PC nelze vypnout

Zpráva

sapito · #1 Příspěvek od **sapito** » 09 úno 2010 22:51

PC nelze vypnout, je nutno "vytánout" ze zásuvky. Přešupačil se mi čas na hodinách.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jiří Mrňávek at 2010-02-09 22:48:35
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 75 GB (75%) free of 100 GB
Total RAM: 3061 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:48:40, on 9.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mouse Driver\KMWDSrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\TO2SSM\McciTrayApp.exe
C:\Program Files\Mouse Driver\StartAutorun.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Mouse Driver\KMConfig.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Mouse Driver\KMProcess.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Documents and Settings\Jiří Mrňávek\Plocha\RSIT.exe
C:\Program Files\trend micro\Jiří Mrňávek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cz.o2.com/welcome/cz/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5273334359
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 7001 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-12-18 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe [2006-08-16 503808]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-07-01 1447168]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-09-05 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-09-05 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-09-05 137752]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2010-01-27 788880]
"TO2SSM_McciTrayApp"=C:\Program Files\TO2SSM\McciTrayApp.exe [2009-01-16 1473536]
"KMCONFIG"=C:\Program Files\Mouse Driver\StartAutorun.exe [2008-05-30 212992]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-12-18 40368]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\Jiří Mrňávek\Nabídka Start\Programy\Po spuštění
Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-08-24 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WinProgs\TotalCmd\TOTALCMD.EXE"="C:\WinProgs\TotalCmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-02-05 08:57:15 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-02-05 08:57:15 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-02-04 09:30:56 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-02-04 09:27:59 ----D---- C:\Program Files\WinRAR
2010-02-04 09:20:34 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2010-02-04 09:20:33 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2010-02-04 09:20:33 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2010-02-04 09:20:28 ----D---- C:\WINDOWS\Logs
2010-02-04 09:15:23 ----D---- C:\Program Files\Secunia
2010-01-24 21:37:25 ----SHD---- C:\RECYCLER
2010-01-24 21:36:16 ----D---- C:\Program Files\Defraggler
2010-01-24 18:29:44 ----A---- C:\ComboFix.txt
2010-01-14 10:43:31 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-14 10:43:31 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-14 10:43:31 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 months======

2010-02-09 22:48:36 ----D---- C:\Program Files\trend micro
2010-02-09 22:48:34 ----D---- C:\WINDOWS\Temp
2010-02-09 15:42:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-09 11:02:01 ----D---- C:\Documents and Settings\Jiří Mrňávek\Data aplikací\Adobe
2010-02-09 08:59:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-02-09 04:48:48 ----D---- C:\WINDOWS\Prefetch
2010-02-09 04:03:07 ----HD---- C:\Program Files\Mozilla Firefox
2010-02-09 03:40:16 ----SD---- C:\WINDOWS\Tasks
2010-02-08 04:34:54 ----D---- C:\WINDOWS
2010-02-08 00:46:15 ----A---- C:\WINDOWS\WINCMD.INI
2010-02-07 23:57:30 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-06 14:00:57 ----SHD---- C:\WINDOWS\Installer
2010-02-06 08:46:01 ----RSD---- C:\WINDOWS\assembly
2010-02-06 08:45:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-02-06 08:43:25 ----D---- C:\WINDOWS\system32
2010-02-05 13:20:33 ----D---- C:\Program Files\Common Files\Adobe
2010-02-05 13:20:25 ----D---- C:\Program Files\Adobe
2010-02-05 12:15:47 ----D---- C:\WINDOWS\Fonts
2010-02-05 12:15:44 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-05 12:15:21 ----HD---- C:\Program Files\Microsoft Works
2010-02-05 12:14:25 ----D---- C:\Program Files\Common Files\System
2010-02-05 12:14:25 ----A---- C:\WINDOWS\win.ini
2010-02-05 11:11:09 ----HD---- C:\Program Files\Microsoft Silverlight
2010-02-05 09:17:17 ----D---- C:\WINDOWS\WinSxS
2010-02-05 08:57:15 ----HD---- C:\WINDOWS\inf
2010-02-04 09:49:00 ----D---- C:\WINDOWS\SoftwareDistribution
2010-02-04 09:48:59 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-04 09:30:56 ----HD---- C:\Program Files\Common Files
2010-02-04 09:27:59 ----D---- C:\Program Files
2010-02-04 09:22:40 ----HD---- C:\Program Files\Winamp
2010-02-04 09:20:35 ----D---- C:\WINDOWS\system32\DirectX
2010-02-04 09:15:25 ----D---- C:\WINDOWS\system32\drivers
2010-01-31 16:05:09 ----D---- C:\Program Files\Common Files\Motive
2010-01-30 20:36:26 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-28 18:12:47 ----D---- C:\WINDOWS\WBEM
2010-01-27 13:22:17 ----A---- C:\WINDOWS\system32\lsdelete.exe
2010-01-24 19:01:01 ----D---- C:\WINDOWS\ERDNT
2010-01-24 18:28:50 ----A---- C:\WINDOWS\system.ini
2010-01-24 18:28:06 ----D---- C:\WINDOWS\AppPatch
2010-01-24 11:39:55 ----D---- C:\Documents and Settings\Jiří Mrňávek\Data aplikací\Power Sound Editor Free
2010-01-24 11:39:09 ----D---- C:\temp
2010-01-23 21:28:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-22 07:03:36 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-14 10:43:31 ----HD---- C:\Program Files\Java
2010-01-13 10:03:33 ----D---- C:\WINDOWS\Debug
2010-01-13 09:13:24 ----RSHDC---- C:\WINDOWS\system32\dllcache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-24 5776928]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\JIMRVE~1\LOCALS~1\Temp\catchme.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 KMWDFilter;KMWDFilter; \??\C:\WINDOWS\System32\Drivers\KMWDFilter.SYS []
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
S3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service; C:\Program Files\Mouse Driver\KMWDSrv.exe [2008-05-30 208896]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-04 1181328]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-07-01 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-17 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-11-28 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 RdnaoFlSvc;RdnaoFlSvc; C:\Program Files\rnamfler\naofsvc.exe []

-----------------EOF-----------------

#2 Příspěvek od **motji** » 10 úno 2010 14:55

Hezké odpoledne

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-všechno odoznačte - nebo dejte na none.
- nastavte file created a file modified... na File age.
- do bílého pole zkopirujte tento skript:

Kód: Vybrat vše

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
ndis.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
/md5stop
c:\windows\*.* /JN
c:\windows\*.* /HL
c:\windows\*.* /RP

-klikněte na tlačítko Run scan.
-proběhne sken a objeví se dva logy, obsah obou vložte zde

sapito · #3 Příspěvek od **sapito** » 12 úno 2010 07:51

OTL logfile created on: 12.2.2010 7:47:47 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Jiří Mrňávek\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 73,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 73,19 Gb Free Space | 74,94% Space Free | Partition Type: NTFS
Drive D: | 833,85 Gb Total Space | 660,40 Gb Free Space | 79,20% Space Free | Partition Type: NTFS
Drive E: | 111,79 Gb Total Space | 67,99 Gb Free Space | 60,82% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MRNAVEKJIRI
Current User Name: Jiří Mrňávek
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Files/Folders - Created Within 30 Days ==========

