VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Kontrola

https://forum.viry.cz:443/viewtopic.php?t=99916

Stránka 1 z 2

Kontrola

Napsal: 10 dub 2010 11:36
od self_defense
Logfile of random's system information tool 1.06 (written by random/random)
Run by Daiw at 2010-04-10 12:35:28
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 13 GB (34%) free of 40 GB
Total RAM: 1023 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:47, on 10. 4. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\WINDOWS\TBPanel.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\windows\RTHDCPL.EXE
C:\windows\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Eset\nod32krn.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\VentriloMIX\Ventrilo 2.1.4.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\Documents and Settings\Daiw\My Documents\Preberanie\RSIT.exe
C:\Documents and Settings\Daiw\My Documents\Preberanie\RSIT.exe
C:\Program Files\trend micro\Daiw.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP0.dll
O3 - Toolbar: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP0.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe

--
End of file - 3363 bytes

======Scheduled tasks folder======

C:\windows\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
PHPNukeEN Toolbar - C:\Program Files\PHPNukeEN\tbPHP0.dll [2010-02-14 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{dd02a4eb-4afd-4d60-99d8-e67f964ca813} - PHPNukeEN Toolbar - C:\Program Files\PHPNukeEN\tbPHP0.dll [2010-02-14 2349080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=C:\windows\SkyTel.EXE [2006-05-16 2879488]
"Gainward"=C:\WINDOWS\TBPanel.exe [2007-06-26 2173480]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-07-23 8466432]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-07-23 81920]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2005-11-15 921600]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"RTHDCPL"=C:\windows\RTHDCPL.EXE [2006-12-19 16062464]
"Alcmtr"=C:\windows\ALCMTR.EXE [2005-05-03 69632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\windows\system32\ctfmon.exe [2007-07-27 15360]
"Steam"=c:\program files\steam\steam.exe [2010-03-24 1217872]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-03-09 26100520]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Steam\SteamApps\6daw6\counter-strike source\hl2.exe"="C:\Program Files\Steam\SteamApps\6daw6\counter-strike source\hl2.exe:*:Enabled:hl2"
"D:\Lord of the ring 2\game.dat"="D:\Lord of the ring 2\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"D:\Lord of the ring 2\patchget.dat"="D:\Lord of the ring 2\patchget.dat:*:Enabled:patchgrabber"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Steam\SteamApps\6daw6\half-life 2 deathmatch\hl2.exe"="C:\Program Files\Steam\SteamApps\6daw6\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"D:\Counter-Strike Source\hl2.exe"="D:\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\MotoRacer3\MotoRacer3.exe"="C:\Program Files\MotoRacer3\MotoRacer3.exe:*:Enabled:Moto Racer 3 PC"
"C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe"="C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited"
"C:\Program Files\EA SPORTS\NHL07\nhl2007pal.exe"="C:\Program Files\EA SPORTS\NHL07\nhl2007pal.exe:*:Enabled:nhl2007pal"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Steam\steamapps\daiw8\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\daiw8\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\common\zero gear\Server\ZeroGearServer.exe"="C:\Program Files\Steam\steamapps\common\zero gear\Server\ZeroGearServer.exe:*:Enabled:ZeroGearServer"
"C:\Program Files\EA SPORTS\FIFA 10\FIFA10.exe"="C:\Program Files\EA SPORTS\FIFA 10\FIFA10.exe:*:Enabled:FIFA10"
"C:\Program Files\Steam\steamapps\daiw8\insurgency\hl2.exe"="C:\Program Files\Steam\steamapps\daiw8\insurgency\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForever.exe"="C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForever.exe:*:Enabled:TrackMania Nations Forever"
"C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe"="C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:*:Enabled:TrackMania Nations Forever"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-04-10 12:35:29 ----D---- C:\Program Files\trend micro
2010-04-10 12:35:28 ----D---- C:\rsit
2010-04-10 12:27:43 ----D---- C:\Documents and Settings\Daiw\Application Data\TeamViewer
2010-04-10 12:26:39 ----D---- C:\Program Files\TeamViewer
2010-04-07 15:49:55 ----A---- C:\windows\madagascar.ini
2010-04-07 15:37:35 ----D---- C:\Program Files\Activision
2010-03-27 20:48:26 ----D---- C:\Documents and Settings\Daiw\Application Data\Mumble
2010-03-27 20:47:48 ----D---- C:\Program Files\Mumble
2010-03-26 22:53:47 ----D---- C:\Documents and Settings\Daiw\Application Data\skypePM
2010-03-26 22:53:18 ----D---- C:\Documents and Settings\Daiw\Application Data\Skype
2010-03-26 22:53:07 ----D---- C:\Program Files\Common Files\Skype
2010-03-26 22:53:01 ----RD---- C:\Program Files\Skype
2010-03-25 12:22:37 ----A---- C:\windows\system32\XAudio2_6.dll
2010-03-25 12:22:37 ----A---- C:\windows\system32\XAPOFX1_4.dll
2010-03-25 12:22:36 ----A---- C:\windows\system32\xactengine3_6.dll
2010-03-25 12:22:35 ----A---- C:\windows\system32\X3DAudio1_7.dll
2010-03-25 12:21:59 ----D---- C:\Program Files\X-ray Anti-Cheat
2010-03-25 10:03:47 ----D---- C:\Documents and Settings\Daiw\Application Data\Ventrilo
2010-03-25 10:03:20 ----D---- C:\Program Files\VentriloMIX
2010-03-24 21:58:40 ----D---- C:\Documents and Settings\Daiw\Application Data\Ahead
2010-03-24 16:36:47 ----D---- C:\Program Files\Steam
2010-03-24 16:21:02 ----D---- C:\Documents and Settings\Daiw\Application Data\Macromedia
2010-03-24 16:21:02 ----D---- C:\Documents and Settings\Daiw\Application Data\Adobe
2010-03-24 16:20:17 ----D---- C:\Documents and Settings\Daiw\Application Data\Mozilla
2010-03-24 14:56:01 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-03-24 14:43:04 ----D---- C:\Documents and Settings\Daiw\Application Data\Identities
2010-03-24 14:42:53 ----ASH---- C:\Documents and Settings\Daiw\Application Data\desktop.ini
2010-03-24 14:42:52 ----SD---- C:\Documents and Settings\Daiw\Application Data\Microsoft
2010-03-20 13:25:52 ----D---- C:\Program Files\Hunting Unlimited 3

