Opět to nejelo hned napoprvé...
ComboFix 10-03-03.06 - Marek Lukáš 12.03.2010 2:53.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.329 [GMT 1:00]
Spuštěný z: c:\documents and settings\Marek Lukáš\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Marek Lukáš\Plocha\CFScript.txt
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
FILE ::
"e:\NTGLM7X.sys"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Panda Security
c:\program files\Panda Security\Panda Cloud Antivirus\PskTmp\pav2F.tmp
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-12 do 2010-03-12 )))))))))))))))))))))))))))))))
.
2010-03-12 00:50 . 2010-03-12 00:51 -------- d-----w- C:\32788R22FWJFW.4.tmp
2010-03-12 00:49 . 2010-03-12 00:50 -------- d-----w- C:\32788R22FWJFW.3.tmp
2010-03-12 00:48 . 2010-03-12 00:49 -------- d-----w- C:\32788R22FWJFW.2.tmp
2010-03-12 00:48 . 2010-03-12 00:48 -------- d-----w- C:\32788R22FWJFW.1.tmp
2010-03-11 23:32 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-11 23:32 . 2010-03-11 23:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-11 23:32 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-11 22:34 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-11 21:18 . 2010-03-11 21:18 -------- d-----w- c:\program files\IObit
2010-03-05 18:01 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-03-05 18:01 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-03-05 18:01 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip
2010-03-05 18:01 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-03-05 18:01 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-03-05 18:01 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip
2010-03-05 18:01 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-05 18:00 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-05 18:00 . 2009-09-23 15:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-05 17:59 . 2010-02-05 08:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-03-05 17:59 . 2010-03-05 18:01 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-05 17:59 . 2010-03-11 23:15 -------- d-----w- c:\program files\Spyware Doctor
2010-03-04 19:39 . 2010-03-04 19:39 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-03-04 15:03 . 2010-03-04 15:03 -------- d-----w- C:\$AVG
2010-03-04 15:03 . 2010-03-04 15:03 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-04 15:03 . 2010-03-04 15:03 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-04 15:02 . 2010-03-12 00:29 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-04 15:02 . 2010-03-04 15:02 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-04 15:02 . 2010-03-04 15:02 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-03-04 15:02 . 2010-03-04 17:35 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-04 15:02 . 2010-03-04 15:02 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-04 15:02 . 2010-03-04 15:02 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-03-04 15:02 . 2010-03-04 15:02 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-03-03 23:52 . 2010-03-03 23:53 -------- dc-h--w- c:\windows\ie8
2010-03-03 22:47 . 2010-03-04 06:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-11 15:39 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-12 01:57 . 2003-01-02 08:00 5120 ----a-w- c:\windows\system32\drivers\Stdsys.SYS
2010-03-05 22:13 . 2007-03-04 12:00 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-04 15:02 . 2004-06-12 08:01 -------- d-----w- c:\program files\AVG
2010-02-18 22:40 . 2002-09-23 12:00 84398 ----a-w- c:\windows\system32\perfc005.dat
2010-02-18 22:40 . 2002-09-23 12:00 442132 ----a-w- c:\windows\system32\perfh005.dat
2010-01-23 11:06 . 2008-07-01 16:54 -------- d-----w- c:\program files\Common Files\STORMWARE Shared
2010-01-23 11:06 . 2004-05-16 20:26 -------- d-----w- c:\program files\StormWare
2009-12-31 16:50 . 2002-09-23 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2002-09-23 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2004-04-11 14:11 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2002-09-23 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2004-09-24 09:27 . 2004-09-24 09:34 160768 ----a-w- c:\program files\HijackThis.exe
2001-04-30 13:39 . 2004-03-26 21:59 1980033 ----a-w- c:\program files\powarc55.exe
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
--- c:\windows\system32\drivers\Stdsys.SYS ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 5120
Created time: 2003-01-02 08:00
Modified time: 2010-03-12 01:45
MD5: EFB7C5DE3E3665166A2B124BD71F5FE6
SHA1: 66C2BA2BFEEB81551E60EBCDF1B01C4B8D8296A5
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 13:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-01 21898024]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-02-08 2343632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 57344]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-04-22 180269]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 425984]
"SW20"="c:\windows\system32\sw20.exe" [2006-05-18 208896]
"SW24"="c:\windows\system32\sw24.exe" [2006-05-17 69632]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 86016]
"CHotkey"="mHotkey.exe" [2006-12-08 547840]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-5-12 11000]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
WinIRXHelper.lnk - c:\program files\MSI\Media Center Deluxe II\WinIRXHelper.exe [2003-1-2 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-04 15:03 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1\0lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [4.3.2010 16:02 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [4.3.2010 16:02 52872]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5.3.2010 19:00 207280]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4.3.2010 16:02 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4.3.2010 16:02 242696]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [21.2.2008 14:19 6656]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4.3.2010 18:35 308064]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [4.3.2010 16:02 2325816]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [4.3.2010 16:02 5888008]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [5.3.2010 19:01 112592]
R2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [21.2.2008 14:19 28672]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [4.3.2010 16:02 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [4.3.2010 16:02 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [4.3.2010 16:02 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [4.3.2010 16:02 26120]
R3 MouseCap;MouseCapture Driver;c:\windows\system32\drivers\MouseCap.sys [8.8.2005 14:44 6640]
S0 njuxdct;njuxdct; [x]
S0 nseexnil;nseexnil; [x]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [4.3.2010 16:02 369920]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [4.3.2010 16:02 30104]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5.3.2010 18:59 365280]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S4 cdawdm;CDAWDM;c:\windows\system32\DRIVERS\CDAWDM.sys --> c:\windows\system32\DRIVERS\CDAWDM.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
2006-06-01 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8132336687.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.idnes.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: windowsupdate.com
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
DPF: BSC Applet Security - hxxps://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
DPF: BSC Applet Utilities - hxxps://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
DPF: BSC Business Objects - hxxps://ra.internetbanka.cz/ra31/bin/bu ... .99.99.cab
DPF: BSC Java Components Library - hxxps://ra.internetbanka.cz/ra31/bin/jc ... .99.99.cab
DPF: BSC Text Utilities - hxxps://ra.internetbanka.cz/ra31/bin/te ... .99.99.cab
DPF: BSC Utilities - hxxps://ra.internetbanka.cz/ra31/bin/ut ... .99.99.cab
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: GEMINI IBS 31 GECB Applet Security - hxxps://ra.internetbanka.cz/ra31/bin/IB ... .2.0.1.cab
DPF: GEMINI IBS 31 GECB Applet Utilities - hxxps://ra.internetbanka.cz/ra31/bin/IB ... .0.1.0.cab
DPF: GEMINI IBS 32 GEMB Applet Security - hxxps://ib.internetbanka.cz/ibs31/bin/I ... .3.0.0.cab
DPF: GEMINI IBS 32 GEMB Applet Utilities - hxxps://ib.internetbanka.cz/ibs31/bin/I ... .99.99.cab
DPF: IAIK Java Cryptography Extension - hxxps://ra.internetbanka.cz/ra31/bin/IA ... .99.99.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/L ... nstall.cab
FF - ProfilePath - c:\documents and settings\Marek Lukáš\Data aplikací\Mozilla\Firefox\Profiles\ttj135ib.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://www.idnes.cz
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=39&tp=ab&q=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJPI142_04.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-12 03:04
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(744)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
- - - - - - - > 'explorer.exe'(4008)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\SOUNDMAN.EXE
c:\windows\mHotkey.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Netropa\Onscreen Display\OSD.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
.
**************************************************************************
.
Celkový čas: 2010-03-12 03:06:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-12 02:06
ComboFix2.txt 2010-03-12 01:01
ComboFix3.txt 2010-03-05 18:54
Před spuštěním: 8 159 817 728
Po spuštění: 8 121 270 272
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 1693F2FF2C1AC7C876BEF9D7FB546936
Trojan.generic a další.., prosím o pomoc Vyřešeno
Re: Trojan.generic a další.., prosím o pomoc
...a na C:/ byl pouze tento jeden log, žádný další
- Přílohy
-
- ComboFix.zip
- (6.62 KiB) Staženo 15 x
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Trojan.generic a další.., prosím o pomoc
Zajímavé, že to co měl hlavně smazat, nesmazal. 
Zkusíme to ještě jednou.
Měl si vypnutý virtuály a ochrany?
Odinstaluj ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start-Spustit a zadej Combofix[mezera]/uninstall
Stáhni si T-Cleaner ( nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš)
(pozn.Pokud máš AVG nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG, Aviru.)
*****************************************************************************************************************************************
Pak si stáhni nový Combofix podle návodu na Plochu.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:
KillAll::
File::
e:\NTGLM7X.sys
Driver::
njuxdct;njuxdct
njuxdct
nseexnil;nseexnil
nseexnil
SetupNTGLM7X;SetupNTGLM7X
SetupNTGLM7X
Rootkit::
e:\NTGLM7X.sys
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu
Zkusíme to ještě jednou.Měl si vypnutý virtuály a ochrany?
Odinstaluj ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start-Spustit a zadej Combofix[mezera]/uninstall
Stáhni si T-Cleaner ( nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš)
(pozn.Pokud máš AVG nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG, Aviru.)
*****************************************************************************************************************************************
Pak si stáhni nový Combofix podle návodu na Plochu.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:
KillAll::
File::
e:\NTGLM7X.sys
Driver::
njuxdct;njuxdct
njuxdct
nseexnil;nseexnil
nseexnil
SetupNTGLM7X;SetupNTGLM7X
SetupNTGLM7X
Rootkit::
e:\NTGLM7X.sys
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Trojan.generic a další.., prosím o pomoc
ComboFix 10-03-11.02 - Marek Lukáš 12.03.2010 4:02.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.289 [GMT 1:00]
Spuštěný z: c:\documents and settings\Marek Lukáš\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Marek Lukáš\Plocha\CFScript.txt
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
FILE ::
"e:\NTGLM7X.sys"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SETUPNTGLM7X
-------\Service_njuxdct
-------\Service_nseexnil
-------\Service_SetupNTGLM7X
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-12 do 2010-03-12 )))))))))))))))))))))))))))))))
.
2010-03-12 02:12 . 2010-03-12 02:12 6775 ----a-w- C:\ComboFix.zip
2010-03-12 00:50 . 2010-03-12 00:51 -------- d-----w- C:\32788R22FWJFW.4.tmp
2010-03-12 00:49 . 2010-03-12 00:50 -------- d-----w- C:\32788R22FWJFW.3.tmp
2010-03-12 00:48 . 2010-03-12 00:49 -------- d-----w- C:\32788R22FWJFW.2.tmp
2010-03-12 00:48 . 2010-03-12 00:48 -------- d-----w- C:\32788R22FWJFW.1.tmp
2010-03-11 23:32 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-11 23:32 . 2010-03-11 23:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-11 23:32 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-11 22:34 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-11 21:18 . 2010-03-11 21:18 -------- d-----w- c:\program files\IObit
2010-03-05 18:01 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-03-05 18:01 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-03-05 18:01 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip
2010-03-05 18:01 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-03-05 18:01 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-03-05 18:01 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip
2010-03-05 18:01 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-05 18:00 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-05 18:00 . 2009-09-23 15:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-05 17:59 . 2010-02-05 08:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-03-05 17:59 . 2010-03-05 18:01 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-05 17:59 . 2010-03-11 23:15 -------- d-----w- c:\program files\Spyware Doctor
2010-03-04 19:39 . 2010-03-04 19:39 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-03-04 15:03 . 2010-03-04 15:03 -------- d-----w- C:\$AVG
2010-03-04 15:03 . 2010-03-04 15:03 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-04 15:03 . 2010-03-04 15:03 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-04 15:02 . 2010-03-12 00:29 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-04 15:02 . 2010-03-04 15:02 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-04 15:02 . 2010-03-04 15:02 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-03-04 15:02 . 2010-03-04 17:35 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-04 15:02 . 2010-03-04 15:02 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-04 15:02 . 2010-03-04 15:02 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-03-04 15:02 . 2010-03-04 15:02 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-03-03 23:52 . 2010-03-03 23:53 -------- dc-h--w- c:\windows\ie8
2010-03-03 22:47 . 2010-03-04 06:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-11 15:39 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-12 03:13 . 2003-01-02 08:00 5120 ----a-w- c:\windows\system32\drivers\Stdsys.SYS
2010-03-05 22:13 . 2007-03-04 12:00 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-04 15:02 . 2004-06-12 08:01 -------- d-----w- c:\program files\AVG
2010-02-18 22:40 . 2002-09-23 12:00 84398 ----a-w- c:\windows\system32\perfc005.dat
2010-02-18 22:40 . 2002-09-23 12:00 442132 ----a-w- c:\windows\system32\perfh005.dat
2010-01-23 11:06 . 2008-07-01 16:54 -------- d-----w- c:\program files\Common Files\STORMWARE Shared
2010-01-23 11:06 . 2004-05-16 20:26 -------- d-----w- c:\program files\StormWare
2009-12-31 16:50 . 2002-09-23 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2002-09-23 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2004-04-11 14:11 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2002-09-23 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2004-09-24 09:27 . 2004-09-24 09:34 160768 ----a-w- c:\program files\HijackThis.exe
2001-04-30 13:39 . 2004-03-26 21:59 1980033 ----a-w- c:\program files\powarc55.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 13:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-01 21898024]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-02-08 2343632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 57344]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-04-22 180269]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 425984]
"SW20"="c:\windows\system32\sw20.exe" [2006-05-18 208896]
"SW24"="c:\windows\system32\sw24.exe" [2006-05-17 69632]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 86016]
"CHotkey"="mHotkey.exe" [2006-12-08 547840]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-5-12 11000]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
WinIRXHelper.lnk - c:\program files\MSI\Media Center Deluxe II\WinIRXHelper.exe [2003-1-2 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-04 15:03 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1\0lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [4.3.2010 16:02 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [4.3.2010 16:02 52872]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5.3.2010 19:00 207280]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4.3.2010 16:02 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4.3.2010 16:02 242696]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [21.2.2008 14:19 6656]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4.3.2010 18:35 308064]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [4.3.2010 16:02 2325816]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [4.3.2010 16:02 5888008]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [5.3.2010 19:01 112592]
R2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [21.2.2008 14:19 28672]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [4.3.2010 16:02 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [4.3.2010 16:02 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [4.3.2010 16:02 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [4.3.2010 16:02 26120]
R3 MouseCap;MouseCapture Driver;c:\windows\system32\drivers\MouseCap.sys [8.8.2005 14:44 6640]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [4.3.2010 16:02 369920]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [4.3.2010 16:02 30104]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5.3.2010 18:59 365280]
S4 cdawdm;CDAWDM;c:\windows\system32\DRIVERS\CDAWDM.sys --> c:\windows\system32\DRIVERS\CDAWDM.sys [?]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - CRYSTALSYSINFO
.