[2010.02.11 23:51:01 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jiří Mrňávek\Plocha\OTL.exe
[2010.02.11 23:49:58 | 000,000,000 | ---D | C] -- D:\Dokumenty\gmer
[2010.02.08 00:46:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jiří Mrňávek\Recent
[2010.02.05 13:19:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jiří Mrňávek\Dokumenty
[2010.02.05 08:57:15 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010.02.05 08:57:15 | 000,017,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010.02.04 13:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jiří Mrňávek\Plocha\vypálit
[2010.02.04 09:47:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Jiří Mrňávek\UserData
[2010.02.04 09:30:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010.02.04 09:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010.02.04 09:20:34 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2010.02.04 09:20:33 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2010.02.04 09:20:33 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2010.02.04 09:20:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010.02.04 09:15:23 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2010.02.04 09:14:50 | 000,716,320 | ---- | C] (Secunia) -- C:\Documents and Settings\Jiří Mrňávek\Plocha\PSISetup.exe
[2010.01.30 15:34:22 | 000,000,000 | ---D | C] -- D:\Dokumenty\kniha
[2010.01.30 00:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jiří Mrňávek\Plocha\pokusy
[2010.01.24 21:37:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.01.24 21:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2010.01.18 09:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jiří Mrňávek\Plocha\foto
[2010.01.14 10:43:31 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.01.14 10:43:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.01.14 10:43:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.01.13 08:51:29 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009.12.23 15:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\ESET
[2009.03.27 13:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Macromedia
[2009.03.27 13:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Adobe
[2009.03.27 00:38:11 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2009.03.27 00:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2008.12.17 19:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET
[2008.08.04 09:09:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2008.08.04 08:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.02.12 07:45:19 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.02.12 07:45:19 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010.02.12 07:45:18 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010.02.12 07:45:18 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010.02.12 07:45:17 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010.02.12 07:43:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.02.12 07:43:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.02.11 23:51:39 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jiří Mrňávek\Plocha\OTL.exe
[2010.02.11 23:39:41 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Jiří Mrňávek\Plocha\gmer.zip
[2010.02.11 15:18:13 | 014,680,064 | ---- | M] () -- C:\Documents and Settings\Jiří Mrňávek\NTUSER.DAT
[2010.02.11 15:18:13 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Jiří Mrňávek\ntuser.ini
[2010.02.11 15:18:10 | 009,130,800 | -H-- | M] () -- C:\Documents and Settings\Jiří Mrňávek\Local Settings\Data aplikací\IconCache.db
[2010.02.11 13:24:16 | 000,002,263 | ---- | M] () -- C:\Documents and Settings\Jiří Mrňávek\Plocha\Microsoft Office FrontPage 2003 (2).lnk
[2010.02.11 13:02:13 | 000,006,468 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2010.02.10 07:19:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.02.10 07:10:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.02.09 12:22:23 | 000,000,340 | ---- | M] () -- C:\WINDOWS\password.klc
[2010.02.08 20:40:30 | 000,052,496 | ---- | M] () -- C:\Documents and Settings\Jiří Mrňávek\Plocha\1_2010 _ČESKÝ CENÍK.pdf
[2010.02.07 22:52:57 | 000,054,784 | ---- | M] () -- D:\Dokumenty\OV_kal.xls
[2010.02.07 19:29:59 | 000,580,872 | ---- | M] () -- C:\Documents and Settings\Jiří Mrňávek\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.02.07 17:23:06 | 000,002,563 | ---- | M] () -- C:\Documents and Settings\Jiří Mrňávek\Plocha\Microsoft Office Word 2007.lnk
[2010.02.05 12:18:44 | 002,861,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.02.05 12:14:25 | 000,000,596 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.02.04 09:15:31 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\Jiří Mrňávek\Nabídka Start\Programy\Po spuštění\Secunia PSI.lnk
[2010.02.04 09:14:51 | 000,716,320 | ---- | M] (Secunia) -- C:\Documents and Settings\Jiří Mrňávek\Plocha\PSISetup.exe
[2010.01.31 13:37:38 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.01.30 20:36:26 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.01.27 13:22:17 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010.01.24 21:36:16 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\Jiří Mrňávek\Plocha\Defraggler.lnk
[2010.01.24 18:28:50 | 000,000,267 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.01.23 21:28:44 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.01.23 21:25:32 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Jiří Mrňávek\Plocha\CCleaner.lnk
[2010.01.14 17:33:15 | 000,002,389 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\602XML Filler.lnk
[2010.01.14 09:50:14 | 000,093,696 | ---- | M] () -- C:\Documents and Settings\Jiří Mrňávek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.13 12:31:31 | 000,030,720 | ---- | M] () -- D:\Dokumenty\DS_FD_MRŇÁVEK_PL.doc
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.02.11 23:39:41 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Jiří Mrňávek\Plocha\gmer.zip
[2010.02.10 07:17:40 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010.02.04 09:15:31 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\Jiří Mrňávek\Nabídka Start\Programy\Po spuštění\Secunia PSI.lnk
[2010.01.24 21:36:16 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\Jiří Mrňávek\Plocha\Defraggler.lnk
[2010.01.17 10:24:47 | 000,030,720 | ---- | C] () -- D:\Dokumenty\DS_FD_MRŇÁVEK_PL.doc
[2009.12.10 07:27:06 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009.11.15 23:19:56 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\NetworkService\Data aplikací\zxcvbd.dat
[2009.08.13 13:16:28 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.03.27 03:22:09 | 000,000,155 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009.03.11 16:15:16 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Data aplikací\Grand Piano
[2009.03.11 16:15:16 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Jiří Mrňávek\Data aplikací\Galactic Static
[2009.03.11 16:15:16 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Data aplikací\PKP_DLck.DAT
[2009.03.11 16:15:15 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Data aplikací\Grapher
[2009.03.11 16:15:15 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Jiří Mrňávek\Data aplikací\Galaxy Swirl
[2009.03.11 16:13:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\PKP_DLbz.DAT
[2009.03.11 16:12:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\Brother
[2009.03.11 16:12:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\Bass Reduction
[2009.03.11 16:02:46 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Data aplikací\PKP_DLbx.DAT
[2009.03.11 15:41:15 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Data aplikací\PKP_DLec.DAT
[2009.03.11 15:40:13 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Data aplikací\PKP_DLds.DAT
[2009.03.11 15:40:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jiří Mrňávek\Data aplikací\Bubble Noise
[2009.02.24 21:35:48 | 000,000,132 | ---- | C] () -- C:\WINDOWS\picture-shark.INI
[2009.01.04 23:19:59 | 000,000,008 | ---- | C] () -- C:\WINDOWS\winsdold.ini
[2008.12.31 14:50:46 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2008.12.15 10:03:30 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2008.11.26 06:58:17 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2008.11.26 06:58:16 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2008.09.06 22:40:05 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008.08.04 19:59:53 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.08.04 13:50:32 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008.08.04 13:49:02 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CDER285EXPORT.ini
[2008.08.04 13:27:45 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2008.08.04 13:09:30 | 000,000,120 | ---- | C] () -- C:\WINDOWS\WINRESAZ.INI
[2008.08.04 13:03:18 | 000,000,358 | ---- | C] () -- C:\Program Files\PASSWORD.KLC
[2008.08.04 12:53:55 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.08.04 12:53:45 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.08.04 12:53:45 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.08.04 12:53:45 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.08.04 12:53:36 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.08.04 12:53:36 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.08.04 12:38:39 | 000,000,130 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2008.08.04 12:26:47 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll
[2008.08.04 12:26:47 | 000,008,771 | ---- | C] () -- C:\Documents and Settings\Jiří Mrňávek\Data aplikací\SmarThruOptions.xml
[2008.08.04 12:26:34 | 000,000,124 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2008.08.04 12:26:32 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2008.08.04 12:22:56 | 000,093,696 | ---- | C] () -- C:\Documents and Settings\Jiří Mrňávek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.04 08:00:26 | 000,000,301 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008.08.04 07:56:37 | 000,006,468 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2008.07.01 09:04:40 | 000,034,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2006.08.16 04:05:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll
[2006.08.16 04:05:48 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\WIAIPH.dll
[2006.08.16 04:05:48 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\WIAEH.dll
[2006.08.16 04:05:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"TomTomHOME.exe" = "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -- [2009.11.13 12:31:12 | 000,247,144 | ---- | M] (TomTom)
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 07:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)

< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< MD5 for: AGP440.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004.08.18 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 07:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 07:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 07:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.18 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NDIS.SYS >
[2008.04.13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.18 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.18 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 07:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 07:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 07:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATA.SYS >
[2006.04.24 16:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: SCECLI.DLL >
[2004.08.18 13:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 07:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 07:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 07:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< c:\windows\*.* /JN >
[2010.02.12 07:44:10 | 000,000,000 | ---- | M] () -- c:\WINDOWS\0.log
[2005.05.03 11:43:28 | 000,069,632 | R--- | M] (Realtek Semiconductor Corp.) -- c:\WINDOWS\Alcmtr.exe
[2006.05.04 09:26:36 | 002,808,832 | R--- | M] (RealTek Semicoductor Corp.) -- c:\WINDOWS\alcwzrd.exe
[2008.09.06 22:46:02 | 000,000,038 | ---- | M] () -- c:\WINDOWS\avisplitter.INI
[2010.02.12 07:43:54 | 000,002,048 | --S- | M] () -- c:\WINDOWS\bootstat.dat
[2008.08.04 13:49:02 | 000,000,026 | ---- | M] () -- c:\WINDOWS\CDER285EXPORT.ini
[2004.08.18 13:00:00 | 000,082,944 | ---- | M] () -- c:\WINDOWS\clock.avi
[2010.02.10 07:19:41 | 000,018,503 | ---- | M] () -- c:\WINDOWS\comsetup.log
[2008.08.04 07:51:02 | 000,000,000 | ---- | M] () -- c:\WINDOWS\control.ini
[1999.03.08 02:38:00 | 000,028,252 | ---- | M] () -- c:\WINDOWS\corelpf.lrs
[2008.12.31 14:50:46 | 000,000,029 | ---- | M] () -- c:\WINDOWS\DEBUGSM.INI
[2004.08.18 13:00:00 | 000,000,002 | ---- | M] () -- c:\WINDOWS\desktop.ini
[2006.08.16 03:56:52 | 000,011,502 | ---- | M] () -- c:\WINDOWS\Dr. Printer Icon.ico
[2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\explorer.exe
[2004.08.18 13:00:00 | 000,000,080 | ---- | M] () -- c:\windows\explorer.scf
[2010.02.10 07:19:41 | 000,055,646 | ---- | M] () -- c:\WINDOWS\FaxSetup.log
[2008.12.15 10:05:28 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- c:\WINDOWS\gdrv.sys
[2008.04.14 07:52:26 | 000,010,752 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\hh.exe
[2008.12.15 10:03:43 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) -- c:\WINDOWS\HideWin.exe
[1996.12.10 08:06:40 | 000,039,095 | ---- | M] () -- c:\WINDOWS\iccsigs.dat
[2010.02.10 07:19:41 | 000,008,811 | ---- | M] () -- c:\WINDOWS\iis6.log
[2010.02.10 07:19:37 | 000,001,374 | ---- | M] () -- c:\WINDOWS\imsins.BAK
[2010.02.10 07:19:41 | 000,001,374 | ---- | M] () -- c:\WINDOWS\imsins.log
[1998.10.02 19:00:48 | 000,327,168 | ---- | M] (InstallShield Software Corporation) -- c:\WINDOWS\IsUninst.exe
[2010.02.10 07:19:37 | 000,007,677 | ---- | M] () -- c:\WINDOWS\KB971468.log
[2010.02.10 07:18:23 | 000,011,956 | ---- | M] () -- c:\WINDOWS\KB975560.log
[2010.02.10 07:18:31 | 000,011,973 | ---- | M] () -- c:\WINDOWS\KB975713.log
[2010.02.10 07:17:41 | 000,008,621 | ---- | M] () -- c:\WINDOWS\KB977165.log
[2010.02.10 07:17:52 | 000,012,663 | ---- | M] () -- c:\WINDOWS\KB977914.log
[2010.02.10 07:18:34 | 000,012,212 | ---- | M] () -- c:\WINDOWS\KB978037.log
[2010.02.10 07:18:28 | 000,006,882 | ---- | M] () -- c:\WINDOWS\KB978251.log
[2010.02.10 07:19:41 | 000,007,144 | ---- | M] () -- c:\WINDOWS\KB978262.log
[2010.02.10 07:17:46 | 000,011,049 | ---- | M] () -- c:\WINDOWS\KB978706.log
[2007.06.28 09:44:14 | 002,165,760 | R--- | M] (Realtek Semiconductor Corp.) -- c:\WINDOWS\MicCal.exe
[2004.08.18 13:00:00 | 000,001,272 | ---- | M] () -- c:\WINDOWS\Modrá krajka 16.bmp
[2004.08.18 13:00:00 | 000,001,405 | ---- | M] () -- c:\WINDOWS\msdfmap.ini
[2010.02.10 07:19:41 | 000,002,781 | ---- | M] () -- c:\WINDOWS\msgsocm.log
[2004.08.18 13:00:00 | 000,065,978 | ---- | M] () -- c:\WINDOWS\Mýdlové bubliny.bmp
[2004.08.18 13:00:00 | 000,017,336 | ---- | M] () -- c:\WINDOWS\Na rybách.bmp
[2010.01.30 20:36:26 | 000,000,069 | ---- | M] () -- c:\WINDOWS\NeroDigital.ini
[2008.04.14 07:52:40 | 000,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\notepad.exe
[2008.08.04 09:16:57 | 000,000,000 | ---- | M] () -- c:\WINDOWS\nsreg.dat
[2010.02.10 07:19:41 | 000,011,223 | ---- | M] () -- c:\WINDOWS\ntdtcsetup.log
[2010.02.10 07:19:41 | 000,026,604 | ---- | M] () -- c:\WINDOWS\ocgen.log
[2010.02.10 07:19:41 | 000,003,474 | ---- | M] () -- c:\WINDOWS\ocmsn.log
[2009.08.13 13:16:28 | 000,000,390 | ---- | M] () -- c:\WINDOWS\ODBC.INI
[2008.12.17 13:52:45 | 000,004,249 | ---- | M] () -- c:\WINDOWS\ODBCINST.INI
[2004.08.18 13:00:00 | 000,065,832 | ---- | M] () -- c:\WINDOWS\Omítka Santa Fe.bmp
[2010.02.09 12:22:23 | 000,000,340 | ---- | M] () -- c:\WINDOWS\password.klc
[2009.02.24 21:35:48 | 000,000,132 | ---- | M] () -- c:\WINDOWS\picture-shark.INI
[2004.08.18 13:00:00 | 000,065,954 | ---- | M] () -- c:\WINDOWS\Prérijní vítr.bmp
[2008.08.04 12:26:34 | 000,000,124 | ---- | M] () -- c:\WINDOWS\Readiris.ini
[2008.04.14 07:52:44 | 000,147,968 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\regedit.exe
[2008.08.04 07:53:35 | 000,008,192 | ---- | M] () -- c:\WINDOWS\REGLOCS.OLD
[2004.08.18 13:00:00 | 000,017,362 | ---- | M] () -- c:\WINDOWS\Rododendron.bmp