======List of files/folders modified in the last 1 months======

2010-04-10 12:35:29 ----RD---- C:\Program Files
2010-04-10 12:31:04 ----A---- C:\windows\DFC.INI
2010-04-10 12:30:33 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-04-10 12:30:11 ----D---- C:\windows\Prefetch
2010-04-10 11:56:09 ----D---- C:\windows\system32\CatRoot2
2010-04-10 11:42:14 ----D---- C:\windows\Temp
2010-04-10 08:45:30 ----A---- C:\windows\SchedLgU.Txt
2010-04-07 15:49:57 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-07 15:49:55 ----SHD---- C:\windows\Installer
2010-04-07 15:49:55 ----D---- C:\WINDOWS
2010-04-06 19:02:54 ----D---- C:\Program Files\Online Services
2010-04-06 12:26:34 ----A---- C:\windows\PhotoSnapViewer.INI
2010-04-06 12:06:54 ----D---- C:\Program Files\Mozilla Firefox
2010-04-02 18:07:50 ----A---- C:\windows\NeroDigital.ini
2010-03-31 16:44:26 ----HD---- C:\windows\inf
2010-03-28 07:46:20 ----D---- C:\windows\system32
2010-03-28 07:46:20 ----A---- C:\windows\system32\PerfStringBackup.INI
2010-03-26 22:53:07 ----D---- C:\Program Files\Common Files
2010-03-26 22:53:01 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2010-03-25 12:22:37 ----D---- C:\windows\system32\DirectX
2010-03-25 12:22:08 ----D---- C:\windows\WinSxS
2010-03-24 16:36:12 ----SHD---- C:\RECYCLER
2010-03-24 14:56:01 ----SD---- C:\windows\Tasks
2010-03-24 14:56:01 ----D---- C:\Program Files\Google
2010-03-24 14:51:10 ----D---- C:\Program Files\Lavasoft
2010-03-24 14:43:07 ----A---- C:\windows\OEWABLog.txt
2010-03-24 14:42:52 ----D---- C:\Documents and Settings
2010-03-14 09:53:45 ----A---- C:\windows\wininit.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\windows\System32\drivers\ws2ifsl.sys [2007-07-27 12032]
R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
R2 TBPanel;TBPanel; C:\windows\system32\drivers\TBPanel.sys [2007-03-16 12256]
R3 hamachi;Hamachi Network Interface; C:\windows\system32\DRIVERS\hamachi.sys [2010-02-06 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class Driver; C:\windows\system32\DRIVERS\hidusb.sys [2007-07-27 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RtkHDAud.sys [2006-12-21 4405248]
R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2007-07-23 6807328]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\windows\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\windows\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbehci.sys [2007-07-27 26624]
R3 usbhub;USB2 Enabled Hub; C:\windows\system32\DRIVERS\usbhub.sys [2007-07-27 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbohci.sys [2007-07-27 17024]
S1 kbdhid;Keyboard HID Driver; C:\windows\system32\DRIVERS\kbdhid.sys [2007-07-27 14848]
S3 ao3fksj3;ao3fksj3; C:\windows\system32\drivers\ao3fksj3.sys []
S3 Bridge;MAC Bridge; C:\windows\system32\DRIVERS\bridge.sys [2007-07-27 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\windows\system32\DRIVERS\bridge.sys [2007-07-27 71552]
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 mouhid;Mouse HID Driver; C:\windows\system32\DRIVERS\mouhid.sys [2007-07-27 12160]
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\windows\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\windows\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S4 IntelIde;IntelIde; C:\windows\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2005-11-15 495616]
R2 NVSvc;NVIDIA Display Driver Service; C:\windows\system32\nvsvc32.exe [2007-07-23 155716]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

-----------------EOF-----------------

Re: Kontrola

Napsal: 10 dub 2010 11:49
od Caroprd111
Zdravím :)


Obrázek Doporučuji odinstalovat (pokud nepoužíváte) toolbary (lišty) v Přidat nebo odebrat programy.


Obrázek Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
  • Spusťte program, poté klikněte na Prohledat
  • Po dokončení, sem vložte logy OTL.Txt a Extras.txt

Re: Kontrola

Napsal: 10 dub 2010 12:07
od self_defense
je to po anglicky, run scan? alebo quick scan?