Obsah adresáře 'Naplánované úlohy'
2010-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
2006-06-01 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8132336687.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.idnes.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: windowsupdate.com
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
DPF: BSC Applet Security - hxxps://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
DPF: BSC Applet Utilities - hxxps://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
DPF: BSC Business Objects - hxxps://ra.internetbanka.cz/ra31/bin/bu ... .99.99.cab
DPF: BSC Java Components Library - hxxps://ra.internetbanka.cz/ra31/bin/jc ... .99.99.cab
DPF: BSC Text Utilities - hxxps://ra.internetbanka.cz/ra31/bin/te ... .99.99.cab
DPF: BSC Utilities - hxxps://ra.internetbanka.cz/ra31/bin/ut ... .99.99.cab
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: GEMINI IBS 31 GECB Applet Security - hxxps://ra.internetbanka.cz/ra31/bin/IB ... .2.0.1.cab
DPF: GEMINI IBS 31 GECB Applet Utilities - hxxps://ra.internetbanka.cz/ra31/bin/IB ... .0.1.0.cab
DPF: GEMINI IBS 32 GEMB Applet Security - hxxps://ib.internetbanka.cz/ibs31/bin/I ... .3.0.0.cab
DPF: GEMINI IBS 32 GEMB Applet Utilities - hxxps://ib.internetbanka.cz/ibs31/bin/I ... .99.99.cab
DPF: IAIK Java Cryptography Extension - hxxps://ra.internetbanka.cz/ra31/bin/IA ... .99.99.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/L ... nstall.cab
FF - ProfilePath - c:\documents and settings\Marek Lukáš\Data aplikací\Mozilla\Firefox\Profiles\ttj135ib.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://www.idnes.cz
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=39&tp=ab&q=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJPI142_04.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-12 04:14
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(740)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
- - - - - - - > 'explorer.exe'(192)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\mHotkey.exe
c:\program files\Netropa\Onscreen Display\OSD.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\program files\Skype\Plugin Manager\SkypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-03-12 04:23:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-12 03:23
Před spuštěním: Volných bajtů: 10 431 025 152
Po spuštění: Volných bajtů: 10 269 102 080
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - BF9D8321437E6130A1F466ED4D14748A
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.289 [GMT 1:00]
Spuštěný z: c:\documents and settings\Marek Lukáš\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Marek Lukáš\Plocha\CFScript.txt
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
FILE ::
"e:\NTGLM7X.sys"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SETUPNTGLM7X
-------\Service_njuxdct
-------\Service_nseexnil
-------\Service_SetupNTGLM7X
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-12 do 2010-03-12 )))))))))))))))))))))))))))))))
.
2010-03-12 02:12 . 2010-03-12 02:12 6775 ----a-w- C:\ComboFix.zip
2010-03-12 00:50 . 2010-03-12 00:51 -------- d-----w- C:\32788R22FWJFW.4.tmp
2010-03-12 00:49 . 2010-03-12 00:50 -------- d-----w- C:\32788R22FWJFW.3.tmp
2010-03-12 00:48 . 2010-03-12 00:49 -------- d-----w- C:\32788R22FWJFW.2.tmp
2010-03-12 00:48 . 2010-03-12 00:48 -------- d-----w- C:\32788R22FWJFW.1.tmp
2010-03-11 23:32 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-11 23:32 . 2010-03-11 23:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-11 23:32 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-11 22:34 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-11 21:18 . 2010-03-11 21:18 -------- d-----w- c:\program files\IObit
2010-03-05 18:01 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-03-05 18:01 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-03-05 18:01 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip
2010-03-05 18:01 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-03-05 18:01 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-03-05 18:01 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip
2010-03-05 18:01 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-05 18:00 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-05 18:00 . 2009-09-23 15:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-05 17:59 . 2010-02-05 08:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-03-05 17:59 . 2010-03-05 18:01 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-05 17:59 . 2010-03-11 23:15 -------- d-----w- c:\program files\Spyware Doctor
2010-03-04 19:39 . 2010-03-04 19:39 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-03-04 15:03 . 2010-03-04 15:03 -------- d-----w- C:\$AVG
2010-03-04 15:03 . 2010-03-04 15:03 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-04 15:03 . 2010-03-04 15:03 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-04 15:02 . 2010-03-12 00:29 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-04 15:02 . 2010-03-04 15:02 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-04 15:02 . 2010-03-04 15:02 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-03-04 15:02 . 2010-03-04 17:35 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-04 15:02 . 2010-03-04 15:02 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-04 15:02 . 2010-03-04 15:02 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-03-04 15:02 . 2010-03-04 15:02 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-03-03 23:52 . 2010-03-03 23:53 -------- dc-h--w- c:\windows\ie8
2010-03-03 22:47 . 2010-03-04 06:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-11 15:39 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-12 03:13 . 2003-01-02 08:00 5120 ----a-w- c:\windows\system32\drivers\Stdsys.SYS
2010-03-05 22:13 . 2007-03-04 12:00 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-04 15:02 . 2004-06-12 08:01 -------- d-----w- c:\program files\AVG
2010-02-18 22:40 . 2002-09-23 12:00 84398 ----a-w- c:\windows\system32\perfc005.dat
2010-02-18 22:40 . 2002-09-23 12:00 442132 ----a-w- c:\windows\system32\perfh005.dat
2010-01-23 11:06 . 2008-07-01 16:54 -------- d-----w- c:\program files\Common Files\STORMWARE Shared
2010-01-23 11:06 . 2004-05-16 20:26 -------- d-----w- c:\program files\StormWare
2009-12-31 16:50 . 2002-09-23 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2002-09-23 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2004-04-11 14:11 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2002-09-23 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2004-09-24 09:27 . 2004-09-24 09:34 160768 ----a-w- c:\program files\HijackThis.exe
2001-04-30 13:39 . 2004-03-26 21:59 1980033 ----a-w- c:\program files\powarc55.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 13:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-01 21898024]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-02-08 2343632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 57344]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-04-22 180269]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 425984]
"SW20"="c:\windows\system32\sw20.exe" [2006-05-18 208896]
"SW24"="c:\windows\system32\sw24.exe" [2006-05-17 69632]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 86016]
"CHotkey"="mHotkey.exe" [2006-12-08 547840]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-5-12 11000]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
WinIRXHelper.lnk - c:\program files\MSI\Media Center Deluxe II\WinIRXHelper.exe [2003-1-2 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-04 15:03 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1\0lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [4.3.2010 16:02 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [4.3.2010 16:02 52872]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5.3.2010 19:00 207280]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4.3.2010 16:02 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4.3.2010 16:02 242696]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [21.2.2008 14:19 6656]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4.3.2010 18:35 308064]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [4.3.2010 16:02 2325816]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [4.3.2010 16:02 5888008]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [5.3.2010 19:01 112592]
R2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [21.2.2008 14:19 28672]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [4.3.2010 16:02 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [4.3.2010 16:02 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [4.3.2010 16:02 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [4.3.2010 16:02 26120]
R3 MouseCap;MouseCapture Driver;c:\windows\system32\drivers\MouseCap.sys [8.8.2005 14:44 6640]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [4.3.2010 16:02 369920]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [4.3.2010 16:02 30104]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5.3.2010 18:59 365280]
S4 cdawdm;CDAWDM;c:\windows\system32\DRIVERS\CDAWDM.sys --> c:\windows\system32\DRIVERS\CDAWDM.sys [?]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - CRYSTALSYSINFO
.
Obsah adresáře 'Naplánované úlohy'
2010-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
2006-06-01 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8132336687.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.idnes.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: windowsupdate.com
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
DPF: BSC Applet Security - hxxps://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
DPF: BSC Applet Utilities - hxxps://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
DPF: BSC Business Objects - hxxps://ra.internetbanka.cz/ra31/bin/bu ... .99.99.cab
DPF: BSC Java Components Library - hxxps://ra.internetbanka.cz/ra31/bin/jc ... .99.99.cab
DPF: BSC Text Utilities - hxxps://ra.internetbanka.cz/ra31/bin/te ... .99.99.cab
DPF: BSC Utilities - hxxps://ra.internetbanka.cz/ra31/bin/ut ... .99.99.cab
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: GEMINI IBS 31 GECB Applet Security - hxxps://ra.internetbanka.cz/ra31/bin/IB ... .2.0.1.cab
DPF: GEMINI IBS 31 GECB Applet Utilities - hxxps://ra.internetbanka.cz/ra31/bin/IB ... .0.1.0.cab
DPF: GEMINI IBS 32 GEMB Applet Security - hxxps://ib.internetbanka.cz/ibs31/bin/I ... .3.0.0.cab
DPF: GEMINI IBS 32 GEMB Applet Utilities - hxxps://ib.internetbanka.cz/ibs31/bin/I ... .99.99.cab
DPF: IAIK Java Cryptography Extension - hxxps://ra.internetbanka.cz/ra31/bin/IA ... .99.99.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/L ... nstall.cab
FF - ProfilePath - c:\documents and settings\Marek Lukáš\Data aplikací\Mozilla\Firefox\Profiles\ttj135ib.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://www.idnes.cz
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=39&tp=ab&q=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJPI142_04.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-12 04:14
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(740)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
- - - - - - - > 'explorer.exe'(192)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\mHotkey.exe
c:\program files\Netropa\Onscreen Display\OSD.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\program files\Skype\Plugin Manager\SkypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-03-12 04:23:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-12 03:23
Před spuštěním: Volných bajtů: 10 431 025 152
Po spuštění: Volných bajtů: 10 269 102 080
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - BF9D8321437E6130A1F466ED4D14748A
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Trojan.generic a další.., prosím o pomoc
Odinstaluj ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start-Spustit a zadej Combofix[mezera]/uninstall
Stáhni si T-Cleaner ( nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš)
(pozn.Pokud máš AVG nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG, Aviru.)
*****************************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All. Zatrhni LOP Check a Purity Check. File age změň na 14 days. Všechny ostatní nastavení ponech jak jsou. Klikni na Run Scan. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj
ComboFix se odinstaluje takto:
Start-Spustit a zadej Combofix[mezera]/uninstall
Stáhni si T-Cleaner ( nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš)
(pozn.Pokud máš AVG nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG, Aviru.)