[2008.02.13 07:31:34 | 016,857,600 | R--- | M] (Realtek Semiconductor Corp.) -- c:\WINDOWS\RTHDCPL.exe
[2007.03.23 12:19:10 | 009,715,200 | R--- | M] (Realtek Semiconductor Corp.) -- c:\WINDOWS\RTLCPL.exe
[2007.07.26 10:09:20 | 000,520,192 | R--- | M] (Realtek Semiconductor Corp.) -- c:\WINDOWS\RtlExUpd.dll
[2007.11.07 10:31:38 | 001,191,936 | R--- | M] (Realtek Semiconductor Corp.) -- c:\WINDOWS\RtlUpd.exe
[2010.02.12 07:40:53 | 000,032,590 | ---- | M] () -- c:\WINDOWS\SchedLgU.Txt
[2010.02.10 07:17:40 | 000,000,000 | ---- | M] () -- c:\WINDOWS\setupact.log
[2010.02.10 07:19:41 | 000,015,011 | ---- | M] () -- c:\WINDOWS\setupapi.log
[2010.02.10 07:17:40 | 000,000,000 | ---- | M] () -- c:\WINDOWS\setuperr.log
[2007.11.20 11:15:58 | 001,826,816 | R--- | M] (Realtek Semiconductor Corp.) -- c:\WINDOWS\SkyTel.exe
[2008.04.14 07:52:48 | 000,032,866 | ---- | M] (Smart Link) -- c:\WINDOWS\slrundll.exe
[2006.07.21 09:14:36 | 000,086,016 | R--- | M] (Realtek Semiconductor Corp.) -- c:\WINDOWS\SoundMan.exe
[2006.12.26 01:32:20 | 000,462,848 | ---- | M] () -- c:\WINDOWS\ssndii.exe
[2008.08.04 09:42:13 | 000,000,000 | ---- | M] () -- c:\WINDOWS\Sti_Trace.log
[2010.01.24 18:28:50 | 000,000,267 | ---- | M] () -- c:\WINDOWS\system.ini
[2004.08.18 13:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\TASKMAN.EXE
[2004.08.18 13:00:00 | 000,016,730 | ---- | M] () -- c:\WINDOWS\Textura peří.bmp
[2009.07.17 15:32:05 | 000,008,192 | -HS- | M] () -- c:\WINDOWS\Thumbs.db
[2010.02.10 07:19:41 | 000,021,231 | ---- | M] () -- c:\WINDOWS\tsoc.log
[2004.08.18 13:00:00 | 000,094,784 | ---- | M] (Twain Working Group) -- c:\WINDOWS\twain.dll
[2008.12.18 07:10:57 | 000,000,003 | ---- | M] () -- c:\WINDOWS\Twain001.Mtx
[2008.04.14 07:52:06 | 000,050,688 | ---- | M] (Twain Working Group) -- c:\WINDOWS\twain_32.dll
[2008.12.18 07:10:57 | 000,000,156 | ---- | M] () -- c:\WINDOWS\Twunk001.MTX
[2008.12.17 18:40:27 | 000,000,000 | ---- | M] () -- c:\WINDOWS\Twunk002.MTX
[2004.08.18 13:00:00 | 000,049,680 | ---- | M] (Twain Working Group) -- c:\WINDOWS\twunk_16.exe
[2004.08.18 13:00:00 | 000,025,600 | ---- | M] (Twain Working Group) -- c:\WINDOWS\twunk_32.exe
[1998.02.06 19:37:32 | 000,299,520 | ---- | M] (InstallShield Corporation, Inc.) -- c:\WINDOWS\uninst.exe
[2005.08.30 19:33:38 | 000,000,050 | ---- | M] () -- c:\WINDOWS\UNNeroBackItUp.cfg
[2007.03.20 19:22:04 | 000,972,336 | ---- | M] (Nero AG) -- c:\WINDOWS\UNNeroBackItUp.exe
[2005.09.15 12:35:46 | 000,000,050 | ---- | M] () -- c:\WINDOWS\UNNeroMediaHome.cfg
[2008.01.22 09:14:36 | 000,972,072 | ---- | M] (Nero AG) -- c:\WINDOWS\UNNeroMediaHome.exe
[2005.08.30 19:37:04 | 000,000,050 | ---- | M] () -- c:\WINDOWS\UNNeroShowTime.cfg
[2007.02.28 14:41:02 | 000,972,336 | ---- | M] (Nero AG) -- c:\WINDOWS\UNNeroShowTime.exe
[2005.08.30 19:37:52 | 000,000,050 | ---- | M] () -- c:\WINDOWS\UNNeroVision.cfg
[2007.08.03 12:58:48 | 000,972,072 | ---- | M] (Nero AG) -- c:\WINDOWS\UNNeroVision.exe
[2005.08.30 19:36:38 | 000,000,050 | ---- | M] () -- c:\WINDOWS\UNRecode.cfg
[2007.08.03 13:04:08 | 000,972,072 | ---- | M] (Nero AG) -- c:\WINDOWS\UNRecode.exe
[2010.02.10 07:18:31 | 000,000,523 | ---- | M] () -- c:\WINDOWS\updspapi.log
[2007.11.14 08:18:40 | 000,000,553 | R--- | M] () -- c:\WINDOWS\USetup.iss
[2008.08.04 07:48:25 | 000,000,036 | ---- | M] () -- c:\WINDOWS\vb.ini
[2008.08.04 07:48:25 | 000,000,037 | ---- | M] () -- c:\WINDOWS\vbaddin.ini
[2004.08.18 13:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\vmmreg32.dll
[2009.12.16 13:44:22 | 000,000,130 | ---- | M] () -- c:\WINDOWS\wcx_ftp.ini
[2010.02.12 07:44:08 | 000,000,159 | ---- | M] () -- c:\WINDOWS\wiadebug.log
[2006.12.26 01:32:39 | 000,073,728 | R--- | M] () -- c:\WINDOWS\WiaInst.exe
[2010.02.12 07:44:07 | 000,000,049 | ---- | M] () -- c:\WINDOWS\wiaservc.log
[2010.02.05 12:14:25 | 000,000,596 | ---- | M] () -- c:\WINDOWS\win.ini
[2010.02.11 13:02:13 | 000,006,468 | ---- | M] () -- c:\WINDOWS\WINCMD.INI
[2008.08.04 07:49:59 | 000,000,749 | RH-- | M] () -- c:\WINDOWS\WindowsShell.Manifest
[2010.02.12 07:46:06 | 001,171,995 | ---- | M] () -- c:\WINDOWS\WindowsUpdate.log
[2004.08.18 13:00:00 | 000,256,419 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\winhelp.exe
[2008.04.14 07:52:54 | 000,283,648 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\winhlp32.exe
[2009.03.27 03:22:09 | 000,000,155 | ---- | M] () -- c:\WINDOWS\wininit.ini
[1994.04.19 11:00:00 | 000,000,044 | ---- | M] () -- c:\WINDOWS\WINKOLES.TXT
[2004.08.18 13:00:00 | 000,048,680 | -HS- | M] () -- c:\WINDOWS\winnt.bmp
[2004.08.18 13:00:00 | 000,048,680 | -HS- | M] () -- c:\WINDOWS\winnt256.bmp
[1994.04.19 11:00:00 | 000,000,120 | ---- | M] () -- c:\WINDOWS\WINRESAZ.INI
[2009.01.04 23:19:59 | 000,000,008 | ---- | M] () -- c:\WINDOWS\winsdold.ini
[2004.08.18 13:00:00 | 000,036,582 | ---- | M] () -- c:\WINDOWS\wmprfCSY.prx
[2008.08.04 08:14:08 | 000,316,640 | ---- | M] () -- c:\WINDOWS\WMSysPr9.prx
[2004.08.18 13:00:00 | 000,009,522 | ---- | M] () -- c:\WINDOWS\Zapotec.bmp
[2004.08.18 13:00:00 | 000,026,582 | ---- | M] () -- c:\WINDOWS\Zelený kámen.bmp
[2004.08.18 13:00:00 | 000,017,062 | ---- | M] () -- c:\WINDOWS\Zrnko kávy.bmp
[2004.08.18 13:00:00 | 000,000,707 | ---- | M] () -- c:\windows\_default.pif
[2004.08.18 13:00:00 | 000,026,680 | ---- | M] () -- c:\WINDOWS\Řeka Sumida.bmp
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< c:\windows\*.* /HL >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< c:\windows\*.* /RP >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< End of report >