Re: Kontrola

Napsal: 10 dub 2010 12:14
od Caroprd111
Run Scan

Re: Kontrola

Napsal: 10 dub 2010 12:15
od self_defense
OTL logfile created on: 10. 4. 2010 13:06:17 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Daiw\My Documents\Preberanie
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000041b | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy

1 023,00 Mb Total Physical Memory | 534,00 Mb Available Physical Memory | 52,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 13,17 Gb Free Space | 33,71% Space Free | Partition Type: NTFS
Drive D: | 109,98 Gb Total Space | 103,16 Gb Free Space | 93,80% Space Free | Partition Type: NTFS
Drive E: | 535,72 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-CF4CBB7D165D
Current User Name: Daiw
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.04.10 13:05:27 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daiw\My Documents\Preberanie\OTL.exe
PRC - [2010.04.03 22:16:24 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.03.24 16:37:08 | 001,217,872 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2010.03.18 11:29:50 | 005,140,264 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer.exe
PRC - [2007.07.27 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.11.15 12:48:42 | 000,921,600 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32kui.exe
PRC - [2005.11.15 12:48:42 | 000,495,616 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe
PRC - [2003.12.22 17:36:14 | 000,581,632 | ---- | M] () -- C:\Program Files\VentriloMIX\Ventrilo 2.1.4.exe


========== Modules (SafeList) ==========

MOD - [2010.04.10 13:05:27 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daiw\My Documents\Preberanie\OTL.exe
MOD - [2010.03.18 11:37:18 | 000,103,720 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TV.dll
MOD - [2007.07.27 14:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2005.11.15 12:48:42 | 000,495,616 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn)


========== Driver Services (SafeList) ==========

DRV - [2010.02.06 09:47:45 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.11.09 14:53:14 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.10.26 16:09:35 | 000,502,208 | ---- | M] (Eset ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)
DRV - [2007.07.23 03:41:49 | 006,807,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007.03.16 04:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007.03.16 04:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2006.12.21 10:26:00 | 004,405,248 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.08.14 08:51:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006.07.11 15:38:30 | 000,020,480 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.07.11 15:38:28 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005.01.07 18:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... id=afex&q="

FF - HKLM\software\mozilla\Flock\Extensions\\Plugins: C:\Program Files\Flock\flock\plugins
FF - HKLM\software\mozilla\Flock\Extensions\\Components: C:\Program Files\Flock\flock\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.03 22:16:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.03 22:16:30 | 000,000,000 | ---D | M]

[2010.03.24 16:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daiw\Application Data\Mozilla\Extensions
[2010.03.24 16:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daiw\Application Data\Mozilla\Firefox\Profiles\lvj7chmj.default\extensions
[2010.03.24 16:20:23 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\Daiw\Application Data\Mozilla\Firefox\Profiles\lvj7chmj.default\searchplugins\icq-search.xml
[2008.03.31 12:52:00 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Daiw\Application Data\Mozilla\Firefox\Profiles\lvj7chmj.default\searchplugins\icqplugin.gif
[2008.03.31 12:52:00 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Daiw\Application Data\Mozilla\Firefox\Profiles\lvj7chmj.default\searchplugins\icqplugin.src
[2010.04.03 22:16:41 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Daiw\Application Data\Mozilla\Firefox\Profiles\lvj7chmj.default\searchplugins\icqplugin.xml
[2010.04.05 18:54:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.12 15:25:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.03.21 12:25:15 | 000,001,583 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\atlas-sk.xml
[2010.03.21 12:25:16 | 000,001,380 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\azet-sk.xml
[2010.03.21 12:25:16 | 000,001,479 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2010.03.21 12:25:16 | 000,001,473 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slovnik-sk.xml
[2010.03.21 12:25:16 | 000,001,104 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2010.03.21 12:25:16 | 000,000,830 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\zoznam-sk.xml

