,680 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Schnell_Inform_091118.pdf
[2010.03.10 17:49:32 | 000,087,040 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\nab, aluplast, oknarab.doc
[2010.03.10 17:49:14 | 000,040,655 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\nab, 8064-09, parapety.rtf
[2010.03.10 17:47:16 | 000,164,609 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\climax, žaluzie ext, 50.pdf
[2010.03.10 17:24:18 | 000,119,808 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Reklamační řád a záruční podmínky 4_1_201.doc
[2010.03.10 17:24:14 | 000,105,171 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\intos, Reklamační řád a záruční podmínky 4_1_201.pdf
[2010.03.10 17:24:10 | 000,047,677 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\intos, změna SML bod č_8_4_záruční podmínky.rtf
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.04.04 09:59:51 | 000,047,246 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\poranění měkkého kolena.rtf
[2010.04.03 12:13:53 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\základy fyziatrické léčby, capko.doc
[2010.04.02 00:21:49 | 000,942,592 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\HSS.doc
[2010.04.02 00:13:57 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\MJ\Plocha\~$vý objekt - Microsoft Word Document.doc
[2010.04.01 22:27:13 | 016,999,990 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\IE8-WindowsXP-x86-CSY.rar
[2010.03.28 15:41:14 | 090,552,374 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Marek Jiroš, OKNA, DVEŘE.rar
[2010.03.28 15:04:47 | 030,897,573 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\avira antivir.rar
[2010.03.27 23:02:31 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\MJ, MASÉRSKÉ, REKONDIČNÍ A REGENERAČNÍ SLUŽBY.doc
[2010.03.26 12:50:25 | 000,021,726 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Image (2).tif
[2010.03.26 12:50:22 | 000,020,434 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Image.tif
[2010.03.24 20:08:12 | 000,000,038 | ---- | C] () -- C:\{ec81ab65-9ded-4c70-bc7d-a4d9e14e361d}
[2010.03.17 07:58:28 | 000,517,120 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\poštovní schránky.doc
[2010.03.10 20:11:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.03.10 20:06:06 | 000,001,317 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Plocha\Nero StartSmart.lnk
[2010.03.10 20:06:03 | 000,001,774 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Plocha\LightScribe.lnk
[2010.03.10 20:05:46 | 000,000,932 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Plocha\Nero Online Upgrade.lnk
[2010.03.10 20:04:11 | 000,059,042 | ---- | C] () -- C:\WINDOWS\NuNinst.cfg
[2010.03.10 20:01:51 | 000,001,900 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Plocha\CyberLink Multimedia Launcher.lnk
[2010.03.10 20:01:48 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2010.03.10 18:07:08 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Oznámení Intos.doc
[2010.03.10 17:57:28 | 000,065,682 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Schnell_Inform_090925.pdf
[2010.03.10 17:57:15 | 000,535,759 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Schnell_Inform_090929.pdf
[2010.03.10 17:53:03 | 000,036,680 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Schnell_Inform_091118.pdf
[2010.03.10 17:49:30 | 000,087,040 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\nab, aluplast, oknarab.doc
[2010.03.10 17:49:13 | 000,040,655 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\nab, 8064-09, parapety.rtf
[2010.03.10 17:47:13 | 000,164,609 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\climax, žaluzie ext, 50.pdf
[2010.03.10 17:31:16 | 000,312,832 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\MJ OKNA DVEŘE, mailing.doc
[2010.03.10 17:24:16 | 000,119,808 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Reklamační řád a záruční podmínky 4_1_201.doc
[2010.03.10 17:24:12 | 000,105,171 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\intos, Reklamační řád a záruční podmínky 4_1_201.pdf
[2010.03.10 17:24:09 | 000,047,677 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\intos, změna SML bod č_8_4_záruční podmínky.rtf
[2010.02.23 20:08:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2010.02.01 09:55:22 | 000,130,560 | RHS- | C] () -- C:\WINDOWS\System32\tsd320.dll
[2010.01.28 17:46:49 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.01.24 11:08:35 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.12.20 22:50:05 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.14 15:45:38 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009.12.12 09:49:49 | 000,000,744 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.12.12 09:43:17 | 000,000,180 | -HS- | C] () -- C:\Documents and Settings\MJ\ntuser.ini
[2009.12.12 09:43:16 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\MJ\ntuser.dat.LOG
[2009.12.12 09:43:15 | 005,242,880 | -H-- | C] () -- C:\Documents and Settings\MJ\NTUSER.DAT
[2008.02.01 09:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2007.02.28 18:42:05 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[2003.01.07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.03.25 20:02:14 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
< End of report >
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\MJ\Plocha
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1 014,00 Mb Total Physical Memory | 619,00 Mb Available Physical Memory | 61,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 30,40 Gb Free Space | 81,59% Space Free | Partition Type: NTFS
Drive D: | 3,99 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MJ-XUO0PUS6PEH1
Current User Name: MJ
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.04.05 12:18:08 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MJ\Plocha\OTL.exe
PRC - [2009.12.14 22:47:03 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009.07.21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.10.31 07:24:28 | 001,365,288 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
PRC - [2008.10.31 07:24:28 | 000,095,528 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
PRC - [2008.10.31 07:24:26 | 001,705,256 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