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-11 23:50:08
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\JIMRVE~1\LOCALS~1\Temp\pwldiuow.sys

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-12 07:51:21
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\JIMRVE~1\LOCALS~1\Temp\pwldiuow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

---- EOF - GMER 1.0.15 ----

sapito · #4 Příspěvek od **sapito** » 12 úno 2010 09:12

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-12 09:11:42
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\JIMRVE~1\LOCALS~1\Temp\pwldiuow.sys

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA11887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA118BFE]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1828] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

---- EOF - GMER 1.0.15 ----

sapito · #5 Příspěvek od **sapito** » 12 úno 2010 11:00

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3621
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

12.2.2010 10:59:40
mbam-log-2010-02-12 (10-59-40).txt

Typ kontroly: Kompletní kontrola (C:\|D:\|E:\|)
Zkontrolované objekty: 286720
Uplynulý čas: 31 minute(s), 27 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\System Volume Information\_restore{82D8084E-B194-4725-9337-9C7DDED9FDCB}\RP296\A0080463.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

#6 Příspěvek od **motji** » 12 úno 2010 12:01

Když čas spravíte, znovu se přetočí?

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

- ComboFix je třeba spustit pod účtem s právy administrátora
-
Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

sapito · #7 Příspěvek od **sapito** » 12 úno 2010 13:57

Moc se omlouvám, ale zapoměl jsem napsat, že popsané příznaky již odezněly. Čas stačilo opravit pouze jednou. PC se již také daří vypínat standardně.

ComboFix 10-02-11.04 - Jiří Mrňávek 12.02.2010 13:49:35.8.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3061.2279 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jiří Mrňávek\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-12 do 2010-02-12 )))))))))))))))))))))))))))))))
.

2010-02-05 07:57 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-04 08:30 . 2010-02-04 08:30 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-04 08:20 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-02-04 08:20 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-02-04 08:20 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-02-04 08:20 . 2010-02-04 08:20 -------- d-----w- c:\windows\Logs
2010-02-04 08:15 . 2010-02-04 08:15 -------- d-----w- c:\program files\Secunia
2010-01-24 20:36 . 2010-01-24 20:36 -------- d-----w- c:\program files\Defraggler

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-09 21:48 . 2009-12-15 21:35 -------- d-----w- c:\program files\trend micro
2010-02-05 12:20 . 2008-08-04 08:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-05 11:15 . 2008-08-04 08:29 -------- d--h--w- c:\program files\Microsoft Works
2010-02-05 10:11 . 2008-08-04 08:16 -------- d--h--w- c:\program files\Microsoft Silverlight
2010-02-04 08:22 . 2008-08-04 08:18 -------- d--h--w- c:\program files\Winamp
2010-01-31 15:05 . 2009-09-03 08:39 -------- d-----w- c:\program files\Common Files\Motive
2010-01-27 12:22 . 2009-03-27 10:31 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-23 20:28 . 2009-12-16 12:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 09:43 . 2008-08-04 08:16 -------- d--h--w- c:\program files\Java
2010-01-07 15:07 . 2009-12-16 12:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-12-16 12:09 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 13:46 . 2009-04-13 14:59 -------- d-----w- c:\program files\GIMP-2.0
2010-01-01 20:43 . 2010-01-01 20:43 -------- d-----w- c:\program files\Wave Editor
2010-01-01 20:43 . 2010-01-01 20:35 -------- d-----w- c:\program files\Free MP3 WMA WAV Converter
2010-01-01 19:34 . 2004-08-18 12:00 79220 ----a-w- c:\windows\system32\perfc005.dat
2010-01-01 19:34 . 2004-08-18 12:00 432272 ----a-w- c:\windows\system32\perfh005.dat
2010-01-01 15:35 . 2010-01-01 15:34 -------- d-----w- c:\program files\Power Sound Editor Free
2010-01-01 15:06 . 2008-08-04 12:49 -------- d-----w- c:\program files\EPSON
2010-01-01 15:06 . 2008-08-04 08:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-31 16:50 . 2004-08-18 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-17 07:42 . 2008-08-04 06:47 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 13:12 . 2008-08-04 08:18 -------- d--h--w- c:\program files\Spybot - Search & Destroy
2009-12-16 13:08 . 2009-03-27 11:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-14 07:10 . 2004-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2004-08-18 12:00 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-18 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-30 06:22 . 2009-11-30 06:22 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-27 17:14 . 2004-08-18 12:00 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2004-08-18 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-18 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2004-08-18 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 16:03 . 2004-08-18 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2008-08-04 12:03 . 2008-08-04 12:03 358 ----a-w- c:\program files\PASSWORD.KLC
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2006-08-16 503808]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-27 788880]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2009-01-16 1473536]
"KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2008-05-30 212992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\Jiýˇ Mrĺ vek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"
"EPSON Stylus Photo R285 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICKE.EXE /FU "c:\windows\TEMP\E_S148.tmp" /EF "HKCU"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" -H