*****************************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All. Zatrhni LOP Check a Purity Check. File age změň na 14 days. Všechny ostatní nastavení ponech jak jsou. Klikni na Run Scan. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Trojan.generic a další.., prosím o pomoc
OTL Extras logfile created on: 12.3.2010 4:48:57 - Run 1
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Marek Lukáš\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
511.00 Mb Total Physical Memory | 227.00 Mb Available Physical Memory | 44.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 9.81 Gb Free Space | 33.47% Space Free | Partition Type: NTFS
Drive D: | 85.19 Gb Total Space | 63.93 Gb Free Space | 75.04% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ML
Current User Name: Marek Lukáš
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0208A7E3-0D30-11D4-A1FC-00508B9D1BA2}" = Office Keyboard
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
"{12808370-8A8B-4A0A-8A96-385C309A58D6}" = MSI Media Center Deluxe II
"{1908DC6F-D3ED-43CA-BAC0-EB4BD98540BC}" = PROFIS Anchor v1.4.8
"{1A91D1FA-B9B3-4556-9878-5C61059A19B2}" = InterVideo WinDVDX
"{295D586F-B03A-458D-9376-6C44CC384EE2}" = STORMWARE POHODA CZ
"{2FFA4F8E-8D11-4A0C-9C58-4BD03B51DDDA}_is1" = Jízdní řád ČD 2009/2010
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{450063AA-643B-417C-8CF5-405BA3F4EF40}" = Autodesk Design Review 2009
"{4F896DE0-EF26-11D5-BBEC-00D0B740900A}" = Multimedia keyboard driver
"{5081528F-5DD5-49BA-8213-9A6A13502497}" = Sentinel System Driver 5.41.1 (32-bit)
"{54556F60-1B2C-4A3E-A486-32A633039212}" = SCIA ESA PT
"{5783F2D7-5004-0405-0002-0060B0CE6BBA}" = Autodesk Architectural Desktop 2007 - Český
"{57CE6967-9D53-46D4-849D-88683655828C}" = Schöck Isokorb® KST
"{5A8D3524-79DB-11D5-99D1-00010256D40E}" = SD Viewer for DSC
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = Zpracování fotografií a obrázků HP 2.0 - All-in-One ovladač
"{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F947BFE-C2DF-4779-9909-5BEE746BD0C4}" = Microsoft .NET Framework 2.0 Language Pack - CSY
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89AD2814-AFA2-46AF-AE53-C27196D9FBE6}" = InterVideo WinDVRX
"{91130405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = Zpracování fotografií a obrázků HP 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}" = ArcSoft Software Suite
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel(R) PROSet
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF474A34-2E78-4243-8F01-8E4003EE6248}" = MetSPEC10WM
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DED66C47-1FB1-4554-8D6C-307CF043F6DA}" = STORMWARE POHODA CZ Mini
"{E22DFF40-C8CA-11D3-8636-0000B48041BA}" = Statický výpočet POROTHERM stropu
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 4.32
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AFCB" = AFCB
"AFCC" = AFCC
"Aladdin Ghostscript Fonts" = Aladdin Ghostscript Fonts
"Autodesk Design Review 2009" = Autodesk Design Review 2009
"AVG9Uninstall" = AVG 9.0
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"CfM" = Colorific
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Enable S3 for USB Device" = Enable S3 for USB Device
"EURO-NX-EC1-DEMO" = EURO-NX-EC1-DEMO
"Fine FireResistance 1.0" = Požární odolnost (pouze odstranit)
"Fine HeatTransfer 1.0" = Přestup tepla (pouze odstranit)
"Fine ParamTTCurve 1.0" = Parametrická teplotní křivka (pouze odstranit)
"FINE Wberger 3.0" = Zdivo POROTHERM (pouze odstranit)
"FIRE-NX 810 Pomocné výpočty" = FIRE-NX 810 Pomocné výpočty
"HijackThis" = HijackThis 1.99.1
"HP PSC 1200 Series" = Zpracování fotografií a obrázkù HP 2.0 - PSC 1200 Series
"hp psc 1200 series_Driver" = hp psc 1200 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - CSY" = Microsoft .NET Framework 2.0 Language Pack - CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NEXIS32 3.100.121" = IDA NEXIS 32 rel. 3.10
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers
"PDFCreator Toolbar" = PDFCreator Toolbar
"PDFTools_is1" = PDFTools Version 1.2 (09/28/2006)
"PPTView97" = Microsoft PowerPoint Viewer 97
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer
"ShockwaveFlash" = Macromedia Flash Player 8
"Spyware Doctor" = Spyware Doctor 7.0
"STORMWARE PDF Printer_is1" = STORMWARE PDF Printer 5.0.0.614
"True Internet Color" = Color Indicator
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Verdict Free" = Slovník Verdict Free
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.2.2010 17:46:37 | Computer Name = ML | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace WINWORD.EXE, verze 11.0.8313.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 3.3.2010 15:56:09 | Computer Name = ML | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace Ad-Aware.exe, verze 7.1.0.10, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 4.3.2010 17:01:44 | Computer Name = ML | Source = ESENT | ID = 490
Description = svchost (1004) Pokus o otevření souboru C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
pro čtení nebo zápis se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces
nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření
souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).
Error - 5.3.2010 13:51:44 | Computer Name = ML | Source = ESENT | ID = 490
Description = svchost (1016) Pokus o otevření souboru C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
pro čtení nebo zápis se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces
nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření
souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).
Error - 5.3.2010 13:55:01 | Computer Name = ML | Source = ESENT | ID = 490
Description = svchost (1016) Pokus o otevření souboru C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
pro čtení nebo zápis se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces
nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření
souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).
Error - 5.3.2010 13:55:01 | Computer Name = ML | Source = ESENT | ID = 470
Description = Catalog Database (1016) Databáze C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
je částečně připojena. Fáze připojení: 3. Chyba: -1032
Error - 5.3.2010 16:36:03 | Computer Name = ML | Source = ESENT | ID = 490
Description = svchost (1016) Pokus o otevření souboru C:\WINDOWS\system32\CatRoot2\edb.chk
pro čtení nebo zápis se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces
nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření
souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).
Error - 5.3.2010 16:36:03 | Computer Name = ML | Source = ESENT | ID = 439
Description = Catalog Database (1016) Pro soubor C:\WINDOWS\system32\CatRoot2\edb.chk
nelze zapsat stínové záhlaví. Chyba -1032
Error - 11.3.2010 20:24:07 | Computer Name = ML | Source = Application Error | ID = 1000
Description = Chybující aplikace teatimer.exe, verze 1.6.6.32, chybující modul teatimer.exe,
verze 1.6.6.32, adresa chyby 0x0006e66e.
Error - 11.3.2010 20:47:36 | Computer Name = ML | Source = Application Error | ID = 1000
Description = Chybující aplikace teatimer.exe, verze 1.6.6.32, chybující modul teatimer.exe,
verze 1.6.6.32, adresa chyby 0x0006e66e.
[ System Events ]
Error - 11.3.2010 23:02:24 | Computer Name = ML | Source = Service Control Manager | ID = 7034
Description = Služba Netropa NHK Server byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 11.3.2010 23:02:44 | Computer Name = ML | Source = Service Control Manager | ID = 7034
Description = Služba Inkjet Printer/Scanner Extended Survey Program byla neočekávaně
ukončena. Tento stav nastal již 1krát.
Error - 11.3.2010 23:02:44 | Computer Name = ML | Source = Service Control Manager | ID = 7034
Description = Služba Služba brány aplikačního rozhraní byla neočekávaně ukončena.
Tento stav nastal již 1krát.
Error - 11.3.2010 23:02:44 | Computer Name = ML | Source = Service Control Manager | ID = 7034
Description = Služba Zařazování tisku byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 11.3.2010 23:02:44 | Computer Name = ML | Source = Service Control Manager | ID = 7034
Description = Služba Lavasoft Ad-Aware Service byla neočekávaně ukončena. Tento
stav nastal již 1krát.
Error - 11.3.2010 23:02:44 | Computer Name = ML | Source = Service Control Manager | ID = 7034
Description = Služba NVIDIA Display Driver Service byla neočekávaně ukončena. Tento
stav nastal již 1krát.
Error - 11.3.2010 23:02:44 | Computer Name = ML | Source = Service Control Manager | ID = 7034
Description = Služba Machine Debug Manager byla neočekávaně ukončena. Tento stav
nastal již 1krát.
Error - 11.3.2010 23:02:44 | Computer Name = ML | Source = Service Control Manager | ID = 7034
Description = Služba Browser Defender Update Service byla neočekávaně ukončena.
Tento stav nastal již 1krát.
Error - 11.3.2010 23:10:53 | Computer Name = ML | Source = PlugPlayManager | ID = 11
Description = Zařízení Root\LEGACY_SETUPNTGLM7X\0000 se již v systému nenachází,
přestože nebylo nejdříve připraveno k odebrání.
Error - 11.3.2010 23:13:11 | Computer Name = ML | Source = Service Control Manager | ID = 7000
Description = Služba DS1410D neuspěla při spuštění v důsledku následující chyby:
%%2
< End of report >
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Marek Lukáš\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
511.00 Mb Total Physical Memory | 227.00 Mb Available Physical Memory | 44.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 9.81 Gb Free Space | 33.47% Space Free | Partition Type: NTFS
Drive D: | 85.19 Gb Total Space | 63.93 Gb Free Space | 75.04% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ML
Current User Name: Marek Lukáš
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0208A7E3-0D30-11D4-A1FC-00508B9D1BA2}" = Office Keyboard
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
"{12808370-8A8B-4A0A-8A96-385C309A58D6}" = MSI Media Center Deluxe II
"{1908DC6F-D3ED-43CA-BAC0-EB4BD98540BC}" = PROFIS Anchor v1.4.8
"{1A91D1FA-B9B3-4556-9878-5C61059A19B2}" = InterVideo WinDVDX
"{295D586F-B03A-458D-9376-6C44CC384EE2}" = STORMWARE POHODA CZ
"{2FFA4F8E-8D11-4A0C-9C58-4BD03B51DDDA}_is1" = Jízdní řád ČD 2009/2010
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{450063AA-643B-417C-8CF5-405BA3F4EF40}" = Autodesk Design Review 2009
"{4F896DE0-EF26-11D5-BBEC-00D0B740900A}" = Multimedia keyboard driver
"{5081528F-5DD5-49BA-8213-9A6A13502497}" = Sentinel System Driver 5.41.1 (32-bit)
"{54556F60-1B2C-4A3E-A486-32A633039212}" = SCIA ESA PT
"{5783F2D7-5004-0405-0002-0060B0CE6BBA}" = Autodesk Architectural Desktop 2007 - Český
"{57CE6967-9D53-46D4-849D-88683655828C}" = Schöck Isokorb® KST
"{5A8D3524-79DB-11D5-99D1-00010256D40E}" = SD Viewer for DSC
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = Zpracování fotografií a obrázků HP 2.0 - All-in-One ovladač
"{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F947BFE-C2DF-4779-9909-5BEE746BD0C4}" = Microsoft .NET Framework 2.0 Language Pack - CSY
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89AD2814-AFA2-46AF-AE53-C27196D9FBE6}" = InterVideo WinDVRX
"{91130405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = Zpracování fotografií a obrázků HP 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}" = ArcSoft Software Suite
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel(R) PROSet
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF474A34-2E78-4243-8F01-8E4003EE6248}" = MetSPEC10WM
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DED66C47-1FB1-4554-8D6C-307CF043F6DA}" = STORMWARE POHODA CZ Mini
"{E22DFF40-C8CA-11D3-8636-0000B48041BA}" = Statický výpočet POROTHERM stropu
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 4.32
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AFCB" = AFCB
"AFCC" = AFCC
"Aladdin Ghostscript Fonts" = Aladdin Ghostscript Fonts
"Autodesk Design Review 2009" = Autodesk Design Review 2009
"AVG9Uninstall" = AVG 9.0
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"CfM" = Colorific
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Enable S3 for USB Device" = Enable S3 for USB Device
"EURO-NX-EC1-DEMO" = EURO-NX-EC1-DEMO
"Fine FireResistance 1.0" = Požární odolnost (pouze odstranit)
"Fine HeatTransfer 1.0" = Přestup tepla (pouze odstranit)
"Fine ParamTTCurve 1.0" = Parametrická teplotní křivka (pouze odstranit)
"FINE Wberger 3.0" = Zdivo POROTHERM (pouze odstranit)
"FIRE-NX 810 Pomocné výpočty" = FIRE-NX 810 Pomocné výpočty
"HijackThis" = HijackThis 1.99.1
"HP PSC 1200 Series" = Zpracování fotografií a obrázkù HP 2.0 - PSC 1200 Series
"hp psc 1200 series_Driver" = hp psc 1200 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - CSY" = Microsoft .NET Framework 2.0 Language Pack - CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NEXIS32 3.100.121" = IDA NEXIS 32 rel. 3.10
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers
"PDFCreator Toolbar" = PDFCreator Toolbar
"PDFTools_is1" = PDFTools Version 1.2 (09/28/2006)
"PPTView97" = Microsoft PowerPoint Viewer 97
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer
"ShockwaveFlash" = Macromedia Flash Player 8
"Spyware Doctor" = Spyware Doctor 7.0
"STORMWARE PDF Printer_is1" = STORMWARE PDF Printer 5.0.0.614
"True Internet Color" = Color Indicator
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Verdict Free" = Slovník Verdict Free
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.2.2010 17:46:37 | Computer Name = ML | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace WINWORD.EXE, verze 11.0.8313.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 3.3.2010 15:56:09 | Computer Name = ML | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace Ad-Aware.exe, verze 7.1.0.10, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 4.3.2010 17:01:44 | Computer Name = ML | Source = ESENT | ID = 490
Description = svchost (1004) Pokus o otevření souboru C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
pro čtení nebo zápis se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces
nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření
souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).
Error - 5.3.2010 13:51:44 | Computer Name = ML | Source = ESENT | ID = 490
Description = svchost (1016) Pokus o otevření souboru C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
pro čtení nebo zápis se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces
nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření
souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).
Error - 5.3.2010 13:55:01 | Computer Name = ML | Source = ESENT | ID = 490
Description = svchost (1016) Pokus o otevření souboru C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
pro čtení nebo zápis se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces
nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření
souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).
Error - 5.3.2010 13:55:01 | Computer Name = ML | Source = ESENT | ID = 470
Description = Catalog Database (1016) Databáze C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
je částečně připojena. Fáze připojení: 3. Chyba: -1032
Error - 5.3.2010 16:36:03 | Computer Name = ML | Source = ESENT | ID = 490
Description = svchost (1016) Pokus o otevření souboru C:\WINDOWS\system32\CatRoot2\edb.chk
pro čtení nebo zápis se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces
nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření
souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).
Error - 5.3.2010 16:36:03 | Computer Name = ML | Source = ESENT | ID = 439
Description = Catalog Database (1016) Pro soubor C:\WINDOWS\system32\CatRoot2\edb.chk
nelze zapsat stínové záhlaví. Chyba -1032
Error - 11.3.2010 20:24:07 | Computer Name = ML | Source = Application Error | ID = 1000
Description = Chybující aplikace teatimer.exe, verze 1.6.6.32, chybující modul teatimer.exe,
verze 1.6.6.32, adresa chyby 0x0006e66e.