PRC - [2005.07.08 18:24:46 | 000,871,424 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2005.07.08 17:25:10 | 001,397,760 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2004.11.02 21:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PRC - [2002.09.20 18:05:24 | 001,004,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010.04.05 12:18:08 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MJ\Plocha\OTL.exe
MOD - [2002.09.20 18:03:32 | 000,921,600 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2010.02.23 20:08:46 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009.07.21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.10.31 07:24:28 | 001,365,288 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe -- (SPF4)
SRV - [2008.10.31 07:24:28 | 000,095,528 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe -- (SbPF.Launcher)
SRV - [2005.07.08 18:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
========== Driver Services (SafeList) ==========
DRV - [2009.12.10 18:23:36 | 006,017,568 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.11.18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.06.05 16:16:32 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009.05.11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:29:11 | 000,022,360 | ---- | M] (Avira GmbH) [File_System | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntmgr.sys -- (avgntmgr)
DRV - [2009.02.13 12:17:49 | 000,045,416 | ---- | M] (Avira GmbH) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgntdd.sys -- (avgntdd)
DRV - [2008.10.31 07:09:06 | 000,270,888 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2008.06.21 04:54:54 | 000,066,600 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2008.06.21 04:54:54 | 000,065,576 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2005.07.08 18:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005.07.08 18:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005.07.08 17:17:31 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDrm.sys -- (incdrm)
DRV - [2005.01.07 18:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - Reg Error: Key error. File not found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
O1 HOSTS File: ([2010.03.29 21:24:00 | 000,000,698 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Rádio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: WikiKomentáře Google... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O15 - HKCU\..Trusted Domains: ([]msn in Tento počítač)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Důvěryhodné servery)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Důvěryhodné servery)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Důvěryhodné servery)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 0800136140 (WUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/L ... nstall.cab (WebSDev Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.04.05 12:18:06 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MJ\Plocha\OTL.exe
[2010.04.05 05:34:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\MJ\Recent
[2010.04.05 04:31:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\nabídky, MJ OKNA, DVEŘE, soukromí investoři
[2010.04.05 04:17:18 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.04.05 04:17:17 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.01 22:26:32 | 017,013,088 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\MJ\Plocha\IE8-WindowsXP-x86-CSY.exe
[2010.03.30 20:31:45 | 000,270,888 | R--- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFw.sys
[2010.03.30 20:31:45 | 000,065,576 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFwIm.sys
[2010.03.30 20:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2010.03.30 20:27:14 | 006,000,608 | ---- | C] (Sunbelt Software ) -- C:\Documents and Settings\MJ\Plocha\sunbelt-personal-firewall.exe
[2010.03.30 20:02:03 | 322,523,176 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\MJ\Plocha\WindowsXP-KB936929-SP3-x86-CSY.exe
[2010.03.29 23:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\zelená úsporám - směrnice
[2010.03.29 23:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\winamp
[2010.03.29 23:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\vgp, horní počernice
[2010.03.29 23:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\trocal
[2010.03.29 23:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\trigema
[2010.03.29 23:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\Tomáš Korecký
[2010.03.29 23:42:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\Realtek_LAN_PCIE_MB
[2010.03.29 23:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\pacienti
[2010.03.29 23:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\OpenOffice.org 3.0 (cs) Installation Files
[2010.03.29 23:42:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\nůž
[2010.03.29 23:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\Marek Jiroš, REALITNÍ SLUŽBY
[2010.03.29 23:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\Marek Jiroš, OKNA, DVEŘE
[2010.03.29 23:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\Marek Jiroš, CV
[2010.03.29 23:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\kovosystem
[2010.03.29 23:41:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\koef. tep. prost U
[2010.03.29 23:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\kbe select
[2010.03.29 23:41:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\avira antivir
[2010.03.29 22:44:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.03.29 21:55:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.03.29 21:32:48 | 000,047,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2010.03.29 20:04:37 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\MJ\Plocha\mbam-setup.exe
[2010.03.10 20:14:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\LightScribe
[2010.03.10 20:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Data aplikací\CyberLink
[2010.03.10 20:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Dokumenty\CyberLink
[2010.03.10 20:10:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\CyberLink
[2010.03.10 20:06:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2010.03.10 20:04:47 | 000,364,544 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\TwnLib4.dll
[2010.03.10 20:04:47 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2010.03.10 20:04:44 | 000,471,040 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXRA7.dll
[2010.03.10 20:04:44 | 000,262,144 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXR7.dll