O1 HOSTS File: ([2007.07.27 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PHPNukeEN Toolbar) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PHPNukeEN Toolbar) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PHPNukeEN Toolbar) - {DD02A4EB-4AFD-4D60-99D8-E67F964CA813} - C:\Program Files\PHPNukeEN\tbPHP0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Alcmtr] C:\windows\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Gainward] C:\WINDOWS\TBPanel.exe (Gainward Co.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [SkyTel] C:\windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuálna domovská stránka) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.01.15 03:16:09 | 000,000,151 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{5c64a91f-c239-11de-8f96-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{5c64a91f-c239-11de-8f96-806d6172696f}\Shell\AutoRun\command - "" = E:\Setup\rsrc\AUTORUN.EXE -- [2004.08.03 22:29:57 | 000,057,344 | R--- | M] ()
O33 - MountPoints2\{5c64a91f-c239-11de-8f96-806d6172696f}\Shell\dinstall\command - "" = E:\DirectX\dxsetup.exe -- [2004.07.09 13:08:36 | 000,472,576 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.10 12:35:29 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.04.10 12:35:28 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.10 12:27:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daiw\Application Data\TeamViewer
[2010.04.10 12:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010.04.07 15:37:35 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2010.04.06 13:31:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daiw\Local Settings\Application Data\Conduit
[2010.04.06 13:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daiw\Local Settings\Application Data\PHPNukeEN
[2010.03.27 20:48:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daiw\Application Data\Mumble
[2010.03.27 20:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mumble
[2010.03.26 22:53:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daiw\Application Data\skypePM
[2010.03.26 22:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daiw\Application Data\Skype
[2010.03.26 22:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.03.26 22:53:01 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010.03.25 14:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daiw\Local Settings\Application Data\Identities
[2010.03.25 12:23:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daiw\Local Settings\Application Data\X-ray Anti-Cheat
[2010.03.25 12:22:37 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_6.dll
[2010.03.25 12:22:37 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_4.dll
[2010.03.25 12:22:36 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_6.dll
[2010.03.25 12:22:35 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_7.dll
[2010.03.25 12:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\X-ray Anti-Cheat
[2010.03.25 10:03:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daiw\Application Data\Ventrilo
[2010.03.25 10:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\VentriloMIX
[2010.03.24 21:58:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daiw\Application Data\Ahead
[2010.03.24 16:36:47 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2010.03.24 16:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daiw\My Documents\Preberanie
[2010.03.24 16:21:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daiw\Application Data\Macromedia
[2010.03.24 16:21:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daiw\Application Data\Adobe
[2010.03.24 16:20:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daiw\Local Settings\Application Data\Mozilla
[2010.03.24 16:20:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daiw\Application Data\Mozilla
[2010.03.24 14:56:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010.03.24 14:43:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daiw\Application Data\Identities
[2010.03.24 14:43:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Daiw\My Documents\My Pictures
[2010.03.24 14:43:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Daiw\My Documents\My Music
[2010.03.24 14:42:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Daiw\Application Data\Microsoft
[2010.03.24 14:42:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Daiw\Cookies
[2010.03.24 14:42:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Daiw\SendTo
[2010.03.24 14:42:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Daiw\Recent
[2010.03.24 14:42:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Daiw\Application Data
[2010.03.24 14:42:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Daiw\Start Menu
[2010.03.24 14:42:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Daiw\My Documents
[2010.03.24 14:42:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Daiw\Favorites
[2010.03.24 14:42:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Daiw\Templates
[2010.03.24 14:42:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Daiw\PrintHood
[2010.03.24 14:42:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Daiw\NetHood
[2010.03.24 14:42:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Daiw\Local Settings
[2010.03.24 14:42:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daiw\Local Settings\Application Data\Microsoft
[2010.03.24 14:42:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daiw\Desktop
[2010.03.20 13:25:52 | 000,000,000 | ---D | C] -- C:\Program Files\Hunting Unlimited 3
[2010.02.15 08:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010.02.14 22:34:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009.10.26 15:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009.10.26 15:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009.10.26 15:39:49 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009.10.26 15:39:49 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[5 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.04.10 12:36:04 | 000,000,558 | ---- | M] () -- C:\windows\DFC.INI
[2010.04.10 12:26:47 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010.04.10 11:41:05 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010.04.10 11:41:04 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2010.04.10 08:45:32 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\Daiw\NTUSER.DAT
[2010.04.10 00:03:03 | 005,360,778 | -H-- | M] () -- C:\Documents and Settings\Daiw\Local Settings\Application Data\IconCache.db
[2010.04.09 20:53:41 | 000,002,207 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010.04.08 17:38:00 | 000,000,472 | ---- | M] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2010.04.07 15:49:55 | 000,000,252 | ---- | M] () -- C:\windows\madagascar.ini
[2010.04.06 14:37:32 | 000,012,328 | ---- | M] () -- C:\Documents and Settings\Daiw\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010.04.06 12:26:34 | 000,000,151 | ---- | M] () -- C:\windows\PhotoSnapViewer.INI
[2010.04.02 23:24:48 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010.04.02 18:07:50 | 000,000,116 | ---- | M] () -- C:\windows\NeroDigital.ini
[2010.04.01 23:28:33 | 006,061,684 | ---- | M] () -- C:\Documents and Settings\Daiw\Desktop\nngpissss.dem
[2010.04.01 12:36:50 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\Daiw\default.pls
[2010.03.31 16:56:50 | 000,354,385 | ---- | M] () -- C:\Documents and Settings\Daiw\Desktop\20100331(006).jpg
[2010.03.30 22:30:58 | 000,028,774 | ---- | M] () -- C:\Documents and Settings\Daiw\My Documents\kpCy_63844.jpg
[2010.03.30 22:24:37 | 000,029,364 | ---- | M] () -- C:\Documents and Settings\Daiw\My Documents\kpCy_637XW.jpg
[2010.03.28 07:46:20 | 000,356,120 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010.03.28 07:46:20 | 000,311,604 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010.03.28 07:46:20 | 000,039,992 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010.03.27 20:48:38 | 000,002,377 | ---- | M] () -- C:\Documents and Settings\Daiw\My Documents\MumbleAutomaticCertificateBackup.p12
[2010.03.27 20:48:25 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mumble (Backwards Compatible).lnk
[2010.03.27 20:48:25 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mumble.lnk
[2010.03.25 12:23:32 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\Daiw\Desktop\Odkaz na XrayAntiCheat.lnk
[2010.03.25 10:03:28 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\Daiw\Desktop\VentriloMIX.lnk
[2010.03.24 19:59:29 | 000,001,616 | ---- | M] () -- C:\Documents and Settings\Daiw\Desktop\Counter-Strike Source.lnk
[2010.03.24 14:42:53 | 000,000,020 | -HS- | M] () -- C:\Documents and Settings\Daiw\ntuser.ini
[2010.03.14 09:53:45 | 000,000,057 | ---- | M] () -- C:\windows\wininit.ini
[2010.03.11 16:05:50 | 000,002,278 | ---- | M] () -- C:\windows\System32\wpa.dbl
[5 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.10 12:26:47 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010.04.07 15:49:55 | 000,000,252 | ---- | C] () -- C:\windows\madagascar.ini
[2010.04.01 23:16:53 | 006,061,684 | ---- | C] () -- C:\Documents and Settings\Daiw\Desktop\nngpissss.dem
[2010.03.31 16:56:00 | 000,354,385 | ---- | C] () -- C:\Documents and Settings\Daiw\Desktop\20100331(006).jpg
[2010.03.30 22:30:47 | 000,028,774 | ---- | C] () -- C:\Documents and Settings\Daiw\My Documents\kpCy_63844.jpg
[2010.03.30 22:24:35 | 000,029,364 | ---- | C] () -- C:\Documents and Settings\Daiw\My Documents\kpCy_637XW.jpg
[2010.03.27 20:48:38 | 000,002,377 | ---- | C] () -- C:\Documents and Settings\Daiw\My Documents\MumbleAutomaticCertificateBackup.p12
[2010.03.27 20:48:25 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mumble (Backwards Compatible).lnk
[2010.03.27 20:48:25 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mumble.lnk
[2010.03.26 22:53:07 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010.03.25 12:23:32 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\Daiw\Desktop\Odkaz na XrayAntiCheat.lnk
[2010.03.25 10:03:28 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\Daiw\Desktop\VentriloMIX.lnk
[2010.03.24 22:01:39 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\Daiw\default.pls
[2010.03.24 19:59:29 | 000,001,616 | ---- | C] () -- C:\Documents and Settings\Daiw\Desktop\Counter-Strike Source.lnk
[2010.03.24 16:36:48 | 000,002,207 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010.03.24 14:42:53 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\Daiw\ntuser.ini
[2010.03.24 14:42:52 | 002,097,152 | -H-- | C] () -- C:\Documents and Settings\Daiw\NTUSER.DAT
[2010.03.24 14:42:52 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\Daiw\NTUSER.DAT.LOG
[2010.02.13 18:03:55 | 000,000,057 | ---- | C] () -- C:\windows\wininit.ini
[2010.01.06 19:47:12 | 000,000,754 | ---- | C] () -- C:\windows\WORDPAD.INI
[2009.11.10 21:10:27 | 000,056,320 | ---- | C] () -- C:\windows\System32\iyvu9_32.dll
[2009.11.09 14:45:17 | 000,691,696 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys
[2009.11.02 22:01:13 | 000,000,116 | ---- | C] () -- C:\windows\NeroDigital.ini
[2009.10.31 16:37:39 | 000,000,151 | ---- | C] () -- C:\windows\PhotoSnapViewer.INI
[2009.10.30 17:10:36 | 000,000,032 | ---- | C] () -- C:\windows\CD-Start.INI
[2009.10.26 16:11:34 | 000,000,558 | ---- | C] () -- C:\windows\DFC.INI
[2009.10.26 16:05:59 | 000,032,768 | ---- | C] () -- C:\windows\TBPanelExt.dll
[2009.10.26 16:05:59 | 000,012,285 | ---- | C] () -- C:\windows\Cadx3.ini
[2009.10.26 16:05:59 | 000,005,120 | ---- | C] () -- C:\windows\TBManage.dll
[2009.10.26 16:05:58 | 000,006,942 | ---- | C] () -- C:\windows\cadx2.ini
[2007.07.27 14:00:00 | 000,081,920 | ---- | C] () -- C:\windows\System32\ieencode.dll
[2007.07.23 03:41:49 | 001,703,936 | ---- | C] () -- C:\windows\System32\nvwdmcpl.dll
[2007.07.23 03:41:49 | 001,474,560 | ---- | C] () -- C:\windows\System32\nview.dll
[2007.07.23 03:41:49 | 001,019,904 | ---- | C] () -- C:\windows\System32\nvwimg.dll
[2007.07.23 03:41:49 | 000,466,944 | ---- | C] () -- C:\windows\System32\nvshell.dll
[2007.07.23 03:41:49 | 000,286,720 | ---- | C] () -- C:\windows\System32\nvnt4cpl.dll
[2006.05.03 00:38:24 | 000,000,748 | ---- | C] () -- C:\windows\SetBrowser.ini
< End of report >