Error - 11.3.2010 20:47:36 | Computer Name = ML | Source = Application Error | ID = 1000
Description = Chybující aplikace teatimer.exe, verze 1.6.6.32, chybující modul teatimer.exe,
verze 1.6.6.32, adresa chyby 0x0006e66e.
[ System Events ]
Error - 11.3.2010 23:02:24 | Computer Name = ML | Source = Service Control Manager | ID = 7034
Description = Služba Netropa NHK Server byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 11.3.2010 23:02:44 | Computer Name = ML | Source = Service Control Manager | ID = 7034
Description = Služba Inkjet Printer/Scanner Extended Survey Program byla neočekávaně
ukončena. Tento stav nastal již 1krát.
Error - 11.3.2010 23:02:44 | Computer Name = ML | Source = Service Control Manager | ID = 7034
Description = Služba Služba brány aplikačního rozhraní byla neočekávaně ukončena.
Tento stav nastal již 1krát.
Error - 11.3.2010 23:02:44 | Computer Name = ML | Source = Service Control Manager | ID = 7034
Description = Služba Zařazování tisku byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 11.3.2010 23:02:44 | Computer Name = ML | Source = Service Control Manager | ID = 7034
Description = Služba Lavasoft Ad-Aware Service byla neočekávaně ukončena. Tento
stav nastal již 1krát.
Error - 11.3.2010 23:02:44 | Computer Name = ML | Source = Service Control Manager | ID = 7034
Description = Služba NVIDIA Display Driver Service byla neočekávaně ukončena. Tento
stav nastal již 1krát.
Error - 11.3.2010 23:02:44 | Computer Name = ML | Source = Service Control Manager | ID = 7034
Description = Služba Machine Debug Manager byla neočekávaně ukončena. Tento stav
nastal již 1krát.
Error - 11.3.2010 23:02:44 | Computer Name = ML | Source = Service Control Manager | ID = 7034
Description = Služba Browser Defender Update Service byla neočekávaně ukončena.
Tento stav nastal již 1krát.
Error - 11.3.2010 23:10:53 | Computer Name = ML | Source = PlugPlayManager | ID = 11
Description = Zařízení Root\LEGACY_SETUPNTGLM7X\0000 se již v systému nenachází,
přestože nebylo nejdříve připraveno k odebrání.
Error - 11.3.2010 23:13:11 | Computer Name = ML | Source = Service Control Manager | ID = 7000
Description = Služba DS1410D neuspěla při spuštění v důsledku následující chyby:
%%2
< End of report >
Re: Trojan.generic a další.., prosím o pomoc
OTL logfile created on: 12.3.2010 4:48:57 - Run 1
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Marek Lukáš\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
511.00 Mb Total Physical Memory | 227.00 Mb Available Physical Memory | 44.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 9.81 Gb Free Space | 33.47% Space Free | Partition Type: NTFS
Drive D: | 85.19 Gb Total Space | 63.93 Gb Free Space | 75.04% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ML
Current User Name: Marek Lukáš
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Marek Lukáš\Plocha\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\32788R22FWJFW\n.pif (NirSoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\WINDOWS\mHotkey.exe ()
PRC - C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe (Netropa Corp.)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\MSI\Media Center Deluxe II\WinIRXHelper.exe ()
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Netropa\Onscreen Display\osd.exe (Netropa Corp.)
PRC - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe ()
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Marek Lukáš\Plocha\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws9) -- C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel(R) Corporation)
SRV - (nhksrv) -- C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe ()
========== Driver Services (SafeList) ==========
DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSErHrxpx) -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriverxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilterxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShimxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (NTACCESS) -- C:\WINDOWS\system32\Ntaccess.sys (Your Corporation)
DRV - (Amusbprt) -- C:\WINDOWS\system32\drivers\amusbprt.sys (A4Tech Co.,Ltd.)
DRV - (Amfilter) -- C:\WINDOWS\system32\drivers\Amfilter.sys (A4Tech Co.,Ltd.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (MouseCap) -- C:\WINDOWS\system32\drivers\MouseCap.sys ()
DRV - (Moufiltr) -- C:\WINDOWS\system32\drivers\Moufiltr.sys (Windows (R) 2000 DDK provider)
DRV - (U3sHlpDr) -- C:\WINDOWS\system32\drivers\U3sHlpDr.sys ()
DRV - (CrystalSysInfo) -- C:\WINDOWS\system32\sysinfo.sys ()
DRV - (AFS2K) -- C:\WINDOWS\system32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)
DRV - (SNTNLUSB) -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.)
DRV - (DumaNT) -- C:\WINDOWS\system32\drivers\dumant.sys (NVIDIA Corporation)
DRV - (hsf_msft) -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys (Conexant)
DRV - (V124) -- C:\WINDOWS\system32\drivers\HSF_V124.sys (Conexant)
DRV - (K56) -- C:\WINDOWS\system32\drivers\HSF_K56K.sys (Conexant)
DRV - (Fallback) -- C:\WINDOWS\system32\drivers\HSF_FALL.sys (Conexant)
DRV - (SoftFax) -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys (Conexant)
DRV - (Fsks) -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys (Conexant)
DRV - (SpeakerPhone) -- C:\WINDOWS\system32\drivers\HSF_SPKP.sys (Conexant)
DRV - (basic2) -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys (Conexant)
DRV - (Rksample) -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys (Conexant)
DRV - (Tones) -- C:\WINDOWS\system32\drivers\HSF_TONE.sys (Conexant)
DRV - (msikbd2k) -- C:\WINDOWS\system32\drivers\Msikbd2k.sys (Netropa Corporation)
DRV - (HCF_MSFT) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys (Conexant)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.idnes.cz/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "WebHledani"
FF - prefs.js..browser.search.selectedEngine: "WebHledani"
FF - prefs.js..browser.startup.homepage: "http://www.idnes.cz"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: cs@dictionaries.addons.mozilla.org:1.0.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6
FF - prefs.js..keyword.URL: "http://www.webhledani.cz/results.aspx?i=39&tp=ab&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2010.03.03 23:55:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010.02.11 19:07:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010.03.04 16:02:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.11 22:11:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.03.04 22:12:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.02.13 17:52:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009.10.29 12:19:54 | 000,000,000 | ---D | M]
[2010.02.26 12:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Mozilla\Extensions
[2010.02.26 12:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.03.11 22:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Mozilla\Firefox\Profiles\ttj135ib.default\extensions
[2010.02.12 08:51:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Mozilla\Firefox\Profiles\ttj135ib.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.04 22:14:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Mozilla\Firefox\Profiles\ttj135ib.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.03.04 22:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Mozilla\Firefox\Profiles\ttj135ib.default\extensions\cs@dictionaries.addons.mozilla.org
[2006.09.06 06:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Mozilla\Firefox\Profiles\ttj135ib.default\extensions\temp
[2010.03.11 22:28:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.03.04 22:12:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008.04.08 09:01:35 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2010.01.16 04:11:42 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010.01.16 04:11:42 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007.04.10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2006.02.07 15:41:38 | 000,049,152 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2006.12.12 10:48:22 | 001,440,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010.01.16 04:11:42 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007.03.22 19:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2007.05.10 22:52:34 | 000,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2006.04.22 12:21:27 | 000,139,305 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2006.04.22 12:22:10 | 000,024,621 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2006.04.22 12:21:20 | 000,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2010.01.16 01:50:40 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010.01.16 01:50:40 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.16 01:50:40 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.01.16 01:50:40 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.01.16 01:50:40 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.01.16 01:50:40 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2010.03.12 04:13:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (no name) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe ()
O4 - HKLM..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe (Netropa Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SW20] C:\WINDOWS\system32\sw20.exe ()
O4 - HKLM..\Run: [SW24] C:\WINDOWS\system32\sw24.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\WinIRXHelper.lnk = C:\Program Files\MSI\Media Center Deluxe II\WinIRXHelper.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Marek Lukáš\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
511.00 Mb Total Physical Memory | 227.00 Mb Available Physical Memory | 44.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 9.81 Gb Free Space | 33.47% Space Free | Partition Type: NTFS
Drive D: | 85.19 Gb Total Space | 63.93 Gb Free Space | 75.04% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ML
Current User Name: Marek Lukáš
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Marek Lukáš\Plocha\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\32788R22FWJFW\n.pif (NirSoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\WINDOWS\mHotkey.exe ()
PRC - C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe (Netropa Corp.)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\MSI\Media Center Deluxe II\WinIRXHelper.exe ()
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Netropa\Onscreen Display\osd.exe (Netropa Corp.)
PRC - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe ()
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Marek Lukáš\Plocha\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws9) -- C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel(R) Corporation)
SRV - (nhksrv) -- C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe ()
========== Driver Services (SafeList) ==========
DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSErHrxpx) -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriverxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilterxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShimxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (NTACCESS) -- C:\WINDOWS\system32\Ntaccess.sys (Your Corporation)
DRV - (Amusbprt) -- C:\WINDOWS\system32\drivers\amusbprt.sys (A4Tech Co.,Ltd.)
DRV - (Amfilter) -- C:\WINDOWS\system32\drivers\Amfilter.sys (A4Tech Co.,Ltd.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (MouseCap) -- C:\WINDOWS\system32\drivers\MouseCap.sys ()
DRV - (Moufiltr) -- C:\WINDOWS\system32\drivers\Moufiltr.sys (Windows (R) 2000 DDK provider)
DRV - (U3sHlpDr) -- C:\WINDOWS\system32\drivers\U3sHlpDr.sys ()
DRV - (CrystalSysInfo) -- C:\WINDOWS\system32\sysinfo.sys ()
DRV - (AFS2K) -- C:\WINDOWS\system32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)
DRV - (SNTNLUSB) -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.)
DRV - (DumaNT) -- C:\WINDOWS\system32\drivers\dumant.sys (NVIDIA Corporation)
DRV - (hsf_msft) -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys (Conexant)
DRV - (V124) -- C:\WINDOWS\system32\drivers\HSF_V124.sys (Conexant)
DRV - (K56) -- C:\WINDOWS\system32\drivers\HSF_K56K.sys (Conexant)
DRV - (Fallback) -- C:\WINDOWS\system32\drivers\HSF_FALL.sys (Conexant)
DRV - (SoftFax) -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys (Conexant)
DRV - (Fsks) -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys (Conexant)
DRV - (SpeakerPhone) -- C:\WINDOWS\system32\drivers\HSF_SPKP.sys (Conexant)
DRV - (basic2) -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys (Conexant)
DRV - (Rksample) -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys (Conexant)
DRV - (Tones) -- C:\WINDOWS\system32\drivers\HSF_TONE.sys (Conexant)
DRV - (msikbd2k) -- C:\WINDOWS\system32\drivers\Msikbd2k.sys (Netropa Corporation)
DRV - (HCF_MSFT) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys (Conexant)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.idnes.cz/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "WebHledani"
FF - prefs.js..browser.search.selectedEngine: "WebHledani"
FF - prefs.js..browser.startup.homepage: "http://www.idnes.cz"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: cs@dictionaries.addons.mozilla.org:1.0.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6
FF - prefs.js..keyword.URL: "http://www.webhledani.cz/results.aspx?i=39&tp=ab&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2010.03.03 23:55:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010.02.11 19:07:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010.03.04 16:02:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.11 22:11:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.03.04 22:12:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.02.13 17:52:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009.10.29 12:19:54 | 000,000,000 | ---D | M]
[2010.02.26 12:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Mozilla\Extensions
[2010.02.26 12:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.03.11 22:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Mozilla\Firefox\Profiles\ttj135ib.default\extensions
[2010.02.12 08:51:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Mozilla\Firefox\Profiles\ttj135ib.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.04 22:14:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Mozilla\Firefox\Profiles\ttj135ib.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.03.04 22:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Mozilla\Firefox\Profiles\ttj135ib.default\extensions\cs@dictionaries.addons.mozilla.org
[2006.09.06 06:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Mozilla\Firefox\Profiles\ttj135ib.default\extensions\temp
[2010.03.11 22:28:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.03.04 22:12:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008.04.08 09:01:35 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2010.01.16 04:11:42 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010.01.16 04:11:42 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007.04.10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2006.02.07 15:41:38 | 000,049,152 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2006.12.12 10:48:22 | 001,440,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010.01.16 04:11:42 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007.03.22 19:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2007.05.10 22:52:34 | 000,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2006.04.22 12:21:27 | 000,139,305 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2006.04.22 12:22:10 | 000,024,621 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2006.04.22 12:21:20 | 000,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2010.01.16 01:50:40 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010.01.16 01:50:40 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.16 01:50:40 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.01.16 01:50:40 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.01.16 01:50:40 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.01.16 01:50:40 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2010.03.12 04:13:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (no name) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe ()
O4 - HKLM..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe (Netropa Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SW20] C:\WINDOWS\system32\sw20.exe ()
O4 - HKLM..\Run: [SW24] C:\WINDOWS\system32\sw24.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\WinIRXHelper.lnk = C:\Program Files\MSI\Media Center Deluxe II\WinIRXHelper.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
Re: Trojan.generic a další.., prosím o pomoc
nedařilo se mi to poslat, páč je to velké a já jsem si nevšiml té hlášky...
Takže 2. část:
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]https in Trusted sites)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.microsoft.com/download/ ... leaner.cab (Malicious Software Removal Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 8878456328 (MUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/L ... nstall.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} file://E:\whip.cab (Autodesk WHIP! Control)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: BSC Applet Security https://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab (Reg Error: Key error.)