[2010.03.10 20:04:43 | 001,568,768 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagX7.dll
[2010.03.10 20:04:43 | 000,476,320 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXpr7.dll
[2010.03.10 20:04:42 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2010.03.10 20:04:10 | 002,973,696 | ---- | C] (Nero AG) -- C:\WINDOWS\NuNinst.exe
[2010.03.10 20:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2010.03.10 20:04:06 | 000,099,584 | ---- | C] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDfs.sys
[2010.03.10 20:04:06 | 000,029,696 | ---- | C] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDpass.sys
[2010.03.10 20:04:06 | 000,028,672 | ---- | C] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDrm.sys
[2010.03.10 20:04:06 | 000,008,704 | ---- | C] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDrec.sys
[2010.03.10 20:04:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\InCD
[2010.03.10 20:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2010.03.10 20:02:14 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2010.03.10 20:01:58 | 000,000,000 | ---D | C] -- C:\MyWorks
[2010.03.10 20:01:47 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink DVD Solution
[2009.12.11 22:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2009.12.11 22:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2009.12.11 22:47:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2009.12.11 22:47:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.04.05 12:18:08 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MJ\Plocha\OTL.exe
[2010.04.05 11:20:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.05 08:34:58 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.05 08:34:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.05 08:34:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.05 08:34:01 | 000,000,180 | -HS- | M] () -- C:\Documents and Settings\MJ\ntuser.ini
[2010.04.05 08:34:00 | 005,242,880 | -H-- | M] () -- C:\Documents and Settings\MJ\NTUSER.DAT
[2010.04.05 08:33:57 | 003,712,656 | -H-- | M] () -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\IconCache.db
[2010.04.05 05:28:43 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.04.05 05:24:43 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.05 04:34:58 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\MJ, MASÉRSKÉ, REKONDIČNÍ A REGENERAČNÍ SLUŽBY.doc
[2010.04.04 10:02:36 | 000,047,246 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\poranění měkkého kolena.rtf
[2010.04.04 09:44:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.04 00:45:33 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\základy fyziatrické léčby, capko.doc
[2010.04.02 00:22:49 | 000,942,592 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\HSS.doc
[2010.04.02 00:13:57 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\MJ\Plocha\~$vý objekt - Microsoft Word Document.doc
[2010.04.01 22:27:24 | 016,999,990 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\IE8-WindowsXP-x86-CSY.rar
[2010.04.01 22:26:32 | 017,013,088 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\MJ\Plocha\IE8-WindowsXP-x86-CSY.exe
[2010.03.30 20:27:14 | 006,000,608 | ---- | M] (Sunbelt Software ) -- C:\Documents and Settings\MJ\Plocha\sunbelt-personal-firewall.exe
[2010.03.30 20:02:03 | 322,523,176 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\MJ\Plocha\WindowsXP-KB936929-SP3-x86-CSY.exe
[2010.03.30 19:42:56 | 000,209,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.03.30 18:10:38 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Skype.lnk
[2010.03.29 21:54:17 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.03.28 15:41:58 | 090,552,374 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Marek Jiroš, OKNA, DVEŘE.rar
[2010.03.28 15:05:10 | 030,897,573 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\avira antivir.rar
[2010.03.28 10:28:43 | 000,920,954 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.03.28 10:28:43 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.03.28 10:28:43 | 000,389,664 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.03.28 10:28:43 | 000,068,736 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.03.28 10:28:43 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.03.27 22:35:55 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.27 00:05:38 | 000,312,832 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\MJ OKNA DVEŘE, mailing.doc
[2010.03.26 12:50:26 | 000,021,726 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Image (2).tif
[2010.03.26 12:50:22 | 000,020,434 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Image.tif
[2010.03.24 20:27:34 | 000,000,038 | ---- | M] () -- C:\{ec81ab65-9ded-4c70-bc7d-a4d9e14e361d}
[2010.03.23 22:06:32 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\OKNA, DVEŘE, vzory textu.doc
[2010.03.17 08:47:54 | 000,517,120 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\poštovní schránky.doc
[2010.03.10 20:14:17 | 000,000,932 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Plocha\Nero Online Upgrade.lnk
[2010.03.10 20:06:06 | 000,001,317 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Plocha\Nero StartSmart.lnk
[2010.03.10 20:06:03 | 000,001,774 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Plocha\LightScribe.lnk
[2010.03.10 20:01:51 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Plocha\CyberLink Multimedia Launcher.lnk
[2010.03.10 18:07:08 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Oznámení Intos.doc
[2010.03.10 17:57:28 | 000,065,682 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Schnell_Inform_090925.pdf
[2010.03.10 17:57:18 | 000,535,759 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Schnell_Inform_090929.pdf
[2010.03.10 17:53:04 | 000,036,680 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Schnell_Inform_091118.pdf
[2010.03.10 17:49:32 | 000,087,040 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\nab, aluplast, oknarab.doc
[2010.03.10 17:49:14 | 000,040,655 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\nab, 8064-09, parapety.rtf
[2010.03.10 17:47:16 | 000,164,609 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\climax, žaluzie ext, 50.pdf
[2010.03.10 17:24:18 | 000,119,808 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Reklamační řád a záruční podmínky 4_1_201.doc
[2010.03.10 17:24:14 | 000,105,171 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\intos, Reklamační řád a záruční podmínky 4_1_201.pdf