Re: Kontrola

Napsal: 10 dub 2010 12:16
od self_defense
OTL Extras logfile created on: 10. 4. 2010 13:06:17 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Daiw\My Documents\Preberanie
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000041b | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy

1 023,00 Mb Total Physical Memory | 534,00 Mb Available Physical Memory | 52,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 13,17 Gb Free Space | 33,71% Space Free | Partition Type: NTFS
Drive D: | 109,98 Gb Total Space | 103,16 Gb Free Space | 93,80% Space Free | Partition Type: NTFS
Drive E: | 535,72 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-CF4CBB7D165D
Current User Name: Daiw
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Steam\SteamApps\6daw6\counter-strike source\hl2.exe" = C:\Program Files\Steam\SteamApps\6daw6\counter-strike source\hl2.exe:*:Enabled:hl2 -- File not found
"D:\Lord of the ring 2\game.dat" = D:\Lord of the ring 2\game.dat:*:Enabled:The Battle for Middle-earth(tm) II -- (Electronic Arts Inc.)
"D:\Lord of the ring 2\patchget.dat" = D:\Lord of the ring 2\patchget.dat:*:Enabled:patchgrabber -- (Electronic Arts)
"C:\Program Files\Steam\SteamApps\6daw6\half-life 2 deathmatch\hl2.exe" = C:\Program Files\Steam\SteamApps\6daw6\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- File not found
"D:\Counter-Strike Source\hl2.exe" = D:\Counter-Strike Source\hl2.exe:*:Enabled:hl2 -- File not found
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\MotoRacer3\MotoRacer3.exe" = C:\Program Files\MotoRacer3\MotoRacer3.exe:*:Enabled:Moto Racer 3 PC -- File not found
"C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe" = C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited -- File not found
"C:\Program Files\EA SPORTS\NHL07\nhl2007pal.exe" = C:\Program Files\EA SPORTS\NHL07\nhl2007pal.exe:*:Enabled:nhl2007pal -- File not found
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- File not found
"C:\Program Files\Steam\steamapps\daiw8\counter-strike source\hl2.exe" = C:\Program Files\Steam\steamapps\daiw8\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Steam\steamapps\common\zero gear\Server\ZeroGearServer.exe" = C:\Program Files\Steam\steamapps\common\zero gear\Server\ZeroGearServer.exe:*:Enabled:ZeroGearServer -- File not found
"C:\Program Files\EA SPORTS\FIFA 10\FIFA10.exe" = C:\Program Files\EA SPORTS\FIFA 10\FIFA10.exe:*:Enabled:FIFA10 -- File not found
"C:\Program Files\Steam\steamapps\daiw8\insurgency\hl2.exe" = C:\Program Files\Steam\steamapps\daiw8\insurgency\hl2.exe:*:Enabled:hl2 -- File not found
"C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForever.exe" = C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForever.exe:*:Enabled:TrackMania Nations Forever -- File not found
"C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe" = C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:*:Enabled:TrackMania Nations Forever -- File not found
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0FB261F3-6F16-43FD-A404-F377C169B937}" = Madagascar (TM)
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8F873A6E-38A9-40C1-A6A8-8EE43A5A6944}" = Jen počkej!
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{B0DC2DA9-2AF9-422A-88E0-1B84E0F65DB5}" = Speed-Link SL-6535 USB Pad
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"BSPlayer1" = BSPlayer
"Gainward" = EXPERTool
"Hamachi" = Hamachi 1.0.2.5
"HijackThis" = HijackThis 2.0.2
"Hunting Unlimited 3" = Hunting Unlimited 3
"Indeo® Software" = Indeo® Software
"InstallShield_{0FB261F3-6F16-43FD-A404-F377C169B937}" = ??????????
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mumble" = Mumble and Murmur
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = Nero Digital
"NOD32" = NOD32 antivirus system
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PHPNukeEN Toolbar" = PHPNukeEN Toolbar
"Steam App 240" = Counter-Strike: Source
"TeamViewer 5" = TeamViewer 5
"VentriloMIX" = VentriloMIX
"WinRAR archiver" = WinRAR archiver
"X-ray Anti-Cheat" = X-ray Anti-Cheat