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WinProgs\\TotalCmd\\TOTALCMD.EXE"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27.3.2009 11:01 64288]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 9:04 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [1.7.2008 9:02 468224]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [30.5.2008 1:22 208896]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1181328]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13.11.2009 12:31 92008]
S0 tqhhyw;tqhhyw; [x]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 13:20 12648]
.
Obsah adresáře 'Naplánované úlohy'

2010-02-12 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:22]

2010-02-12 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:22]

2010-02-12 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:22]

2010-02-12 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:22]

2010-02-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.cz.o2.com/welcome/cz/index.html
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Jiří Mrňávek\Data aplikací\Mozilla\Firefox\Profiles\nal3m6zj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-12 13:51
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3416)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-02-12 13:52:22
ComboFix-quarantined-files.txt 2010-02-12 12:52
ComboFix2.txt 2010-01-24 17:29

Před spuštěním: Volných bajtů: 78 445 981 696
Po spuštění: Volných bajtů: 78 444 924 928

- - End Of File - - E75A61A8C1D91023467B25A33EF7AB64

#8 Příspěvek od **motji** » 12 úno 2010 15:52

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše


Driver::
tqhhyw

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

sapito · #9 Příspěvek od **sapito** » 12 úno 2010 20:52

ComboFix 10-02-11.04 - Jiří Mrňávek 12.02.2010 20:22:17.9.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3061.2321 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jiří Mrňávek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jiří Mrňávek\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TQHHYW
-------\Service_tqhhyw

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-12 do 2010-02-12 )))))))))))))))))))))))))))))))
.

2010-02-05 07:57 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-04 08:30 . 2010-02-04 08:30 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-04 08:20 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-02-04 08:20 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-02-04 08:20 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-02-04 08:20 . 2010-02-04 08:20 -------- d-----w- c:\windows\Logs
2010-02-04 08:15 . 2010-02-04 08:15 -------- d-----w- c:\program files\Secunia
2010-01-24 20:36 . 2010-01-24 20:36 -------- d-----w- c:\program files\Defraggler

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-09 21:48 . 2009-12-15 21:35 -------- d-----w- c:\program files\trend micro
2010-02-05 12:20 . 2008-08-04 08:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-05 11:15 . 2008-08-04 08:29 -------- d--h--w- c:\program files\Microsoft Works
2010-02-05 10:11 . 2008-08-04 08:16 -------- d--h--w- c:\program files\Microsoft Silverlight
2010-02-04 08:22 . 2008-08-04 08:18 -------- d--h--w- c:\program files\Winamp
2010-01-31 15:05 . 2009-09-03 08:39 -------- d-----w- c:\program files\Common Files\Motive
2010-01-27 12:22 . 2009-03-27 10:31 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-23 20:28 . 2009-12-16 12:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 09:43 . 2008-08-04 08:16 -------- d--h--w- c:\program files\Java
2010-01-07 15:07 . 2009-12-16 12:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-12-16 12:09 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 13:46 . 2009-04-13 14:59 -------- d-----w- c:\program files\GIMP-2.0
2010-01-01 20:43 . 2010-01-01 20:43 -------- d-----w- c:\program files\Wave Editor
2010-01-01 20:43 . 2010-01-01 20:35 -------- d-----w- c:\program files\Free MP3 WMA WAV Converter
2010-01-01 19:34 . 2004-08-18 12:00 79220 ----a-w- c:\windows\system32\perfc005.dat
2010-01-01 19:34 . 2004-08-18 12:00 432272 ----a-w- c:\windows\system32\perfh005.dat
2010-01-01 15:35 . 2010-01-01 15:34 -------- d-----w- c:\program files\Power Sound Editor Free
2010-01-01 15:06 . 2008-08-04 12:49 -------- d-----w- c:\program files\EPSON
2010-01-01 15:06 . 2008-08-04 08:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-31 16:50 . 2004-08-18 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-17 07:42 . 2008-08-04 06:47 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 13:12 . 2008-08-04 08:18 -------- d--h--w- c:\program files\Spybot - Search & Destroy
2009-12-16 13:08 . 2009-03-27 11:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-14 07:10 . 2004-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2004-08-18 12:00 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-18 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-30 06:22 . 2009-11-30 06:22 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-27 17:14 . 2004-08-18 12:00 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2004-08-18 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-18 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2004-08-18 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 16:03 . 2004-08-18 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2008-08-04 12:03 . 2008-08-04 12:03 358 ----a-w- c:\program files\PASSWORD.KLC
.

((((((((((((((((((((((((((((( SnapShot@2010-02-12_12.51.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-12 19:25 . 2010-02-12 19:25 16384 c:\windows\Temp\Perflib_Perfdata_5c8.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2006-08-16 503808]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-27 788880]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2009-01-16 1473536]
"KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2008-05-30 212992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\Jiýˇ Mrĺ vek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"
"EPSON Stylus Photo R285 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICKE.EXE /FU "c:\windows\TEMP\E_S148.tmp" /EF "HKCU"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" -H

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WinProgs\\TotalCmd\\TOTALCMD.EXE"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27.3.2009 11:01 64288]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 9:04 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [1.7.2008 9:02 468224]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [30.5.2008 1:22 208896]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1181328]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13.11.2009 12:31 92008]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 13:20 12648]
.
Obsah adresáře 'Naplánované úlohy'

2010-02-12 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:22]

2010-02-12 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:22]

2010-02-12 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:22]

2010-02-12 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:22]

2010-02-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.cz.o2.com/welcome/cz/index.html
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Jiří Mrňávek\Data aplikací\Mozilla\Firefox\Profiles\nal3m6zj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-12 20:48
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2588)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Mouse Driver\KMConfig.exe
c:\program files\Mouse Driver\KMProcess.exe
.
**************************************************************************
.
Celkový čas: 2010-02-12 20:50:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-12 19:50
ComboFix2.txt 2010-02-12 12:52
ComboFix3.txt 2010-01-24 17:29

Před spuštěním: Volných bajtů: 78 460 624 896
Po spuštění: Volných bajtů: 78 340 988 928

- - End Of File - - E3A7B64DB49EBE8D58B23B80DC761BEE

#10 Příspěvek od **motji** » 12 úno 2010 21:23

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir

Z mého podpisu stahněte Ccleaner
- ]nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázek

záložka čistič
-- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-- po analýze klikněte na Spustit Ccleaner

Obrázek

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy

ok

zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.

Při použití combofixu byl vypnut autorun - nefunguje automatické spouštění cd rom a pod. Doporučovala bych nechat vypnuté, ale pokud je chcete zapnout, zde je návod

Obrázek

Otevřete si Poznámkový blok a zkopírujte do něj text

Kód: Vybrat vše

Windows Registry Editor Version 5.00 

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDRom] 
"AutoRun"=dword:00000001 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 
"NoDriveTypeAutoRun"=- 
"NoDriveAutoRun"=- 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 
"NoDriveTypeAutoRun"=- 
"NoDriveAutoRun"=- 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 
"NoDriveTypeAutoRun"=- 
"NoDriveAutoRun"=-

-uložte jako (typ: všechny soubory) kde za název souboru zadáte "smazani.reg" bez uvozovek,
-klikněte na uložit,
- pak na soubor standardně 2x klikněte a potvrďte dialogové okno.

Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

sapito · #11 Příspěvek od **sapito** » 12 úno 2010 21:44

Dobrý den, zatím to vypadá rozhodně dobře. Díky za spolupráci.
V případě problémů se na vás rád obrátím.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jiří Mrňávek at 2010-02-12 21:40:19
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 80 GB (80%) free of 100 GB
Total RAM: 3061 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40:27, on 12.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mouse Driver\KMWDSrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\TO2SSM\McciTrayApp.exe
C:\Program Files\Mouse Driver\StartAutorun.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Mouse Driver\KMConfig.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Mouse Driver\KMProcess.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jiří Mrňávek\Plocha\RSIT.exe
C:\Program Files\trend micro\Jiří Mrňávek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cz.o2.com/welcome/cz/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5273334359
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 7037 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-12-18 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe [2006-08-16 503808]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-07-01 1447168]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-09-05 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-09-05 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-09-05 137752]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2010-01-27 788880]
"TO2SSM_McciTrayApp"=C:\Program Files\TO2SSM\McciTrayApp.exe [2009-01-16 1473536]
"KMCONFIG"=C:\Program Files\Mouse Driver\StartAutorun.exe [2008-05-30 212992]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-12-18 40368]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\Jiří Mrňávek\Nabídka Start\Programy\Po spuštění
Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-08-24 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WinProgs\TotalCmd\TOTALCMD.EXE"="C:\WinProgs\TotalCmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-02-12 21:40:19 ----D---- C:\rsit
2010-02-12 21:30:29 ----SHD---- C:\RECYCLER
2010-02-10 07:19:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 07:19:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 07:18:32 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 07:18:29 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 07:18:25 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 07:18:21 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 07:17:49 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 07:17:43 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 07:17:34 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-05 08:57:15 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-02-05 08:57:15 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-02-04 09:30:56 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-02-04 09:27:59 ----D---- C:\Program Files\WinRAR
2010-02-04 09:20:34 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2010-02-04 09:20:33 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2010-02-04 09:20:33 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2010-02-04 09:20:28 ----D---- C:\WINDOWS\Logs
2010-02-04 09:15:23 ----D---- C:\Program Files\Secunia
2010-01-24 21:36:16 ----D---- C:\Program Files\Defraggler
2010-01-14 10:43:31 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-14 10:43:31 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-14 10:43:31 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 months======

2010-02-12 21:40:27 ----D---- C:\Program Files\trend micro
2010-02-12 21:40:20 ----D---- C:\WINDOWS\Temp
2010-02-12 21:39:06 ----SD---- C:\WINDOWS\Tasks
2010-02-12 21:39:06 ----D---- C:\WINDOWS\Prefetch
2010-02-12 21:38:44 ----HD---- C:\Program Files\Mozilla Firefox
2010-02-12 21:38:01 ----D---- C:\WINDOWS
2010-02-12 21:37:44 ----SHD---- C:\System Volume Information
2010-02-12 21:37:44 ----D---- C:\WINDOWS\system32\Restore
2010-02-12 21:36:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-12 21:32:23 ----D---- C:\WINDOWS\Debug
2010-02-12 20:50:28 ----D---- C:\WINDOWS\system32\drivers
2010-02-12 20:49:37 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-12 20:48:43 ----A---- C:\WINDOWS\system.ini
2010-02-12 20:24:24 ----D---- C:\WINDOWS\system32\config
2010-02-12 20:23:34 ----D---- C:\WINDOWS\system32
2010-02-12 20:23:34 ----D---- C:\WINDOWS\AppPatch
2010-02-12 20:23:31 ----HD---- C:\Program Files\Common Files
2010-02-12 11:31:25 ----D---- C:\WINDOWS\SxsCaPendDel
2010-02-11 13:02:13 ----A---- C:\WINDOWS\WINCMD.INI
2010-02-10 07:19:41 ----HD---- C:\WINDOWS\inf
2010-02-10 07:19:38 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-10 07:19:37 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-10 07:18:17 ----SHD---- C:\WINDOWS\Installer
2010-02-10 07:18:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-02-09 11:02:01 ----D---- C:\Documents and Settings\Jiří Mrňávek\Data aplikací\Adobe
2010-02-09 08:59:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-02-06 08:46:01 ----RSD---- C:\WINDOWS\assembly
2010-02-05 13:20:33 ----D---- C:\Program Files\Common Files\Adobe
2010-02-05 13:20:25 ----D---- C:\Program Files\Adobe
2010-02-05 12:15:47 ----D---- C:\WINDOWS\Fonts
2010-02-05 12:15:44 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-05 12:15:21 ----HD---- C:\Program Files\Microsoft Works
2010-02-05 12:14:25 ----D---- C:\Program Files\Common Files\System
2010-02-05 12:14:25 ----A---- C:\WINDOWS\win.ini
2010-02-05 11:11:09 ----HD---- C:\Program Files\Microsoft Silverlight
2010-02-05 09:17:17 ----D---- C:\WINDOWS\WinSxS
2010-02-04 09:49:00 ----D---- C:\WINDOWS\SoftwareDistribution
2010-02-04 09:48:59 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-04 09:27:59 ----D---- C:\Program Files
2010-02-04 09:22:40 ----HD---- C:\Program Files\Winamp
2010-02-04 09:20:35 ----D---- C:\WINDOWS\system32\DirectX
2010-02-01 20:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-31 16:05:09 ----D---- C:\Program Files\Common Files\Motive
2010-01-30 20:36:26 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-28 18:12:47 ----D---- C:\WINDOWS\WBEM
2010-01-27 13:22:17 ----A---- C:\WINDOWS\system32\lsdelete.exe
2010-01-24 11:39:55 ----D---- C:\Documents and Settings\Jiří Mrňávek\Data aplikací\Power Sound Editor Free
2010-01-24 11:39:09 ----D---- C:\temp
2010-01-23 21:28:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-14 10:43:31 ----HD---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-24 5776928]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 KMWDFilter;KMWDFilter; \??\C:\WINDOWS\System32\Drivers\KMWDFilter.SYS []
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
S3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service; C:\Program Files\Mouse Driver\KMWDSrv.exe [2008-05-30 208896]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-04 1181328]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-07-01 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-17 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-11-28 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 RdnaoFlSvc;RdnaoFlSvc; C:\Program Files\rnamfler\naofsvc.exe []