[2010.03.10 17:24:10 | 000,047,677 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\intos, změna SML bod č_8_4_záruční podmínky.rtf
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.04.04 09:59:51 | 000,047,246 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\poranění měkkého kolena.rtf
[2010.04.03 12:13:53 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\základy fyziatrické léčby, capko.doc
[2010.04.02 00:21:49 | 000,942,592 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\HSS.doc
[2010.04.02 00:13:57 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\MJ\Plocha\~$vý objekt - Microsoft Word Document.doc
[2010.04.01 22:27:13 | 016,999,990 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\IE8-WindowsXP-x86-CSY.rar
[2010.03.28 15:41:14 | 090,552,374 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Marek Jiroš, OKNA, DVEŘE.rar
[2010.03.28 15:04:47 | 030,897,573 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\avira antivir.rar
[2010.03.27 23:02:31 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\MJ, MASÉRSKÉ, REKONDIČNÍ A REGENERAČNÍ SLUŽBY.doc
[2010.03.26 12:50:25 | 000,021,726 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Image (2).tif
[2010.03.26 12:50:22 | 000,020,434 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Image.tif
[2010.03.24 20:08:12 | 000,000,038 | ---- | C] () -- C:\{ec81ab65-9ded-4c70-bc7d-a4d9e14e361d}
[2010.03.17 07:58:28 | 000,517,120 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\poštovní schránky.doc
[2010.03.10 20:11:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.03.10 20:06:06 | 000,001,317 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Plocha\Nero StartSmart.lnk
[2010.03.10 20:06:03 | 000,001,774 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Plocha\LightScribe.lnk
[2010.03.10 20:05:46 | 000,000,932 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Plocha\Nero Online Upgrade.lnk
[2010.03.10 20:04:11 | 000,059,042 | ---- | C] () -- C:\WINDOWS\NuNinst.cfg
[2010.03.10 20:01:51 | 000,001,900 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Plocha\CyberLink Multimedia Launcher.lnk
[2010.03.10 20:01:48 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2010.03.10 18:07:08 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Oznámení Intos.doc
[2010.03.10 17:57:28 | 000,065,682 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Schnell_Inform_090925.pdf
[2010.03.10 17:57:15 | 000,535,759 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Schnell_Inform_090929.pdf
[2010.03.10 17:53:03 | 000,036,680 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Schnell_Inform_091118.pdf
[2010.03.10 17:49:30 | 000,087,040 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\nab, aluplast, oknarab.doc
[2010.03.10 17:49:13 | 000,040,655 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\nab, 8064-09, parapety.rtf
[2010.03.10 17:47:13 | 000,164,609 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\climax, žaluzie ext, 50.pdf
[2010.03.10 17:31:16 | 000,312,832 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\MJ OKNA DVEŘE, mailing.doc
[2010.03.10 17:24:16 | 000,119,808 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Reklamační řád a záruční podmínky 4_1_201.doc
[2010.03.10 17:24:12 | 000,105,171 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\intos, Reklamační řád a záruční podmínky 4_1_201.pdf
[2010.03.10 17:24:09 | 000,047,677 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\intos, změna SML bod č_8_4_záruční podmínky.rtf
[2010.02.23 20:08:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2010.02.01 09:55:22 | 000,130,560 | RHS- | C] () -- C:\WINDOWS\System32\tsd320.dll
[2010.01.28 17:46:49 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.01.24 11:08:35 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.12.20 22:50:05 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.14 15:45:38 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009.12.12 09:49:49 | 000,000,744 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.12.12 09:43:17 | 000,000,180 | -HS- | C] () -- C:\Documents and Settings\MJ\ntuser.ini
[2009.12.12 09:43:16 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\MJ\ntuser.dat.LOG
[2009.12.12 09:43:15 | 005,242,880 | -H-- | C] () -- C:\Documents and Settings\MJ\NTUSER.DAT
[2008.02.01 09:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2007.02.28 18:42:05 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[2003.01.07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.03.25 20:02:14 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
< End of report >
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: VIRUS, MALWARE
Spusťte OTL a do spodního okna vložte následující skript.
Kód: Vybrat vše
:OTL
O15 - HKCU\..Trusted Domains: ([]msn in Tento počítač)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Důvěryhodné servery)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Důvěryhodné servery)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Důvěryhodné servery)
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
:Commands
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]
[REBOOT] C:\WINDOWS\System32\tsd320.dll
(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)
Re: VIRUS, MALWARE
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.tw\asia.msi\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.tw\global.msi\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.tw\www.msi\ not found.
File/Folder C:\WINDOWS\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: All Users.WINDOWS
User: Default User
User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Marek Jiroš
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: MJ
->Temp folder emptied: 670326 bytes
->Temporary Internet Files folder emptied: 1830036 bytes
->Flash cache emptied: 808 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 2,00 mb
[EMPTYFLASH]
User: Administrator
->Flash cache emptied: 0 bytes
User: All Users
User: All Users.WINDOWS
User: Default User
User: Default User.WINDOWS
User: LocalService
User: LocalService.NT AUTHORITY
User: Marek Jiroš
User: MJ
->Flash cache emptied: 0 bytes
User: NetworkService
User: NetworkService.NT AUTHORITY
Total Flash Files Cleaned = 0,00 mb
Restore points cleared and new OTL Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
OTL by OldTimer - Version 3.2.1.0 log created on 04052010_160526
Files\Folders moved on Reboot...