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5. 3. 2010 7:40:41 | Computer Name = PC-CF4CBB7D165D | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie hl2.exe, verzia 0.0.0.0, zlyhanie modulu datacache.dll,
verzia 0.0.0.0, adresa zlyhania 0x0000b423.

Error - 5. 3. 2010 14:53:53 | Computer Name = PC-CF4CBB7D165D | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie xrayanticheat.exe, verzia 1.0.0.1, zlyhanie modulu
xrayanticheat.exe, verzia 1.0.0.1, adresa zlyhania 0x0015c966.

Error - 6. 3. 2010 9:13:38 | Computer Name = PC-CF4CBB7D165D | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia hl2.exe, verzia 0.0.0.0, zablokovaný modul hungapp,
verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error - 21. 3. 2010 7:58:10 | Computer Name = PC-CF4CBB7D165D | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia prism3d.exe, verzia 0.0.0.0, zablokovaný modul
hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error - 23. 3. 2010 8:37:22 | Computer Name = PC-CF4CBB7D165D | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia prism3d.exe, verzia 0.0.0.0, zablokovaný modul
hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error - 23. 3. 2010 16:20:08 | Computer Name = PC-CF4CBB7D165D | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie xrayanticheat.exe, verzia 1.0.0.1, zlyhanie modulu
xrayanticheat.exe, verzia 1.0.0.1, adresa zlyhania 0x0015c966.

Error - 24. 3. 2010 8:54:10 | Computer Name = PC-CF4CBB7D165D | Source = Steam Client Service | ID = 1
Description =

Error - 24. 3. 2010 16:49:25 | Computer Name = PC-CF4CBB7D165D | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia Steam.exe, verzia 1.0.778.935, zablokovaný modul
hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error - 26. 3. 2010 1:54:39 | Computer Name = PC-CF4CBB7D165D | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia hl2.exe, verzia 0.0.0.0, zablokovaný modul hungapp,
verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error - 26. 3. 2010 16:19:41 | Computer Name = PC-CF4CBB7D165D | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie hl2.exe, verzia 0.0.0.0, zlyhanie modulu datacache.dll,
verzia 0.0.0.0, adresa zlyhania 0x0000b423.

[ System Events ]
Error - 6. 4. 2010 13:05:12 | Computer Name = PC-CF4CBB7D165D | Source = ipnathlp | ID = 32003
Description = Prekladaču Network Address Translator (NAT) sa nepodarilo požiadať
o operáciu prekladacieho modulu režimu jadra. Toto môže signalizovať nesprávnu konfiguráciu,
nedostatok prostriedkov alebo vnútornú chybu. Uvedené údaje sú chybovým kódom.

Error - 7. 4. 2010 9:31:56 | Computer Name = PC-CF4CBB7D165D | Source = Service Control Manager | ID = 7000
Description = Spustenie služby Cardex zlyhalo kvôli nasledujúcej chybe: %%183

Error - 8. 4. 2010 5:36:15 | Computer Name = PC-CF4CBB7D165D | Source = Dhcp | ID = 1002
Description = Server DHCP 192.168.1.1 odmietol prenájom 192.168.1.2 adresy IP pre
sieťovú kartu so sieťovou adresou 0019DBD7465A (server DHCP odoslal hlásenie DHCPNACK).

Error - 8. 4. 2010 8:27:01 | Computer Name = PC-CF4CBB7D165D | Source = ipnathlp | ID = 32003
Description = Prekladaču Network Address Translator (NAT) sa nepodarilo požiadať
o operáciu prekladacieho modulu režimu jadra. Toto môže signalizovať nesprávnu konfiguráciu,
nedostatok prostriedkov alebo vnútornú chybu. Uvedené údaje sú chybovým kódom.