O16 - DPF: BSC Applet Utilities https://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab (Reg Error: Key error.)
O16 - DPF: BSC Business Objects https://ra.internetbanka.cz/ra31/bin/bu ... .99.99.cab (Reg Error: Key error.)
O16 - DPF: BSC Java Components Library https://ra.internetbanka.cz/ra31/bin/jc ... .99.99.cab (Reg Error: Key error.)
O16 - DPF: BSC Text Utilities https://ra.internetbanka.cz/ra31/bin/te ... .99.99.cab (Reg Error: Key error.)
O16 - DPF: BSC Utilities https://ra.internetbanka.cz/ra31/bin/ut ... .99.99.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: GEMINI IBS 31 GECB Applet Security https://ra.internetbanka.cz/ra31/bin/IB ... .2.0.1.cab (Reg Error: Key error.)
O16 - DPF: GEMINI IBS 31 GECB Applet Utilities https://ra.internetbanka.cz/ra31/bin/IB ... .0.1.0.cab (Reg Error: Key error.)
O16 - DPF: GEMINI IBS 32 GEMB Applet Security https://ib.internetbanka.cz/ibs31/bin/I ... .3.0.0.cab (Reg Error: Key error.)
O16 - DPF: GEMINI IBS 32 GEMB Applet Utilities https://ib.internetbanka.cz/ibs31/bin/I ... .99.99.cab (Reg Error: Key error.)
O16 - DPF: IAIK Java Cryptography Extension https://ra.internetbanka.cz/ra31/bin/IA ... .99.99.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Marek Lukáš\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marek Lukáš\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.03.11 23:07:59 | 000,000,734 | ---- | M] () - C:\AutoSetup.log -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (pgdfgsvc C 1) - C:\WINDOWS\System32\pgdfgsvc.exe (Sysinternals - www.sysinternals.com)
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 14 Days ==========
[2010.03.12 04:43:57 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010.03.12 04:42:11 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marek Lukáš\Plocha\OTL.exe
[2010.03.12 04:23:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.03.12 01:50:28 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.4.tmp
[2010.03.12 01:49:11 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.3.tmp
[2010.03.12 01:48:45 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.2.tmp
[2010.03.12 01:48:06 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.1.tmp
[2010.03.12 01:28:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\AVG9
[2010.03.12 00:32:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Malwarebytes
[2010.03.12 00:32:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.03.12 00:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.03.12 00:32:22 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.03.12 00:32:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.03.12 00:31:17 | 005,115,832 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marek Lukáš\Plocha\mbam-setup.exe
[2010.03.12 00:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek Lukáš\Plocha\backups
[2010.03.11 23:36:30 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\Marek Lukáš\Plocha\HijackThis.exe
[2010.03.11 23:34:05 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010.03.11 22:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\IObit
[2010.03.11 22:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010.03.11 22:17:14 | 007,158,840 | ---- | C] (IObit ) -- C:\Documents and Settings\Marek Lukáš\Plocha\asc-setup.exe
[2010.03.11 22:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\Mozilla
[2010.03.11 22:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Mozilla
[2010.03.05 22:58:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek Lukáš\Local Settings\Data aplikací\Threat Expert
[2010.03.05 19:01:15 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010.03.05 19:01:14 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010.03.05 19:01:14 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010.03.05 19:01:14 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010.03.05 19:01:02 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010.03.05 19:00:33 | 000,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010.03.05 19:00:33 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010.03.05 18:59:58 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010.03.05 18:59:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010.03.05 18:59:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010.03.05 18:59:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\PC Tools
[2010.03.05 18:59:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\PC Tools
[2010.03.05 18:55:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.03.05 18:54:39 | 034,868,704 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Marek Lukáš\Plocha\sdsetup.exe
[2010.03.04 22:37:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Marek Lukáš\Recent
[2010.03.04 16:03:29 | 000,000,000 | ---D | C] -- C:\$AVG
[2010.03.04 16:03:07 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010.03.04 16:03:07 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010.03.04 16:02:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010.03.04 16:02:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
[2010.03.04 16:02:32 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010.03.04 16:02:32 | 000,025,096 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010.03.04 16:02:31 | 000,242,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010.03.04 16:02:30 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010.03.04 16:02:14 | 000,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010.03.04 16:02:14 | 000,030,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010.03.04 16:02:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\avg9
[2010.03.04 16:00:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2010.03.04 16:00:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2010.03.04 16:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2010.03.04 15:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2010.03.04 15:52:19 | 114,573,616 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Marek Lukáš\Plocha\avg_iswt_stf_all_90_785a2708.exe
[2010.03.04 07:12:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Panda Security
[2010.03.04 00:52:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010.03.03 23:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010.03.03 22:20:40 | 000,000,000 | ---D | C] -- D:\Stažené soubory
[2010.03.03 22:01:54 | 008,158,488 | ---- | C] (Mozilla) -- C:\Documents and Settings\Marek Lukáš\Plocha\Firefox Setup 3.6.exe
[2007.08.23 19:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Apple
[2007.06.11 08:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\PCHealth
[2006.12.01 12:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Help
[2006.12.01 12:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\Help
[2005.01.06 10:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Symantec
[2004.09.24 10:34:46 | 000,160,768 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Program Files\HijackThis.exe
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2010.03.12 04:42:24 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marek Lukáš\Plocha\OTL.exe
[2010.03.12 04:23:47 | 000,000,245 | ---- | M] () -- C:\WINDOWS\Msiosd.ini
[2010.03.12 04:14:12 | 000,000,277 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.03.12 04:13:53 | 000,005,120 | ---- | M] () -- C:\WINDOWS\System32\drivers\Stdsys.SYS
[2010.03.12 04:13:46 | 000,000,053 | ---- | M] () -- C:\biosinfo
[2010.03.12 04:13:38 | 000,063,804 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.03.12 04:13:25 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.12 04:13:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.03.12 04:12:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.03.12 04:12:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.12 04:12:21 | 536,403,968 | -HS- | M] () -- C:\hiberfil.sys
[2010.03.12 04:11:21 | 016,515,072 | -H-- | M] () -- C:\Documents and Settings\Marek Lukáš\NTUSER.DAT
[2010.03.12 04:11:21 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\Marek Lukáš\ntuser.ini
[2010.03.12 04:11:16 | 005,889,546 | -H-- | M] () -- C:\Documents and Settings\Marek Lukáš\Local Settings\Data aplikací\IconCache.db
[2010.03.12 03:12:57 | 000,006,775 | ---- | M] () -- C:\ComboFix.zip
[2010.03.12 01:37:48 | 000,000,728 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.03.12 01:28:55 | 057,001,849 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.03.12 00:32:29 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.03.12 00:21:00 | 005,115,832 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marek Lukáš\Plocha\mbam-setup.exe
[2010.03.11 22:18:36 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Advanced SystemCare.lnk
[2010.03.11 22:18:36 | 000,000,156 | ---- | M] () -- C:\Documents and Settings\Marek Lukáš\Plocha\IObit Freeware.url
[2010.03.11 12:16:52 | 007,158,840 | ---- | M] (IObit ) -- C:\Documents and Settings\Marek Lukáš\Plocha\asc-setup.exe
[2010.03.06 14:52:26 | 000,210,432 | ---- | M] () -- C:\Documents and Settings\Marek Lukáš\Plocha\T-Cleaner.exe
[2010.03.05 23:19:57 | 000,032,743 | ---- | M] () -- C:\Documents and Settings\Marek Lukáš\Plocha\SpywareDoctor-log.htm
[2010.03.05 19:00:17 | 000,001,687 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Spyware Doctor.lnk
[2010.03.04 22:12:51 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
[2010.03.04 20:39:33 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.03.04 18:35:20 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010.03.04 16:03:09 | 000,001,537 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\AVG 9.0.lnk
[2010.03.04 16:03:07 | 000,568,347 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010.03.04 16:03:07 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010.03.04 16:03:07 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010.03.04 16:03:07 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010.03.04 16:02:32 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010.03.04 16:02:32 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010.03.04 16:02:30 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010.03.04 16:02:15 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010.03.04 16:02:14 | 000,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010.03.04 12:35:04 | 000,212,849 | ---- | M] () -- C:\Documents and Settings\Marek Lukáš\Plocha\hijackthis.zip
[2010.03.04 12:32:54 | 114,573,616 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Marek Lukáš\Plocha\avg_iswt_stf_all_90_785a2708.exe
[2010.03.04 10:45:30 | 034,868,704 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Marek Lukáš\Plocha\sdsetup.exe
[2010.03.03 23:47:21 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\Marek Lukáš\Plocha\Spybot - Search & Destroy.lnk
[2010.03.03 10:56:42 | 008,158,488 | ---- | M] (Mozilla) -- C:\Documents and Settings\Marek Lukáš\Plocha\Firefox Setup 3.6.exe
[2010.03.03 08:16:49 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\Marek Lukáš\Plocha\VŠB FBI-F - DPS.lnk
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.03.12 03:34:40 | 000,210,432 | ---- | C] () -- C:\Documents and Settings\Marek Lukáš\Plocha\T-Cleaner.exe
[2010.03.12 03:12:57 | 000,006,775 | ---- | C] () -- C:\ComboFix.zip
[2010.03.12 00:32:29 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.03.11 23:35:57 | 000,212,849 | ---- | C] () -- C:\Documents and Settings\Marek Lukáš\Plocha\hijackthis.zip
[2010.03.11 22:18:36 | 000,000,904 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Advanced SystemCare.lnk
[2010.03.11 22:18:36 | 000,000,156 | ---- | C] () -- C:\Documents and Settings\Marek Lukáš\Plocha\IObit Freeware.url
[2010.03.05 23:19:57 | 000,032,743 | ---- | C] () -- C:\Documents and Settings\Marek Lukáš\Plocha\SpywareDoctor-log.htm
[2010.03.05 19:01:15 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010.03.05 19:01:15 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010.03.05 19:01:15 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010.03.05 19:01:15 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010.03.05 19:01:15 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010.03.05 19:01:14 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010.03.05 19:01:02 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010.03.05 19:00:33 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010.03.05 19:00:33 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010.03.05 19:00:17 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Spyware Doctor.lnk
[2010.03.05 18:59:58 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010.03.04 16:03:09 | 000,001,537 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\AVG 9.0.lnk
[2010.03.04 16:03:07 | 000,568,347 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010.03.04 16:03:07 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010.03.04 16:02:55 | 057,001,849 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.03.03 23:47:21 | 000,000,963 | ---- | C] () -- C:\Documents and Settings\Marek Lukáš\Plocha\Spybot - Search & Destroy.lnk
[2010.03.03 22:41:37 | 000,000,053 | ---- | C] () -- C:\biosinfo
[2010.03.03 08:16:49 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\Marek Lukáš\Plocha\VŠB FBI-F - DPS.lnk
[2010.03.02 16:37:17 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\NetworkService\Data aplikací\rbuwzv.dat
[2008.06.28 11:15:41 | 000,000,490 | ---- | C] () -- C:\WINDOWS\Instit.ini
[2008.06.28 11:15:40 | 000,294,912 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2008.06.28 11:15:40 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2008.04.08 09:02:11 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
[2008.03.28 12:32:20 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Metspec.ini
[2008.03.12 16:40:09 | 000,001,501 | ---- | C] () -- C:\Documents and Settings\Marek Lukáš\Data aplikací\HPCOM_48BitScanUpdate.log
[2008.03.12 16:40:09 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2008.02.21 14:19:36 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2008.02.21 14:19:36 | 000,000,245 | ---- | C] () -- C:\WINDOWS\Msiosd.ini
[2008.01.31 17:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2007.09.15 08:47:22 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\QTSBandwidthCache
[2007.06.02 10:07:05 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2007.04.20 11:12:27 | 000,000,058 | ---- | C] () -- C:\WINDOWS\afcc.INI
[2007.04.20 11:05:22 | 000,000,058 | ---- | C] () -- C:\WINDOWS\afcb.INI
[2007.03.04 12:58:19 | 000,000,176 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006.09.19 13:59:28 | 000,002,313 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006.06.01 17:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006.06.01 17:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006.06.01 17:22:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 11:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005.08.08 14:44:04 | 000,006,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\MouseCap.sys
[2005.03.30 10:16:06 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2005.03.17 09:04:24 | 000,007,551 | ---- | C] () -- C:\WINDOWS\System32\drivers\U3sHlpDr.sys
[2005.02.20 11:59:58 | 000,000,071 | ---- | C] () -- C:\WINDOWS\CONTEXT.INI
[2005.02.04 11:34:36 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005.02.03 01:30:22 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\sysinfo.sys
[2005.01.18 15:43:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack16.INI
[2004.12.13 16:20:06 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[2004.12.01 09:38:09 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Marek Lukáš\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004.09.17 14:38:31 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2004.09.16 09:20:50 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004.09.16 09:05:18 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004.09.16 09:05:16 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2004.09.16 09:05:15 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2004.09.16 09:05:14 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2004.09.16 09:05:06 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\memtest.dll
[2004.09.16 09:05:05 | 000,036,076 | R--- | C] () -- C:\WINDOWS\System32\drivers\vgauti.sys
[2004.09.16 09:05:05 | 000,036,076 | R--- | C] () -- C:\WINDOWS\System32\drivers\msicpl.sys
[2004.09.13 11:46:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2004.09.11 19:36:40 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys
[2004.08.17 23:00:00 | 000,296,448 | ---- | C] () -- C:\WINDOWS\System32\KROBw32.dll
[2004.07.28 22:13:42 | 000,000,064 | ---- | C] () -- C:\WINDOWS\NEXIS32.INI