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\LZND1QG8\afr[2].php moved successfully.
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\LZND1QG8\afr[3].php moved successfully.
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\LZND1QG8\honeypot_export[1].php moved successfully.
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\2UOE6WM4\afr[1].php moved successfully.
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\2UOE6WM4\viewtopic[1].php moved successfully.
Registry entries deleted on Reboot...
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.tw\asia.msi\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.tw\global.msi\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.tw\www.msi\ not found.
File/Folder C:\WINDOWS\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: All Users.WINDOWS
User: Default User
User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Marek Jiroš
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: MJ
->Temp folder emptied: 670326 bytes
->Temporary Internet Files folder emptied: 1830036 bytes
->Flash cache emptied: 808 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 2,00 mb
[EMPTYFLASH]
User: Administrator
->Flash cache emptied: 0 bytes
User: All Users
User: All Users.WINDOWS
User: Default User
User: Default User.WINDOWS
User: LocalService
User: LocalService.NT AUTHORITY
User: Marek Jiroš
User: MJ
->Flash cache emptied: 0 bytes
User: NetworkService
User: NetworkService.NT AUTHORITY
Total Flash Files Cleaned = 0,00 mb
Restore points cleared and new OTL Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
OTL by OldTimer - Version 3.2.1.0 log created on 04052010_160526
Files\Folders moved on Reboot...
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\LZND1QG8\afr[2].php moved successfully.
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\LZND1QG8\afr[3].php moved successfully.
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\LZND1QG8\honeypot_export[1].php moved successfully.
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\2UOE6WM4\afr[1].php moved successfully.
C:\Documents and Settings\MJ\Local Settings\Temporary Internet Files\Content.IE5\2UOE6WM4\viewtopic[1].php moved successfully.
Registry entries deleted on Reboot...
Re: VIRUS, MALWARE
0 bytes size received / Se ha recibido un archivo vacio
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: VIRUS, MALWARE
Zdravím, můj problém přetrvává - emaily mi jdou odesílat jen z nouzového režimu, stejně tak jako komunikace s vámi. Nevím, jestli tam nemam nějaký vir. Posílám scan z RSIT.
Díky.
Logfile of random's system information tool 1.06 (written by random/random)
Run by MJ at 2010-04-12 20:47:04
Systém Microsoft Windows XP Professional Service Pack 1
System drive C: has 30 GB (78%) free of 38 GB
Total RAM: 1014 MB (79% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:47:09, on 12.4.2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\MJ\Plocha\RSIT.exe
C:\Program Files\trend micro\MJ.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0800136140
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Služba Google Update (gupdate1ca8f788138d1b4) (gupdate1ca8f788138d1b4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
--
End of file - 4949 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-30 279664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-01-30 812528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Rádio - C:\WINDOWS\System32\msdxm.ocx [2002-09-20 844828]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-30 279664]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-12-10 18789920]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-12-28 417792]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"RemoteControl"=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2005-07-08 1397760]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-12-14 39408]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2010-04-08 06:24:19 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-05 15:51:34 ----D---- C:\_OTL
2010-04-05 08:34:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-05 04:17:18 ----D---- C:\Program Files\trend micro
2010-04-05 04:17:17 ----D---- C:\rsit
2010-03-30 20:31:36 ----D---- C:\Program Files\Sunbelt Software
2010-03-29 22:44:53 ----SHD---- C:\RECYCLER
2010-03-29 21:55:06 ----D---- C:\WINDOWS\temp
======List of files/folders modified in the last 1 months======
2010-04-12 20:37:19 ----D---- C:\Documents and Settings\MJ\Data aplikací\Skype
2010-04-12 20:31:35 ----D---- C:\Documents and Settings\MJ\Data aplikací\skypePM
2010-04-12 20:31:28 ----D---- C:\WINDOWS\Debug
2010-04-12 17:03:06 ----D---- C:\WINDOWS\system32
2010-04-09 21:04:39 ----D---- C:\WINDOWS\Prefetch
2010-04-08 06:24:19 ----D---- C:\WINDOWS
2010-04-05 05:24:43 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-05 04:56:25 ----D---- C:\WINDOWS\System32\drivers
2010-04-05 04:55:47 ----D---- C:\WINDOWS\System32\CatRoot2
2010-04-05 04:17:18 ----RD---- C:\Program Files
2010-04-01 22:30:19 ----SD---- C:\WINDOWS\Tasks
2010-03-30 20:31:58 ----SHD---- C:\WINDOWS\Installer
2010-03-30 20:31:50 ----HD---- C:\WINDOWS\inf
2010-03-30 19:34:56 ----D---- C:\WINDOWS\Minidump
2010-03-30 19:34:03 ----D---- C:\WINDOWS\System32\Restore
2010-03-29 21:54:17 ----A---- C:\WINDOWS\system.ini
2010-03-29 21:50:40 ----D---- C:\WINDOWS\AppPatch
2010-03-29 21:50:36 ----D---- C:\Program Files\Common Files
2010-03-29 21:44:54 ----D---- C:\Documents and Settings
2010-03-29 21:32:53 ----RSHDC---- C:\WINDOWS\System32\dllcache
2010-03-29 21:18:13 ----RD---- C:\WINDOWS\Offline Web Pages
2010-03-29 20:05:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-29 18:37:16 ----SHD---- C:\WINDOWS\CSC
2010-03-28 10:28:43 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2009-02-13 45416]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\System32\drivers\incdrm.sys [2005-07-08 28672]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2009-06-05 142336]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\System32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2002-08-29 19328]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328]
S1 avipbb;avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [2009-03-30 96104]
S1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
S1 ssmdrv;ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-12-10 6017568]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
S4 InCDfs;InCD File System; C:\WINDOWS\System32\drivers\InCDfs.sys [2005-07-08 99584]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\System32\DRIVERS\sr.sys [2002-09-20 69120]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 gupdate1ca8f788138d1b4;Služba Google Update (gupdate1ca8f788138d1b4); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-07 133104]
S2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-02-17 73728]
S2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
S2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-14 182768]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2010-02-23 79360]
-----------------EOF-----------------
Díky.