Error - 9. 4. 2010 6:03:16 | Computer Name = PC-CF4CBB7D165D | Source = Service Control Manager | ID = 7000
Description = Spustenie služby Cardex zlyhalo kvôli nasledujúcej chybe: %%183

Error - 9. 4. 2010 12:50:16 | Computer Name = PC-CF4CBB7D165D | Source = Service Control Manager | ID = 7000
Description = Spustenie služby Cardex zlyhalo kvôli nasledujúcej chybe: %%183

Error - 9. 4. 2010 13:03:33 | Computer Name = PC-CF4CBB7D165D | Source = Service Control Manager | ID = 7000
Description = Spustenie služby Cardex zlyhalo kvôli nasledujúcej chybe: %%183

Error - 9. 4. 2010 14:06:01 | Computer Name = PC-CF4CBB7D165D | Source = Service Control Manager | ID = 7000
Description = Spustenie služby Cardex zlyhalo kvôli nasledujúcej chybe: %%183

Error - 10. 4. 2010 1:06:56 | Computer Name = PC-CF4CBB7D165D | Source = Service Control Manager | ID = 7000
Description = Spustenie služby Cardex zlyhalo kvôli nasledujúcej chybe: %%183

Error - 10. 4. 2010 5:41:29 | Computer Name = PC-CF4CBB7D165D | Source = Service Control Manager | ID = 7000
Description = Spustenie služby Cardex zlyhalo kvôli nasledujúcej chybe: %%183


< End of report >

Re: Kontrola

Napsal: 10 dub 2010 12:20
od Caroprd111
Obrázek Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
[5 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]
[REBOOT]
Poté klikněte na Opravit, PC se restartuje, log vložte sem.

Re: Kontrola

Napsal: 10 dub 2010 12:23
od self_defense
opravit? je to po anglicky.

Re: Kontrola

Napsal: 10 dub 2010 12:24
od Caroprd111
Asi nemáte český systém, bude tam Run Fix.

Re: Kontrola

Napsal: 10 dub 2010 12:31
od self_defense
All processes killed
========== OTL ==========
C:\windows\NV332336.TMP\nvtcp.sys deleted successfully.
C:\windows\NV332336.TMP folder deleted successfully.
C:\windows\SET29.tmp deleted successfully.
C:\windows\SET3.tmp deleted successfully.
C:\windows\SET4.tmp deleted successfully.
C:\windows\SET8.tmp deleted successfully.
C:\windows\System32\CONFIG.TMP deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Daiw
->Temp folder emptied: 39152724 bytes
->Temporary Internet Files folder emptied: 14985155 bytes
->FireFox cache emptied: 83285998 bytes
->Flash cache emptied: 3198 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: PC
->Temp folder emptied: 992733128 bytes
->Temporary Internet Files folder emptied: 8438753 bytes
->FireFox cache emptied: 85484678 bytes
->Google Chrome cache emptied: 12380205 bytes
->Opera cache emptied: 23818582 bytes
->Flash cache emptied: 405294 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 80201871 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1 279,00 mb


[EMPTYFLASH]

User: All Users

User: Daiw
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

User: PC
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.2.1.1 log created on 04102010_132504

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Re: Kontrola

Napsal: 10 dub 2010 12:31
od Caroprd111
Obrázek Jsou s PC nějaké problémy :???:

Re: Kontrola

Napsal: 10 dub 2010 12:33
od self_defense
Pri hraní her, ze zacatku jde supr plynule ale tak po 15-20 min hrani zacne hra sekat(lagovat).Potom to zase prestane a pak zacne a opakuje se to.

Re: Kontrola

Napsal: 10 dub 2010 12:35
od Caroprd111
Obrázek Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
  • Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
  • Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna :!:
  • Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
  • Během skenování může být počítač restartován.

Re: Kontrola

Napsal: 10 dub 2010 12:53
od self_defense
ComboFix 10-04-09.06 - Daiw . 04. 2010 13:46:09.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1023.757 [GMT 2:00]
Running from: c:\documents and settings\Daiw\My Documents\Preberanie\ComboFix.exe
AV: Eset NOD32 antivirus system 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\winlogon.bak
D:\install.exe

.
((((((((((((((((((((((((( Files Created from 2010-03-10 to 2010-04-10 )))))))))))))))))))))))))))))))
.