[2004.07.27 08:01:27 | 000,000,044 | ---- | C] () -- C:\WINDOWS\Esa.INI
[2004.07.03 15:45:04 | 000,008,832 | ---- | C] () -- C:\WINDOWS\FAXWORKS.INI
[2004.07.03 15:45:04 | 000,006,688 | ---- | C] () -- C:\WINDOWS\FX_METER.DLL
[2004.06.17 06:28:56 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Marek Lukáš\Local Settings\Data aplikací\fusioncache.dat
[2004.06.11 06:22:53 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2004.06.04 20:39:23 | 000,000,030 | ---- | C] () -- C:\WINDOWS\TextSpy.ini
[2004.05.01 10:54:58 | 000,000,345 | ---- | C] () -- C:\WINDOWS\metsec.ini
[2004.03.26 22:59:51 | 001,980,033 | ---- | C] () -- C:\Program Files\powarc55.exe
[2004.03.14 16:42:04 | 000,001,327 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
[2004.03.11 23:04:00 | 000,005,501 | ---- | C] () -- C:\WINDOWS\System32\rtclcmg32.dll
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003.01.02 09:03:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2003.01.02 09:03:32 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2003.01.02 09:03:32 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2003.01.02 09:03:32 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2003.01.02 09:03:32 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2003.01.02 09:03:32 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2003.01.02 09:02:40 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\ForNvI2C.dll
[2003.01.02 09:02:40 | 000,061,440 | R--- | C] () -- C:\WINDOWS\System32\RemtCtrl.dll
[2003.01.02 09:02:40 | 000,001,237 | R--- | C] () -- C:\WINDOWS\System32\RemtCtrl.ini
[2003.01.02 09:00:56 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\Stdsys.SYS
[2003.01.01 02:44:36 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2003.01.01 01:15:29 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2003.01.01 01:07:56 | 000,000,494 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003.01.01 01:01:40 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\WINKRNME.DLL
[2003.01.01 00:53:48 | 000,000,139 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2002.11.18 13:29:28 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\nvimage.dll
[2002.11.18 13:29:28 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\stereoi.dll
[2002.07.17 09:21:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\VDIError.dll
[2002.07.17 09:20:18 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VCkNFS.dll
[2002.07.16 15:11:34 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Chkmes.dll
[1999.09.18 15:47:02 | 000,115,712 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL
[1999.08.11 23:00:00 | 001,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1999.08.11 23:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1999.08.11 23:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1999.08.11 23:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1999.08.11 15:28:02 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\LIBBZ2.DLL
[1999.05.21 21:10:00 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL
[1998.10.27 12:37:36 | 000,029,184 | ---- | C] () -- C:\WINDOWS\PICINS.DLL
[1998.01.28 00:06:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL
========== LOP Check ==========
[2009.04.04 11:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AB Studio
[2009.12.12 17:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2010.03.05 22:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
[2010.03.04 21:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avg9
[2008.12.27 09:04:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
[2009.01.03 21:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJ
[2009.01.03 21:29:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJEGV
[2008.12.27 20:37:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJEPPEX
[2008.12.27 09:15:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJMyPrinter
[2010.01.31 18:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
[2008.12.27 09:15:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJSolutionMenu
[2008.05.24 12:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Grisoft
[2003.01.02 09:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\InterVideo
[2004.03.11 23:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\System
[2010.03.12 04:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2004.03.25 23:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\AB Studio
[2008.04.12 10:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Autodesk
[2010.03.12 01:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\AVG9
[2009.01.03 21:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Canon
[2006.12.31 14:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Downloaded Installations
[2004.03.11 23:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\FarStone
[2007.02.12 11:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\FileOpen
[2008.03.22 10:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Grisoft
[2004.05.23 19:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\InterVideo
[2010.03.11 22:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\IObit
[2010.01.05 23:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Jízdní řád ČD
[2008.03.27 07:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Leadertech
[2004.09.16 11:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Opera
[2010.03.04 07:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Panda Security
[2007.10.31 12:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Profis
[2008.03.04 12:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\STORMWARE
[2004.10.06 14:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Thunderbird
[2006.06.01 17:59:37 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1132336687.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:A8ADE5D8
< End of report >
Takže 2. část:
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]https in Trusted sites)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.microsoft.com/download/ ... leaner.cab (Malicious Software Removal Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 8878456328 (MUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/L ... nstall.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} file://E:\whip.cab (Autodesk WHIP! Control)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: BSC Applet Security https://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab (Reg Error: Key error.)
O16 - DPF: BSC Applet Utilities https://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab (Reg Error: Key error.)
O16 - DPF: BSC Business Objects https://ra.internetbanka.cz/ra31/bin/bu ... .99.99.cab (Reg Error: Key error.)
O16 - DPF: BSC Java Components Library https://ra.internetbanka.cz/ra31/bin/jc ... .99.99.cab (Reg Error: Key error.)
O16 - DPF: BSC Text Utilities https://ra.internetbanka.cz/ra31/bin/te ... .99.99.cab (Reg Error: Key error.)
O16 - DPF: BSC Utilities https://ra.internetbanka.cz/ra31/bin/ut ... .99.99.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: GEMINI IBS 31 GECB Applet Security https://ra.internetbanka.cz/ra31/bin/IB ... .2.0.1.cab (Reg Error: Key error.)
O16 - DPF: GEMINI IBS 31 GECB Applet Utilities https://ra.internetbanka.cz/ra31/bin/IB ... .0.1.0.cab (Reg Error: Key error.)
O16 - DPF: GEMINI IBS 32 GEMB Applet Security https://ib.internetbanka.cz/ibs31/bin/I ... .3.0.0.cab (Reg Error: Key error.)
O16 - DPF: GEMINI IBS 32 GEMB Applet Utilities https://ib.internetbanka.cz/ibs31/bin/I ... .99.99.cab (Reg Error: Key error.)
O16 - DPF: IAIK Java Cryptography Extension https://ra.internetbanka.cz/ra31/bin/IA ... .99.99.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Marek Lukáš\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marek Lukáš\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.03.11 23:07:59 | 000,000,734 | ---- | M] () - C:\AutoSetup.log -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (pgdfgsvc C 1) - C:\WINDOWS\System32\pgdfgsvc.exe (Sysinternals - www.sysinternals.com)
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 14 Days ==========
[2010.03.12 04:43:57 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010.03.12 04:42:11 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marek Lukáš\Plocha\OTL.exe
[2010.03.12 04:23:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.03.12 01:50:28 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.4.tmp
[2010.03.12 01:49:11 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.3.tmp
[2010.03.12 01:48:45 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.2.tmp
[2010.03.12 01:48:06 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.1.tmp
[2010.03.12 01:28:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\AVG9
[2010.03.12 00:32:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Malwarebytes
[2010.03.12 00:32:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.03.12 00:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.03.12 00:32:22 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.03.12 00:32:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.03.12 00:31:17 | 005,115,832 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marek Lukáš\Plocha\mbam-setup.exe
[2010.03.12 00:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek Lukáš\Plocha\backups
[2010.03.11 23:36:30 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\Marek Lukáš\Plocha\HijackThis.exe
[2010.03.11 23:34:05 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010.03.11 22:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\IObit
[2010.03.11 22:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010.03.11 22:17:14 | 007,158,840 | ---- | C] (IObit ) -- C:\Documents and Settings\Marek Lukáš\Plocha\asc-setup.exe
[2010.03.11 22:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\Mozilla
[2010.03.11 22:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Mozilla
[2010.03.05 22:58:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek Lukáš\Local Settings\Data aplikací\Threat Expert
[2010.03.05 19:01:15 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010.03.05 19:01:14 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010.03.05 19:01:14 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010.03.05 19:01:14 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010.03.05 19:01:02 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010.03.05 19:00:33 | 000,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010.03.05 19:00:33 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010.03.05 18:59:58 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010.03.05 18:59:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010.03.05 18:59:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010.03.05 18:59:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\PC Tools
[2010.03.05 18:59:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\PC Tools
[2010.03.05 18:55:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.03.05 18:54:39 | 034,868,704 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Marek Lukáš\Plocha\sdsetup.exe
[2010.03.04 22:37:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Marek Lukáš\Recent
[2010.03.04 16:03:29 | 000,000,000 | ---D | C] -- C:\$AVG
[2010.03.04 16:03:07 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010.03.04 16:03:07 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010.03.04 16:02:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010.03.04 16:02:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
[2010.03.04 16:02:32 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010.03.04 16:02:32 | 000,025,096 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010.03.04 16:02:31 | 000,242,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010.03.04 16:02:30 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010.03.04 16:02:14 | 000,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010.03.04 16:02:14 | 000,030,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010.03.04 16:02:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\avg9
[2010.03.04 16:00:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2010.03.04 16:00:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2010.03.04 16:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2010.03.04 15:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2010.03.04 15:52:19 | 114,573,616 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Marek Lukáš\Plocha\avg_iswt_stf_all_90_785a2708.exe
[2010.03.04 07:12:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Panda Security
[2010.03.04 00:52:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010.03.03 23:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010.03.03 22:20:40 | 000,000,000 | ---D | C] -- D:\Stažené soubory
[2010.03.03 22:01:54 | 008,158,488 | ---- | C] (Mozilla) -- C:\Documents and Settings\Marek Lukáš\Plocha\Firefox Setup 3.6.exe
[2007.08.23 19:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Apple
[2007.06.11 08:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\PCHealth
[2006.12.01 12:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Help
[2006.12.01 12:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\Help
[2005.01.06 10:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Symantec
[2004.09.24 10:34:46 | 000,160,768 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Program Files\HijackThis.exe
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2010.03.12 04:42:24 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marek Lukáš\Plocha\OTL.exe
[2010.03.12 04:23:47 | 000,000,245 | ---- | M] () -- C:\WINDOWS\Msiosd.ini
[2010.03.12 04:14:12 | 000,000,277 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.03.12 04:13:53 | 000,005,120 | ---- | M] () -- C:\WINDOWS\System32\drivers\Stdsys.SYS
[2010.03.12 04:13:46 | 000,000,053 | ---- | M] () -- C:\biosinfo
[2010.03.12 04:13:38 | 000,063,804 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.03.12 04:13:25 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.12 04:13:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.03.12 04:12:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.03.12 04:12:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.12 04:12:21 | 536,403,968 | -HS- | M] () -- C:\hiberfil.sys
[2010.03.12 04:11:21 | 016,515,072 | -H-- | M] () -- C:\Documents and Settings\Marek Lukáš\NTUSER.DAT
[2010.03.12 04:11:21 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\Marek Lukáš\ntuser.ini
[2010.03.12 04:11:16 | 005,889,546 | -H-- | M] () -- C:\Documents and Settings\Marek Lukáš\Local Settings\Data aplikací\IconCache.db
[2010.03.12 03:12:57 | 000,006,775 | ---- | M] () -- C:\ComboFix.zip
[2010.03.12 01:37:48 | 000,000,728 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.03.12 01:28:55 | 057,001,849 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.03.12 00:32:29 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.03.12 00:21:00 | 005,115,832 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marek Lukáš\Plocha\mbam-setup.exe
[2010.03.11 22:18:36 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Advanced SystemCare.lnk
[2010.03.11 22:18:36 | 000,000,156 | ---- | M] () -- C:\Documents and Settings\Marek Lukáš\Plocha\IObit Freeware.url
[2010.03.11 12:16:52 | 007,158,840 | ---- | M] (IObit ) -- C:\Documents and Settings\Marek Lukáš\Plocha\asc-setup.exe
[2010.03.06 14:52:26 | 000,210,432 | ---- | M] () -- C:\Documents and Settings\Marek Lukáš\Plocha\T-Cleaner.exe
[2010.03.05 23:19:57 | 000,032,743 | ---- | M] () -- C:\Documents and Settings\Marek Lukáš\Plocha\SpywareDoctor-log.htm
[2010.03.05 19:00:17 | 000,001,687 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Spyware Doctor.lnk
[2010.03.04 22:12:51 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
[2010.03.04 20:39:33 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.03.04 18:35:20 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010.03.04 16:03:09 | 000,001,537 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\AVG 9.0.lnk
[2010.03.04 16:03:07 | 000,568,347 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010.03.04 16:03:07 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010.03.04 16:03:07 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010.03.04 16:03:07 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010.03.04 16:02:32 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010.03.04 16:02:32 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010.03.04 16:02:30 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010.03.04 16:02:15 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010.03.04 16:02:14 | 000,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010.03.04 12:35:04 | 000,212,849 | ---- | M] () -- C:\Documents and Settings\Marek Lukáš\Plocha\hijackthis.zip