Logfile of random's system information tool 1.06 (written by random/random)
Run by MJ at 2010-04-12 20:47:04
Systém Microsoft Windows XP Professional Service Pack 1
System drive C: has 30 GB (78%) free of 38 GB
Total RAM: 1014 MB (79% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:47:09, on 12.4.2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\MJ\Plocha\RSIT.exe
C:\Program Files\trend micro\MJ.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0800136140
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Služba Google Update (gupdate1ca8f788138d1b4) (gupdate1ca8f788138d1b4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
--
End of file - 4949 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-30 279664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-01-30 812528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Rádio - C:\WINDOWS\System32\msdxm.ocx [2002-09-20 844828]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-30 279664]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-12-10 18789920]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-12-28 417792]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"RemoteControl"=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2005-07-08 1397760]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-12-14 39408]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2010-04-08 06:24:19 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-05 15:51:34 ----D---- C:\_OTL
2010-04-05 08:34:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-05 04:17:18 ----D---- C:\Program Files\trend micro
2010-04-05 04:17:17 ----D---- C:\rsit
2010-03-30 20:31:36 ----D---- C:\Program Files\Sunbelt Software
2010-03-29 22:44:53 ----SHD---- C:\RECYCLER
2010-03-29 21:55:06 ----D---- C:\WINDOWS\temp
======List of files/folders modified in the last 1 months======
2010-04-12 20:37:19 ----D---- C:\Documents and Settings\MJ\Data aplikací\Skype
2010-04-12 20:31:35 ----D---- C:\Documents and Settings\MJ\Data aplikací\skypePM
2010-04-12 20:31:28 ----D---- C:\WINDOWS\Debug
2010-04-12 17:03:06 ----D---- C:\WINDOWS\system32
2010-04-09 21:04:39 ----D---- C:\WINDOWS\Prefetch
2010-04-08 06:24:19 ----D---- C:\WINDOWS
2010-04-05 05:24:43 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-05 04:56:25 ----D---- C:\WINDOWS\System32\drivers
2010-04-05 04:55:47 ----D---- C:\WINDOWS\System32\CatRoot2
2010-04-05 04:17:18 ----RD---- C:\Program Files
2010-04-01 22:30:19 ----SD---- C:\WINDOWS\Tasks
2010-03-30 20:31:58 ----SHD---- C:\WINDOWS\Installer
2010-03-30 20:31:50 ----HD---- C:\WINDOWS\inf
2010-03-30 19:34:56 ----D---- C:\WINDOWS\Minidump
2010-03-30 19:34:03 ----D---- C:\WINDOWS\System32\Restore
2010-03-29 21:54:17 ----A---- C:\WINDOWS\system.ini
2010-03-29 21:50:40 ----D---- C:\WINDOWS\AppPatch
2010-03-29 21:50:36 ----D---- C:\Program Files\Common Files
2010-03-29 21:44:54 ----D---- C:\Documents and Settings
2010-03-29 21:32:53 ----RSHDC---- C:\WINDOWS\System32\dllcache
2010-03-29 21:18:13 ----RD---- C:\WINDOWS\Offline Web Pages
2010-03-29 20:05:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-29 18:37:16 ----SHD---- C:\WINDOWS\CSC
2010-03-28 10:28:43 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2009-02-13 45416]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\System32\drivers\incdrm.sys [2005-07-08 28672]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2009-06-05 142336]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\System32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2002-08-29 19328]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328]
S1 avipbb;avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [2009-03-30 96104]
S1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
S1 ssmdrv;ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-12-10 6017568]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
S4 InCDfs;InCD File System; C:\WINDOWS\System32\drivers\InCDfs.sys [2005-07-08 99584]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\System32\DRIVERS\sr.sys [2002-09-20 69120]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 gupdate1ca8f788138d1b4;Služba Google Update (gupdate1ca8f788138d1b4); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-07 133104]
S2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-02-17 73728]
S2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
S2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-14 182768]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2010-02-23 79360]
-----------------EOF-----------------
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: VIRUS, MALWARE
Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe- Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
- Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
- Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
- Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
- Během skenování může být počítač restartován.