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2010-02-12 21:40:28

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
602XML Filler-->MsiExec.exe /X{D3162DFC-7CA1-47A9-AA00-15BE80E3B1F8}
Ad-Aware-->"C:\Documents and Settings\All Users\Data aplikací\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Data aplikací\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Illustrator CS-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x5
Adobe Reader 8.2.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A82000000003}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Advanced WindowsCare 2.30 Personal-->"C:\Program Files\IObit\Advanced WindowsCare V2\unins000.exe"
Aktualizace zabezpečení systému Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Aktualizace zabezpečení systému Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}\SETUP.EXE" -l0x9 UNINST
Capture NX 2-->C:\Program Files\Nikon\Capture NX 2\uninstall.exe
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Corel Applications-->C:\WINDOWS\Corel\Uninst32.exe
Defraggler (remove only)-->"C:\Program Files\Defraggler\uninst.exe"
Embird 2006-->"C:\Program Files\EMBIRD32\UNINST.EXE"
ESET NOD32 Antivirus-->MsiExec.exe /I{7514727A-3ECA-40A1-A73E-9CF9D8463CB3}
Fotosvet TETA 2-->"C:\Program Files\Teta\Fotosvet TETA 2\uninstall.exe"
GEN-E-SHOP-->C:\WINDOWS\uninst.exe -f"C:\Program Files\GEN-E-SHOP\DeIsL1.isu" -c"C:\Program Files\GEN-E-SHOP\_ISREG32.DLL"
GIMP 2.6.4-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 4.1.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
L&H TTS3000 British English-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSENG.inf, Uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - CSY-->MsiExec.exe /I{129DDEC1-A6A3-3D60-AABE-76E6E5334922}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - CSY-->MsiExec.exe /I{6FE8B722-4D7E-3CD7-BB3A-3AD1684B1295}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack - CSY-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - csy\setup.exe
Microsoft .NET Framework 3.5 Language Pack - csy-->MsiExec.exe /I{74DCC43B-33C9-3389-BD0D-33EB37973657}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {E12F9D31-4025-4BC6-B1B2-AB262C5580B0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170405-6000-11D3-8CFE-0150048383C9}
Microsoft Office Groove MUI (Czech) 2007-->MsiExec.exe /X{90120000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2007-->MsiExec.exe /X{90120000-0044-0405-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {294B4278-CF7B-40B9-86A1-2D3FF0C2C524}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {10EC59E5-9BCE-4884-BB1A-E28627220232}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mouse Driver-->C:\Program Files\InstallShield Installation Information\{55BFC356-5A7B-482F-A213-9ACFDDFF6037}\setup.exe -runfromtemp -l0x0409
Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Nero 7 Essentials-->MsiExec.exe /X{22FB6750-ADDF-4726-B67F-6901E1991029}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
O2 Internet Konfigurator-->C:\Program Files\TO2SSM\unSupportCenter.exe
OpenOffice.org 2.4-->MsiExec.exe /I{C2ED62F4-4F0B-44DF-B630-DD02FD7E8C60}
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
Picture Control Utility-->MsiExec.exe /X{87441A59-5E64-4096-A170-14EFE67200C3}
picture-shark 1.0-->C:\Program Files\picture-shark\UnGins.exe "C:\Program Files\picture-shark\install.log"
Power Sound Editor Free v5.7-->"C:\Program Files\Power Sound Editor Free\unins000.exe"
Quicksys RegDefrag 2.0-->"C:\Program Files\Quicksys\RegDefrag\unins000.exe"
QuickTime Alternative 2.6.0-->"C:\Program Files\QuickTime Alternative\unins000.exe"
Readiris Pro 10-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}\setup.exe" -l0x9
Real Alternative 1.8.2-->"C:\Program Files\Real Alternative\unins000.exe"
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x0005 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x5 -removeonly
Regino v4.5-->"C:\Program Files\Regino v4.5\unins000.exe"
Samsung SCX-4200 Series-->C:\Program Files\SAMSUNG\Samsung SCX-4200 Series\Install\Setup.exe /R
Secunia PSI-->"C:\Program Files\Secunia\PSI\uninstall.exe"
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
SmarThru 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{90F1943D-EA4A-4460-B59F-30023F3BA69A}\Setup.exe" -l0x9 uninstall -l0009
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
TomTom HOME 2.7.3.1894-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Outlook 2007 Junk Email Filter (kb977719)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C0C92202-5215-4EFA-B0B9-B3A0DEABCDF1}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Wave Editor 3.0.3.1-->"C:\Program Files\Wave Editor\unins000.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XMLmind XML Editor Standard Edition 3.5.1 (2006-12-27)-->"C:\Program Files\XMLmind_XML_Editor\unins000.exe"
Zoner Photo Studio 12-->"C:\Program Files\Zoner\Photo Studio 12\unins000.exe" /SILENT

======Security center information======

AV: ESET NOD32 Antivirus 3.0

======System event log======

Computer Name: MRNAVEKJIRI
Event Code: 4226
Message: Došlo k překročení limitu možného počtu souběžných připojení protokolem TCP.

Record Number: 56091
Source Name: Tcpip
Time Written: 20100128213602.000000+060
Event Type: Upozornění
User:

Computer Name: MRNAVEKJIRI
Event Code: 4226
Message: Došlo k překročení limitu možného počtu souběžných připojení protokolem TCP.

Record Number: 56090
Source Name: Tcpip
Time Written: 20100128211030.000000+060
Event Type: Upozornění
User:

Computer Name: MRNAVEKJIRI
Event Code: 7036
Message: Stav služby Služba modelu COM pro zápis na disk CD (IMAPI) byl změněn na: Zastaveno

Record Number: 56089
Source Name: Service Control Manager
Time Written: 20100128204905.000000+060
Event Type: Informace
User:

Computer Name: MRNAVEKJIRI
Event Code: 7036
Message: Stav služby Služba modelu COM pro zápis na disk CD (IMAPI) byl změněn na: Spuštěno

Record Number: 56088
Source Name: Service Control Manager
Time Written: 20100128204859.000000+060
Event Type: Informace
User:

Computer Name: MRNAVEKJIRI
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě Služba modelu COM pro zápis na disk CD (IMAPI) úspěšně odeslán.

Record Number: 56087
Source Name: Service Control Manager
Time Written: 20100128204859.000000+060
Event Type: Informace
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: MRNAVEKJIRI
Event Code: 1800
Message: Služba Centrum zabezpečení systému Windows byla spuštěna.

Record Number: 992
Source Name: SecurityCenter
Time Written: 20090108071816.000000+060
Event Type: Informace
User:

Computer Name: MRNAVEKJIRI
Event Code: 1
Message:
Record Number: 991
Source Name: Bonjour Service
Time Written: 20090108071809.000000+060
Event Type: Informace
User:

Computer Name: MRNAVEKJIRI
Event Code: 1800
Message: Služba Centrum zabezpečení systému Windows byla spuštěna.

Record Number: 990
Source Name: SecurityCenter
Time Written: 20090107070700.000000+060
Event Type: Informace
User:

Computer Name: MRNAVEKJIRI
Event Code: 1
Message:
Record Number: 989
Source Name: Bonjour Service
Time Written: 20090107070653.000000+060
Event Type: Informace
User:

Computer Name: MRNAVEKJIRI
Event Code: 1800
Message: Služba Centrum zabezpečení systému Windows byla spuštěna.

Record Number: 988
Source Name: SecurityCenter
Time Written: 20090106070853.000000+060
Event Type: Informace
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

#12 Příspěvek od **motji** » 12 úno 2010 21:52

Log je v pořádku

.
Kdyby byly problémy, ozvěte se

Není zač

VIRY.CZ

PC nelze vypnout

PC nelze vypnout

Re: PC nelze vypnout

Re: PC nelze vypnout

Re: PC nelze vypnout

Re: PC nelze vypnout

Re: PC nelze vypnout

Re: PC nelze vypnout

Re: PC nelze vypnout

Re: PC nelze vypnout

Re: PC nelze vypnout

Re: PC nelze vypnout

Re: PC nelze vypnout