[2010.03.04 12:32:54 | 114,573,616 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Marek Lukáš\Plocha\avg_iswt_stf_all_90_785a2708.exe
[2010.03.04 10:45:30 | 034,868,704 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Marek Lukáš\Plocha\sdsetup.exe
[2010.03.03 23:47:21 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\Marek Lukáš\Plocha\Spybot - Search & Destroy.lnk
[2010.03.03 10:56:42 | 008,158,488 | ---- | M] (Mozilla) -- C:\Documents and Settings\Marek Lukáš\Plocha\Firefox Setup 3.6.exe
[2010.03.03 08:16:49 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\Marek Lukáš\Plocha\VŠB FBI-F - DPS.lnk
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.03.12 03:34:40 | 000,210,432 | ---- | C] () -- C:\Documents and Settings\Marek Lukáš\Plocha\T-Cleaner.exe
[2010.03.12 03:12:57 | 000,006,775 | ---- | C] () -- C:\ComboFix.zip
[2010.03.12 00:32:29 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.03.11 23:35:57 | 000,212,849 | ---- | C] () -- C:\Documents and Settings\Marek Lukáš\Plocha\hijackthis.zip
[2010.03.11 22:18:36 | 000,000,904 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Advanced SystemCare.lnk
[2010.03.11 22:18:36 | 000,000,156 | ---- | C] () -- C:\Documents and Settings\Marek Lukáš\Plocha\IObit Freeware.url
[2010.03.05 23:19:57 | 000,032,743 | ---- | C] () -- C:\Documents and Settings\Marek Lukáš\Plocha\SpywareDoctor-log.htm
[2010.03.05 19:01:15 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010.03.05 19:01:15 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010.03.05 19:01:15 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010.03.05 19:01:15 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010.03.05 19:01:15 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010.03.05 19:01:14 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010.03.05 19:01:02 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010.03.05 19:00:33 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010.03.05 19:00:33 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010.03.05 19:00:17 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Spyware Doctor.lnk
[2010.03.05 18:59:58 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010.03.04 16:03:09 | 000,001,537 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\AVG 9.0.lnk
[2010.03.04 16:03:07 | 000,568,347 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010.03.04 16:03:07 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010.03.04 16:02:55 | 057,001,849 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.03.03 23:47:21 | 000,000,963 | ---- | C] () -- C:\Documents and Settings\Marek Lukáš\Plocha\Spybot - Search & Destroy.lnk
[2010.03.03 22:41:37 | 000,000,053 | ---- | C] () -- C:\biosinfo
[2010.03.03 08:16:49 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\Marek Lukáš\Plocha\VŠB FBI-F - DPS.lnk
[2010.03.02 16:37:17 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\NetworkService\Data aplikací\rbuwzv.dat
[2008.06.28 11:15:41 | 000,000,490 | ---- | C] () -- C:\WINDOWS\Instit.ini
[2008.06.28 11:15:40 | 000,294,912 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2008.06.28 11:15:40 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2008.04.08 09:02:11 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
[2008.03.28 12:32:20 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Metspec.ini
[2008.03.12 16:40:09 | 000,001,501 | ---- | C] () -- C:\Documents and Settings\Marek Lukáš\Data aplikací\HPCOM_48BitScanUpdate.log
[2008.03.12 16:40:09 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2008.02.21 14:19:36 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2008.02.21 14:19:36 | 000,000,245 | ---- | C] () -- C:\WINDOWS\Msiosd.ini
[2008.01.31 17:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2007.09.15 08:47:22 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\QTSBandwidthCache
[2007.06.02 10:07:05 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2007.04.20 11:12:27 | 000,000,058 | ---- | C] () -- C:\WINDOWS\afcc.INI
[2007.04.20 11:05:22 | 000,000,058 | ---- | C] () -- C:\WINDOWS\afcb.INI
[2007.03.04 12:58:19 | 000,000,176 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006.09.19 13:59:28 | 000,002,313 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006.06.01 17:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006.06.01 17:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006.06.01 17:22:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 11:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005.08.08 14:44:04 | 000,006,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\MouseCap.sys
[2005.03.30 10:16:06 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2005.03.17 09:04:24 | 000,007,551 | ---- | C] () -- C:\WINDOWS\System32\drivers\U3sHlpDr.sys
[2005.02.20 11:59:58 | 000,000,071 | ---- | C] () -- C:\WINDOWS\CONTEXT.INI
[2005.02.04 11:34:36 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005.02.03 01:30:22 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\sysinfo.sys
[2005.01.18 15:43:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack16.INI
[2004.12.13 16:20:06 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[2004.12.01 09:38:09 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Marek Lukáš\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004.09.17 14:38:31 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2004.09.16 09:20:50 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004.09.16 09:05:18 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004.09.16 09:05:16 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2004.09.16 09:05:15 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2004.09.16 09:05:14 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2004.09.16 09:05:06 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\memtest.dll
[2004.09.16 09:05:05 | 000,036,076 | R--- | C] () -- C:\WINDOWS\System32\drivers\vgauti.sys
[2004.09.16 09:05:05 | 000,036,076 | R--- | C] () -- C:\WINDOWS\System32\drivers\msicpl.sys
[2004.09.13 11:46:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2004.09.11 19:36:40 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys
[2004.08.17 23:00:00 | 000,296,448 | ---- | C] () -- C:\WINDOWS\System32\KROBw32.dll
[2004.07.28 22:13:42 | 000,000,064 | ---- | C] () -- C:\WINDOWS\NEXIS32.INI
[2004.07.27 08:01:27 | 000,000,044 | ---- | C] () -- C:\WINDOWS\Esa.INI
[2004.07.03 15:45:04 | 000,008,832 | ---- | C] () -- C:\WINDOWS\FAXWORKS.INI
[2004.07.03 15:45:04 | 000,006,688 | ---- | C] () -- C:\WINDOWS\FX_METER.DLL
[2004.06.17 06:28:56 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Marek Lukáš\Local Settings\Data aplikací\fusioncache.dat
[2004.06.11 06:22:53 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2004.06.04 20:39:23 | 000,000,030 | ---- | C] () -- C:\WINDOWS\TextSpy.ini
[2004.05.01 10:54:58 | 000,000,345 | ---- | C] () -- C:\WINDOWS\metsec.ini
[2004.03.26 22:59:51 | 001,980,033 | ---- | C] () -- C:\Program Files\powarc55.exe
[2004.03.14 16:42:04 | 000,001,327 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
[2004.03.11 23:04:00 | 000,005,501 | ---- | C] () -- C:\WINDOWS\System32\rtclcmg32.dll
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003.01.02 09:03:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2003.01.02 09:03:32 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2003.01.02 09:03:32 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2003.01.02 09:03:32 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2003.01.02 09:03:32 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2003.01.02 09:03:32 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2003.01.02 09:02:40 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\ForNvI2C.dll
[2003.01.02 09:02:40 | 000,061,440 | R--- | C] () -- C:\WINDOWS\System32\RemtCtrl.dll
[2003.01.02 09:02:40 | 000,001,237 | R--- | C] () -- C:\WINDOWS\System32\RemtCtrl.ini
[2003.01.02 09:00:56 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\Stdsys.SYS
[2003.01.01 02:44:36 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2003.01.01 01:15:29 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2003.01.01 01:07:56 | 000,000,494 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003.01.01 01:01:40 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\WINKRNME.DLL
[2003.01.01 00:53:48 | 000,000,139 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2002.11.18 13:29:28 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\nvimage.dll
[2002.11.18 13:29:28 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\stereoi.dll
[2002.07.17 09:21:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\VDIError.dll
[2002.07.17 09:20:18 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VCkNFS.dll
[2002.07.16 15:11:34 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Chkmes.dll
[1999.09.18 15:47:02 | 000,115,712 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL
[1999.08.11 23:00:00 | 001,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1999.08.11 23:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1999.08.11 23:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1999.08.11 23:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1999.08.11 15:28:02 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\LIBBZ2.DLL
[1999.05.21 21:10:00 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL
[1998.10.27 12:37:36 | 000,029,184 | ---- | C] () -- C:\WINDOWS\PICINS.DLL
[1998.01.28 00:06:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL
========== LOP Check ==========
[2009.04.04 11:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AB Studio
[2009.12.12 17:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2010.03.05 22:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
[2010.03.04 21:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avg9
[2008.12.27 09:04:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
[2009.01.03 21:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJ
[2009.01.03 21:29:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJEGV
[2008.12.27 20:37:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJEPPEX
[2008.12.27 09:15:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJMyPrinter
[2010.01.31 18:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
[2008.12.27 09:15:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJSolutionMenu
[2008.05.24 12:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Grisoft
[2003.01.02 09:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\InterVideo
[2004.03.11 23:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\System
[2010.03.12 04:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2004.03.25 23:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\AB Studio
[2008.04.12 10:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Autodesk
[2010.03.12 01:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\AVG9
[2009.01.03 21:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Canon
[2006.12.31 14:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Downloaded Installations
[2004.03.11 23:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\FarStone
[2007.02.12 11:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\FileOpen
[2008.03.22 10:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Grisoft
[2004.05.23 19:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\InterVideo
[2010.03.11 22:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\IObit
[2010.01.05 23:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Jízdní řád ČD
[2008.03.27 07:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Leadertech
[2004.09.16 11:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Opera
[2010.03.04 07:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Panda Security
[2007.10.31 12:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Profis
[2008.03.04 12:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\STORMWARE
[2004.10.06 14:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek Lukáš\Data aplikací\Thunderbird
[2006.06.01 17:59:37 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1132336687.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:A8ADE5D8
< End of report >
Re: Trojan.generic a další.., prosím o pomoc
Vzhledem k tomu, že tě tu teď nevidím, taxi jdu na chvíli zdřímnout, za chvíli budu muset do kanclu... Za chvíli se vrátím, prozatím však mockrát děkuji za tvou pomoc!
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Trojan.generic a další.., prosím o pomoc
10 dní ho tam máš, než až dnes. (taky trvá než to přečtu, bohužel nejsem stroj.)
Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Custom Scans/Fixes do okénka vlož následující text, zobrazený zeleně:
Poté klikni nahoře na Run Fix. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.
*****************************************************************************************************************************************
Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.
C:\WINDOWS\System32\KROBw32.dll
Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Custom Scans/Fixes do okénka vlož následující text, zobrazený zeleně:
Kód: Vybrat vše
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\32788R22FWJFW\n.pif (NirSoft)
O2 - BHO: (no name) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - No CLSID value found.
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.microsoft.com/download/ ... leaner.cab (Malicious Software Removal Tool)
O16 - DPF: BSC Applet Security https://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab (Reg Error: Key error.)
O16 - DPF: BSC Applet Utilities https://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab (Reg Error: Key error.)
O16 - DPF: BSC Business Objects https://ra.internetbanka.cz/ra31/bin/bu ... .99.99.cab (Reg Error: Key error.)
O16 - DPF: BSC Java Components Library https://ra.internetbanka.cz/ra31/bin/jc ... .99.99.cab (Reg Error: Key error.)
O16 - DPF: BSC Text Utilities https://ra.internetbanka.cz/ra31/bin/te ... .99.99.cab (Reg Error: Key error.)
O16 - DPF: BSC Utilities https://ra.internetbanka.cz/ra31/bin/ut ... .99.99.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: GEMINI IBS 31 GECB Applet Security https://ra.internetbanka.cz/ra31/bin/IB ... .2.0.1.cab (Reg Error: Key error.)
O16 - DPF: GEMINI IBS 31 GECB Applet Utilities https://ra.internetbanka.cz/ra31/bin/IB ... .0.1.0.cab (Reg Error: Key error.)
O16 - DPF: GEMINI IBS 32 GEMB Applet Security https://ib.internetbanka.cz/ibs31/bin/I ... .3.0.0.cab (Reg Error: Key error.)
O16 - DPF: GEMINI IBS 32 GEMB Applet Utilities https://ib.internetbanka.cz/ibs31/bin/I ... .99.99.cab (Reg Error: Key error.)
O16 - DPF: IAIK Java Cryptography Extension https://ra.internetbanka.cz/ra31/bin/IA ... .99.99.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:A8ADE5D8
:Files
C:\Windows\*.tmp
C:\Windows\System32\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\Recycler
C:\$RECYCLE.BIN
C:\327882R2FWJFW
C:\ComboFix
C:\Qoobox
C:\ComboFix.zip
C:\Combofix.txt
C:\Windows\PEV.exe
C:\Windows\SWXCACLS.exe
C:\Windows\SWREG.exe
C:\Windows\SWSC.exe
C:\Windows\sed.exe
C:\Windows\grep.exe
C:\Windows\NIRCMD.exe
C:\ComboFix
C:\Qoobox
C:\32788R22FWJFW.4.tmp
C:\32788R22FWJFW.3.tmp
C:\32788R22FWJFW.2.tmp
C:\32788R22FWJFW.1.tmp
C:\Windows\tasks\SA.DAT
C:\Documents and Settings\Marek Lukáš\Plocha\backups
C:\Documents and Settings\Marek Lukáš\Data aplikací\Panda Security
C:\Documents and Settings\NetworkService\Data aplikací\rbuwzv.dat
C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
C:\Documents and Settings\All Users\Data aplikací\rbuwzv.dat
C:\Documents and Settings\LocalService\Data aplikací\rbuwzv.dat
:Reg
:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]
Poté klikni nahoře na Run Fix. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.
*****************************************************************************************************************************************
Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.
C:\WINDOWS\System32\KROBw32.dll
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Trojan.generic a další.., prosím o pomoc
To nebyla stížnost, ale holé konstatování, já se spíše divil, že jsi tu se mnou vydržel celou noc, páč já obvykle spím :). A taky jsem nikde nepsal, že to žena chytla včera. Bylo to minulý týden, jen jsem se k tomu dříve nedostal...
Re: Trojan.generic a další.., prosím o pomoc
Log z OTL:
All processes killed
========== OTL ==========
Process explorer.exe killed successfully!
No active process named n.pif was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}\ not found.
Starting removal of ActiveX control {4B48D5DF-9021-45F7-A240-60304302A215}
C:\WINDOWS\Downloaded Program Files\WebCleaner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4B48D5DF-9021-45F7-A240-60304302A215}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B48D5DF-9021-45F7-A240-60304302A215}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4B48D5DF-9021-45F7-A240-60304302A215}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B48D5DF-9021-45F7-A240-60304302A215}\ not found.
Starting removal of ActiveX control BSC Applet Security
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\BSC Applet Security\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\BSC Applet Security\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\BSC Applet Security\ not found.
Starting removal of ActiveX control BSC Applet Utilities
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\BSC Applet Utilities\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\BSC Applet Utilities\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\BSC Applet Utilities\ not found.
Starting removal of ActiveX control BSC Business Objects
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\BSC Business Objects\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\BSC Business Objects\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\BSC Business Objects\ not found.
Starting removal of ActiveX control BSC Java Components Library
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\BSC Java Components Library\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\BSC Java Components Library\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\BSC Java Components Library\ not found.
Starting removal of ActiveX control BSC Text Utilities
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\BSC Text Utilities\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\BSC Text Utilities\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\BSC Text Utilities\ not found.
Starting removal of ActiveX control BSC Utilities
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\BSC Utilities\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\BSC Utilities\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\BSC Utilities\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
Starting removal of ActiveX control GEMINI IBS 31 GECB Applet Security
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\GEMINI IBS 31 GECB Applet Security\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\GEMINI IBS 31 GECB Applet Security\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\GEMINI IBS 31 GECB Applet Security\ not found.
Starting removal of ActiveX control GEMINI IBS 31 GECB Applet Utilities
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\GEMINI IBS 31 GECB Applet Utilities\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\GEMINI IBS 31 GECB Applet Utilities\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\GEMINI IBS 31 GECB Applet Utilities\ not found.
Starting removal of ActiveX control GEMINI IBS 32 GEMB Applet Security
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\GEMINI IBS 32 GEMB Applet Security\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\GEMINI IBS 32 GEMB Applet Security\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\GEMINI IBS 32 GEMB Applet Security\ not found.
Starting removal of ActiveX control GEMINI IBS 32 GEMB Applet Utilities
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\GEMINI IBS 32 GEMB Applet Utilities\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\GEMINI IBS 32 GEMB Applet Utilities\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\GEMINI IBS 32 GEMB Applet Utilities\ not found.
Starting removal of ActiveX control IAIK Java Cryptography Extension
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\IAIK Java Cryptography Extension\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\IAIK Java Cryptography Extension\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\IAIK Java Cryptography Extension\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:A8ADE5D8 deleted successfully.
========== FILES ==========
C:\Windows\002269_.tmp moved successfully.
C:\Windows\005537_.tmp moved successfully.
C:\Windows\DUMP2673.tmp moved successfully.
C:\Windows\msdownld.tmp folder moved successfully.
C:\Windows\SET3.tmp moved successfully.
C:\Windows\SET5E.tmp moved successfully.
C:\Windows\SET73.tmp moved successfully.
C:\Windows\SETA.tmp moved successfully.
C:\Windows\~GLC0000.TMP moved successfully.
C:\Windows\~GLC0001.TMP moved successfully.
C:\Windows\~GLC0002.TMP moved successfully.
C:\Windows\System32\CONFIG.TMP moved successfully.
C:\Windows\System32\OLD27F.tmp moved successfully.
C:\Windows\System32\SET96.tmp moved successfully.
C:\Windows\System32\SET9B.tmp moved successfully.
C:\Windows\System32\SETA2.tmp moved successfully.
C:\Windows\System32\SETAB.tmp moved successfully.
C:\Windows\System32\SETAD.tmp moved successfully.
C:\Windows\System32\SETB0.tmp moved successfully.
C:\WINDOWS\System32\drivers\OLD1E7.tmp moved successfully.
C:\WINDOWS\System32\drivers\OLD282.tmp moved successfully.
File\Folder C:\Recycler not found.
File\Folder C:\$RECYCLE.BIN not found.
File\Folder C:\327882R2FWJFW not found.
File\Folder C:\ComboFix not found.
File\Folder C:\Qoobox not found.
C:\ComboFix.zip moved successfully.
File\Folder C:\Combofix.txt not found.
File\Folder C:\Windows\PEV.exe not found.
File\Folder C:\Windows\SWXCACLS.exe not found.
File\Folder C:\Windows\SWREG.exe not found.
File\Folder C:\Windows\SWSC.exe not found.
File\Folder C:\Windows\sed.exe not found.
File\Folder C:\Windows\grep.exe not found.
File\Folder C:\Windows\NIRCMD.exe not found.
File\Folder C:\ComboFix not found.
File\Folder C:\Qoobox not found.
C:\32788R22FWJFW.4.tmp\License folder moved successfully.
C:\32788R22FWJFW.4.tmp\EN-US folder moved successfully.
C:\32788R22FWJFW.4.tmp folder moved successfully.
C:\32788R22FWJFW.3.tmp\License folder moved successfully.
C:\32788R22FWJFW.3.tmp\EN-US folder moved successfully.
C:\32788R22FWJFW.3.tmp folder moved successfully.
C:\32788R22FWJFW.2.tmp\License folder moved successfully.
C:\32788R22FWJFW.2.tmp\EN-US folder moved successfully.
C:\32788R22FWJFW.2.tmp folder moved successfully.
C:\32788R22FWJFW.1.tmp\License folder moved successfully.
C:\32788R22FWJFW.1.tmp\EN-US folder moved successfully.
C:\32788R22FWJFW.1.tmp folder moved successfully.
C:\Windows\tasks\SA.DAT moved successfully.
C:\Documents and Settings\Marek Lukáš\Plocha\backups folder moved successfully.
C:\Documents and Settings\Marek Lukáš\Data aplikací\Panda Security\Panda Cloud Antivirus folder moved successfully.
C:\Documents and Settings\Marek Lukáš\Data aplikací\Panda Security folder moved successfully.
C:\Documents and Settings\NetworkService\Data aplikací\rbuwzv.dat moved successfully.
C:\Documents and Settings\All Users\Data aplikací\ezsid.dat moved successfully.
File\Folder C:\Documents and Settings\All Users\Data aplikací\rbuwzv.dat not found.
File\Folder C:\Documents and Settings\LocalService\Data aplikací\rbuwzv.dat not found.
========== REGISTRY ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes
->FireFox cache emptied: 3477948 bytes
User: Marek Lukáš
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33080 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 40881575 bytes
->Flash cache emptied: 638 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: OCEHDI
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 666 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 2412876 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 45.00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
User: LocalService
User: Marek Lukáš
->Flash cache emptied: 0 bytes
User: NetworkService
User: OCEHDI
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.1.37.0 log created on 03122010_084120
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
All processes killed
========== OTL ==========
Process explorer.exe killed successfully!
No active process named n.pif was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}\ not found.
Starting removal of ActiveX control {4B48D5DF-9021-45F7-A240-60304302A215}
C:\WINDOWS\Downloaded Program Files\WebCleaner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4B48D5DF-9021-45F7-A240-60304302A215}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B48D5DF-9021-45F7-A240-60304302A215}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4B48D5DF-9021-45F7-A240-60304302A215}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B48D5DF-9021-45F7-A240-60304302A215}\ not found.
Starting removal of ActiveX control BSC Applet Security
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\BSC Applet Security\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\BSC Applet Security\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\BSC Applet Security\ not found.
Starting removal of ActiveX control BSC Applet Utilities
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\BSC Applet Utilities\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\BSC Applet Utilities\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\BSC Applet Utilities\ not found.
Starting removal of ActiveX control BSC Business Objects
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\BSC Business Objects\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\BSC Business Objects\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\BSC Business Objects\ not found.
Starting removal of ActiveX control BSC Java Components Library
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\BSC Java Components Library\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\BSC Java Components Library\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\BSC Java Components Library\ not found.
Starting removal of ActiveX control BSC Text Utilities
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\BSC Text Utilities\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\BSC Text Utilities\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\BSC Text Utilities\ not found.
Starting removal of ActiveX control BSC Utilities
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\BSC Utilities\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\BSC Utilities\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\BSC Utilities\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
Starting removal of ActiveX control GEMINI IBS 31 GECB Applet Security
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\GEMINI IBS 31 GECB Applet Security\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\GEMINI IBS 31 GECB Applet Security\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\GEMINI IBS 31 GECB Applet Security\ not found.
Starting removal of ActiveX control GEMINI IBS 31 GECB Applet Utilities
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\GEMINI IBS 31 GECB Applet Utilities\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\GEMINI IBS 31 GECB Applet Utilities\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\GEMINI IBS 31 GECB Applet Utilities\ not found.
Starting removal of ActiveX control GEMINI IBS 32 GEMB Applet Security
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\GEMINI IBS 32 GEMB Applet Security\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\GEMINI IBS 32 GEMB Applet Security\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\GEMINI IBS 32 GEMB Applet Security\ not found.
Starting removal of ActiveX control GEMINI IBS 32 GEMB Applet Utilities
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\GEMINI IBS 32 GEMB Applet Utilities\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\GEMINI IBS 32 GEMB Applet Utilities\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\GEMINI IBS 32 GEMB Applet Utilities\ not found.
Starting removal of ActiveX control IAIK Java Cryptography Extension
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\IAIK Java Cryptography Extension\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\IAIK Java Cryptography Extension\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\IAIK Java Cryptography Extension\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:A8ADE5D8 deleted successfully.
========== FILES ==========
C:\Windows\002269_.tmp moved successfully.
C:\Windows\005537_.tmp moved successfully.
C:\Windows\DUMP2673.tmp moved successfully.
C:\Windows\msdownld.tmp folder moved successfully.
C:\Windows\SET3.tmp moved successfully.
C:\Windows\SET5E.tmp moved successfully.
C:\Windows\SET73.tmp moved successfully.
C:\Windows\SETA.tmp moved successfully.
C:\Windows\~GLC0000.TMP moved successfully.
C:\Windows\~GLC0001.TMP moved successfully.
C:\Windows\~GLC0002.TMP moved successfully.
C:\Windows\System32\CONFIG.TMP moved successfully.
C:\Windows\System32\OLD27F.tmp moved successfully.
C:\Windows\System32\SET96.tmp moved successfully.
C:\Windows\System32\SET9B.tmp moved successfully.
C:\Windows\System32\SETA2.tmp moved successfully.
C:\Windows\System32\SETAB.tmp moved successfully.
C:\Windows\System32\SETAD.tmp moved successfully.
C:\Windows\System32\SETB0.tmp moved successfully.
C:\WINDOWS\System32\drivers\OLD1E7.tmp moved successfully.
C:\WINDOWS\System32\drivers\OLD282.tmp moved successfully.
File\Folder C:\Recycler not found.
File\Folder C:\$RECYCLE.BIN not found.
File\Folder C:\327882R2FWJFW not found.
File\Folder C:\ComboFix not found.
File\Folder C:\Qoobox not found.
C:\ComboFix.zip moved successfully.
File\Folder C:\Combofix.txt not found.
File\Folder C:\Windows\PEV.exe not found.
File\Folder C:\Windows\SWXCACLS.exe not found.
File\Folder C:\Windows\SWREG.exe not found.
File\Folder C:\Windows\SWSC.exe not found.
File\Folder C:\Windows\sed.exe not found.
File\Folder C:\Windows\grep.exe not found.
File\Folder C:\Windows\NIRCMD.exe not found.
File\Folder C:\ComboFix not found.
File\Folder C:\Qoobox not found.
C:\32788R22FWJFW.4.tmp\License folder moved successfully.
C:\32788R22FWJFW.4.tmp\EN-US folder moved successfully.
C:\32788R22FWJFW.4.tmp folder moved successfully.
C:\32788R22FWJFW.3.tmp\License folder moved successfully.
C:\32788R22FWJFW.3.tmp\EN-US folder moved successfully.
C:\32788R22FWJFW.3.tmp folder moved successfully.
C:\32788R22FWJFW.2.tmp\License folder moved successfully.
C:\32788R22FWJFW.2.tmp\EN-US folder moved successfully.
C:\32788R22FWJFW.2.tmp folder moved successfully.
C:\32788R22FWJFW.1.tmp\License folder moved successfully.
C:\32788R22FWJFW.1.tmp\EN-US folder moved successfully.
C:\32788R22FWJFW.1.tmp folder moved successfully.
C:\Windows\tasks\SA.DAT moved successfully.
C:\Documents and Settings\Marek Lukáš\Plocha\backups folder moved successfully.
C:\Documents and Settings\Marek Lukáš\Data aplikací\Panda Security\Panda Cloud Antivirus folder moved successfully.
C:\Documents and Settings\Marek Lukáš\Data aplikací\Panda Security folder moved successfully.
C:\Documents and Settings\NetworkService\Data aplikací\rbuwzv.dat moved successfully.
C:\Documents and Settings\All Users\Data aplikací\ezsid.dat moved successfully.
File\Folder C:\Documents and Settings\All Users\Data aplikací\rbuwzv.dat not found.
File\Folder C:\Documents and Settings\LocalService\Data aplikací\rbuwzv.dat not found.
========== REGISTRY ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes
->FireFox cache emptied: 3477948 bytes
User: Marek Lukáš
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33080 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 40881575 bytes
->Flash cache emptied: 638 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: OCEHDI
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 666 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 2412876 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 45.00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
User: LocalService
User: Marek Lukáš
->Flash cache emptied: 0 bytes
User: NetworkService
User: OCEHDI
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.1.37.0 log created on 03122010_084120
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 4 hosti