Re: VIRUS, MALWARE
ComboFix 10-04-12.01 - MJ 12.04.2010 21:33:11.10.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.420.1029.18.1014.731 [GMT 2:00]
Spuštěný z: c:\documents and settings\MJ\Plocha\ComboFix.exe
.
/wow section - STAGE 4
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-12 do 2010-04-12 )))))))))))))))))))))))))))))))
.
2010-04-05 13:51 . 2010-04-05 13:51 -------- d-----w- C:\_OTL
2010-04-05 02:17 . 2010-04-12 18:47 -------- d-----w- c:\program files\trend micro
2010-04-05 02:17 . 2010-04-05 02:17 -------- d-----w- C:\rsit
2010-03-30 18:31 . 2008-10-31 05:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2010-03-30 18:31 . 2008-06-21 02:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2010-03-30 18:31 . 2010-03-30 18:31 -------- d-----w- c:\program files\Sunbelt Software
2010-03-29 19:32 . 2002-08-28 23:27 47488 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2010-03-29 19:32 . 2002-08-28 23:27 47488 ----a-w- c:\windows\system32\drivers\cdrom.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-12 15:03 . 2010-01-24 09:48 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-29 18:05 . 2010-01-22 20:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-28 08:28 . 2001-10-25 12:00 68736 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 08:28 . 2001-10-25 12:00 389664 ----a-w- c:\windows\system32\perfh005.dat
2010-03-10 18:06 . 2010-03-10 18:06 -------- d-----w- c:\program files\Common Files\LightScribe
2010-03-10 18:04 . 2010-03-10 18:04 -------- d-----w- c:\program files\Ahead
2010-03-10 18:04 . 2010-03-10 18:04 -------- d-----w- c:\program files\Common Files\Ahead
2010-03-10 18:03 . 2010-03-10 18:01 -------- d-----w- c:\program files\CyberLink DVD Solution
2010-03-10 18:03 . 2009-12-14 13:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-10 18:02 . 2010-03-10 18:02 -------- d-----w- c:\program files\CyberLink
2010-03-10 18:01 . 2009-12-15 16:44 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-04 14:15 . 2009-12-20 17:51 -------- d-----w- c:\program files\Winamp
2010-03-02 22:14 . 2010-03-02 19:36 -------- d-----w- c:\program files\GRETECH
2010-02-23 18:08 . 2010-02-23 18:08 -------- d-----w- c:\program files\Common Files\SolidWorks Shared
2010-02-23 18:08 . 2010-02-23 18:08 -------- d-----w- c:\program files\Common Files\eDrawings2008
2010-02-23 18:02 . 2010-02-23 18:02 -------- d-----w- c:\program files\IGC
2010-02-01 07:55 . 2010-02-01 07:55 130560 --sha-r- c:\windows\system32\tsd320.dll
2010-01-27 21:45 . 2009-12-14 18:57 737280 ----a-w- c:\windows\iun6002.exe
2010-01-22 06:51 . 2010-01-22 06:51 552 ----a-w- c:\windows\system32\d3d8caps.dat
2004-10-01 14:00 . 2010-03-10 18:01 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-14 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-12-10 18789920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-12-28 417792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-09-20 13312]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2.2.2010 10:25 22360]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2.2.2010 10:25 45416]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [30.3.2010 20:31 270888]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [30.3.2010 20:31 65576]
S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2.2.2010 10:25 108289]
S2 gupdate1ca8f788138d1b4;Služba Google Update (gupdate1ca8f788138d1b4);c:\program files\Google\Update\GoogleUpdate.exe [7.1.2010 11:05 133104]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [17.12.2009 23:56 1691480]
.
Obsah adresáře 'Naplánované úlohy'
2010-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 09:04]
2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 09:04]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-12 21:42
Windows 5.1.2600 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(880)
c:\windows\System32\ODBC32.dll
- - - - - - - > 'lsass.exe'(948)
c:\windows\System32\dssenh.dll
- - - - - - - > 'explorer.exe'(1340)
c:\windows\System32\msi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
Celkový čas: 2010-04-12 21:43:59
ComboFix-quarantined-files.txt 2010-04-12 19:43
Před spuštěním: Volných bajtů: 31 280 529 408
Po spuštění: Volných bajtů: 32 563 040 256
- - End Of File - - 00C3BC3967D8AF3B2F8FBB7D8FEEDA5B
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.420.1029.18.1014.731 [GMT 2:00]
Spuštěný z: c:\documents and settings\MJ\Plocha\ComboFix.exe
.
/wow section - STAGE 4
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-12 do 2010-04-12 )))))))))))))))))))))))))))))))
.
2010-04-05 13:51 . 2010-04-05 13:51 -------- d-----w- C:\_OTL
2010-04-05 02:17 . 2010-04-12 18:47 -------- d-----w- c:\program files\trend micro
2010-04-05 02:17 . 2010-04-05 02:17 -------- d-----w- C:\rsit
2010-03-30 18:31 . 2008-10-31 05:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2010-03-30 18:31 . 2008-06-21 02:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2010-03-30 18:31 . 2010-03-30 18:31 -------- d-----w- c:\program files\Sunbelt Software
2010-03-29 19:32 . 2002-08-28 23:27 47488 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2010-03-29 19:32 . 2002-08-28 23:27 47488 ----a-w- c:\windows\system32\drivers\cdrom.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-12 15:03 . 2010-01-24 09:48 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-29 18:05 . 2010-01-22 20:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-28 08:28 . 2001-10-25 12:00 68736 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 08:28 . 2001-10-25 12:00 389664 ----a-w- c:\windows\system32\perfh005.dat
2010-03-10 18:06 . 2010-03-10 18:06 -------- d-----w- c:\program files\Common Files\LightScribe
2010-03-10 18:04 . 2010-03-10 18:04 -------- d-----w- c:\program files\Ahead
2010-03-10 18:04 . 2010-03-10 18:04 -------- d-----w- c:\program files\Common Files\Ahead
2010-03-10 18:03 . 2010-03-10 18:01 -------- d-----w- c:\program files\CyberLink DVD Solution
2010-03-10 18:03 . 2009-12-14 13:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-10 18:02 . 2010-03-10 18:02 -------- d-----w- c:\program files\CyberLink
2010-03-10 18:01 . 2009-12-15 16:44 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-04 14:15 . 2009-12-20 17:51 -------- d-----w- c:\program files\Winamp
2010-03-02 22:14 . 2010-03-02 19:36 -------- d-----w- c:\program files\GRETECH
2010-02-23 18:08 . 2010-02-23 18:08 -------- d-----w- c:\program files\Common Files\SolidWorks Shared
2010-02-23 18:08 . 2010-02-23 18:08 -------- d-----w- c:\program files\Common Files\eDrawings2008
2010-02-23 18:02 . 2010-02-23 18:02 -------- d-----w- c:\program files\IGC
2010-02-01 07:55 . 2010-02-01 07:55 130560 --sha-r- c:\windows\system32\tsd320.dll
2010-01-27 21:45 . 2009-12-14 18:57 737280 ----a-w- c:\windows\iun6002.exe
2010-01-22 06:51 . 2010-01-22 06:51 552 ----a-w- c:\windows\system32\d3d8caps.dat
2004-10-01 14:00 . 2010-03-10 18:01 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-14 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-12-10 18789920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-12-28 417792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-09-20 13312]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2.2.2010 10:25 22360]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2.2.2010 10:25 45416]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [30.3.2010 20:31 270888]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [30.3.2010 20:31 65576]
S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2.2.2010 10:25 108289]
S2 gupdate1ca8f788138d1b4;Služba Google Update (gupdate1ca8f788138d1b4);c:\program files\Google\Update\GoogleUpdate.exe [7.1.2010 11:05 133104]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [17.12.2009 23:56 1691480]
.
Obsah adresáře 'Naplánované úlohy'
2010-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 09:04]
2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 09:04]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-12 21:42
Windows 5.1.2600 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(880)
c:\windows\System32\ODBC32.dll
- - - - - - - > 'lsass.exe'(948)
c:\windows\System32\dssenh.dll
- - - - - - - > 'explorer.exe'(1340)
c:\windows\System32\msi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
Celkový čas: 2010-04-12 21:43:59
ComboFix-quarantined-files.txt 2010-04-12 19:43
Před spuštěním: Volných bajtů: 31 280 529 408
Po spuštění: Volných bajtů: 32 563 040 256
- - End Of File - - 00C3BC3967D8AF3B2F8FBB7D8FEEDA5B
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: VIRUS, MALWARE
Stáhněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=67229- Podle návodu v odkazu nainstalujte, poté dejte úplný sken.
- Nic nemažte MBAM má občas falešné detekce a mohl by smazat např. systémové soubory.
- Log vložte sem.
Re: VIRUS, MALWARE
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3928
Windows 5.1.2600 Service Pack 1 (Safe Mode)
Internet Explorer 6.0.2800.1106
12.4.2010 22:07:10
mbam-log-2010-04-12 (22-07-10).txt
Typ kontroly: Kompletní kontrola (A:\|C:\|D:\|)
Zkontrolované objekty: 168496
Uplynulý čas: 11 minute(s), 40 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)
Verze databáze: 3928
Windows 5.1.2600 Service Pack 1 (Safe Mode)
Internet Explorer 6.0.2800.1106
12.4.2010 22:07:10
mbam-log-2010-04-12 (22-07-10).txt
Typ kontroly: Kompletní kontrola (A:\|C:\|D:\|)
Zkontrolované objekty: 168496
Uplynulý čas: 11 minute(s), 40 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: VIRUS, MALWARE
aplikoval jsem winsockxpfix a potom zkusil odeslat e-mail a ten odešel. vypadá to, že se to uzdravilo.
Přispějete na provoz fóra?