2010-04-10 11:25 . 2010-04-10 11:25 -------- d-----w- C:\_OTL
2010-04-10 10:35 . 2010-04-10 10:35 -------- d-----w- c:\program files\trend micro
2010-04-10 10:35 . 2010-04-10 10:35 -------- d-----w- C:\rsit
2010-04-10 10:27 . 2010-04-10 10:27 -------- d-----w- c:\documents and settings\Daiw\Application Data\TeamViewer
2010-04-10 10:26 . 2010-04-10 10:26 -------- d-----w- c:\program files\TeamViewer
2010-04-07 13:37 . 2010-04-07 13:37 -------- d-----w- c:\program files\Activision
2010-04-06 12:37 . 2010-04-06 12:37 12328 ----a-w- c:\documents and settings\Daiw\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-06 11:31 . 2010-04-06 11:31 -------- d-----w- c:\documents and settings\Daiw\Local Settings\Application Data\Conduit
2010-04-06 11:31 . 2010-04-10 11:22 -------- d-----w- c:\documents and settings\Daiw\Local Settings\Application Data\PHPNukeEN
2010-03-27 18:48 . 2010-04-06 17:26 -------- d-----w- c:\documents and settings\Daiw\Application Data\Mumble
2010-03-27 18:47 . 2010-03-27 18:48 -------- d-----w- c:\program files\Mumble
2010-03-26 20:53 . 2010-04-10 06:15 -------- d-----w- c:\documents and settings\Daiw\Application Data\skypePM
2010-03-26 20:53 . 2010-04-10 11:42 -------- d-----w- c:\documents and settings\Daiw\Application Data\Skype
2010-03-26 20:53 . 2010-03-26 20:53 -------- d-----w- c:\program files\Common Files\Skype
2010-03-26 20:53 . 2010-03-26 20:53 -------- d-----r- c:\program files\Skype
2010-03-25 12:50 . 2010-03-25 12:50 -------- d-----w- c:\documents and settings\Daiw\Local Settings\Application Data\Identities
2010-03-25 10:23 . 2010-04-03 13:42 -------- d-----w- c:\documents and settings\Daiw\Local Settings\Application Data\X-ray Anti-Cheat
2010-03-25 10:22 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-03-25 10:22 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-03-25 10:22 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-03-25 10:22 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-03-25 10:21 . 2010-03-25 10:23 -------- d-----w- c:\program files\X-ray Anti-Cheat
2010-03-25 08:03 . 2010-03-25 08:04 -------- d-----w- c:\documents and settings\Daiw\Application Data\Ventrilo
2010-03-25 08:03 . 2010-03-25 08:03 -------- d-----w- c:\program files\VentriloMIX
2010-03-24 19:58 . 2010-03-24 19:58 -------- d-----w- c:\documents and settings\Daiw\Application Data\Ahead
2010-03-24 14:36 . 2010-04-10 11:29 -------- d-----w- c:\program files\Steam
2010-03-24 14:20 . 2010-03-24 14:20 -------- d-----w- c:\documents and settings\Daiw\Local Settings\Application Data\Mozilla
2010-03-20 11:25 . 2010-03-20 11:26 -------- d-----w- c:\program files\Hunting Unlimited 3
2010-03-11 15:20 . 2010-03-11 15:20 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Activision

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 11:46 . 2009-10-26 14:09 -------- d-----w- c:\program files\Eset
2010-04-10 10:30 . 2009-11-09 12:53 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-04-10 05:30 . 2009-11-04 14:45 -------- d-----w- c:\documents and settings\PC\Application Data\Hamachi
2010-04-07 13:49 . 2009-10-26 14:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-26 20:53 . 2009-11-01 11:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-03-24 12:56 . 2009-11-01 11:31 -------- d-----w- c:\program files\Google
2010-03-24 12:51 . 2010-03-01 16:34 -------- d-----w- c:\program files\Lavasoft
2010-03-24 12:31 . 2009-11-01 11:36 -------- d-----w- c:\documents and settings\PC\Application Data\skypePM
2010-03-19 18:11 . 2009-12-18 14:23 -------- d-----w- c:\documents and settings\PC\Application Data\Mumble
2010-03-01 16:55 . 2010-03-01 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-03-01 16:38 . 2010-03-01 16:38 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-01 12:04 . 2010-03-01 12:04 -------- d-----w- c:\documents and settings\PC\Application Data\TeamViewer
2010-02-28 18:59 . 2010-02-22 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\TrackMania
2010-02-24 14:50 . 2010-02-12 19:56 -------- d-----w- c:\documents and settings\PC\Application Data\TS3Client
2010-02-23 16:59 . 2009-11-09 17:59 -------- d-----w- c:\documents and settings\PC\Application Data\ICQ
2010-02-20 13:10 . 2009-11-10 19:49 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-19 18:31 . 2009-11-09 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2010-02-14 19:30 . 2009-11-05 19:44 -------- d-----w- c:\program files\PHPNukeEN
2010-02-13 15:52 . 2010-02-13 15:52 -------- d-----w- c:\program files\1C
2010-02-11 10:42 . 2010-02-11 10:42 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-02-06 07:47 . 2009-11-04 14:44 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-01-23 09:13 . 2007-07-27 12:00 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-01-17 11:16 . 2010-01-17 11:16 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-17 11:16 . 2010-01-17 11:16 110592 ----a-w- c:\windows\system32\OpenAL32.dll
.

------- Sigcheck -------

[-] 2009-10-26 14:08 . BBB128D4D36D82A3588DE37966ACDAB0 . 506880 . . [5.1.2600.3160 built by: xpsp_sp2_qfe(pavang)] . . c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
2010-02-14 19:30 2349080 ----a-w- c:\program files\PHPNukeEN\tbPHP0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHP0.dll" [2010-02-14 2349080]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}"= "c:\program files\PHPNukeEN\tbPHP0.dll" [2010-02-14 2349080]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-03-24 1217872]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"Gainward"="c:\windows\TBPanel.exe" [2007-06-26 2173480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-23 8466432]
"nwiz"="nwiz.exe" [2007-07-23 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-23 81920]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2005-11-15 921600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-07-27 15360]

c:\documents and settings\PC\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2010-2-6 624416]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Lord of the ring 2\\game.dat"=
"d:\\Lord of the ring 2\\patchget.dat"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Steam\\steamapps\\daiw8\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9. 11. 2009 14:45 691696]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
LSP: imon.dll
FF - ProfilePath - c:\documents and settings\Daiw\Application Data\Mozilla\Firefox\Profiles\lvj7chmj.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-OpenAL - c:\program files\OpenAL\oalinst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 13:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(920)
c:\windows\system32\imon.dll
.
Completion time: 2010-04-10 13:51:02
ComboFix-quarantined-files.txt 2010-04-10 11:51

Pre-Run: 20 211 732 480 bytes free
Post-Run: 7 adresárov, 20 181 897 216 voľných bajtov

- - End Of File - - 0124A8EFE0D66E5227B0D4BDE2A8FD65

Re: Kontrola

Napsal: 10 dub 2010 12:59
od Caroprd111
Obrázek Tohle otestujte na http://www.virustotal.com/cs/
c:\windows\system32\winlogon.exe

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz